David Woodhouse

**Name of the Vulnerable Software and Affected Versions** Apache Zeppelin versions 0.9.0 and prior versions **Description** The issue is an authentication bypass vulnerability that allows an attacker to bypass the Zeppelin authentication mechanism and act as another user. **Recommendations** For Apache Zeppelin versions 0.9.0 and prior, consider disabling the authentication mechanism temporarily until a patch is available. Restrict access to sensitive areas of the application to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: OpenConnect version 8.09 Description: The issue is related to a buffer overflow error in the `get cert name` function in `gnutls.c`, which can be exploited by a remote attacker. This exploitation can lead to a denial of service, causing the application to crash, or possibly other unspecified impacts. The vulnerability is triggered by crafted certificate data. Recommendations: For OpenConnect version 8.09, consider disabling the `get cert name` function in `gnutls.c` as a temporary workaround to prevent potential exploitation until a patch is available. Restrict access to crafted certificate data to minimize the risk of triggering the buffer overflow. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: GNOME NetworkManager version 1.10.2 and earlier Description: The issue is related to an information exposure in the DNS resolver of GNOME NetworkManager, which can lead to private DNS queries being leaked to local network's DNS servers while on VPN. This is due to a lack of protection for service data. An attacker could exploit this to gain unauthorized access to information. Recommendations: For GNOME NetworkManager version 1.10.2 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Dnsmasq versions prior to 2.63test1 **Description** The issue allows remote attackers to cause a denial of service, specifically through traffic amplification, by sending a spoofed DNS query. This occurs when Dnsmasq is used with certain configurations in libvirt and responds to requests from prohibited interfaces. **Recommendations** For versions prior to 2.63test1, update to version 2.63test1 or later to resolve the issue. As a temporary workaround, consider restricting access to the DNS service to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Vino versions prior to 2.99.4 **Description** The issue allows Vino to connect to external networks, contrary to its configuration settings. This might facilitate remote attacks. **Recommendations** For versions prior to 2.99.4, update to version 2.99.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** OpenConnect version 3.18 **Description** A heap-based buffer overflow issue allows remote servers to cause a denial of service via a crafted greeting banner. **Recommendations** For OpenConnect version 3.18, at the moment, there is no information about a newer version that contains a fix for this issue.