Matthew Daley

**Name of the Vulnerable Software and Affected Versions** T Series readers versions prior to v8.20.200221b T Series readers versions prior to vGR8.10.179 T Series readers versions prior to vGR8.00.165 T Series readers versions prior to vGR7.90.165 T Series readers version v7.80 or earlier **Description** It is possible to retrieve site keys used for securing MIFARE Plus and Desfire using debug ports on T Series readers. **Recommendations** For versions prior to v8.20.200221b, update to v8.20.200221b or later. For versions prior to vGR8.10.179, update to vGR8.10.179 or later. For versions prior to vGR8.00.165, update to vGR8.00.165 or later. For versions prior to vGR7.90.165, update to vGR7.90.165 or later. For version v7.80 or earlier, update to a version later than v7.80.

**Name of the Vulnerable Software and Affected Versions** Xen versions prior to 4.12 **Description** An issue in Xen allows 64-bit PV guest OS users to cause a denial of service, resulting in a host OS crash. This occurs because a non-canonical address can be passed to the TLB flushing code, leading to a #GP[0] exception. The issue exists due to an incorrect mitigation of a previous problem. **Recommendations** For Xen versions prior to 4.12, update to version 4.12 or later to resolve the issue. At the moment, there is no other information about additional mitigation measures for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Horde Ldap library versions prior to 2.0.6 **Description** The issue allows remote attackers to bypass authentication by leveraging knowledge of the LDAP bind user DN. **Recommendations** For versions prior to 2.0.6, update to version 2.0.6 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Codestyling Localization plugin versions 1.99.30 and earlier **Description** The issue concerns multiple cross-site request forgery (CSRF) vulnerabilities. CSRF is a type of attack where an attacker tricks a user into performing unintended actions on a web application that the user is authenticated to. **Recommendations** For Codestyling Localization plugin versions 1.99.30 and earlier, update to a version later than 1.99.30 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Xen versions 4.5.x through 4.9.x **Description** An issue was discovered in the ` gnttab cache flush` function, which handles GNTTABOP cache flush grant table operations. The function checks if the calling domain is the owner of the page to be operated on and if a grant mapping exists in the owner's grant table. However, it does not verify if the owning domain has a grant table. Special domains like `DOMID XEN`, `DOMID IO`, and `DOMID COW` are created without grant tables, leading to a NULL pointer dereference when ` gnttab cache flush` operates on a page owned by these domains. **Recommendations** For Xen versions 4.5.x through 4.9.x, consider disabling the ` gnttab cache flush` function as a temporary workaround until a patch is available. Restrict access to pages owned by special domains like `DOMID XEN`, `DOMID IO`, and `DOMID COW` to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** phpMyBackupPro versions 2.5 and earlier **Description** The issue allows remote authenticated users to execute arbitrary PHP code by storing a crafted string in a user configuration file, due to improper sanitization of input strings. **Recommendations** For phpMyBackupPro versions 2.5 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** phpMyBackupPro versions prior to 2.5 **Description** The issue allows remote authenticated users to execute arbitrary PHP code by injecting scripts via the `path`, `filename`, and `period` parameters to "scheduled.php", and making requests to injected scripts. Additionally, it is possible to inject PHP into a PHP configuration variable via a PHP variable variable. **Recommendations** For versions prior to 2.5, as a temporary workaround, consider restricting access to the "scheduled.php" endpoint and avoid using the `path`, `filename`, and `period` parameters until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Apache OpenMeetings versions prior to 3.1.2 **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the `swf` parameter in the SWF panel. **Recommendations** For versions prior to 3.1.2, update to version 3.1.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the SWF panel to minimize the risk of exploitation. Avoid using the `swf` parameter in the affected panel until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** requests versions 2.1.0 through 2.5.3 **Description** The issue allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect. This is due to a problem in the `resolve redirects` function in sessions.py. **Recommendations** For requests versions 2.1.0 through 2.5.3, consider updating to a version where this issue is fixed, as the current version allows session fixation attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Privoxy versions prior to 3.0.23 **Description** The issue allows remote attackers to cause a denial of service, resulting in an abort, by sending a crafted chunk-encoded body. **Recommendations** For versions prior to 3.0.23, update to version 3.0.23 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Privoxy versions prior to 3.0.23 **Description** The issue allows remote attackers to cause a denial of service, resulting in an invalid read and crash, through vectors related to an HTTP time header. **Recommendations** For versions prior to 3.0.23, update to version 3.0.23 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Monkey HTTP Server versions prior to 1.5.3 **Description** The issue allows remote attackers to cause a denial of service by consuming file descriptors via an HTTP request that triggers an error message, when the File Descriptor Table (FDT) is enabled and custom error messages are set. **Recommendations** For versions prior to 1.5.3, update to version 1.5.3 or later to resolve the issue. As a temporary workaround, consider disabling the File Descriptor Table (FDT) or custom error messages to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** TeamPass versions prior to 2.1.20 **Description** The issue allows remote attackers to execute arbitrary SQL commands via several parameters, including the `login` parameter in `send pw by email` or `generate new password` actions, `iDisplayStart` and `iDisplayLength` parameters to files in `datatable/`, or the `sSortDir ` parameter to files in `datatable/` for remote authenticated users. **Recommendations** For versions prior to 2.1.20, update to version 2.1.20 or later to resolve the issue. As a temporary workaround, consider restricting access to the `sources/main.queries.php` and files in `source/datatable/` to minimize the risk of exploitation. Avoid using the `login`, `iDisplayStart`, `iDisplayLength`, and `sSortDir ` parameters in the affected API endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** TeamPass versions prior to 2.1.20 **Description** The issue allows remote attackers to bypass access restrictions. This can be achieved via the language file path in a request to "index.php" or a "change user language" request to "sources/main.queries.php". **Recommendations** For versions prior to 2.1.20, update to version 2.1.20 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** TeamPass versions prior to 2.1.20 **Description** The issue allows remote attackers to bypass access restrictions. This can be achieved by sending a request to "index.php" followed by a direct request to a file that calls the `session start()` function before checking the `CPM` key. An example of such a request is a call to "sources/upload/upload.files.php". **Recommendations** For versions prior to 2.1.20, update to version 2.1.20 or later to resolve the issue. As a temporary workaround, consider restricting direct access to files that call the `session start()` function before verifying the `CPM` key.

