Mindless

**Name of the Vulnerable Software and Affected Versions** dnsmasq (affected versions not specified) **Description** The `extract name()` function can be abused to cause a heap buffer overflow, a condition where data exceeds the allocated memory buffer on the heap. This allows an attacker to inject false DNS cache entries, potentially redirecting DNS lookups to an attacker-controlled IP address or causing a Denial of Service (DoS). **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** VTiger CRM versions <= 8.1.0 **Description** The issue arises from improper sanitization of user input before it is used in a SQL statement, leading to a SQL Injection in the `CompanyDetails` operation of the `MailManager` module. **Recommendations** For VTiger CRM versions <= 8.1.0, update to a version higher than 8.1.0 to resolve the issue. As a temporary workaround, consider restricting access to the `MailManager` module to minimize the risk of exploitation. Avoid using the `CompanyDetails` operation until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** VTiger CRM versions <= 8.1.0 **Description** The issue concerns incorrect user privilege checking, allowing a low-privileged user to interact directly with the "Migration" administrative module. This enables the user to disable arbitrary modules. **Recommendations** For VTiger CRM versions <= 8.1.0, update to a version that includes the necessary privilege checks to prevent low-privileged users from accessing the "Migration" administrative module. As a temporary workaround, consider restricting access to the "Migration" module to minimize the risk of exploitation.