Ybuenos

**Name of the Vulnerable Software and Affected Versions** Openshift Console (affected versions not specified) **Description** An insufficient entropy vulnerability was found in the Openshift Console, affecting the authorization code type and implicit grant type of the OAuth2 protocol. This vulnerability makes the protocol susceptible to a Cross-Site Request Forgery (CSRF) attack if the `state` parameter is used inefficiently. The flaw allows an attacker to log into the victim's current application account using a third-party account without any restrictions. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Yarn (affected versions not specified) **Description** An untrusted search path issue was found, allowing malicious commands to be executed in unexpected ways when certain commands are run in a directory with attacker-controlled content. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** overt-engine (affected versions not specified) **Description** An authentication bypass issue was found, allowing the creation of users in the system without authentication due to a flaw in the `CreateUserSession` command. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OpenSSH versions 9.6 and earlier **Description** The issue is related to a potential row hammer attack that could allow authentication bypass. This is applicable to a certain threat model of attacker-victim co-location in which the attacker has user privileges. The problem lies in the `mm answer authpassword` function, where the integer value of `authenticated` does not resist flips of a single bit, potentially leading to a security bypass. It is estimated that about 116,668,063 devices worldwide might be affected, mainly distributed in the United States, China, and other countries. **Recommendations** For OpenSSH versions 9.6 and earlier, consider disabling the `mm answer authpassword` function as a temporary workaround until a patch is available. Restrict access to the vulnerable function to minimize the risk of exploitation. Avoid using the `authenticated` variable in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Qt versions prior to 6.2.11 Qt versions 6.3.x through 6.6.x before 6.6.1 **Description** An issue was discovered in Qt when a QML image refers to an image whose content is not known yet, leading to an assumption that it is an SVG document. If the image is not actually an SVG document, this results in a denial of service (application crash). The estimated number of potentially affected devices worldwide is not specified. There is no information provided about real-world incidents where this issue was exploited. **Recommendations** For Qt versions prior to 6.2.11, update to version 6.2.11 or later to resolve the issue. For Qt versions 6.3.x through 6.6.x before 6.6.1, update to version 6.6.1 or later to resolve the issue. As a temporary workaround, consider disabling the QML image functionality until a patch is available. Restrict access to QML images to minimize the risk of exploitation. Avoid using unknown image sources in QML images until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Foreman (affected versions not specified) **Description** An arbitrary code execution flaw was found in Foreman, allowing an admin user to bypass safe mode in templates and execute arbitrary code on the underlying operating system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** foreman (affected versions not specified) **Description** A command injection flaw was found in foreman, allowing an authenticated user with admin privileges on the foreman instance to transpile commands through CoreOS and Fedora CoreOS configurations in templates. This could result in arbitrary command execution on the underlying operating system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** shadow-utils (affected versions not specified) **Description** A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from the memory. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Foreman (affected versions not specified) **Description** An arbitrary code execution flaw was found in Foreman, related to incorrect handling of code generation in the YAML.load() function of the YAML parser library. This issue may allow an admin user to execute arbitrary code on the underlying operating system by setting global parameters with a YAML payload. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Satellite server (affected versions not specified) **Description** A blind site-to-site request forgery issue was discovered. It allows triggering an external interaction to an attacker's server by modifying the `Referer` header in an HTTP request for specific server resources. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.