Maciej Miszczyk

**Name of the Vulnerable Software and Affected Versions** Palo Alto Networks GlobalProtect App (affected versions not specified) **Description** A privilege escalation vulnerability in the Palo Alto Networks GlobalProtect app on Windows devices enables a local user to execute programs with elevated privileges. The issue is related to incorrect permission assignment for a critical resource, which can be exploited by an attacker to elevate their privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** The Score extension for MediaWiki versions through 0.3.0 **Description** The issue is related to improper sandboxing of the GNU LilyPond executable, leading to a remote code execution vulnerability. This vulnerability allows any user with the ability to edit articles, potentially including unauthenticated anonymous users, to execute arbitrary Scheme or shell code. The exploitation occurs through crafted `{{Image data` used to generate musical scores containing malicious code. **Recommendations** For The Score extension for MediaWiki versions through 0.3.0: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AndyOS Andy versions up to 46.11.113 **Description** An issue in AndyOS Andy allows remote attackers to gain full access to the device or enables malicious apps to perform privilege escalation to root. This is due to telnet and ssh services starting with root privileges by default in the emulated Android system, with no authentication required for access to a root shell. **Recommendations** For AndyOS Andy versions up to 46.11.113, consider disabling the telnet and ssh services to prevent exploitation until a patch is available. Restrict access to the emulated Android system to minimize the risk of privilege escalation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** QQBrowser versions prior to 10.5.3870.400 **Description** The issue allows local attackers to escalate privileges to NT AUTHORITYSYSTEM by exploiting the fact that the TsService.exe file, installed by QQBrowser, is writable by anyone belonging to the NT AUTHORITYAuthenticated Users group. This group includes all local and remote users. The exploitation involves writing a malicious executable to the location of TsService. **Recommendations** For QQBrowser versions prior to 10.5.3870.400, update to version 10.5.3870.400 or later to resolve the issue. As a temporary workaround, consider restricting write access to the TsService.exe file to prevent local attackers from exploiting this weakness.

**Name of the Vulnerable Software and Affected Versions** Gurux GXDLMS Director versions prior to 8.5.1905.1301 **Description** The issue allows a man-in-the-middle attacker to modify the contents of `gurux.fi/obis/files.xml` and `gurux.fi/updates/updates.xml`, prompting the user to download updates over an unencrypted HTTP connection. This can lead to code execution, either directly through add-ins if used, or through OBIS codes, which are necessary for communication with energy meters. **Recommendations** For versions prior to 8.5.1905.1301, update to version 8.5.1905.1301 or later to resolve the issue. As a temporary workaround, consider restricting access to the `gurux.fi/obis/files.xml` and `gurux.fi/updates/updates.xml` files to minimize the risk of exploitation. Avoid using unencrypted HTTP connections for downloading updates until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Gurux GXDLMS Director versions prior to 8.5.1905.1301 **Description** The issue allows an attacker to send executable files and place them in an autorun directory, or to place DLLs inside the existing GXDLMS Director installation. This can be used to achieve code execution even if the user doesn't have any add-ins installed. The problem occurs when downloading OBIS codes, as it does not verify that the downloaded files are actual OBIS codes and doesn't check for path traversal. **Recommendations** For Gurux GXDLMS Director versions prior to 8.5.1905.1301, update to a version that includes the necessary security fixes to prevent path traversal and verify the authenticity of downloaded OBIS codes.