Vishal Mishra

**Name of the Vulnerable Software and Affected Versions** Microsoft.Data.SqlClient and System.Data.SqlClient (affected versions not specified) **Description** A security-feature bypass vulnerability in the Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider allows attackers to affect the system. This issue is related to errors in security settings, which can be exploited by a remote attacker to bypass security restrictions and implement a man-in-the-middle attack. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** .NET, .NET Framework, and Visual Studio versions prior to the fixed version **Description** A security-feature bypass issue affects .NET, .NET Framework, and Visual Studio, allowing remote attackers to bypass existing security restrictions. This issue is related to errors in security settings. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** RemObjects Remoting SDK for Delphi version 9 1.0.0.0 **Description** The issue allows for a reflected Cross Site Scripting (XSS) attack. This is achieved via the `service` parameter to the "/soap" URI, which triggers an invalid attempt to generate WSDL. **Recommendations** For version 9 1.0.0.0, consider restricting access to the "/soap" URI to minimize the risk of exploitation. As a temporary workaround, avoid using the `service` parameter in the affected API endpoint until the issue is resolved.