Tomasz Bojarski

**Name of the Vulnerable Software and Affected Versions** Azure Cloud Shell (affected versions not specified) **Description** Improper neutralization of special elements used in a command allows an unauthorized attacker to perform command injection, which can enable network-based spoofing attacks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Browsers (affected versions not specified) **Description** A spoofing issue exists due to improper parsing of HTTP content by Microsoft Browsers. This could allow a remote attacker to exploit the issue by crafting special HTTP queries, potentially impersonating a user request. The attacker could use a specially crafted website to either spoof content or as a pivot to chain an attack with other vulnerabilities in web services. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 11.4.1 Safari versions prior to 11.1.2 **Description** A spoofing issue existed in the handling of URLs due to inadequate input validation. This issue was addressed with improved input validation. **Recommendations** For iOS versions prior to 11.4.1, update to iOS 11.4.1 or later to resolve the issue. For Safari versions prior to 11.1.2, update to Safari 11.1.2 or later to resolve the issue.