Cookiejack15

**Name of the Vulnerable Software and Affected Versions** Axis (affected versions not specified) **Description** Improper input validation in a configuration file on the local file system could allow code execution and potentially lead to privilege escalation. This issue can only be exploited if an attacker has SSH access to the Axis device. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Dovecot versions prior to 2.4.3 **Description** If the `auth username chars` setting is empty, an attacker can inject arbitrary LDAP filters into Dovecot's LDAP authentication process. This can bypass restrictions and allow probing of the LDAP structure. No publicly available exploits are known. **Recommendations** Do not clear out the `auth username chars` setting. Install version 2.4.3 or later.