Dhananjay Arunesh

**Name of the Vulnerable Software and Affected Versions** hibernate-validator (affected versions not specified) **Description** A flaw was found in hibernate-validator's 'isValid' method in the org.hibernate.validator.internal.constraintvalidators.hv.SafeHtmlValidator class, which can be bypassed by omitting the tag ending in a less-than character. Browsers may render an invalid html, allowing HTML injection or Cross-Site-Scripting (XSS) attacks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Infinispan (affected versions not specified) **Description** A flaw was found in Infinispan's REST, where Cache retrieval endpoints do not properly evaluate the necessary admin permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Infinispan (affected versions not specified) **Description** A flaw was found in Infinispan's REST, where bulk read endpoints do not properly evaluate user permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OpenImageIO (affected versions not specified) **Description** A heap buffer overflow exists in the src/gif.imageio/gifinput.cpp file of OpenImageIO. This flaw allows a remote attacker to pass a specially crafted file to the application, triggering a heap-based buffer overflow that could cause a crash, leading to a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libXpm (affected versions not specified) **Description** The issue is related to a boundary condition within the `XpmCreateXpmImageFromBuffer()` function of the libXpm library, which can lead to an out-of-bounds read error. This allows a local attacker to read the contents of memory on the system, potentially gaining unauthorized access to protected information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libXpm (affected versions not specified) **Description** The issue is related to a boundary condition in libXpm, which can cause an out-of-bounds read error. This can allow a local user to read contents of memory on the system, potentially leading to unauthorized access to protected information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libX11 (affected versions not specified) **Description** The issue is related to an infinite loop within the `PutSubImage()` function of the libX11 library, which provides the client API for the X Window System. This flaw allows a local user to consume all available system resources, causing a denial of service condition. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libX11 (affected versions not specified) **Description** A vulnerability in the libX11 library is related to a boundary condition within the ` XkbReadKeySyms()` function, allowing a local user to trigger an out-of-bounds read error and read the contents of memory on the system. This issue is associated with reading beyond the valid boundaries of a data buffer. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libtiff (affected versions not specified) **Description** A vulnerability was found in libtiff due to multiple potential integer overflows in `raw2tiff.c`. This flaw allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** LibTIFF (affected versions not specified) **Description** The issue is related to an integer overflow in the LibTIFF library, which can be triggered by a crafted tiff image. This flaw allows remote attackers to cause a denial of service, resulting in an application crash, or possibly execute arbitrary code. The vulnerability is associated with the `readSeparateTilesIntoBuffer()` function and can lead to a heap-based buffer overflow. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** sox (affected versions not specified) **Description** A heap buffer overflow issue was found in the startread function at sox/src/hcom.c:160:41. This can lead to a denial of service, code execution, or information disclosure. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** sox (affected versions not specified) **Description** A floating point exception issue was found in the `lsx aiffstartwrite` function at `sox/src/aiff.c:622:58`. This flaw can lead to a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** sox (affected versions not specified) **Description** A heap buffer overflow issue was found in the `lsx readbuf` function at `sox/src/formats i.c:98:16`. This can lead to a denial of service, code execution, or information disclosure. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** sox (affected versions not specified) **Description** A floating point exception vulnerability was found in the `read samples` function at `sox/src/voc.c:334:18`. This flaw can lead to a denial of service. The issue is related to incorrect numerical calculations when processing floating point values. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ImageMagick (affected versions not specified) **Description** A heap-based buffer overflow vulnerability was found in coders/tiff.c in ImageMagick. This issue may allow a local attacker to trick the user into opening a specially crafted file, resulting in an application crash and denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Libtiff (affected versions not specified) **Description** A memory leak flaw was found in Libtiff's tiffcrop utility. This issue occurs when tiffcrop operates on a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes this memory leak issue, resulting in an application crash, eventually leading to a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** pgadmin (affected versions not specified) **Description** A vulnerability was found in pgadmin, where users logging into pgAdmin running in server mode using LDAP authentication may be attached to another user's session if multiple connection attempts occur simultaneously. This issue is related to incorrect session fixation due to improper access separation in the LDAP authentication configuration. Exploitation of this vulnerability may allow a remote attacker to bypass security restrictions and gain unauthorized access to protected information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GLib (affected versions not specified) **Description** A flaw was found in GLib where GVariant deserialization is vulnerable to a slowdown issue. A crafted GVariant can cause excessive processing, leading to denial of service. The issue is related to uncontrolled resource consumption, which can be exploited to cause a service disruption. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GLib (affected versions not specified) **Description** The issue is related to the GVariant deserialization in GLib, which fails to validate that the input conforms to the expected format. This can lead to a denial of service. The problem is also associated with the `is normal()` function and uncontrolled resource consumption. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux Kernel (affected versions not specified) **Description** A use-after-free flaw was found in the `btrfs get dev args from path()` function in the `fs/btrfs/volumes.c` file of the btrfs file system in the Linux Kernel. This issue is related to the use of previously freed memory. Exploitation of this flaw may allow a local attacker with special privileges to cause a system crash or leak internal kernel information, potentially impacting the confidentiality, integrity, and availability of protected information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.