Setharnold

**Name of the Vulnerable Software and Affected Versions** cloud-init versions prior to 19.4 **Description** The issue is related to the `rand user password` function in `cloudinit/config/cc set passwords.py`, which has a small default password length (`pwlen` value). This makes it easier for attackers to guess passwords. **Recommendations** For versions prior to 19.4, consider increasing the default password length to make it more difficult for attackers to guess passwords. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: systemd version 242 Description: The issue allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled. Recommendations: For systemd version 242, consider updating to a newer version that handles the KDGKBMODE check correctly to prevent the exposure of cleartext passwords. As a temporary workaround, restrict access to the system during shutdown or when switching between terminals using Ctrl-Alt-F1 and Ctrl-Alt-F2 to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** OpenJPEG version 2.3.0 **Description** An issue was discovered in the mj2/opj mj2 extract.c file. The output prefix was not checked for length, which could cause a buffer overflow when a prefix with 50 or more characters is provided on the command line. **Recommendations** For OpenJPEG version 2.3.0, consider restricting the length of the output prefix to prevent buffer overflow until a patch is available.

**Name of the Vulnerable Software and Affected Versions** xrdp version 0.9.1 **Description** The issue arises from `xrdp` calling the PAM function `auth start session()` in an incorrect location. This leads to PAM session modules not being properly initialized, which can result in incorrect configurations or elevation of privileges. Specifically, this can bypass `pam limits.so`. **Recommendations** For xrdp version 0.9.1, consider updating to a newer version that correctly initializes PAM session modules to prevent potential elevation of privileges. At the moment, there is no information about a newer version that contains a fix for this vulnerability.