Sebastian Pipping

**Name of the Vulnerable Software and Affected Versions** libexpat versions prior to 2.7.6 **Description** The software uses insufficient entropy, which allows hash flooding to occur through a specially crafted XML document. Hash flooding is a technique where many different inputs are designed to produce the same hash value, causing a collision that degrades the performance of hash tables. **Recommendations** Update to version 2.7.6.

**Name of the Vulnerable Software and Affected Versions** libexpat versions prior to 2.7.4 **Description** The `doContent` function in libexpat does not correctly calculate the buffer size `bufSize` when reallocating memory for tags, due to a missing integer overflow check. This can lead to potential issues with memory management. **Recommendations** Update libexpat to version 2.7.4 or later.

**Name of the Vulnerable Software and Affected Versions** libexpat versions prior to 2.7.5 **Description** The software contains a flaw where a NULL pointer dereference can occur within the `setContext` function when retrying an operation after a previous out-of-memory condition. **Recommendations** Update libexpat to version 2.7.5 or later.

**Name of the Vulnerable Software and Affected Versions** please versions 0.5.4 and earlier **Description** The issue allows privilege escalation through the TIOCSTI and/or TIOCLINUX ioctl. This can be exploited when these ioctls are not disabled. The vulnerability affects both cases where root wants to drop privileges and when non-root wants to gain other privileges. **Recommendations** For please versions 0.5.4 and earlier, consider disabling the TIOCSTI and TIOCLINUX ioctls as a temporary workaround to prevent exploitation. Additionally, restrict the use of the please software until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: mysecureshell version 1.31 Description: The issue is related to a local information disclosure. Recommendations: For mysecureshell version 1.31, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: MySecureShell version 1.31 Description: MySecureShell has a local denial of service issue. Recommendations: For MySecureShell version 1.31, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** mpack version 1.6 **Description** The issue allows for information disclosure through eavesdropping on mails sent by other users. **Recommendations** For version 1.6, at the moment, there is no information about a newer version that contains a fix for this issue.