Josselin Mouette

**Name of the Vulnerable Software and Affected Versions** Ocsinventory-Agent versions prior to 0.0.9.3 Ocsinventory-Agent versions 1.x prior to 1.0.1 **Description** The issue allows local users to gain privileges via a Trojan horse Perl module in an arbitrary directory. Multiple vulnerabilities in the ocsinventory-agent package may lead to disruption of confidentiality, integrity, and availability of protected information, potentially exploitable by a local attacker. **Recommendations** For Ocsinventory-Agent versions prior to 0.0.9.3, update to version 0.0.9.3 or later. For Ocsinventory-Agent versions 1.x prior to 1.0.1, update to version 1.0.1 or later.

Name of the Vulnerable Software and Affected Versions: libsoup HTTP library versions prior to 2.2.99 Description: The issue allows remote attackers to cause a denial of service, potentially leading to disruption of protected information. This can be achieved through the exploitation of malformed HTTP headers, likely involving missing fields or values. The `soup headers parse` function in `soup-headers.c` is specifically affected. Recommendations: For versions prior to 2.2.99, update to version 2.2.99 or later to resolve the issue. As a temporary workaround, consider restricting access to the `soup headers parse` function until a patch is available.