Jvoisin

**Name of the Vulnerable Software and Affected Versions** RaspAP (aka raspap-webgui) versions 3.0.9 and earlier **Description** The issue allows remote attackers to cause a persistent denial of service, potentially leading to device bricking, via a crafted request. **Recommendations** For RaspAP (aka raspap-webgui) versions 3.0.9 and earlier, as a temporary workaround, consider restricting access to the web interface until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: AdGuard versions prior to 0.105.2 Description: An issue was discovered where an attacker who obtains a user's cookie can bruteforce their password offline. This is possible because the hash of the password is stored in the cookie. Recommendations: For versions prior to 0.105.2, update to version 0.105.2 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive areas of the application that use the stored password hash until a patch is applied. Avoid using the application with sensitive accounts until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Calibre-Web version 0.6.6 **Description** The issue allows authentication bypass due to a hardcoded secret key 'A0Zr98j/3yX R~XHH!jmN]LWX/,?RT'. **Recommendations** For Calibre-Web version 0.6.6, update the secret key to a unique and secure value to prevent authentication bypass. As a temporary workaround, consider restricting access to the application until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Shaarli (affected versions not specified) **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. The injection can occur via the URL to specific functions such as `showRSS`, `showATOM`, or `showDailyRSS`, a file name to the `importFile` function, or through vectors related to bookmarks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** chkrootkit versions prior to 0.50 **Description** The issue arises from the slapper function in chkrootkit, which fails to properly quote file paths. This allows local users to execute arbitrary code via a Trojan horse executable, but only when /tmp is not mounted with the noexec option. **Recommendations** For versions prior to 0.50, update to version 0.50 or later to resolve the issue. As a temporary workaround, consider mounting /tmp with the noexec option to minimize the risk of exploitation.