Carnil

**Name of the Vulnerable Software and Affected Versions** libexpat versions prior to 2.7.4 **Description** The issue resides in the `XML ExternalEntityParserCreate` function. It does not properly copy user data for unknown encoding handlers, potentially leading to memory corruption. Reports indicate a critical impact on Linux distributions and applications, with the possibility of Remote Code Execution (RCE). The issue is described as an XML External Entity (XXE) flaw. **Recommendations** Versions prior to 2.7.4 should be updated to version 2.7.4 or later.

**Name of the Vulnerable Software and Affected Versions** libarchive (affected versions not specified) **Description** An integer overflow exists in the zisofs block pointer allocation logic on 32-bit systems. A remote attacker can exploit this by providing a specially crafted ISO9660 image, potentially leading to a heap buffer overflow and arbitrary code execution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libarchive (affected versions not specified) **Description** A flaw has been identified in the libarchive library, specifically within the `archive read format rar seek data()` function, involving an integer overflow that can lead to a double-free condition. This can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libarchive (affected versions not specified) **Description** A flaw in the libarchive library can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This can cause the library to attempt to read beyond the allocated memory buffer, resulting in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libarchive (affected versions not specified) **Description** A flaw in the libarchive library can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libarchive (affected versions not specified) **Description** A flaw has been identified in the libarchive library involving an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow, potentially corrupting adjacent memory and causing unpredictable program behavior, crashes, or could be used as a building block for more sophisticated exploitation. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libarchive (affected versions not specified) **Description** A flaw has been identified in the libarchive library involving an integer overflow. This issue can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64 MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cacti versions 1.2.29 and earlier **Description** The issue allows SQL injection in the template function in host templates.php via the `graph template` parameter. This problem exists due to an incomplete fix for a previous issue. **Recommendations** For versions 1.2.29 and earlier, as a temporary workaround, consider restricting access to the `graph template` parameter in the host templates.php file until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Crypt::Random::Source versions prior to 0.13 **Description** The issue concerns the Crypt::Random::Source package for Perl, which has a fallback to the built-in `rand()` function. This function is not a secure source of random bits, potentially leading to security issues. **Recommendations** For versions prior to 0.13, update to version 0.13 or later to ensure a secure source of random bits. As a temporary workaround, consider avoiding the use of the built-in `rand()` function until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Libarchive versions prior to 3.7.4 **Description** The issue is related to a buffer overflow vulnerability when a ZIP archive has an empty-name file and mac-ext is enabled. This occurs in the `slurp central directory` function in `archive read support format zip.c`. The vulnerability can be exploited by a remote attacker to cause a denial of service using a specially crafted archive. **Recommendations** For Libarchive versions prior to 3.7.4, update to version 3.7.4 or later to resolve the issue. As a temporary workaround, consider disabling the `mac-ext` feature when handling ZIP archives to minimize the risk of exploitation. Restrict access to the `slurp central directory` function in `archive read support format zip.c` until the issue is resolved. Avoid using ZIP archives with empty-name files until the issue is fixed.

**Name of the Vulnerable Software and Affected Versions** libexpat versions 2.6.1 and earlier libexpat through 2.6.1 **Description** The issue is related to the improper handling of XML external entity (XXE) declarations by the `XML ExternalEntityParserCreate` function, allowing an XML Entity Expansion attack. This can be exploited by a remote attacker to obtain sensitive information or cause a denial of service by sending specially crafted XML content. The estimated number of potentially affected devices is not specified. **Recommendations** For libexpat versions 2.6.1 and earlier, update to version 2.6.2 or later to resolve the issue. As a temporary workaround, consider disabling the use of external parsers created via `XML ExternalEntityParserCreate` until a patch is available. Restrict access to sensitive information and minimize the risk of exploitation by limiting the use of libexpat in sensitive environments.

**Name of the Vulnerable Software and Affected Versions** ruby-magick (affected versions not specified) **Description** The issue is related to memory leak errors in the ruby-magick interface between Ruby and the ImageMagick library. This can lead to a denial of service (DOS) by memory exhaustion, potentially allowing a remote attacker to cause a service disruption. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AWStats versions 7.x through 7.8 **Description** The issue allows for XSS in the hostinfo plugin due to printing a response from Net::XWhois without proper checks. **Recommendations** For versions 7.x through 7.8, consider disabling the hostinfo plugin until a patch is available to prevent potential XSS attacks. As a temporary workaround, restrict the use of the Net::XWhois response in the hostinfo plugin to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** g810-led version 0.4.2 **Description** The issue allows any process on the system to read traffic from keyboards, including sensitive data, due to a udev rule that makes supported device nodes world-readable and writable. This affects a LED configuration tool for Logitech Gx10 keyboards. **Recommendations** For g810-led version 0.4.2, consider restricting access to the device nodes to prevent unauthorized processes from reading keyboard traffic until a patch is available. As a temporary workaround, review and modify the udev rule to limit read and write access to the device nodes.

**Name of the Vulnerable Software and Affected Versions** Keepalived versions 2.2.4 and earlier **Description** The issue is related to insufficient restrictions in the D-Bus policy, allowing any user to inspect and manipulate properties. This can lead to access-control bypass in certain situations where an unrelated D-Bus system service has a settable property. The vulnerability can be exploited by a remote attacker to access confidential data and compromise its integrity. **Recommendations** For Keepalived versions 2.2.4 and earlier, consider restricting access to the D-Bus system service to minimize the risk of exploitation. As a temporary workaround, limit the ability of users to inspect and manipulate properties until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ImageMagick (affected versions not specified) **Description** A flaw was found in ImageMagick in MagickCore/visual-effects.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ImageMagick (affected versions not specified) **Description** A flaw was found in ImageMagick in MagickCore/resize.c, related to the lack of a check for division by zero. This issue could allow an attacker to trigger undefined behavior in the form of math division by zero by submitting a crafted file that is processed by ImageMagick. The highest threat from this issue is to system availability. An attacker could exploit this flaw to cause a denial of service using a specially crafted file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ImageMagick (affected versions not specified) **Description** A flaw was found in ImageMagick in coders/jp2.c, related to the absence of a check for division by zero. This issue could allow an attacker to trigger undefined behavior in the form of math division by zero by submitting a crafted file that is processed by ImageMagick. The highest threat from this issue is to system availability. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Autobahn|Python versions prior to 20.12.3 **Description** The issue allows redirect header injection. **Recommendations** For versions prior to 20.12.3, update to version 20.12.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Open-iSCSI targetcli-fb versions 2.1.52 and earlier **Description** The issue is related to weak permissions for the /etc/target directory, as well as the backup directory and backup files. This weakness can be exploited to gain access to confidential data. **Recommendations** For Open-iSCSI targetcli-fb versions 2.1.52 and earlier, consider restricting access to the /etc/target directory and its backup files to minimize the risk of exploitation. As a temporary workaround, review and adjust the permissions of the /etc/target directory and its contents until a patch is available.