Ashley King

**Name of the Vulnerable Software and Affected Versions** ManageEngine ADSelfService Plus (affected versions not specified) **Description** This issue allows physically present attackers to execute arbitrary code on affected installations of ManageEngine ADSelfService Plus. Authentication is not required to exploit this issue. The specific flaw exists within the Password Reset Portal used by the GINA client, resulting from the lack of proper authentication of data received via HTTP. An attacker can leverage this issue to bypass authentication and execute code in the context of SYSTEM. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Shazam Android App versions prior to 9.25.0 Shazam iOS App versions prior to 12.11.0 **Description** An issue existed in the parsing of URL schemes, which was addressed with improved URL validation. Processing a maliciously crafted URL may lead to an open redirect. **Recommendations** For Shazam Android App versions prior to 9.25.0, update to version 9.25.0 to resolve the issue. For Shazam iOS App versions prior to 12.11.0, update to version 12.11.0 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Shazam Android App versions prior to 9.25.0 Shazam iOS App versions prior to 12.11.0 **Description** The issue concerns an injection problem that has been addressed through improved validation. Processing a maliciously crafted URL may lead to arbitrary javascript code execution. **Recommendations** For Shazam Android App versions prior to 9.25.0, update to version 9.25.0 to resolve the issue. For Shazam iOS App versions prior to 12.11.0, update to version 12.11.0 to resolve the issue.