0X09Al

**Nome do software vulnerável e versões afetadas: Versões do AnySupport anteriores à 2019.3.21.0 Descrição: A vulnerabilidade permite a traversal de diretórios devido ao uso da função swprintf, o que pode levar à cópia de arquivos de um PC de gerenciamento para um PC cliente e, potencialmente, resultar na execução arbitrária de arquivos. Recomendações: Para versões anteriores à 2019.3.21.0, atualize para a versão 2019.3.21.0 ou posterior para resolver o problema.

**Nome do software vulnerável e versões afetadas** AnyDesk para macOS, versões 6.0.2 e anteriores **Descrição** O problema está relacionado a uma falha na interface XPC que não valida adequadamente as solicitações do cliente, permitindo a escalada de privilégios locais. **Recomendações** Para o AnyDesk para macOS versões 6.0.2 e anteriores, atualize para uma versão posterior à 6.0.2 para resolver o problema. Como solução alternativa temporária, considere restringir o acesso à interface XPC até que um patch esteja disponível.

Name of the Vulnerable Software and Affected Versions: Imperva SecureSphere versions 11.5 through 13.0 Description: The issue allows low-privileged users to add SSH login keys to the admin user, resulting in privilege escalation. Recommendations: For Imperva SecureSphere versions 11.5 through 13.0, update to a version that contains a fix for this issue to prevent low-privileged users from adding SSH login keys to the admin user.

**Name of the Vulnerable Software and Affected Versions** ISPConfig versions prior to 3.1.13 **Description** The issue is related to an unanchored regular expression in the software, which allows authenticated users with local filesystem access to include arbitrary files. This can lead to code execution. **Recommendations** For versions prior to 3.1.13, update to version 3.1.13 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 64.0.3282.119 Opera (affected versions not specified) Description: The issue exists due to insufficient data validation in the External Protocol Handler component. A remote attacker can potentially execute arbitrary code on a user's machine by using a specially crafted HTML page. Recommendations: For Google Chrome versions prior to 64.0.3282.119, update to version 64.0.3282.119 or later to resolve the issue. For Opera, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IPFire version 2.19 **Description** The issue concerns a Remote Command Injection in the ids.cgi component via the `OINKCODE` parameter. This parameter is mishandled by a shell, allowing exploitation. Authenticated users can exploit this directly, or it can be exploited through CSRF. **Recommendations** For IPFire version 2.19, consider restricting access to the ids.cgi component and the `OINKCODE` parameter to minimize the risk of exploitation. As a temporary workaround, avoid using the `OINKCODE` parameter in the affected ids.cgi component until a patch is available.