Hao Wang

**Name of the Vulnerable Software and Affected Versions** No specific software or versions are mentioned in the provided descriptions. **Description** A vulnerability in multi-tenant hosting allows an authenticated sender to spoof the identity of a shared, hosted domain, thus bypassing security measures provided by DMARC (or SPF or DKIM) policies. This issue arises because hosted services do not verify the sender of an email against authenticated users, enabling an attacker to spoof the identity of another user's email address. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** No specific software or versions are mentioned. **Description** A vulnerability exists in the use of shared SPF records in multi-tenant hosting providers, allowing attackers to use network authorization to be abused to spoof the email identity of the sender. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** binutils version 2.35 **Description** A flaw was found in the binutils readelf program, which is related to a stack buffer overflow and out-of-bounds write of arbitrary data supplied by an attacker. This issue may allow an attacker to impact the confidentiality, integrity, and availability of protected information. An attacker could trigger this issue by convincing a victim to read a crafted file using readelf. **Recommendations** For binutils version 2.35, consider updating to a newer version that contains a fix for this issue, as no specific workaround is provided for this version. As a temporary workaround, consider restricting the use of the readelf program until a patch is available. Avoid using readelf to read files from untrusted sources until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: GNU Binutils version 2.35.1 Description: A flaw was found in GNU Binutils, where there is a heap-based buffer overflow in ` bfd elf slurp secondary reloc section` in `elf.c` due to the number of symbols not calculated correctly. The highest threat from this issue is to system availability. Recommendations: For GNU Binutils version 2.35.1, consider updating to a newer version to mitigate the risk, as the current version has a heap-based buffer overflow issue. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** SuiteCRM versions prior to 7.11.17 **Description** The issue allows for remote code execution via the system settings Log File Name setting. In certain circumstances involving admin account takeover, the `logger file name` can refer to an attacker-controlled .php file under the web root. **Recommendations** For versions prior to 7.11.17, update to version 7.11.17 or later to resolve the issue. As a temporary workaround, consider restricting access to the system settings Log File Name setting to prevent admin account takeover and minimize the risk of exploitation.