Zerosteiner

**Name of the Vulnerable Software and Affected Versions** Kavita versions prior to 0.9.0.2 **Description** An improper token validation flaw allows a remote and unauthenticated attacker to request a JSON Web Token (JWT)—a compact, URL-safe means of representing claims to be transferred between two parties—for any user, including administrators, provided the attacker knows the target username. **Recommendations** Update to version 0.9.0.2.

**Name of the Vulnerable Software and Affected Versions** Firebird versions 2.1.3 through 2.1.5 Firebird versions 2.5.1 through 2.5.3 **Description** The issue is caused by a stack-based buffer overflow in the Firebird database management system. This can be exploited by a remote attacker who sends a specially crafted TCP packet to port 3050, potentially allowing the execution of arbitrary code. The vulnerability is related to a missing size check during the extraction of a group number from CNCT information. **Recommendations** For Firebird versions 2.1.3 through 2.1.5, update to a version after 18514 to resolve the issue. For Firebird versions 2.5.1 through 2.5.3, update to a version after 26623 to resolve the issue. As a temporary workaround, consider restricting access to TCP port 3050 to minimize the risk of exploitation.