Ali Jammal

**Name of the Vulnerable Software and Affected Versions** Palo Alto Networks GlobalProtect App (affected versions not specified) **Description** A privilege escalation vulnerability in the Palo Alto Networks GlobalProtect app on Windows devices enables a local user to execute programs with elevated privileges. The issue is related to incorrect permission assignment for a critical resource, which can be exploited by an attacker to elevate their privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ESET security product (affected versions not specified) **Description** A denial of service issue is present shortly after product installation or upgrade, potentially allowing an attacker to render the security product inoperable, provided non-default preconditions are met. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Nessus versions prior to 10.7.3 **Description** The issue arises when Nessus is installed to a non-default directory on a Windows host, where it fails to enforce secure permissions for sub-directories. This could potentially allow for local privilege escalation if the directories in the non-default installation location are not properly secured by the users. **Recommendations** For Nessus versions prior to 10.7.3, update to version 10.7.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Nessus Agent versions prior to 10.6.4 **Description** The issue concerns the installation of Nessus Agent to a non-default directory on a Windows host, where secure permissions for sub-directories were not enforced in versions prior to 10.6.4. This could potentially allow for local privilege escalation if the directories in the non-default installation location were not secured by the users. **Recommendations** For Nessus Agent versions prior to 10.6.4, update to version 10.6.4 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Oracle VM VirtualBox versions prior to 7.0.16 Description: The issue is related to insufficient input validation in the Core component of Oracle VM VirtualBox, allowing a high-privileged attacker with logon access to the infrastructure to compromise Oracle VM VirtualBox. Successful attacks can result in the takeover of Oracle VM VirtualBox. This vulnerability applies to Windows hosts only. Recommendations: For versions prior to 7.0.16, update to version 7.0.16 or later to resolve the issue. As a temporary workaround, consider restricting access to the Core component of Oracle VM VirtualBox to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Axigen Mail Server for Windows versions 10.5.18 and before **Description** An issue was discovered in Axigen Mail Server for Windows, allowing local low-privileged attackers to execute arbitrary code and escalate privileges via insecure DLL loading from a world-writable directory during service initialization. **Recommendations** For versions 10.5.18 and before, update to a version later than 10.5.18 to resolve the issue. As a temporary workaround, consider restricting access to world-writable directories used by the Axigen Mail Server service to minimize the risk of exploitation.