Zer0Pwn

**Nome do Software Vulnerável e Versões Afetadas** Versões do Apple Music anteriores a 1.5.0.152 **Descrição** O problema foi corrigido com uma sanitização de entrada aprimorada. O processamento de conteúdo web maliciosamente elaborado pode expor estados internos do aplicativo. **Recomendações** Para versões anteriores a 1.5.0.152, atualize para o Apple Music 1.5.0.152 para Windows para resolver o problema. Como solução temporária, considere evitar o processamento de conteúdo web de fontes não confiáveis até que a atualização seja aplicada.

**Name of the Vulnerable Software and Affected Versions** KDE Frameworks KConfig versions prior to 5.61.0 **Description** The issue relates to the mishandling of .desktop and .directory files by libKF5ConfigCore.so, allowing code execution with minimal user interaction. This can be achieved by including a shell command on an Icon line in a .desktop file. The vulnerability is associated with insufficient input validation, which can be exploited by an attacker to gain unauthorized access to information, cause a denial of service, or impact the availability of information using malicious desktop files. **Recommendations** For versions prior to 5.61.0, update to version 5.61.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of .desktop and .directory files to minimize the risk of exploitation. Avoid using potentially malicious files until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Axway SecureTransport versions 5.x through 5.3 Axway SecureTransport versions 5.x through 5.5 with certain API configuration **Description** The issue concerns unauthenticated blind XML injection and XXE in the resetPassword functionality via the REST API. This can potentially lead to local file disclosure, Denial of Service (DoS), or URI invocation attacks, which may result in remote code execution. **Recommendations** For Axway SecureTransport versions 5.x through 5.3, consider disabling the resetPassword functionality via the REST API until a patch is available. For Axway SecureTransport versions 5.x through 5.5 with certain API configuration, restrict the use of the REST API to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.