David

**Name of the Vulnerable Software and Affected Versions** theshit versions prior to 0.1.1 **Description** theshit is a command-line utility designed to identify and correct common errors in shell commands. Prior to version 0.1.1, the application loads custom Python rules and configuration files from user-writable locations, such as `~/.config/theshit/`, without validating ownership or permissions when run with elevated privileges. If executed with `sudo` or as root, the tool trusts configuration files from the unprivileged user's environment. This allows a local attacker to inject arbitrary Python code through a malicious rule or configuration file, which is then executed with root privileges. Any system where the tool is executed with elevated privileges is affected. In environments where the tool is permitted to run via `sudo` without a password, a local unprivileged user can escalate privileges to root without further interaction. The issue stems from insufficient validation of configuration file ownership and permissions. The application loads files without verifying that they are owned by the effective user executing the tool. When running with elevated privileges, it fails to enforce that rules are owned by root or are not writable by non-root users. This allows for the execution of untrusted code with root privileges. **Recommendations** Versions prior to 0.1.1 should be updated to version 0.1.1. As a temporary mitigation, ensure that directories containing custom rules and configuration files are owned by root and are not writable by non-root users. Avoid executing the application with `sudo` or as the root user if upgrading is not possible.

**Name of the Vulnerable Software and Affected Versions** Putler Connector for WooCommerce versions n/a through 2.12.0 **Description** A Missing Authorization issue is present in the Putler / Storeapps Putler Connector for WooCommerce. This issue allows for unauthorized access. **Recommendations** For versions n/a through 2.12.0, update to a version later than 2.12.0 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Login as User or Customer WordPress plugin versions prior to 3.3 **Description** The issue is related to insufficient authorization checks, which could allow unauthenticated attackers to obtain a valid admin session by logging in as another user. This could impact the integrity, availability, and confidentiality of protected information. **Recommendations** For versions prior to 3.3, update to version 3.3 or later to resolve the issue. As a temporary workaround, consider disabling the plugin until a patch is available. Restrict access to sensitive areas of the WordPress site to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: foo2zjs versions prior to 20110722dfsg-3ubuntu1 foo2zjs version 20110722dfsg-1 foo2zjs version 20090908dfsg-5.1+squeeze0 Description: The issue allows local users to write over arbitrary files via a symlink attack on /tmp/foo2zjs, due to insecure creation of temporary files. Recommendations: For foo2zjs version 20110722dfsg-1, update to a version later than 20110722dfsg-1 to resolve the issue. For foo2zjs version 20090908dfsg-5.1+squeeze0, update to a version later than 20090908dfsg-5.1+squeeze0 to resolve the issue. For foo2zjs versions prior to 20110722dfsg-3ubuntu1, update to version 20110722dfsg-3ubuntu1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** cobbler versions prior to 2.2.2 **Description** The issue allows context-dependent attackers to execute arbitrary code via vectors related to the use of the `yaml.load` function instead of the `yaml.safe load` function, as demonstrated using Puppet. This is due to a problem in the `set mgmt parameters` function in item.py. **Recommendations** For versions prior to 2.2.2, update to version 2.2.2 or later to resolve the issue. As a temporary workaround, consider modifying the `set mgmt parameters` function to use `yaml.safe load` instead of `yaml.load` until a patch is available. Restrict access to the `item.py` module to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Software Properties versions prior to 0.81.13.3 **Description** The issue concerns the failure to validate the server certificate when downloading PPA GPG key fingerprints. This allows man-in-the-middle (MITM) attackers to spoof GPG keys for a package repository. **Recommendations** For versions prior to 0.81.13.3, update to version 0.81.13.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Update Manager versions 1:0.87.31.1 and earlier, versions 1:0.134.x through 1:0.134.10.1, versions 1:0.142.x through 1:0.142.22.1, versions 1:0.150.x through 1:0.150.4.1, versions 1:0.152.x through 1:0.152.25.4 **Description** The issue allows man-in-the-middle attackers to create or overwrite arbitrary files via a directory traversal attack using a crafted tar file, or bypass authentication via a crafted meta-release file, due to the lack of GPG signature verification before extracting an upgrade tarball. **Recommendations** For versions 1:0.87.31.1 and earlier, update to version 1:0.87.31.1 or later. For versions 1:0.134.x through 1:0.134.10.1, update to version 1:0.134.11.1 or later. For versions 1:0.142.x through 1:0.142.22.1, update to version 1:0.142.23.1 or later. For versions 1:0.150.x through 1:0.150.4.1, update to version 1:0.150.5.1 or later. For versions 1:0.152.x through 1:0.152.25.4, update to version 1:0.152.25.5 or later.

**Name of the Vulnerable Software and Affected Versions** Update Manager versions 1:0.87.31.1 and earlier, versions 1:0.134.x through 1:0.134.10.1, versions 1:0.142.x through 1:0.142.22.1, versions 1:0.150.x through 1:0.150.4.1, versions 1:0.152.x through 1:0.152.25.4 **Description** The issue arises from improper creation of temporary files in the Update Manager, allowing local users to potentially obtain sensitive information, such as the XAUTHORITY file content, via a symlink attack on the temporary file. **Recommendations** For versions 1:0.87.31.1 and earlier, update to version 1:0.87.31.1 or later. For versions 1:0.134.x through 1:0.134.10.1, update to version 1:0.134.11.1 or later. For versions 1:0.142.x through 1:0.142.22.1, update to version 1:0.142.23.1 or later. For versions 1:0.150.x through 1:0.150.4.1, update to version 1:0.150.5.1 or later. For versions 1:0.152.x through 1:0.152.25.4, update to version 1:0.152.25.5 or later.

**Name of the Vulnerable Software and Affected Versions** pip versions prior to 1.3 **Description** The issue allows local users to overwrite arbitrary files via a symlink attack on a file in the /tmp/pip-build temporary directory. **Recommendations** For versions prior to 1.3, update to version 1.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** KDE PIM versions 4.6 through 4.8 **Description** The issue concerns the HTMLQuoteColorer::process function in messageviewer/htmlquotecolorer.cpp, which fails to disable JavaScript, Java, and Plugins. This allows remote attackers to inject arbitrary web script or HTML via a crafted email. **Recommendations** For KDE PIM versions 4.6 through 4.8, consider disabling the HTMLQuoteColorer::process function until a patch is available. Restrict access to email messages that may contain malicious content to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** CEDET versions prior to 1.0.1 GNU Emacs versions prior to 23.4 **Description** The issue allows local users to gain privileges via a crafted Lisp expression in a Project.ede file. This can occur when the file is located in the directory, or a parent directory, of an opened file. **Recommendations** For CEDET versions prior to 1.0.1, update to version 1.0.1 or later. For GNU Emacs versions prior to 23.4, update to version 23.4 or later.

**Name of the Vulnerable Software and Affected Versions** Cherokee versions prior to 1.2.99 **Description** A cross-site request forgery (CSRF) issue allows remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences. This can be achieved by crafting a nickname field to the "vserver/apply" endpoint. **Recommendations** For versions prior to 1.2.99, update to version 1.2.99 or later to resolve the issue. As a temporary workaround, consider restricting access to the "vserver/apply" endpoint to minimize the risk of exploitation. Avoid using the nickname field in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Hammerhead version 2.1.4 **Description** The issue allows local users to write to arbitrary files via a symlink attack on the HH LOG file or the REPORT LOG file. **Recommendations** For version 2.1.4, consider restricting access to the /tmp/hammer.log and REPORT LOG files to prevent a symlink attack until a patch is available.