Muhammad Fadilullah Dzaki

**Name of the Vulnerable Software and Affected Versions** MLflow Tracking Server (affected versions not specified) **Description** A directory traversal issue exists in the MLflow Tracking Server's artifact handler, potentially leading to remote code execution. The issue involves improper handling of file paths, which could allow an attacker to access or modify files outside the intended directory. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Azure AI Language Authoring SDK version 1.0.0 **Description** A flaw exists in the Azure AI Language Authoring SDK that allows an unauthorized attacker to execute code over a network. This is due to the deserialization of untrusted data. The issue is categorized as a remote code execution condition. **Recommendations** Restrict access to the Azure AI Language Authoring SDK version 1.0.0. Monitor systems utilizing the Azure AI Language Authoring SDK version 1.0.0 for suspicious activity.

**Name of the Vulnerable Software and Affected Versions** Azure Core shared client library for Python (affected versions not specified) **Description** The deserialization of untrusted data in the Azure Core shared client library for Python allows an authorized attacker to execute code over a network. This flaw enables an attacker with network access to potentially achieve remote code execution (RCE). **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.