Felix Boulet

**Name of the Vulnerable Software and Affected Versions** KDE KCoreAddons versions prior to 6.25 **Description** The `KShell::quoteArgs()` function is designed to safely quote arguments for shell commands. However, it fails to adequately handle metacharacters, which can lead to a shell escape. Applications using this method in security-critical paths to process user input are susceptible. Specifically, since `sendInput()` transmits strings to a terminal, a control character such as `x01` can be utilized during the injection process. **Recommendations** Update to version 6.25 or later.

**Name of the Vulnerable Software and Affected Versions** Docker Desktop versions prior to 4.44.3 **Description** A flaw in the container isolation mechanism of Docker Desktop for Windows and macOS allows local Linux containers to gain unauthenticated access to the Docker Engine API via the configured Docker subnet, typically at '192.168.65.7:2375'. This issue persists regardless of whether Enhanced Container Isolation (ECI) is enabled or if the option to expose the daemon on 'tcp://localhost:2375' without TLS is active. An attacker can exploit this via Server-Side Request Forgery (SSRF) to execute privileged commands, such as managing images and controlling or creating new containers. On Windows systems using the WSL backend, this can lead to a full container escape, allowing the attacker to mount the host drive, read sensitive files, and overwrite system DLLs with the privileges of the user running Docker Desktop. On macOS, while system safeguards provide more protection against unauthorized file access, an attacker can still gain full control over the Docker application and its containers. Technical details include the use of the '/containers/create' and '/containers/{id}/start' API endpoints to deploy privileged containers with host bind mounts. **Recommendations** Update to Docker Desktop version 4.44.3 or later. As a temporary workaround, block container access to the 192.168.65.0/24 subnet on ports 2375-2376 using the host firewall.

Name of the Vulnerable Software and Affected Versions: UrlMon (affected versions not specified) Description: The issue allows an unauthorized attacker to bypass a security feature over a network by accepting extraneous untrusted data with trusted data in UrlMon. This enables attackers to affect the system. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Microsoft Office Word (affected versions not specified) Description: The issue is related to improper input validation in Microsoft Office Word, which allows an unauthorized attacker to bypass a security feature over a network. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft SharePoint Server (affected versions not specified) **Description** The issue concerns a spoofing vulnerability in Microsoft SharePoint Server. This vulnerability is related to the failure to properly protect the web page structure, which could allow a remote attacker to perform a spoofing attack. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint (affected versions not specified) Description: The issue is related to incorrect restriction of XML external entities in Microsoft SharePoint, which can be exploited by a remote attacker to gain unauthorized access to protected information. This can allow attackers to obtain sensitive information and affect the system. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Microsoft Word (affected versions not specified) Description: The issue is related to insufficient input validation in Microsoft Word, which can be exploited by a remote attacker to bypass security features, potentially allowing them to disable protected view mode. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Visual Studio Code Python Extension (affected versions not specified) **Description** The issue is related to a violation of trust boundaries in the Python extension for Visual Studio Code, allowing a remote attacker to execute arbitrary code. There is a known remote code execution vulnerability. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Azure Stack Hub (affected versions not specified) **Description** The issue is related to an elevation of privilege vulnerability in Azure Stack Hub. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Azure Stack Hub (affected versions not specified) **Description** The issue is related to the Azure Stack Hub integrated system of hybrid cloud computing, where the structure of web pages is not properly protected, allowing for spoofing attacks. An attacker, acting remotely, can exploit this to conduct spoofing attacks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Azure Stack Hub (affected versions not specified) **Description** The issue is related to insufficient input validation in the integrated Azure Stack Hub hybrid cloud computing system. Exploitation of this issue may allow an attacker to elevate their privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows App Installer (affected versions not specified) **Description** The issue is related to a lack of proper output encoding or escaping mechanism in the Microsoft App Installer, which can be exploited to conduct spoofing attacks using a specially crafted malicious package. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Microsoft Dynamics 365 (on-premises) (affected versions not specified) Description: The issue is related to a cross-site scripting vulnerability in Microsoft Dynamics 365 (on-premises). It may allow a remote attacker to conduct cross-site scripting attacks. The vulnerability is also associated with a URL redirection to an untrusted site. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** VMware Aria Automation versions 8.x **Description** The issue is related to a lack of correct input validation, allowing for SQL-injection in the product. An authenticated malicious user could enter specially crafted SQL queries and perform unauthorized read/write operations in the database. **Recommendations** For VMware Aria Automation version 8.x, apply the available patches to address the SQL-injection vulnerability. As a temporary workaround, consider restricting access to the database to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Azure DevOps Server (affected versions not specified) Description: The issue is related to the Azure DevOps Server development software and is associated with a lack of protection for the web page structure. This can allow a remote attacker to conduct spoofing attacks. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Azure DevOps Server (affected versions not specified) Description: The issue is related to the Azure DevOps Server development software and is associated with the failure to take measures to protect the web page structure. Exploitation of this issue may allow a remote attacker to conduct spoofing attacks. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Azure Stack Hub (affected versions not specified) **Description** The issue is related to errors in the representation of information by the user interface in the integrated system of hybrid cloud computing. Exploitation of this issue may allow a remote attacker to conduct spoofing attacks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Word (affected versions not specified) **Description** The issue is related to errors in security settings, allowing a remote attacker to bypass existing security restrictions. This can enable an attacker to impact the system. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Word (affected versions not specified) **Description** The issue is related to errors in security settings of Microsoft Office and Microsoft 365 Apps for Enterprise packages, which can allow an attacker to bypass security features. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Office (affected versions not specified) **Description** The issue is related to incorrect code generation management in Microsoft Office. It allows a remote attacker to execute arbitrary code. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.