Hanno Böck

**Name of the Vulnerable Software and Affected Versions** Dovecot (affected versions not specified) **Description** The issue arises because Dovecot accepts the dot LF DOT LF symbol as the end of the DATA command, whereas the RFC requires it to be CR LF DOT CR LF. This discrepancy causes Dovecot to split a single email containing LF DOT LF in the middle into two separate emails when relaying to SMTP. As a result, emails with LF DOT LF are divided into two mails. **Recommendations** Upgrade to the latest released version. As a temporary workaround, consider restricting the use of the affected Dovecot functionality until a patch is available.

**Name of the Vulnerable Software and Affected Versions** CPython (affected versions not specified) **Description** The issue concerns the email module in CPython, which did not properly quote newlines for email headers when serializing an email message. This allows for header injection when an email is serialized, potentially enabling a remote authenticated attacker to spoof sender identity, gain unauthorized email sending, or cause loss of control over email communication by persuading a victim to open a specially crafted email. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** alpitronic Hypercharger EV charging devices (affected versions not specified) **Description** The issue concerns alpitronic Hypercharger EV charging devices that can expose a web interface protected by authentication if misconfigured. If the default credentials are not changed, an attacker can use public knowledge to access the device as an administrator. **Recommendations** For alpitronic Hypercharger EV charging devices, change the default credentials to prevent unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 126 **Description** A predictable HTTP digest authentication nonce value was generated using the `rand()` function. **Recommendations** For Firefox versions prior to 126, update to version 126 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 122 Mozilla Firefox ESR versions prior to 115.7 Thunderbird versions prior to 115.7 **Description** The issue is related to the implementation of the HSTS (HTTP Strict Transport Security) mechanism in Mozilla products, specifically concerning inadequate access control. This could allow a remote attacker to bypass security mechanisms in specific HSTS configurations, potentially on a subdomain. **Recommendations** For Mozilla Firefox versions prior to 122, update to version 122 or later to resolve the issue. For Mozilla Firefox ESR versions prior to 115.7, update to version 115.7 or later to resolve the issue. For Thunderbird versions prior to 115.7, update to version 115.7 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Rambus SafeZone Basic Crypto Module versions prior to 10.4.0 **Description** The issue is related to the generation of RSA keys that can be broken with Fermat's factorization method, allowing efficient calculation of private RSA keys from the public key of a TLS certificate. This is due to the use of insufficiently random values in the CLS PK KeyGenMT() function of the Rambus SafeZone Basic Crypto Module. **Recommendations** For Rambus SafeZone Basic Crypto Module versions prior to 10.4.0, update to version 10.4.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of the CLS PK KeyGenMT() function until a patch is available. Avoid using the affected module to generate RSA keys for TLS certificates until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Fetchmail versions prior to 6.4.22 **Description** The issue is related to Fetchmail's failure to enforce STARTTLS session encryption under certain circumstances, such as with IMAP and PREAUTH. **Recommendations** For versions prior to 6.4.22, update to version 6.4.22 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Exim versions through 4.94.2 **Description** The issue is related to the STARTTLS feature in Exim, which allows response injection during MTA SMTP sending. This is due to insufficient neutralization of special elements in the request. The exploitation of this issue may allow a remote attacker to impact data integrity. **Recommendations** For Exim versions through 4.94.2, update to a version that contains a fix for this issue to prevent response injection during MTA SMTP sending. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Joomla! versions 3.2.0 through 3.9.24 **Description** An issue was discovered in the usage of the insecure `rand()` function within the process of generating the 2FA secret. **Recommendations** For versions 3.2.0 through 3.9.24, consider updating to a version that uses a secure random number generator for 2FA secret generation. As a temporary workaround, consider disabling the 2FA feature until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Joomla! versions 3.2.0 through 3.9.24 **Description** An issue was discovered in the usage of an insufficient length for the 2FA secret according to RFC 4226, where 10 bytes were used instead of the recommended 20 bytes. **Recommendations** For Joomla! versions 3.2.0 through 3.9.24, update to a version that uses a sufficient length for the 2FA secret, as per RFC 4226 recommendations. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Joomla! versions 3.2.0 through 3.9.24 **Description** An issue was discovered in the core shipped but unused randval implementation within FOF (FOFEncryptRandval), which used a potentially insecure implementation. This has been replaced with a call to `random bytes()` and its backport that is shipped within random compat. **Recommendations** For Joomla! versions 3.2.0 through 3.9.24, update the randval implementation to use `random bytes()` to ensure secure random number generation.

