Xbow

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 148.0.7778.168 **Description** An out of bounds write in WebAudio allows a remote attacker to execute arbitrary code inside a sandbox by using a crafted HTML page. An out of bounds write occurs when a program writes data past the end of the intended buffer, which can lead to memory corruption. **Recommendations** Update to version 148.0.7778.168 or later.

**Name of the Vulnerable Software and Affected Versions** Microsoft Bing Images (affected versions not specified) **Description** Improper neutralization of special elements used in an os command ('os command injection') in Microsoft Bing Images allows an unauthorized attacker to execute code over a network. The issue involves the potential for remote code execution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Bing Images (affected versions not specified) **Description** Improper neutralization of special elements used in a command ('command injection') in Microsoft Bing Images allows an unauthorized attacker to execute code over a network. The issue allows for remote code execution, potentially granting an attacker a SYSTEM shell. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Devices Pricing Program (affected versions not specified) **Description** A remote code execution issue exists in the Microsoft Devices Pricing Program. The issue allows for code execution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Apache JSPWiki versions prior to 2.12.3 **Description** A crafted request during header link creation using wiki markup syntax can allow an attacker to execute JavaScript in the victim’s browser, potentially obtaining sensitive information. Further research revealed that the markdown parser also permitted this type of attack. **Recommendations** Upgrade to version 2.12.3 or later.

**Name of the Vulnerable Software and Affected Versions** z-push/z-push-dev versions prior to 2.7.6 **Description** The software is vulnerable to SQL Injection due to unparameterized queries in the IMAP backend. An attacker can inject malicious commands by manipulating the `username` field in basic authentication, potentially allowing access to, and modification or deletion of, sensitive data from a linked third-party database. This issue affects Z-Push installations that utilize the IMAP backend and have the `IMAP FROM SQL QUERY` option configured. **Recommendations** Change configuration to use the default or LDAP in backend/imap/config.php. Set `IMAP DEFAULTFROM` to an empty string: ```php define('IMAP DEFAULTFROM',''); ``` or Set `IMAP DEFAULTFROM` to 'ldap': ```php define('IMAP DEFAULTFROM','ldap'); ```

**Name of the Vulnerable Software and Affected Versions** Palo Alto Networks PAN-OS GlobalProtect versions (affected versions not specified) **Description** A reflected cross-site scripting (XSS) flaw exists in the GlobalProtect gateway and portal features of Palo Alto Networks PAN-OS software. This allows the execution of malicious JavaScript within the browser of an authenticated user when they click a specially crafted link. The primary risk is phishing attacks that could lead to credential theft, especially if Clientless VPN is enabled. Attackers can create phishing links that appear to originate from the GlobalProtect portal. The vulnerability does not impact the availability of GlobalProtect features or users, nor does it allow attackers to modify the portal or gateway configurations. It is estimated that over 3 million services are potentially affected worldwide. The vulnerability can be exploited by crafting links containing payloads such as `%3Csvg%20xmlns%3D%22http%3A%2F%https://t.co/l9uRav4jue%2F2000%2Fsvg%22%3E%3Cscript%3Eprompt%28%22XSS%22%29%3C%2Fscript%3E%3C%2Fsvg%3E`. Exploitation may lead to session hijacking and credential theft. The endpoint `getconfig.esp` is a potential target for XSS attacks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Apache Druid and Affected Versions** Apache Druid versions prior to 31.0.2 and prior to 32.0.1 **Description** Apache Druid is susceptible to Server-Side Request Forgery (SSRF), Cross-Site Scripting (XSS), and Open Redirect issues. When the Druid management proxy is used, a specially crafted URL in a request can redirect the request to an arbitrary server, potentially leading to XSS or Cross-Site Request Forgery (XSRF). Exploitation requires user authentication. The management proxy is enabled by default in Druid configurations. The issue affects all previous versions of Druid. The vulnerability stems from improper neutralization of input during web page generation and an open redirect vulnerability. **Recommendations** Upgrade to Druid version 31.0.2 or 32.0.1 to resolve the issue. As a mitigation, disable the Druid management proxy. Note that disabling the management proxy will affect some web console features, but core functionality will remain operational.

**Name of the Vulnerable Software and Affected Versions** Jenkins versions 2.499 and earlier, LTS 2.492.1 and earlier **Description** The issue allows attackers to perform phishing attacks by having users go to a Jenkins URL that will forward them to a different site. This is because browsers interpret backslash (``) characters as part of scheme-relative redirects, and in Jenkins 2.499 and earlier, LTS 2.492.1 and earlier, redirects starting with these characters are considered safe. **Recommendations** For Jenkins versions 2.499 and earlier, update to version 2.500 or later. For Jenkins LTS 2.492.1 and earlier, update to LTS 2.492.2 or later. As a temporary workaround, consider restricting access to URLs starting with backslash (``) characters to minimize the risk of exploitation.