Msmeissn

**Name of the Vulnerable Software and Affected Versions** Hashicorp go-getter library versions prior to 1.5.11 **Description** The issue concerns the Hashicorp go-getter library, where SSH credentials could be written into its logfile. This exposes sensitive credentials to local users who have the ability to read the logfile. **Recommendations** For versions prior to 1.5.11, update to version 1.5.11 or later to resolve the issue. As a temporary workaround, consider restricting access to the logfile to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** libexif (affected versions not specified) Android versions Android-10 **Description** The issue is caused by an integer overflow in the libexif library, which is used for parsing EXIF files. This could allow a remote attacker to access confidential data, compromise its integrity, and cause a denial of service. The vulnerability may lead to remote escalation of privilege in the media content provider. User interaction is required for exploitation. **Recommendations** For libexif, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Android versions Android-10, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libsndfile version 1.0.28 **Description** The issue is related to a buffer over-read in the `i2ulaw array` function, which can lead to a denial of service. This can be exploited by a remote attacker to cause a service disruption. The `i2ulaw array` function in the ulaw.c file is specifically affected. **Recommendations** For libsndfile version 1.0.28, consider disabling the `i2ulaw array` function as a temporary workaround until a patch is available. Restrict access to the ulaw.c module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libsndfile versions 1.0.28 **Description** The issue is related to a buffer over-read in the `i2alaw array` function, which can lead to a denial of service. This can potentially allow a remote attacker to access confidential information or cause a service disruption. The `i2ulaw array` function is also mentioned as being related to a buffer data boundary issue, which can be exploited by a remote attacker. **Recommendations** For libsndfile version 1.0.28, consider disabling the `i2alaw array` function as a temporary workaround until a patch is available. Restrict access to the vulnerable `alaw.c` module to minimize the risk of exploitation. Avoid using the `i2ulaw array` function in affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SaltStack Salt versions 2016.11 through 2016.11.3 **Description** The issue concerns the salt-ssh minion code, which copies configuration from the Salt Master without adjusting permissions. This might lead to credentials being leaked to local attackers on configured minions. **Recommendations** For SaltStack Salt versions 2016.11 through 2016.11.3, update to version 2016.11.4 or later to resolve the issue.