**Name of the Vulnerable Software and Affected Versions** Raptor RDF Syntax Library version 2.0.15 **Description** The issue is related to the `raptor xml writer start element common` function in the Raptor RDF Syntax Library, which miscalculates the maximum number of nspace declarations for the XML writer. This can lead to heap-based buffer overflows, sometimes seen in the `raptor qname format as xml` function. The vulnerability can be exploited by a remote attacker to compromise data integrity or cause a denial of service. **Recommendations** For Raptor RDF Syntax Library version 2.0.15, consider updating to a newer version that addresses the issue, as the current version has a miscalculation in the `raptor xml writer start element common` function that can lead to heap-based buffer overflows. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** freewvs versions prior to 0.1.1 **Description** A directory structure of more than 1000 nested directories can interrupt a freewvs scan due to Python's recursion limit and `os.walk()`. This can be problematic when an administrator scans directories of potentially untrusted users. **Recommendations** For versions prior to 0.1.1, update to version 0.1.1 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** SquirrelMail version 1.4.22 **Description** The issue arises from the `compose.php` file in SquirrelMail, which calls `unserialize` for the `$mailtodata` value. This value originates from an HTTP GET request, making it a potential entry point for exploitation. The vulnerability is related to the `mailto.php` file. **Recommendations** For SquirrelMail version 1.4.22, consider disabling the `unserialize` function for the `$mailtodata` value in the `compose.php` file as a temporary workaround until a patch is available. Restrict access to the `compose.php` and `mailto.php` files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SquirrelMail version 1.4.22 **Description** The issue arises in compose.php, where the $attachments value from an HTTP POST request is passed to unserialize. This could potentially lead to PHP object injection. However, the vendor disputes this, citing that two necessary conditions for such an injection are not met: the existence of a PHP magic method like wakeup or destruct, and the declaration or autoloading of attack-relevant classes before unserialize is called. **Recommendations** For SquirrelMail version 1.4.22, consider disabling the unserialize function for the $attachments value in compose.php as a temporary workaround until a patch is available. Restrict access to the compose.php module to minimize the risk of exploitation. Avoid using user-inputted data in the $attachments value until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** GNU Mailman versions 2.x through 2.1.29 GNU Mailman version 2.1.30 is not affected, but all versions prior to 2.1.30 are vulnerable. **Description** The issue is related to the handling of MIME parts in GNU Mailman, which may contribute to cross-site scripting (XSS) attacks against visitors of list archives. This occurs because an HTTP reply from an archive web server may lack a MIME type, leading a web browser to perform MIME sniffing and potentially execute JavaScript code. The vulnerability is also related to the lack of protection for the web page structure, which could allow a remote attacker to impact data integrity. **Recommendations** For GNU Mailman versions 2.x through 2.1.29, update to version 2.1.30 or later to resolve the issue. As a temporary workaround, consider restricting access to list archives to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** phpBB version 3.2.7 **Description** The issue allows adding an arbitrary Cascading Style Sheets (CSS) token sequence to a page through BBCode. **Recommendations** For phpBB version 3.2.7, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Coppermine gallery versions prior to 1.4.26 **Description** The issue is related to an input validation vulnerability that allows for code execution. **Recommendations** For versions prior to 1.4.26, update to version 1.4.26 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Serendipity freetag plugin versions prior to 3.30 **Description** A Cross-site Scripting (XSS) issue exists in the tagcloud parameter to "plugins/serendipity event freetag/tagcloud.swf". This allows for potential exploitation. **Recommendations** For versions prior to 3.30, update to version 3.30 or later to resolve the issue. As a temporary workaround, consider restricting access to the "tagcloud.swf" file until a patch is applied. Avoid using the `tagcloud` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** FluxBB versions prior to 1.4.7 **Description** A reverse proxy issue exists when the `FORUM BEHIND REVERSE PROXY` setting is enabled. **Recommendations** For versions prior to 1.4.7, update to version 1.4.7 or later to resolve the issue. As a temporary workaround, consider disabling the `FORUM BEHIND REVERSE PROXY` setting until a patch is available.