Pwni

**Name of the Vulnerable Software and Affected Versions** auth0-PHP versions 3.3.0 through 8.16.0 **Description** The Bulk User Import endpoint does not validate file path wrappers or values, potentially allowing acceptance of arbitrary file paths or URLs. This affects applications directly using the Auth0-PHP SDK versions 3.3.0 through 8.16.0, as well as applications relying on Auth0/symfony, Auth0/laravel-auth0, or Auth0/wordpress SDKs that utilize the affected Auth0-PHP SDK versions. The issue stems from a lack of proper validation when processing file paths. The vulnerable endpoint is the Bulk User Import endpoint. **Recommendations** Upgrade Auth0-PHP to version 8.17.0 or greater.

**Name of the Vulnerable Software and Affected Versions** NVIDIA Nsight Graphics for Windows (affected versions not specified) **Description** The software contains a flaw in the `ngfx` component that could allow an attacker to perform a DLL highjacking attack. Exploitation of this issue may result in code execution, privilege escalation, data tampering, and denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Dell Encryption versions prior to 11.9.0 Dell Endpoint Security Suite Enterprise versions prior to 11.9.0 Dell Security Management Server versions prior to 11.9.0 **Description** The issue is related to a privilege escalation vulnerability due to improper Access Control List (ACL) settings in the non-default installation directory. A local malicious user could potentially exploit this vulnerability by replacing binaries in the installed directory, leading to privilege escalation. This could allow an attacker to gain elevated privileges on the system. **Recommendations** For Dell Encryption versions prior to 11.9.0, update to version 11.9.0 or later to resolve the issue. For Dell Endpoint Security Suite Enterprise versions prior to 11.9.0, update to version 11.9.0 or later to resolve the issue. For Dell Security Management Server versions prior to 11.9.0, update to version 11.9.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the non-default installation directory to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Intel(R) Battery Life Diagnostic Tool versions prior to 2.2.0 **Description** The issue is related to an uncontrolled search path in the Intel(R) Battery Life Diagnostic Tool software. This may allow an authenticated user to potentially enable escalation of privilege via local access. **Recommendations** For versions prior to 2.2.0, update to version 2.2.0 or later to resolve the issue.