George

**Name of the Vulnerable Software and Affected Versions** vCenter Server (affected versions not specified) **Description** The issue is related to insufficient input validation in the Analytics service of VMware vCenter Server and VMware Cloud Foundation, which can lead to a denial-of-service condition. Successful exploitation may allow an attacker to cause a denial-of-service on vCenter Server. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** vCenter Server (affected versions not specified) **Description** The vCenter Server contains a file path traversal vulnerability leading to information disclosure in the appliance management API. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information by sending a specially crafted HTTP request. This vulnerability is related to insufficient directory path checking in the vCenter Server Appliance Management Interface (VAMI), allowing unauthorized access to protected information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: hapi versions 15.0.0 through 16.1.0 Description: The issue occurs when hapi encounters a malformed `accept-encoding` header, which may cause it to crash or hang the client connection until the timeout period is reached. Affected versions of hapi will crash or lock the event loop when such a header is received. Recommendations: Update to version 16.1.1 or later.

**Name of the Vulnerable Software and Affected Versions** phpIPAM version 1.4 **Description** The issue is related to a lack of protection against SQL structure manipulation in the app/admin/custom-fields/filter.php component of the phpIPAM web application. This can be exploited by a remote attacker to execute arbitrary SQL queries when the `table` parameter is used with `action=add`. **Recommendations** For phpIPAM version 1.4, as a temporary workaround, consider restricting access to the `app/admin/custom-fields/filter.php` component until a patch is available. Avoid using the `table` parameter in the affected endpoint when `action=add` is used, to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GDM versions prior to 2.4.1.6 GDM version 2.0beta2 GDM version 2.2.3.1 **Description** The issue allows local users to read arbitrary files via a symlink attack on the ~/.xsession-errors file when using the "examine session errors" feature. Additionally, multiple vulnerabilities in the GDM package may lead to disruption of protected information and can be exploited remotely. **Recommendations** For GDM versions prior to 2.4.1.6, update to version 2.4.1.6 or later to resolve the issue. For GDM version 2.0beta2, consider disabling the "examine session errors" feature until a patch is available. For GDM version 2.2.3.1, restrict access to the ~/.xsession-errors file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** GDM versions prior to 2.4.1.6 **Description** The issue allows attackers to cause a denial of service, potentially leading to a daemon crash, via a short authorization key name. Multiple vulnerabilities in the GDM package may lead to disruption of protected information availability. These vulnerabilities can be exploited remotely. **Recommendations** For versions prior to 2.4.1.6, update to version 2.4.1.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the XDMCP support to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** gdm versions prior to 2.4.1.6 **Description** The issue affects the X Display Manager Control Protocol (XDMCP) support for GDM, allowing attackers to cause a denial of service (daemon crash) when a chosen host expires. This can be exploited remotely, potentially leading to disruption of protected information availability. **Recommendations** For versions prior to 2.4.1.6, update to version 2.4.1.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the XDMCP protocol to minimize the risk of exploitation.