Matthew Vernon

**Name of the Vulnerable Software and Affected Versions** Prayer versions 1.0 through 1.3.5 **Description** The issue arises when a user clicks on a link in their email, causing Prayer to send a Referer header that contains the user's username. This occurs because the header.t lacks a no-referrer setting. **Recommendations** For versions 1.0 through 1.3.5, consider adding a no-referrer setting to the header.t to prevent the inclusion of the username in the Referer header.

**Name of the Vulnerable Software and Affected Versions** OpenSSH versions 6.6 and earlier **Description** The issue allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertificate. This can lead to a bypass of security restrictions. Exploitation of the vulnerability can be done remotely and may result in the disruption of confidentiality and integrity of protected information. **Recommendations** For OpenSSH versions 6.6 and earlier, update to a version later than 6.6 to resolve the issue. As a temporary workaround, consider disabling the `verify host key` function until a patch is available. Restrict access to the SSH service to minimize the risk of exploitation. Avoid using the `HostCertificate` in the SSH connection process until the issue is resolved.