Leonjza

**Name of the Vulnerable Software and Affected Versions** Laravel Valet versions 1.1.4 through 2.0.3 **Description** Laravel Valet versions 1.1.4 to 2.0.3 have a local privilege escalation issue. An attacker can modify the valet command to execute arbitrary code with root permissions without needing further authentication. This is achieved by editing the symlinked valet command. **Recommendations** Update Laravel Valet to a version later than 2.0.3.

**Name of the Vulnerable Software and Affected Versions** ASUS DriverHub versions prior to 1.0.6.0 **Description** The issue resides in the data source validation mechanism within ASUS DriverHub. Insufficient validation allows unauthorized sources to interact with the software's features through crafted HTTP requests. This can lead to remote code execution (RCE). The issue is limited to motherboards and does not affect laptops, desktop computers, or other endpoints. Attackers can craft malicious domains to facilitate forged HTTP requests processed by DriverHub. **Recommendations** Versions prior to 1.0.6.0 should be updated to version 1.0.6.0 or later.

**Name of the Vulnerable Software and Affected Versions** ASUS DriverHub versions prior to 1.0.6.0 **Description** An insufficient validation issue exists in ASUS DriverHub. This issue is limited to motherboards and does not affect laptops, desktop computers, or other endpoints. The issue may allow untrusted sources to affect system behavior through crafted HTTP requests. The root cause is related to errors in the certificate authentication process. Exploitation of this issue can lead to a denial of service. **Recommendations** Update ASUS DriverHub to version 1.0.6.0 or later.

**Name of the Vulnerable Software and Affected Versions** McAfee ePolicy Orchestrator (ePO) versions 5.3.0 through 5.3.3 McAfee ePolicy Orchestrator (ePO) versions 5.9.0 through 5.9.1 **Description** The issue allows remote authenticated users to bypass localhost only access security protection for some features via a specially crafted HTTP request. **Recommendations** For versions 5.3.0 through 5.3.3, update to a version outside of this range to resolve the issue. For versions 5.9.0 through 5.9.1, update to a version outside of this range to resolve the issue.