Lion

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to an out-of-bounds write vulnerability in the Linux kernel's net/sched: sch qfq component. This vulnerability can be exploited to achieve local privilege escalation. The `qfq change agg()` function in net/sched/sch qfq.c allows an out-of-bounds write because `lmax` is updated according to packet sizes without bounds checks. **Recommendations** Upgrade past commit 3e337087c3b5805fe0b8a46ba622a962880b5d64 to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable `qfq change agg()` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Telerik Fiddler versions prior to 5.0.20204 **Description** The issue allows attackers to execute arbitrary programs via a hostname with a trailing space character, followed by --utility-and-browser --utility-cmd-prefix= and the pathname of a locally installed program. The victim must interactively choose the Open On Browser option. **Recommendations** For versions prior to 5.0.20204, update to version 5.0.20204 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the Open On Browser option for hostnames with suspicious characters. Restrict access to locally installed programs to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Titan FTP versions 3.21 and earlier **Description** A heap-based buffer overflow issue allows remote attackers to cause a denial of service (crash) via a long FTP command, such as `CWD`, `STAT`, or `LIST`. **Recommendations** For versions 3.21 and earlier, update to a version later than 3.21 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** WFTPD Pro Server version 3.21 **Description** The issue allows remote authenticated users to cause a denial of service, resulting in a crash, by sending a series of long MLIST commands. **Recommendations** For WFTPD Pro Server version 3.21, consider restricting access to the MLIST command as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** WS FTP version 5.0.2 **Description** The issue allows remote authenticated users to cause a denial of service, specifically CPU consumption, by sending a CD command with an invalid path containing a "../" sequence. **Recommendations** For WS FTP version 5.0.2, consider restricting access to the CD command or validating the paths provided in the CD command to prevent CPU consumption. As a temporary workaround, restrict the use of the CD command with "../" sequences until a patch is available.