Smartkeyss

Name of the Vulnerable Software and Affected Versions: urllib3 versions prior to 1.26.19 urllib3 versions prior to 2.2.2 Description: The issue is related to the handling of the `Proxy-Authorization` header in urllib3, a Python HTTP client library. When using urllib3's proxy support with `ProxyManager`, the `Proxy-Authorization` header is only sent to the configured proxy. However, when sending HTTP requests without using urllib3's proxy support, it's possible to accidentally configure the `Proxy-Authorization` header, which won't have any effect but can still be sent on cross-origin redirects. This can potentially allow a remote attacker to obtain sensitive information. The severity of this issue is considered low for almost all users, as it requires specific conditions to be exploited: setting the `Proxy-Authorization` header without using urllib3's built-in proxy support, not disabling HTTP redirects, and either not using an HTTPS origin server or redirecting to a malicious origin. Recommendations: Update to version 1.26.19 or version 2.2.2 to resolve the issue. For versions prior to 1.26.19, use the `Proxy-Authorization` header with urllib3's `ProxyManager` as a mitigation. For versions prior to 2.2.2, disable HTTP redirects using `redirects=False` when sending requests as a mitigation. Alternatively, do not use the `Proxy-Authorization` header as a mitigation for versions prior to 1.26.19 and 2.2.2.

**Name of the Vulnerable Software and Affected Versions** NLTK versions 3.8.1 and earlier **Description** The issue is related to the nltk.download() function in the NLTK library, which can lead to remote code execution when untrusted packages containing pickled Python code are downloaded. This particularly affects the averaged perceptron tagger and punkt packages. The exploitation of this issue may allow a remote attacker to execute arbitrary code. **Recommendations** For NLTK versions 3.8.1 and earlier, as a temporary workaround, consider disabling the integrated data package download functionality until a patch is available. Restrict access to untrusted packages to minimize the risk of exploitation. Avoid using the nltk.download() function for packages that may contain pickled Python code until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** libcurl (affected versions not specified) **Description** The issue is related to the implementation of TLS protocols in libcurl, where the server certificate is not checked when connecting to a host specified as an IP address, when built to use mbedTLS. This affects all uses of TLS protocols, including HTTPS, FTPS, IMAPS, POPS3, SMTPS, etc. The vulnerability can be exploited by a remote attacker to conduct spoofing attacks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PuTTY versions 0.68 through 0.80 FileZilla versions 3.24.1 through 3.66.5 WinSCP versions 5.9.5 through 6.3.2 TortoiseGit versions 2.4.0.2 through 2.15.0 TortoiseSVN versions 1.10.0 through 1.14.6 **Description** The issue is related to biased ECDSA nonce generation in PuTTY, allowing an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especially important in scenarios where an adversary can read messages signed by PuTTY or Pageant, such as when messages are stored in a public Git service that supports SSH for commit signing. The vulnerability can be exploited to compromise private keys, potentially leading to unauthorized access to servers and services. In some cases, this could enable supply-chain attacks on software maintained in Git. **Recommendations** For PuTTY versions 0.68 through 0.80, update to version 0.81 or later to fix the security issue. For FileZilla versions 3.24.1 through 3.66.5, update to version 3.67.0 or later. For WinSCP versions 5.9.5 through 6.3.2, update to version 6.3.3 or later. For TortoiseGit versions 2.4.0.2 through 2.15.0, update to version 2.15.0.1 or later. For TortoiseSVN versions 1.10.0 through 1.14.6, apply the available workaround or wait for a patch.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 120.0.6099.224 **Description** The issue is related to an out-of-bounds write in the V8 JavaScript engine, which could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This could lead to arbitrary code execution. Technical details and proof-of-concept have emerged, indicating that threat actors could exploit this flaw to achieve remote code execution. **Recommendations** For Google Chrome versions prior to 120.0.6099.224, update to version 120.0.6099.224 or later to resolve the issue. As a temporary workaround, consider restricting access to potentially vulnerable API endpoints or disabling the use of the V8 JavaScript engine until a patch is applied. However, the most effective resolution is to update the browser to the latest version.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 116.0.5845.187 libwebp versions prior to 1.3.2 Firefox versions prior to 117.0.1+build2-0ubuntu0.20.04.1 **Description** A heap-based buffer overflow exists in the libwebp library used for encoding and decoding WebP images. This issue occurs during image decoding when a maliciously crafted WebP image or HTML page causes an out-of-bounds memory write. This can lead to a denial of service, application crashes, or the execution of arbitrary code by a remote attacker. The library is integrated into millions of applications, including container images for Wordpress, Nginx, and Python, which have seen over 5 billion downloads. There are reports of this issue being exploited by Pegasus in an Apple framework for reading and writing images. **Recommendations** Update to version 116.0.5845.187 or later. Update to version 1.3.2 or later. Update to version 117.0.1+build2-0ubuntu0.20.04.1 or later.

Name of the Vulnerable Software and Affected Versions: OpenSSH versions prior to 9.6p1-alt2, 7.9p1-alt4.gost.p10.1, and 8.9p1.202310-alt3. Description: A signal handler race condition exists in OpenSSH's server (sshd) when a client does not authenticate within the LoginGraceTime seconds. This can lead to the execution of arbitrary code with root privileges. The issue is a regression of CVE-2006-5051 and affects systems where the signal handler calls functions that are not async-signal-safe, such as syslog(). The vulnerability also includes a remote code execution issue in ssh-agent when using PKCS#11 support (CVE-2023-38408) and a file descriptor leak in runC (CVE-2024-21626). Recommendations: Upgrade OpenSSH to version 9.6p1-alt2 or later. Upgrade openquantumsafe-openssh to version 8.9p1.202310-alt3 or later. Upgrade openssh-gostcrypto to version 7.9p1-alt4.gost.p10.1 or later. Upgrade runC to the latest version to address the file descriptor leak.