Mike Davis

**Name of the Vulnerable Software and Affected Versions** Digital Alert Systems DASDEC EAS device versions prior to 2.0-2 Monroe Electronics R189 One-Net EAS device versions prior to 2.0-2 **Description** The default configuration of the affected devices contains a known SSH private key, allowing remote attackers to obtain root access and spoof alerts via an SSH session. **Recommendations** For Digital Alert Systems DASDEC EAS device versions prior to 2.0-2, update to version 2.0-2 or later to resolve the issue. For Monroe Electronics R189 One-Net EAS device versions prior to 2.0-2, update to version 2.0-2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** libcairo (affected versions not specified) **Description** The issue allows remote attackers to cause a denial of service, resulting in a persistent client crash. This can be achieved by sending an attached text file with "Content-Disposition: inline" in the header and a very long line in the body. The client will repeatedly crash until the e-mail message is manually removed. The cause might be related to a buffer overflow, as demonstrated using an XML attachment. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.