Pierre-Yves Rofes

Name of the Vulnerable Software and Affected Versions: Opera versions prior to 9.52 Description: The issue concerns Opera not checking the CRL override when encountering a certificate that lacks a CRL. The impact and attack vectors of this issue are unknown. It was included in a security section of the advisory by the vendor, although it is not clear whether it is a vulnerability. Recommendations: For Opera versions prior to 9.52, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ViewVC versions prior to 1.0.5 **Description** The issue allows remote attackers to read files and list folders under the hidden CVSROOT folder due to insufficient access control. This occurs because sensitive information is stored under the web root. **Recommendations** For versions prior to 1.0.5, update to version 1.0.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** ViewVC versions prior to 1.0.5 **Description** The issue allows remote attackers to obtain sensitive information by reading forbidden pathnames, log history, or diff view path parameters without proper access checks. **Recommendations** For versions prior to 1.0.5, update to version 1.0.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** zsh version 4.3.4 **Description** The issue allows local users to overwrite arbitrary files via a symlink attack on temporary files created by Util/difflog.pl in zsh. **Recommendations** For zsh version 4.3.4, consider updating to a newer version that addresses this issue, or as a temporary workaround, restrict access to the Util/difflog.pl script to minimize the risk of exploitation.