Junorouse

**Nome do software vulnerável e versões afetadas** Versões do guake anteriores à 3.8.5 **Descrição** O problema está relacionado à exposição dos métodos `execute command` e `execute command by uuid` por meio da interface d-bus, permitindo que um usuário mal-intencionado execute um comando arbitrário. A exploração requer que o usuário tenha instalado outro programa malicioso capaz de enviar sinais d-bus ou executar comandos de terminal. **Recomendações** Para versões anteriores à 3.8.5, atualize para a versão 3.8.5 ou posterior para resolver o problema. Como solução temporária, considere desativar os métodos `execute command` e `execute command by uuid` por meio da interface d-bus até que um patch esteja disponível.

**Name of the Vulnerable Software and Affected Versions** Parallels Desktop version 14.1.3 **Description** This issue allows local attackers to escalate privileges on affected installations. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this issue. The specific flaw exists within the Parallels Service and results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this issue to escalate privileges and execute code in the context of root. **Recommendations** For Parallels Desktop version 14.1.3, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Safari versions prior to 13.0.1 **Description** The issue is related to an inconsistent user interface that could be exploited by visiting a malicious website, potentially leading to user interface spoofing. **Recommendations** For versions prior to 13.0.1, update to Safari 13.0.1 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** WPO WebPageTest version 19.04 **Description** The issue allows for Directory Traversal, enabling the reading of arbitrary files. This is due to an unanchored regular expression in the www/getfile.php file. An example of a malicious substring that can be used is 'a.jpg..'. **Recommendations** For WPO WebPageTest version 19.04, consider restricting access to the www/getfile.php file until a patch is available. As a temporary workaround, avoid using unanchored regular expressions in the file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Mistune version 0.7.4 **Description** The issue allows for XSS attacks through unexpected newlines or crafted email addresses, related to the escape and autolink functions. **Recommendations** For Mistune version 0.7.4, consider updating to a newer version that addresses this issue, as the current version allows for XSS attacks via specific input manipulations. At the moment, there is no information about a newer version that contains a fix for this vulnerability.