Omar Eissa

**Name of the Vulnerable Software and Affected Versions** MediaProvider (affected versions not specified) **Description** The issue is related to a missing permission check in the `updateInternal` method of `MediaProvider.java`. This could allow access to another app's files, leading to local escalation of privilege without needing additional execution privileges. User interaction is not required for exploitation. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MediaProvider.java (affected versions not specified) **Description** The issue is related to improper input validation in the `ensureFileColumns` function of `MediaProvider.java`. This could lead to the disclosure of files owned by another user, resulting in local information disclosure without requiring additional execution privileges. User interaction is not necessary for exploitation. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Brocade Fabric OS versions 9.x through 9.1.9 Brocade Fabric OS version 9.2.0 and later are not affected, but since the range is specified as 'before v9.2.0', we can simplify to: Brocade Fabric OS versions prior to 9.2.0 **Description** The issue is related to the Brocade Web Interface in Brocade Fabric OS, where it does not properly represent the portName to the user if the portName contains reserved characters. This could allow an authenticated user to alter the UI of the Brocade Switch and change ports display. **Recommendations** For Brocade Fabric OS versions prior to 9.2.0, update to version 9.2.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the Web Interface to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Brocade Fabric OS versions 9.0 through 9.2.0 **Description** A remote code execution vulnerability exists in Brocade Fabric OS, allowing an attacker to execute arbitrary code and gain root access to the Brocade switch. This issue arises due to the lack of measures to neutralize special elements used in the operating system command. The exploitation of this vulnerability could enable a remote attacker to execute arbitrary code and elevate their privileges to the root level. **Recommendations** For Brocade Fabric OS versions 9.0 through 9.2.0, update to version 9.2.0 or later to resolve the issue. At the moment, there is no information about additional mitigation measures for this specific vulnerability.

**Name of the Vulnerable Software and Affected Versions** Palo Alto Networks Panorama (affected versions not specified) **Description** The issue is related to improper authorization in the web interface of the management plane, allowing an authenticated read-only administrator to upload files and fill one of the disk partitions, preventing login to the web interface or download of PAN-OS, WildFire, and content images. This issue does not affect the dataplane. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Dynamics 365 (on-premises) (affected versions not specified) **Description** The issue is related to insufficient protection of the web page structure, allowing a remote attacker to perform cross-site scripting attacks using a specially crafted request. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Brocade Fabric OS versions prior to v9.1.1 Brocade Fabric OS versions prior to v9.0.1e Brocade Fabric OS versions prior to v8.2.3c **Description** The issue allows a low-privilege webtools user to gain elevated admin rights by exploiting a vulnerability in Brocade Webtools. This can be achieved by intercepting and editing the admin and operator authorization headers, which are sent unencrypted, to create a new user with an admin role using the operator's session ID. **Recommendations** For Brocade Fabric OS versions prior to v9.1.1, update to version v9.1.1 or later. For Brocade Fabric OS versions prior to v9.0.1e, update to version v9.0.1e or later. For Brocade Fabric OS versions prior to v8.2.3c, update to version v8.2.3c or later.

**Name of the Vulnerable Software and Affected Versions** Microsoft SharePoint Server (affected versions not specified) **Description** The issue is related to errors in the user interface's representation of information. It may allow a remote attacker to conduct spoofing attacks, affecting the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.