Rahul Hoysala

**Name of the Vulnerable Software and Affected Versions** glibc versions prior to 2.44 **Description** The obsolete `nis local principal()` function may overflow a buffer in the data section. This allows an attacker to spoof a crafted response to a UDP request generated by this function and overwrite neighboring static data in the requesting application. NIS (Network Information Service) is a legacy system for distributing configuration data across a network. **Recommendations** Update to a version newer than 2.43. Port applications away from NIS to more modern identity and access management services.

Name of the Vulnerable Software and Affected Versions: Saurus CMS Community Edition version 4.7.1 Description: Saurus CMS Community Edition 4.7.1 contains an issue in the custom `DB::prepare()` function. The function utilizes `preg replace()` with the deprecated `/e` (eval) modifier for SQL query parameter interpolation, allowing injection of user-controlled SQL statements. This could potentially lead to arbitrary PHP code execution. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.