Jeffrey Bencteux

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The Linux kernel has an issue where the 'at' variant of the `getxattr()` and `listxattr()` system calls are not included in the audit read class. This allows bypassing audit rules when calling `getxattrat()` or `listxattrat()` on a file to read its extended attributes. Specifically, rules defined with the `-w` option, such as `-w /tmp/test -p rwa -k test rwa`, may be circumvented. The current patch addresses this by adding the missing system calls to the audit read class. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** USB Flash Drives Control version 4.1.0.0 **Description** USB Flash Drives Control version 4.1.0.0 contains an unquoted service path vulnerability in its service configuration. This allows local attackers to potentially execute arbitrary code. The vulnerability exists due to the unquoted path in 'C:Program FilesUSB Flash Drives Controlusbcs.exe', which enables attackers to inject malicious executables and escalate privileges on Windows systems. **Recommendations** Apply appropriate quoting to the service path in the service configuration.

Name of the Vulnerable Software and Affected Versions: Apache Traffic Server versions 9.2.0 through 9.2.5 Apache Traffic Server versions 10.0.0 through 10.0.1 Description: The issue is related to an unchecked return value that can allow Apache Traffic Server to retain privileges on startup. This can be exploited by a remote attacker to elevate their privileges. Users are recommended to upgrade to a fixed version. Recommendations: For Apache Traffic Server versions 9.2.0 through 9.2.5, upgrade to version 9.2.6. For Apache Traffic Server versions 10.0.0 through 10.0.1, upgrade to version 10.0.2.

**Name of the Vulnerable Software and Affected Versions** User-friendly SVN (USVN) versions prior to 1.0.12 **Description** The issue is related to improper input validation in the `/admin/config/save` endpoint, allowing administrators to execute arbitrary code via the fields `siteTitle`, `siteIco`, and `siteLogo`. This can be exploited by a local attacker to manipulate these fields. **Recommendations** For versions prior to 1.0.12, update to version 1.0.12 or later to resolve the issue. As a temporary workaround, consider restricting access to the `/admin/config/save` endpoint until a patch is available. Avoid using the fields `siteTitle`, `siteIco`, and `siteLogo` in the affected endpoint until the issue is resolved.

netkit-rcp in rsh-client 0.17-24 allows command injection via filenames because /bin/sh is used by susystem, a related issue to CVE-2006-0225, CVE-2019-7283, and CVE-2020-15778.

**Name of the Vulnerable Software and Affected Versions** cifs-utils versions through 6.14 **Description** The issue is related to a stack-based buffer overflow when parsing the `mount.cifs` `ip=` command-line argument, which could allow local attackers to gain root privileges. This is a result of a buffer overflow in memory. **Recommendations** For versions through 6.14, consider restricting the use of the `mount.cifs` command with the `ip=` argument until a patch is available. As a temporary workaround, avoid using the `ip=` command-line argument in `mount.cifs` to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** cifs-utils versions through 6.14 **Description** The issue is related to an information leak when a file contains `=` (equal sign) characters but is not a valid credentials file, particularly with verbose logging enabled. This can potentially allow a remote attacker to disclose protected information. **Recommendations** For versions through 6.14, consider disabling verbose logging as a temporary workaround until a patch is available. Restrict access to files that may contain `=` characters to minimize the risk of exploitation. Avoid using files with `=` characters in their content for credential purposes until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Synaman versions 5.1 and below **Description** The issue is related to weak file permissions, allowing authenticated attackers to escalate privileges. **Recommendations** For Synaman versions 5.1 and below, update to a version above 5.1 to resolve the issue. As a temporary workaround, consider restricting access to sensitive files and directories to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Synaman versions 5.1 and below **Description** The HTTP interface was discovered to allow authenticated attackers to execute arbitrary code and escalate privileges. **Recommendations** For versions 5.1 and below, update to a version above 5.1 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.