James Clawson

**Name of the Vulnerable Software and Affected Versions** WebSVN version 2.3.3 **Description** The issue allows remote authenticated users to read arbitrary files via a symlink attack in a commit. **Recommendations** For WebSVN version 2.3.3, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** rssh version 2.3.2 **Description** The issue allows local users to bypass intended restricted shell access. This can be achieved via the `-e` or `--` command line option. Multiple vulnerabilities in the rssh package may lead to a breach of confidentiality, integrity, and availability of protected information. A local attacker can exploit these vulnerabilities. **Recommendations** For rssh version 2.3.2, consider restricting access to the `-e` and `--` command line options as a temporary workaround until a patch is available. Restrict the use of the rsync protocol to minimize the risk of exploitation.