Max Rozendaal

**Name of the Vulnerable Software and Affected Versions** VMware Avi Load Balancer (affected versions not specified) **Description** The issue allows a malicious actor with admin privileges on VMware Avi Load Balancer to create, modify, execute, and delete files as a root user on the host system. This is a privilege escalation issue. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Exact Synergy Enterprise 267 versions prior to 267SP13 Exact Synergy Enterprise 500 versions prior to 500SP6 **Description** The issue concerns an arbitrary file upload vulnerability in the profile picture upload function, allowing attackers to execute arbitrary code via a crafted SVG file. **Recommendations** For Exact Synergy Enterprise 267 versions prior to 267SP13, update to version 267SP13 or later. For Exact Synergy Enterprise 500 versions prior to 500SP6, update to version 500SP6 or later.