Pnig0S

**Name of the Vulnerable Software and Affected Versions** Azure CycleCloud (affected versions not specified) **Description** The issue is related to insufficient access control in Azure CycleCloud, a tool for managing high-performance computing (HPC) environments. Exploitation of this issue may allow an attacker to elevate their privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Atlassian Sourcetree for macOS versions 1.2 through 3.1.1 Description: The issue allows a remote attacker with permission to commit to a Mercurial repository linked in Sourcetree for macOS to exploit an argument injection vulnerability via filenames in Mercurial repositories, potentially gaining code execution on the system. Recommendations: For Atlassian Sourcetree for macOS versions 1.2 through 3.1.1, update to version 3.1.1 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Sourcetree for Windows versions 0.5a through 3.0.9 Description: A command injection issue exists via URI handling, allowing a remote attacker to send a malicious URI to a victim using Sourcetree for Windows, potentially leading to code execution on the system. Recommendations: For Sourcetree for Windows versions 0.5a through 3.0.9, update to version 3.0.10 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Team Foundation Server (affected versions not specified) **Description** A Cross-site Scripting (XSS) issue exists due to improper sanitization of user-provided input. This allows a remote attacker to execute arbitrary code. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Open-Xchange OX App Suite versions prior to 7.6.3-rev3 Open-Xchange OX App Suite versions 7.8.x prior to 7.8.2-rev4 Open-Xchange OX App Suite versions 7.8.3 prior to 7.8.3-rev5 Open-Xchange OX App Suite versions 7.8.4 prior to 7.8.4-rev4 Description: The issue allows remote attackers to read arbitrary files via a full pathname in a formula in a spreadsheet, due to an absolute path traversal vulnerability in the readerengine component. Recommendations: For versions prior to 7.6.3-rev3, update to version 7.6.3-rev3 or later. For versions 7.8.x prior to 7.8.2-rev4, update to version 7.8.2-rev4 or later. For versions 7.8.3 prior to 7.8.3-rev5, update to version 7.8.3-rev5 or later. For versions 7.8.4 prior to 7.8.4-rev4, update to version 7.8.4-rev4 or later.

**Name of the Vulnerable Software and Affected Versions** SugarCRM versions prior to 6.5.17 **Description** The issue is related to an XML external entity (XXE) vulnerability in the RSSDashlet dashlet. This allows remote attackers to potentially read arbitrary files or execute arbitrary code by sending a crafted DTD in an XML request. **Recommendations** For versions prior to 6.5.17, update to version 6.5.17 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Moodle versions prior to 2.3.11 Moodle versions 2.4.x before 2.4.11 Moodle versions 2.5.x before 2.5.7 Moodle versions 2.6.x before 2.6.4 Moodle versions 2.7.x before 2.7.1 **Description** The issue allows remote attackers to read arbitrary files via a package with a manifest file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue affecting IMSCP resources and the IMSCC format. **Recommendations** For versions prior to 2.3.11, update to version 2.3.11 or later. For versions 2.4.x before 2.4.11, update to version 2.4.11 or later. For versions 2.5.x before 2.5.7, update to version 2.5.7 or later. For versions 2.6.x before 2.6.4, update to version 2.6.4 or later. For versions 2.7.x before 2.7.1, update to version 2.7.1 or later.

**Name of the Vulnerable Software and Affected Versions** Moodle versions 2.3.11 and earlier, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, 2.7.x before 2.7.1 **Description** The issue allows remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. This occurs in the mod/lti/service.php file. **Recommendations** For versions 2.3.11 and earlier, update to a version later than 2.3.11. For versions 2.4.x before 2.4.11, update to version 2.4.11 or later. For versions 2.5.x before 2.5.7, update to version 2.5.7 or later. For versions 2.6.x before 2.6.4, update to version 2.6.4 or later. For versions 2.7.x before 2.7.1, update to version 2.7.1 or later.

**Name of the Vulnerable Software and Affected Versions** Zabbix versions 1.8.x through 1.8.20 Zabbix versions 2.0.x through 2.0.12 Zabbix versions 2.2.x through 2.2.4 Zabbix versions 2.3.x through 2.3.1 **Description** The issue allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request. This is due to an XML external entity (XXE) vulnerability. The vulnerability can be exploited by sending a specially formed XML request, allowing an attacker to read arbitrary files or potentially execute arbitrary code. **Recommendations** For Zabbix versions 1.8.x through 1.8.20, update to version 1.8.21rc1 or later. For Zabbix versions 2.0.x through 2.0.12, update to version 2.0.13rc1 or later. For Zabbix versions 2.2.x through 2.2.4, update to version 2.2.5rc1 or later. For Zabbix versions 2.3.x through 2.3.1, update to version 2.3.2 or later.