Ryan

**Name of the Vulnerable Software and Affected Versions** FreeBSD (affected versions not specified) **Description** The `ptrace(PT SC REMOTE)` function failed to properly validate parameters for the `syscall(2)` and ` syscall(2)` meta-system calls. This allows a user with debugging capabilities to trigger arbitrary code execution in the kernel, regardless of the target process's privileges. An unprivileged local user can exploit this to escalate privileges and potentially gain full control of the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux Kernel (affected versions not specified) **Description** A use-after-free issue exists where a file descriptor can be closed while a thread is blocked in a `poll(2)` or `select(2)` call waiting for that descriptor. Since the blocked thread does not hold a reference to the underlying object, the object may be freed while the thread remains blocked. The kernel fails to unlink blocked threads from the per-object wait queue for certain file descriptor types before freeing the object. Consequently, when the blocked thread wakes up, it accesses memory that has already been freed. This can be triggered by an unprivileged local user to obtain superuser privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FreeBSD versions 14.x **Description** A stack buffer overflow exists in the `setcred(2)` system call. The issue occurs because a user-supplied list of supplementary groups is copied into a fixed-size kernel stack buffer before the privilege level of the caller is verified and without validating the length of the list. An unprivileged local user can trigger this overflow, potentially allowing the execution of arbitrary code within the kernel context to gain elevated privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Apache OFBiz versions prior to 18.12.17 **Description** The issue is related to improper control of code generation, allowing for code injection, and also involves cross-site request forgery (CSRF) and improper neutralization of special elements used in a template engine. This could potentially enable a remote attacker to perform a server-side request forgery (SSRF) attack. **Recommendations** For versions prior to 18.12.17, upgrade to version 18.12.17 to fix the issue. As a temporary workaround, consider restricting access to vulnerable components until the upgrade can be applied.

**Name of the Vulnerable Software and Affected Versions** MariaDB versions prior to 10.9.2 **Description** The issue is caused by errors in resource locking in the ds compress.cc component of the MariaDB database management system. Exploitation of this issue can allow an attacker to cause a denial of service. Local users can trigger a deadlock when compress write in extra/mariabackup/ds compress.cc fails to release data mutex upon a stream write failure. **Recommendations** For versions prior to 10.9.2, update to version 10.9.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the `compress write` function in `ds compress.cc` to minimize the risk of exploitation. Avoid using the `data mutex` variable in the affected `compress write` function until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** WordPress plugin versions prior to 6.9 **Description** The issue concerns the Content text slider on post WordPress plugin, where the Title and Message/Content settings are not properly sanitised and escaped, potentially leading to Cross-Site Scripting issues. **Recommendations** For versions prior to 6.9, update to version 6.9 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: MySQL Server versions 8.0.26 and prior Description: A vulnerability in the MySQL Server product allows a highly privileged attacker with network access via multiple protocols to compromise the server. Successful attacks can result in the unauthorized ability to cause a hang or frequently repeatable crash of the MySQL Server, leading to a denial of service. Recommendations: For versions 8.0.26 and prior, update to a version later than 8.0.26 to resolve the issue. At the moment, there is no information about additional mitigation measures for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 51.0.2704.63 Opera (affected versions not specified) **Description** The issue is related to the deletion of HPKP pins during cache clearing, which makes it easier for remote attackers to spoof web sites via a valid certificate from an arbitrary recognized Certification Authority. This occurs in the browser/browsing data/browsing data remover.cc component. **Recommendations** For Google Chrome versions prior to 51.0.2704.63, update to version 51.0.2704.63 or later to resolve the issue. For Opera, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WordPress versions prior to 3.0.2 **Description** A cross-site scripting issue exists due to improper handling of a plugin's author field during the Delete Plugin action. This could allow remote attackers to inject arbitrary web script or HTML. **Recommendations** For versions prior to 3.0.2, update to version 3.0.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the wp-admin/plugins.php page until the update is applied. Avoid using the author field in plugins until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Wordpress versions prior to 2.8.3 **Description** The issue allows remote attackers to make unauthorized edits or additions by sending a direct request to certain API endpoints, including "edit-comments.php", "edit-pages.php", "edit.php", "edit-category-form.php", "edit-link-category-form.php", "edit-tag-form.php", "export.php", "import.php", or "link-add.php" in the wp-admin directory. **Recommendations** For Wordpress versions prior to 2.8.3, update to version 2.8.3 or later to resolve the issue.