Msiddiqu

**Name of the Vulnerable Software and Affected Versions** QEMU (affected versions not specified) **Description** A stack-buffer-overflow was found in the NVME component of QEMU. The issue lies in the `nvme changed nslist()` function, where a malicious guest controlling certain input can read out of bounds memory. This could lead to the disclosure of sensitive information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PostgreSQL (affected versions not specified) **Description** The issue is related to a flaw in PostgreSQL that allows an attacker to read arbitrary bytes of server memory using a specially crafted query. In the default configuration, any authenticated database user can exploit this issue at will, without needing the ability to create objects. The attack's feasibility may be affected by server settings, such as max worker processes=0, but undiscovered variants of the attack may not be dependent on this setting. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Red Hat Enterprise Linux (affected versions not specified) **Description** The issue is related to the RPM package manager in Red Hat Enterprise Linux, where there is an incorrect link resolution before accessing a file. This can allow an attacker to elevate their privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Red Hat Enterprise Linux (affected versions not specified) **Description** The issue is caused by a race condition in the RPM package manager of Red Hat Enterprise Linux operating systems. Exploitation of this issue may allow an attacker to elevate their privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** RPM (affected versions not specified) **Description** A flaw was found in RPM's hdrblobInit() function in lib/header.c, which allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability. Exploitation of the vulnerability may allow a remote attacker to cause a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Privoxy versions prior to 3.0.29 Description: A flaw in Privoxy can cause memory leaks in the show-status CGI handler when memory allocations fail, potentially leading to a system crash. Recommendations: For versions prior to 3.0.29, update to version 3.0.29 or later to resolve the issue. As a temporary workaround, consider restricting access to the show-status CGI handler until a patch is available.

Name of the Vulnerable Software and Affected Versions: Privoxy versions prior to 3.0.29 Description: A flaw was found in Privoxy. Memory leaks in the client-tags CGI handler when client tags are configured and memory allocations fail can lead to a system crash. Recommendations: For versions prior to 3.0.29, update to version 3.0.29 or later to resolve the issue. As a temporary workaround, consider disabling the client-tags CGI handler until a patch is available. Restrict access to the client-tags configuration to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Privoxy versions prior to 3.0.29 Description: A memory leak in the show-status CGI handler can occur when no filter files are configured, potentially leading to a system crash. This issue affects Privoxy and can be exploited by attackers to cause a system crash. Recommendations: For versions prior to 3.0.29, update to version 3.0.29 or later to resolve the issue. As a temporary workaround, consider configuring filter files to prevent the memory leak in the show-status CGI handler.

Name of the Vulnerable Software and Affected Versions: Privoxy versions prior to 3.0.29 Description: A flaw was found in Privoxy that causes a memory leak when client tags are active, potentially leading to a system crash. Recommendations: For versions prior to 3.0.29, update to version 3.0.29 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Privoxy versions prior to 3.0.29 Description: A flaw in Privoxy causes a memory leak when multiple filters are executed and the last one is skipped due to a pcre error, leading to a system crash. This issue allows attackers to cause the system to crash. Recommendations: For versions prior to 3.0.29, update to version 3.0.29 or later to resolve the issue. As a temporary workaround, consider restricting the use of multiple filters to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Privoxy versions prior to 3.0.29 Description: A flaw was found that could result in a crash if accept-intercepted-requests was enabled. This occurs when Privoxy fails to get the request destination from the Host header and a memory allocation fails. Recommendations: For versions prior to 3.0.29, update to version 3.0.29 or later to resolve the issue. As a temporary workaround, consider disabling the accept-intercepted-requests feature until a patch is available.

**Name of the Vulnerable Software and Affected Versions** jackson-databind versions prior to 2.9.10.7 jackson-databind versions prior to 2.6.7.5 **Description** The issue is related to the jackson-databind library's handling of serialization gadgets and typing, which can lead to the restoration of untrusted data in memory. This can allow a remote attacker to execute arbitrary code, posing a threat to data confidentiality, integrity, and system availability. **Recommendations** For versions prior to 2.9.10.7, update to version 2.9.10.7 or later to resolve the issue. For versions prior to 2.6.7.5, update to version 2.6.7.5 or later to resolve the issue. As a temporary workaround, consider restricting the interaction between serialization gadgets and typing to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** JBoss EAP version 6.4.21 **Description** The issue is related to JBoss EAP not parsing the field-name according to RFC7230, resulting in a 200 response instead of a 400 response. **Recommendations** For JBoss EAP version 6.4.21, consider updating to a version that adheres to RFC7230 parsing standards to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Privoxy versions prior to 3.0.29 **Description** A memory leak issue was found in the show-status CGI handler when no action files are configured. This issue can be exploited by a remote attacker to cause a denial of service. **Recommendations** For versions prior to 3.0.29, update to version 3.0.29 or later to resolve the issue. As a temporary workaround, consider restricting access to the show-status CGI handler until a patch is available.

**Name of the Vulnerable Software and Affected Versions** cifs-utils (affected versions not specified) **Description** The issue is related to the mount.cifs command in cifs-utils, which invokes a shell when requesting the Samba password. This could allow an attacker to inject arbitrary commands, potentially leading to privilege escalation if the command is invoked with special permissions, such as via sudo rules. The vulnerability is also associated with a lack of input sanitization, which could enable an attacker to access confidential data, compromise its integrity, and cause a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** evolution-ews versions prior to 3.31.3 **Description** The issue allows an attacker to potentially obtain confidential information by tricking a user into connecting to a fake server, as the software does not properly validate SSL certificates. **Recommendations** For versions prior to 3.31.3, update to version 3.31.3 or later to resolve the issue.