Orange

**Name of the Vulnerable Software and Affected Versions** Dovecot versions prior to 2.3.11.3 **Description** The issue is related to incorrect input validation in the Dovecot mail server. It can be exploited by a remote attacker who sends a specially formatted RPA request, leading to a crash in the authentication service. **Recommendations** For versions prior to 2.3.11.3, update to version 2.3.11.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the RPA request functionality until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** resolve-path versions prior to 1.4.0 **Description** The issue arises from a lack of validation of paths containing certain special characters in the resolve-path node module, allowing a malicious user to read the content of any file with a known path. This is due to a path traversal vulnerability. Specifically, the relative path resolving in resolve-path suffers from a lack of file path sanitization for Windows-based paths. **Recommendations** Update to version 1.4.0 or later.

**Name of the Vulnerable Software and Affected Versions** PHP versions 7.0.x through 7.0.26 PHP versions 7.1.x through 7.1.12 PHP versions 7.2.x through 7.2.0 **Description** The issue arises from inappropriately parsing an HTTP response, leading to a segmentation fault. This occurs because the `http header value` in ext/standard/http fopen wrapper.c can be a NULL value that is mishandled in an atoi call. The vulnerability is related to the `http header value` function and can be exploited by a remote attacker to cause a denial of service. **Recommendations** For PHP versions 7.0.x through 7.0.26, update to version 7.0.27 or later. For PHP versions 7.1.x through 7.1.12, update to version 7.1.13 or later. For PHP versions 7.2.x through 7.2.0, update to version 7.2.1 or later.