Matthias Gerstner

**Name of the Vulnerable Software and Affected Versions** malcontent version 0.14.0 **Description** A D-Bus method `RecordUsage()` in malcontent-timerd allows arbitrary system users to exhaust disk space in the `/var/lib/malcontent-timerd` directory. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** cosmic-greeter versions prior to https://github.Com/pop-os/cosmic-greeter/pull/426 **Description** A Time-of-check Time-of-use (TOCTOU) race condition exists in cosmic-greeter. This condition can allow an attacker to regain privileges that should have been dropped and exploit vulnerabilities in the checking logic. **Recommendations** Update cosmic-greeter to a version after https://github.Com/pop-os/cosmic-greeter/pull/426.

**Name of the Vulnerable Software and Affected Versions** Anthropic Git MCP server (affected versions not specified) **Description** The Anthropic Git MCP server contains an argument injection flaw that allows for Remote Code Execution (RCE). The issue was identified in Anthropic’s own implementation of the Git MCP server. The potential impact extends to numerous community-run MCP servers that may lack security audits. The flaw allows an attacker to inject arguments, potentially leading to the execution of arbitrary code on the server. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** openSUSE sdbootutil versions prior to 5880246d3a02642dc68f5c8cb474bf63cdb56bca **Description** An insecure temporary file issue exists in openSUSE sdbootutil. A local user can pre-create a directory, potentially gaining access to private information located in `/var/lib/pcrlock.d`, manipulating data backed up in `/tmp/pcrlock.d.bak`, and overwriting protected system files with data from `/var/lib/pcrlock.d` by placing symlinks in `/tmp/pcrlock.d.bak`. This can violate data integrity if the backed-up data is restored. **Recommendations** Update openSUSE sdbootutil to a version after 5880246d3a02642dc68f5c8cb474bf63cdb56bca.

**Name of the Vulnerable Software and Affected Versions** Polkit versions prior to 0.69.0 **Description** A race condition exists in the Polkit authorization check. This issue, present in versions before 0.69.0, can lead to similar problems as those described in CVE-2025-66005. Polkit authentication is disabled by default. **Recommendations** Update to version 0.69.0 or later.

**Name of the Vulnerable Software and Affected Versions** Foomuuri versions prior to 0.27-2+deb13u1 Foomuuri versions prior to 0.31 **Description** An Improper Neutralization of Argument Delimiters issue exists in Foomuuri, potentially leading to integrity loss of the firewall configuration or other unspecified impacts. This occurs through manipulation of the JSON configuration passed to `nft`. The issue is triggered by a crafted `interface` input parameter. **Recommendations** Upgrade Foomuuri packages to version 0.27-2+deb13u1. For versions prior to 0.31, upgrade to a later version.

**Name of the Vulnerable Software and Affected Versions** Foomuuri versions prior to 0.31 Foomuuri version 0.27-2+deb13u1 **Description** An improper authorization issue in Foomuuri allows unauthorized users to modify the firewall configuration. This could lead to tampering of the firewall configuration. **Recommendations** Upgrade Foomuuri to version 0.27-2+deb13u1. For versions prior to 0.31, upgrade to a later version.

**Name of the Vulnerable Software and Affected Versions** InputPlumber versions prior to 0.63.0 **Description** A missing authorization check in the InputManager D-Bus interface of InputPlumber can result in local Denial-of-Service, information disclosure, or potential privilege escalation within the context of the active user session. **Recommendations** Update InputPlumber to version 0.63.0 or later.

**Name of the Vulnerable Software and Affected Versions** lightdm-kde-greeter versions prior to 6.0.4 **Description** An issue exists in lightdm-kde-greeter that allows for privilege escalation from the service user to root. This is due to execution with unnecessary privileges. **Recommendations** Update lightdm-kde-greeter to version 6.0.4 or later.

**Name of the Vulnerable Software and Affected Versions** OpenSMTPD (affected versions not specified) **Description** The software is susceptible to a denial-of-service condition through the use of a UNIX domain socket. The issue involves a potential for disruption of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** exim versions prior to 4.98.2-lp156.248.1 **Description** A flaw exists in the exim package related to a UNIX Symbolic Link (Symlink) Following vulnerability within the logrotate configuration. This issue allows for privilege escalation from the mail user/group to root. **Recommendations** Update to exim version 4.98.2-lp156.248.1 or later.

**Name of the Vulnerable Software and Affected Versions** mailman3 versions prior to 3.3.10-2.1 **Description** A reliance on untrusted inputs in a security decision within the logrotate configuration allows for potential escalation from mailman to root. **Recommendations** Update mailman3 to version 3.3.10-2.1 or later.

**Name of the Vulnerable Software and Affected Versions** sslh versions prior to 2.2.4 **Description** A Use of Out-of-range Pointer Offset issue in sslh leads to denial of service on some architectures. **Recommendations** For versions prior to 2.2.4, update to version 2.2.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** sslh versions prior to 2.2.4 **Description** A resource allocation issue without limits or throttling in sslh allows attackers to exhaust file descriptors, denying service to legitimate users. This issue can be exploited to impact user service through resource exhaustion attacks. **Recommendations** For versions prior to 2.2.4, update to version 2.2.4 or later to resolve the issue. As a temporary workaround, consider implementing measures to limit resource allocation and prevent exhaustion attacks.

**Name of the Vulnerable Software and Affected Versions** Screen versions 5.0.0 **Description** The issue is related to the `logfile reopen()` function in the GNU screen terminal multiplexer. When Screen runs with setuid-root privileges, it does not drop privileges while operating on a user-supplied path. This allows unprivileged users to create files in arbitrary locations with `root` ownership, the invoking user's (real) group ownership, and file mode 0644. All data written to the Screen PTY will be logged into this file, allowing escalation to root privileges. **Recommendations** For version 5.0.0, update to version 5.0.1 or later to resolve the issue. As a temporary workaround, consider disabling the `logfile reopen()` function until a patch is available. Restrict access to the Screen PTY to minimize the risk of exploitation. Avoid using the `logfile reopen()` function in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Screen (affected versions not specified) **Description** The default mode of pseudo terminals (PTYs) allocated by Screen was changed from 0620 to 0622, allowing anyone to write to any Screen PTYs in the system. This change in mode allows for escalation of privilege. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** cyrus-imapd versions prior to 3.8.4-2.1 **Description** A UNIX Symbolic Link (Symlink) Following issue in cyrus-imapd allows escalation from cyrus to root. This issue affects openSUSE Tumbleweed. **Recommendations** For versions prior to 3.8.4-2.1, update to version 3.8.4-2.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the cyrus-imapd service until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Below versions prior to 0.9.0 **Description** A flaw exists in the Below service that allows for privilege escalation. This is due to the creation of a world-writable directory located at `/var/log/below`. Local, unprivileged users could exploit this by using symlink attacks to manipulate critical system files, such as `/etc/shadow`, and gain root privileges. The vulnerability is related to incorrect permission assignments for a critical resource. **Recommendations** Versions prior to 0.9.0 should be updated to version 0.9.0 or later.

**Name of the Vulnerable Software and Affected Versions** screen (affected versions not specified) **Description** The issue allows any user on the system to connect to the screen session for a short time, as the PTY is set to mode 666. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Debian Linux (affected versions not specified) Description: The issue concerns file existence tests via socket lookup error messages, potentially affecting the screen package in Debian Linux. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.