Guy Arazi

**Name of the Vulnerable Software and Affected Versions** AWS SDK for .NET versions 4.0.0 through 4.0.3.2 **Description** The AWS SDK for .NET, used with Amazon Web Services for building scalable solutions, is affected by an issue where applications could be configured to improperly route AWS API calls to non-existent or non-AWS hosts. This occurs when specific values are used for the `region` input field when calling AWS services. An attacker with access to the environment where the SDK is used could set the `region` input field to an invalid value. **Recommendations** Update to version 4.0.3.3 or later.

**Name of the Vulnerable Software and Affected Versions** GroupMe (affected versions not specified) **Description** The issue is related to insufficient restriction of excessive authentication attempts in GroupMe, allowing a remote, unauthenticated attacker to elevate privileges over a network. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: GroupMe (affected versions not specified) Description: An improper access control issue in GroupMe allows an unauthenticated attacker to elevate privileges over a network. This can be achieved by convincing a user to click on a malicious link. The vulnerability is related to insufficient checking of incoming requests. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Azure Arc-Enabled Servers (affected versions not specified) **Description** The issue is related to an elevation of privilege vulnerability. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.