Vasyl Kaigorodov

**Name of the Vulnerable Software and Affected Versions** PHP versions 5.6.x through 5.6.0 **Description** The issue is related to a use-after-free vulnerability in the `add post var` function of the Posthandler component. This vulnerability can be exploited by remote attackers to execute arbitrary PHP code by leveraging a third-party filter extension that accesses a certain `ksep` value. **Recommendations** For PHP versions 5.6.x through 5.6.0, update to version 5.6.1 or later to resolve the issue. As a temporary workaround, consider restricting access to third-party filter extensions that may access the `ksep` value until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** python-requests-Kerberos versions prior to 0.6 **Description** The issue concerns mutual authentication handling. **Recommendations** For versions prior to 0.6, update to version 0.6 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** ARC version 5.21q **Description** The issue allows directory traversal via a full pathname in an archive file. **Recommendations** For version 5.21q, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** mod-gnutls (affected versions not specified) **Description** The issue concerns the validation of client certificates. When "GnuTLSClientVerify require" is set in a directory context, mod-gnutls fails to validate client certificates, allowing remote attackers to spoof clients by using a crafted certificate. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Apache Qpid versions 0.30 and earlier **Description** The issue allows remote attackers to cause a denial of service, resulting in a daemon crash, by sending a crafted protocol sequence set. This problem exists due to an incomplete fix for a previous issue. **Recommendations** For Apache Qpid versions 0.30 and earlier, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** fedora-cloud-atomic.ks in spin-kickstarts (affected versions not specified) **Description** The issue allows remote attackers to conduct man-in-the-middle attacks by leveraging the use of HTTP to download Fedora Atomic updates. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** coreutils version 8.4 **Description** The issue allows local users to delete arbitrary files due to a problem in fts.c. **Recommendations** For coreutils version 8.4, update to a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Red Hat JBoss Enterprise Application Platform (EAP) versions prior to 6.4.1 **Description** The issue allows attackers to obtain sensitive information via vectors involving logging the LDAP bind credential password when TRACE logging is enabled. This affects the AdvancedLdapLoginModule in Red Hat JBoss Enterprise Application Platform (EAP). **Recommendations** For versions prior to 6.4.1, update to version 6.4.1 or later to resolve the issue. As a temporary workaround, consider disabling TRACE logging to minimize the risk of exploitation. Restrict access to the AdvancedLdapLoginModule to minimize the risk of sensitive information disclosure.

**Name of the Vulnerable Software and Affected Versions** Apache Directory LDAP API versions prior to 1.0.0-M31 **Description** The issue allows attackers to conduct timing attacks via unspecified vectors. This could potentially be exploited to gain sensitive information. **Recommendations** For versions prior to 1.0.0-M31, update to version 1.0.0-M31 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** MantisBT versions 1.2.13 through 1.2.19 **Description** The issue is related to a cross-site scripting (XSS) vulnerability. **Recommendations** For versions 1.2.13 through 1.2.19, update to version 1.2.20 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** mktexlsr versions as packaged in texlive before revision 36626 and after revision 36855 **Description** The issue allows local users to write to arbitrary files via a symlink attack. This problem exists due to the reversion of a previous fix. **Recommendations** For versions as packaged in texlive before revision 36626 and after revision 36855, update to a version that includes the fix for this issue to prevent local users from writing to arbitrary files via a symlink attack.

**Name of the Vulnerable Software and Affected Versions** php-fpm (affected versions not specified) **Description** The issue allows local users to write to or create arbitrary files via a symlink attack. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OpenStack Compute (nova) versions Icehouse through Juno, Havana **Description** The issue allows local users to access VM volumes without proper permissions when live migration fails. **Recommendations** For OpenStack Compute (nova) versions Icehouse through Juno, Havana, consider restricting access to VM volumes until a fix is available.

**Name of the Vulnerable Software and Affected Versions** Elasticsearch versions prior to 1.6.0 **Description** The issue allows remote authenticated users to write to and create arbitrary snapshot metadata files, potentially leading to the execution of arbitrary code. This is possible when another application on the system can read Lucene files and execute code from them, and the Java VM running Elasticsearch can write to a location readable and executable by the other application. **Recommendations** For versions prior to 1.6.0, update to version 1.6.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the snapshot API to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** MantisBT versions 1.2.19 and earlier **Description** The issue allows remote authenticated users to download attachments linked to arbitrary private projects. This is possible when the threshold to access files is set to ANYBODY. The `file id` parameter in the "file download.php" endpoint is used to exploit this issue. **Recommendations** For MantisBT versions 1.2.19 and earlier, consider restricting access to the file download.php endpoint until a fix is available. As a temporary workaround, change the $g view proj doc threshold setting to a value other than ANYBODY to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** rsyslog (affected versions not specified) **Description** The issue allows local users to obtain sensitive information by reading files in /var/log/cron due to weak permissions used by rsyslog for generating log files. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** nss compat ossl (affected versions not specified) **Description** The cipherstring parsing code in nss compat ossl has an issue when in multi-keyword mode, where it does not match the expected set of ciphers for a given cipher combination. This could allow attackers to have an unspecified impact via unknown vectors. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** tlslite versions prior to 0.4.9 **Description** The issue allows remote attackers to trigger a denial of service, resulting in a runtime exception and process crash. **Recommendations** For versions prior to 0.4.9, update to version 0.4.9 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Zend Framework versions 2.3.x through 2.3.5 **Description** A cross-site request forgery (CSRF) issue exists due to null or malformed token identifiers in the Zend/Validator/Csrf component. **Recommendations** For versions 2.3.x through 2.3.5, update to version 2.3.6 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** CHICKEN versions prior to 4.10.0 **Description** The issue allows remote attackers to cause a denial of service, resulting in a crash. **Recommendations** For versions prior to 4.10.0, update to version 4.10.0 or later to resolve the issue.