Gavin

Name of the Vulnerable Software and Affected Versions: Azure Command Line Integration (CLI) (affected versions not specified) Description: The issue is related to improper neutralization of special elements used in a command, also known as 'command injection', in Azure Command Line Integration (CLI). This allows an unauthorized attacker to elevate privileges locally. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Bugzilla versions 2.16.3 and earlier, 2.17.1 through 2.17.4 **Description** The issue allows remote attackers to read a user's voting page when that user has voted on a restricted bug. This is achieved by modifying the `who` parameter in the votes.cgi script, potentially exposing sensitive voting information. **Recommendations** For Bugzilla versions 2.16.3 and earlier, update to a version later than 2.16.3 to resolve the issue. For Bugzilla versions 2.17.1 through 2.17.4, update to a version later than 2.17.4 to resolve the issue. As a temporary workaround, consider restricting access to the votes.cgi script until a patch is available.