Rutger Flohil

**Name of the Vulnerable Software and Affected Versions** Genetec Update Service (affected versions not specified) **Description** A local administrator may be able to obtain information from the Genetec Update Service configuration web page. An authenticated Windows user with administrator privileges could exploit this to gain elevated privileges within the Genetec Update Service. This issue could potentially be combined with another issue to achieve low privilege escalation. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Genetec Update Service (affected versions not specified) **Description** A local privilege escalation issue exists in Genetec Update Service. A user with limited privileges and authentication on Windows systems can exploit this to gain higher privileges on the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Genetec Sipelia Plugin (affected versions not specified) **Description** A local privilege escalation issue exists in the Genetec Sipelia Plugin. An authenticated low-privileged Windows user can exploit this flaw to gain elevated privileges on the affected system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Palo Alto Networks GlobalProtect versions prior to 6.2.8-h2 on macOS **Description** An improper neutralization of wildcards vulnerability in the log collection feature of the Palo Alto Networks GlobalProtect app on macOS allows a non-administrative user to escalate their privileges to root. Public proof-of-concept code exists, and it is recommended to update now to protect the system. **Recommendations** For versions prior to 6.2.8-h2 on macOS, update to version 6.2.8-h2 or later to resolve the issue. As a temporary workaround, consider restricting access to the log collection feature until a patch is applied. Avoid using the vulnerable log collection feature in the GlobalProtect app until the issue is resolved.