Tomasz Bojarski

**Nome do Software Vulnerável e Versões Afetadas** Azure Cloud Shell (versões afetadas não especificadas) **Descrição** A neutralização inadequada de elementos especiais usados em um comando permite que um invasor não autorizado realize a injeção de comandos, o que pode possibilitar ataques de spoofing baseados em rede. **Recomendações** No momento, não há informações sobre uma versão mais recente que contenha a correção para esta vulnerabilidade.

**Name of the Vulnerable Software and Affected Versions** Microsoft Browsers (affected versions not specified) **Description** A spoofing issue exists due to improper parsing of HTTP content by Microsoft Browsers. This could allow a remote attacker to exploit the issue by crafting special HTTP queries, potentially impersonating a user request. The attacker could use a specially crafted website to either spoof content or as a pivot to chain an attack with other vulnerabilities in web services. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 11.4.1 Safari versions prior to 11.1.2 **Description** A spoofing issue existed in the handling of URLs due to inadequate input validation. This issue was addressed with improved input validation. **Recommendations** For iOS versions prior to 11.4.1, update to iOS 11.4.1 or later to resolve the issue. For Safari versions prior to 11.1.2, update to Safari 11.1.2 or later to resolve the issue.