Cinap_Lenrek

**Name of the Vulnerable Software and Affected Versions** Mothra (affected versions not specified) **Description** Mothra respects default values provided by websites for HTML file upload forms. This allows an attacker to create a website containing a malicious default file path and hide the form element to mislead the user. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** The product name cannot be determined (affected versions not specified) **Description** An attacker can trigger a kernel panic by sending TCP, IL, RUDP, or GRE packets with a length smaller than the header size. A kernel panic is a safety measure taken by an operating system's kernel upon detecting a fatal error from which it cannot safely recover. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: 9front versions prior to commit 9645ae07eb66a59015e3e118d0024790c37400da Description: A bug in the 9p authentication implementation within lib9p allows an attacker with an existing valid user within the configured auth server to impersonate any other valid filesystem user. This is due to lib9p not properly verifying that the `uname` given in the Tauth and Tattach 9p messages matches the client `UID` returned from the factotum authentication handshake. The only filesystem making use of these functions within the base 9front systems is the experimental hjfs disk filesystem, other disk filesystems (cwfs and gefs) are not affected by this bug. Recommendations: For 9front versions prior to commit 9645ae07eb66a59015e3e118d0024790c37400da, update to a version that includes the remediation commit to secure your system. As a temporary workaround, consider restricting access to the experimental hjfs disk filesystem until the update is applied.