Vijay Tikudave

Name of the Vulnerable Software and Affected Versions: PortSwigger Burp Suite Enterprise Edition versions prior to 2021.11 Description: The issue is related to weak file permissions for the embedded H2 database in PortSwigger Burp Suite Enterprise Edition. This could lead to privilege escalation if an adversary has already compromised a valid Windows account on the server. The compromised account may have inherited read access to sensitive configuration, database, and log files. Recommendations: For versions prior to 2021.11, update to version 2021.11 or later to resolve the issue. As a temporary workaround, consider restricting access to the embedded H2 database to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 86 Description: A phishing tactic involves providing a link with HTTP Auth, such as 'https://www.phishingtarget.com@evil.com'. Firefox displays a warning dialog to mitigate this attack. However, if the malicious site uses a redirect cached by the browser, the warning dialog may not be displayed. Recommendations: For versions prior to 86, update to a version 86 or later to resolve the issue. As a temporary workaround, consider clearing the browser cache to minimize the risk of exploitation. Restrict access to potentially malicious sites to minimize the risk of phishing attacks.

**Name of the Vulnerable Software and Affected Versions** Telegram Desktop versions prior to 2.1.14 **Description** The issue allows a spoofed file type to bypass the Dangerous File Type Execution protection mechanism. This can be demonstrated by using the chat window with a filename that lacks an extension. **Recommendations** For versions prior to 2.1.14, update to version 2.1.14 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Telegram Desktop versions 2.0.1 and earlier Telegram for Android versions 6.0.1 and earlier Telegram for iOS versions 6.0.1 and earlier **Description** The issue allows an IDN Homograph attack via Punycode in a public URL or a group chat invitation URL. This could potentially lead to phishing attacks or other malicious activities by tricking users into visiting fake websites that appear legitimate due to the homograph attack. **Recommendations** For Telegram Desktop version 2.0.1 and earlier, update to a version later than 2.0.1. For Telegram for Android version 6.0.1 and earlier, update to a version later than 6.0.1. For Telegram for iOS version 6.0.1 and earlier, update to a version later than 6.0.1. As a temporary workaround, consider avoiding clicking on public URLs or group chat invitation URLs from untrusted sources until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Telegram versions through 5.12 for Android **Description** The issue might allow physically proximate attackers to bypass intended restrictions on message reading and message replying when the `Show Popup` feature is enabled. This could be interpreted as a bypass of the passcode feature. **Recommendations** For Telegram versions through 5.12 for Android, consider disabling the `Show Popup` feature as a temporary workaround to minimize the risk of exploitation.