Vincent Danen

**Name of the Vulnerable Software and Affected Versions** tucan versions 0.3.10 and earlier **Description** The issue is related to an insecure plugin update mechanism, which could allow remote attackers to perform man-in-the-middle attacks and execute arbitrary code with the permissions of the user running the software. **Recommendations** For versions 0.3.10 and earlier, update to a version later than 0.3.10 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** 389 Directory Server versions prior to 1.2.7.1 HP-UX Directory Server versions prior to B.08.10.03 **Description** The issue allows local users to obtain sensitive information by reading the log when audit logging is enabled. This occurs because the Directory Manager password (`nsslapd-rootpw`) is logged in cleartext when changing `cn=config:nsslapd-rootpw`. **Recommendations** For 389 Directory Server versions prior to 1.2.7.1, update to version 1.2.7.1 or later to resolve the issue. For HP-UX Directory Server versions prior to B.08.10.03, update to version B.08.10.03 or later to resolve the issue. As a temporary workaround, consider disabling audit logging until a patch is available.

Name of the Vulnerable Software and Affected Versions: Symfony versions 2.0.X through 2.3.X before 2.0.24, 2.1.12, 2.2.5, and 2.3.3 Symfony version 2.0.X before 2.0.24 Symfony version 2.1.X before 2.1.12 Symfony version 2.2.X before 2.2.5 Symfony version 2.3.X before 2.3.3 However, to follow the instructions and consolidate the ranges into the most concise form, the above can be simplified to: Symfony versions 2.0.X through 2.3.X before their respective versions 2.0.24, 2.1.12, 2.2.5, and 2.3.3 Description: The issue lies in the HttpFoundation component where the Host header can be manipulated by an attacker when the framework is generating an absolute URL. A remote attacker could exploit this to inject malicious content into the Web application page and conduct various attacks. Recommendations: For Symfony version 2.0.X, update to version 2.0.24 or later. For Symfony version 2.1.X, update to version 2.1.12 or later. For Symfony version 2.2.X, update to version 2.2.5 or later. For Symfony version 2.3.X, update to version 2.3.3 or later.

**Name of the Vulnerable Software and Affected Versions** gksu-polkit versions prior to 0.0.3-6.fc18 **Description** A security issue was reported, but the patch applied to version 0.0.3-6.fc18 was improper and did not fix the issue. **Recommendations** For versions prior to 0.0.3-6.fc18, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** NetworkManager version 0.9.2.0 **Description** The issue arises when a new wireless network is created with WPA/WPA2 security in AdHoc mode, resulting in the creation of an open or insecure network. **Recommendations** For NetworkManager version 0.9.2.0, consider configuring the network settings manually to ensure the creation of a secure network, as the automatic setup may lead to an insecure configuration.

**Name of the Vulnerable Software and Affected Versions** ecryptfs-utils (affected versions not specified) **Description** The issue is related to the suid helper in ecryptfs-utils, which does not properly restrict mounting filesystems with nosuid and nodev options. This oversight creates a possible privilege escalation scenario. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PolarSSL versions 0.99pre4 through 1.1.1 **Description** A security bypass issue exists due to a weak encryption error when generating Diffie-Hellman values and RSA keys. This affects the generation of secure keys, potentially compromising the encryption. **Recommendations** For PolarSSL versions 0.99pre4 through 1.1.1, consider updating to a version that addresses the weak encryption error to prevent security bypass issues. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** mom (affected versions not specified) **Description** The issue is related to the creation of world-writable pid files in /var/run by mom. This could potentially allow unauthorized access or modification of these files. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OFBiz versions 16.11.01 through 16.11.04 **Description** The issue affects the /webtools/control/xmlrpc endpoint in the OFBiz XML-RPC event handler, making it vulnerable to External Entity Injection. This is achieved by passing DOCTYPE declarations with executable payloads, which can disclose the contents of files in the filesystem. Additionally, it can be used to probe for open network ports and determine whether a file exists or not based on returned error messages. **Recommendations** For OFBiz versions 16.11.01 through 16.11.04, consider disabling access to the /webtools/control/xmlrpc endpoint until a patch is available. As a temporary workaround, restrict the use of the XML-RPC event handler to minimize the risk of exploitation. Avoid using the endpoint for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FreeIPA versions 3.0 **Description** The issue arises from improper server identity verification before transmitting credential-containing cookies. **Recommendations** For FreeIPA version 3.0, update to a version that properly checks server identity before sending credential-containing cookies.

**Name of the Vulnerable Software and Affected Versions** surf (affected versions not specified) **Description** The issue concerns a cookie jar in the surf application that has read access from other local users. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** mwlib versions 0.13 through 0.13.4 **Description** The issue is related to a denial of service vulnerability that occurs when parsing #iferror magic functions. **Recommendations** For mwlib versions 0.13 through 0.13.4, update to a version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** libpoe-component-irc-perl versions prior to 6.32 **Description** The issue allows execution of arbitrary IRC commands by passing a specially crafted argument to the 'privmsg' handler, potentially causing the client to disconnect from the server. This can be achieved by including carriage returns and line feeds in the argument, such as "some textrQUIT". **Recommendations** For versions prior to 6.32, consider removing or properly handling carriage returns and line feeds in arguments passed to the 'privmsg' handler to prevent arbitrary IRC command execution. As a temporary workaround, restrict the use of the 'privmsg' handler until a proper fix is applied.

**Name of the Vulnerable Software and Affected Versions** OpenStack Keystone (affected versions not specified) **Description** The issue allows extremely long passwords to crash Keystone by exhausting stack space. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** qpid-cpp version 1.0 **Description** The issue occurs when a large message is sent and the Digest-MD5 mechanism with a security layer is in use, causing qpid-cpp to crash. **Recommendations** For qpid-cpp version 1.0, consider disabling the Digest-MD5 mechanism with a security layer as a temporary workaround until a patch is available. Restrict the size of messages to prevent crashes.

**Name of the Vulnerable Software and Affected Versions** Red Hat Directory Server version 8 389 Directory Server (affected versions not specified) **Description** The issue allows attackers to cause a denial of service via a crafted search query, resulting in a NULL pointer dereference. This is due to a problem in the ` ger parse control` function. **Recommendations** For Red Hat Directory Server version 8: At the moment, there is no information about a newer version that contains a fix for this vulnerability. For 389 Directory Server: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Redis version 2.6 **Description** The issue is related to an insecure temporary file vulnerability. It is associated with the /tmp/redis.ds file in Redis. **Recommendations** For Redis version 2.6, consider updating to a newer version that addresses this issue, or as a temporary workaround, restrict access to the /tmp/redis.ds file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** php-symfony2-Validator (affected versions not specified) **Description** The issue concerns the loss of information during serialization when using the Validator component with caching enabled, specifically with `SymfonyComponentValidatorMappingCacheApcCache` or any other cache implementing `SymfonyComponentValidatorMappingCacheCacheInterface`. This results in the loss of the `collectionCascaded` and `collectionCascadedDeeply` fields. As a consequence, arrays or traversable objects stored in fields using the `@Valid` constraint are not traversed by the validator once the validator configuration is loaded from the cache. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Bitlbee (affected versions not specified) **Description** The issue is related to Bitlbee not dropping extra group privileges correctly in the unix.c file. This could potentially lead to security problems, although specific details about exploitation or affected devices are not provided. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MediaWiki (affected versions not specified) **Description** The issue allows deleted text to be exposed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.