**Name of the Vulnerable Software and Affected Versions** TeamPass versions prior to 2.1.20 **Description** The issue allows remote attackers to inject arbitrary web script or HTML via the `group` parameter, which is not properly handled in a (1) `hid cat` or (2) `open folder` form element, or (3) `id` parameter, which is not properly handled in the `open id` form element. This occurs in the `items.php` file. **Recommendations** For versions prior to 2.1.20, update to version 2.1.20 or later to resolve the issue. As a temporary workaround, consider restricting access to the `items.php` file or disabling the `hid cat`, `open folder`, and `open id` form elements until a patch is available. Avoid using the `group` and `id` parameters in the affected form elements until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Cherokee versions 1.2.103 and earlier **Description** The issue concerns the cherokee validator ldap check function in validator ldap.c. When LDAP is used, it does not properly consider unauthenticated-bind semantics. This allows remote attackers to bypass authentication by using an empty password. **Recommendations** For Cherokee versions 1.2.103 and earlier, consider disabling the LDAP authentication mechanism until a patch is available. Restrict access to the cherokee validator ldap check function to minimize the risk of exploitation. Avoid using empty passwords in the affected LDAP configuration until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions through 3.14.3 **Description** The issue is related to the raw cmd copyout function in drivers/block/floppy.c, which does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call. This allows local users to obtain sensitive information from kernel heap memory by leveraging write access to a /dev/fd device. The problem is due to a lack of input sanitization in the FDRAWCMD ioctl system call, which can lead to information leakage and potentially elevate privileges. **Recommendations** For Linux kernel versions through 3.14.3, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Multiple integer overflows in unspecified suboperations in the flask hypercall in Xen 3.2.x and earlier, when XSM is enabled, allow local users to cause a denial of service (processor fault) via unspecified vectors, a different vulnerability than CVE-2014-1891, CVE-2014-1892, and CVE-2014-1893.

Multiple integer overflows in the (1) FLASK GETBOOL, (2) FLASK SETBOOL, (3) FLASK USER, and (4) FLASK CONTEXT TO SID suboperations in the flask hypercall in Xen 4.3.x, 4.2.x, 4.1.x, 3.2.x, and earlier, when XSM is enabled, allow local users to cause a denial of service (processor fault) via unspecified vectors, a different vulnerability than CVE-2014-1892, CVE-2014-1893, and CVE-2014-1894.