Ben Lincoln

**Name of the Vulnerable Software and Affected Versions** Windows Task Scheduler (affected versions not specified) **Description** The issue is related to insufficient access control in the Windows Task Scheduler, which can be exploited to elevate privileges. This allows an attacker to affect the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Endian Firewall versions prior to 3.0 **Description** The issue is related to the lack of input validation in the Endian Firewall. It allows a remote attacker to execute arbitrary commands by passing metacharacters through the `NEW PASSWORD 1` or `NEW PASSWORD 2` parameters in the "cgi-bin/chpasswd.cgi" endpoint. **Recommendations** For Endian Firewall versions prior to 3.0, update to version 3.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the "cgi-bin/chpasswd.cgi" endpoint to minimize the risk of exploitation. Avoid using the parameters `NEW PASSWORD 1` and `NEW PASSWORD 2` in the affected endpoint until the issue is resolved.