Racke

Name of the Vulnerable Software and Affected Versions: Sympa versions prior to 6.2.59b.2 Description: The issue is related to the `authenticateAndRun` function in the Sympa mailing list manager, which lacks proper cookie value validation. This allows a remote attacker to gain access to confidential data by sending any arbitrary string (except one from an expired cookie) as the cookie value to `authenticateAndRun`. This can provide full SOAP API access. Recommendations: For versions prior to 6.2.59b.2, update to version 6.2.59b.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the `authenticateAndRun` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Courier MTA versions prior to 0.53.2 **Description** The issue allows attackers to cause a denial of service, specifically CPU consumption, by exploiting how usernames with the "=" character are handled during encoding. **Recommendations** For versions prior to 0.53.2, update to version 0.53.2 or later to resolve the issue.