0X09Al

Name of the Vulnerable Software and Affected Versions: AnySupport versions prior to 2019.3.21.0 Description: The issue allows directory traversing due to the use of the swprintf function, which can lead to copying files from a management PC to a client PC and potentially result in arbitrary file execution. Recommendations: For versions prior to 2019.3.21.0, update to version 2019.3.21.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** AnyDesk for macOS versions 6.0.2 and older **Description** The issue is related to a problem in the XPC interface that does not properly validate client requests, allowing local privilege escalation. **Recommendations** For AnyDesk for macOS versions 6.0.2 and older, update to a version newer than 6.0.2 to resolve the issue. As a temporary workaround, consider restricting access to the XPC interface until a patch is available.

Name of the Vulnerable Software and Affected Versions: Imperva SecureSphere versions 11.5 through 13.0 Description: The issue allows low-privileged users to add SSH login keys to the admin user, resulting in privilege escalation. Recommendations: For Imperva SecureSphere versions 11.5 through 13.0, update to a version that contains a fix for this issue to prevent low-privileged users from adding SSH login keys to the admin user.

**Name of the Vulnerable Software and Affected Versions** ISPConfig versions prior to 3.1.13 **Description** The issue is related to an unanchored regular expression in the software, which allows authenticated users with local filesystem access to include arbitrary files. This can lead to code execution. **Recommendations** For versions prior to 3.1.13, update to version 3.1.13 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 64.0.3282.119 Opera (affected versions not specified) Description: The issue exists due to insufficient data validation in the External Protocol Handler component. A remote attacker can potentially execute arbitrary code on a user's machine by using a specially crafted HTML page. Recommendations: For Google Chrome versions prior to 64.0.3282.119, update to version 64.0.3282.119 or later to resolve the issue. For Opera, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IPFire version 2.19 **Description** The issue concerns a Remote Command Injection in the ids.cgi component via the `OINKCODE` parameter. This parameter is mishandled by a shell, allowing exploitation. Authenticated users can exploit this directly, or it can be exploited through CSRF. **Recommendations** For IPFire version 2.19, consider restricting access to the ids.cgi component and the `OINKCODE` parameter to minimize the risk of exploitation. As a temporary workaround, avoid using the `OINKCODE` parameter in the affected ids.cgi component until a patch is available.