Sam James

**Name of the Vulnerable Software and Affected Versions** Hyprland versions through 0.39.1 **Description** A local attacker can cause execution of arbitrary assembly code by writing to a predictable temporary file through a race condition in plugins/HookSystem.cpp. This issue allows for the execution of arbitrary assembly code. **Recommendations** For Hyprland versions through 0.39.1, update to a version after 28c8561 to resolve the issue. As a temporary workaround, consider restricting access to the temporary files used by the HookSystem to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** GNU Bison versions prior to 3.5.4 **Description** The issue allows attackers to cause a denial of service, resulting in an application crash. This can occur when GNU Bison is used with untrusted input and a specific bug happens to cause unsafe behavior with a certain compiler or architecture. The bug reports indicate that the crash may occur in Bison itself. **Recommendations** For versions prior to 3.5.4, update to version 3.5.4 or later to resolve the issue. As a temporary workaround, consider avoiding the use of untrusted input with GNU Bison until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Mutt versions prior to 1.14.3 **Description** The issue is related to incorrect certificate authentication. It may allow a remote attacker to perform a man-in-the-middle attack. If a user rejects an expired intermediate certificate in response to a GnuTLS certificate prompt, Mutt proceeds with the connection anyway. **Recommendations** For versions prior to 1.14.3, update to version 1.14.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Caddy versions prior to 0.10.13 **Description** The issue is related to the mishandling of TLS client authentication. This is caused by the lack of the StrictHostMatching mode, allowing an attacker to bypass TLS client authentication. An attacker may indicate an SNI during the TLS handshake that is different from the name in the HTTP Host header, which can lead to an authentication bypass. **Recommendations** For versions prior to 0.10.13, update to version 0.10.13 or later to resolve the issue. As a temporary workaround, consider enabling the StrictHostMatching mode to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Pound versions prior to 2.8 **Description** The issue allows HTTP request smuggling, which is related to other security concerns. **Recommendations** For versions prior to 2.8, update to version 2.8 or later to resolve the issue.