In all versions of BIG-IP, when running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary.   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

A vulnerability in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to exhaust process memory of an affected device. The vulnerability is due to insufficient queue management for Internet Group Management Protocol (IGMP) packets. An attacker could exploit this vulnerability by sending crafted IGMP traffic to an affected device. A successful exploit could allow the attacker to cause memory exhaustion, resulting in instability of other processes. These processes may include, but are not limited to, interior and exterior routing protocols. Cisco will release software updates that address this vulnerability.

Security vulnerabilities in HPE Intelligent Management Center (IMC) PLAT prior to 7.3 (E0705P07) could allow remote code execution.

A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution. Many platforms implement stack overflow protections which would mitigate against the risk of remote code execution. The risk may be further mitigated based on stack layout for any given platform/compiler. Pre-announcements of CVE-2022-3602 described this issue as CRITICAL. Further analysis based on some of the mitigating factors described above have led this to be downgraded to HIGH. Users are still encouraged to u…

Cewolf in Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that leads to Remote Code Execution.

A vulnerability in the application protocol handling features of Cisco Jabber for Windows could allow an unauthenticated, remote attacker to execute arbitrary commands. The vulnerability is due to improper handling of input to the application protocol handlers. An attacker could exploit this vulnerability by convincing a user to click a link within a message sent by email or other messaging platform. A successful exploit could allow the attacker to execute arbitrary commands on a targeted system with the privileges of the user account that is running the Cisco Jabber client software.

Multiple vulnerabilities were discovered in Citrix Endpoint Management (CEM) on-premise instances, also referred to as XenMobile Server. The following CVEs are part of the [CTX277457](https://support.citrix.com/article/CTX277457) security bulletin: CVE-2020-8208, CVE-2020-8209, CVE-2020-8210, CVE-2020-8211, and CVE-2020-8212. Of these, CVEs 2020-8208 and 2020-8209 are considered critical. Details on CVE-2020-8209 are [available from Positive Technologies here](https://www.ptsecurity.com/ww-en/about/news/citrix-fixes-xenmobile-vulnerability-found-by-positive-technologies/).

Multiple vulnerabilities were discovered in Citrix Endpoint Management (CEM) on-premise instances, also referred to as XenMobile Server. The following CVEs are part of the [CTX277457](https://support.citrix.com/article/CTX277457) security bulletin: CVE-2020-8208, CVE-2020-8209, CVE-2020-8210, CVE-2020-8211, and CVE-2020-8212. Of these, CVEs 2020-8208 and 2020-8209 are considered critical. Details on CVE-2020-8209 are [available from Positive Technologies here](https://www.ptsecurity.com/ww-en/about/news/citrix-fixes-xenmobile-vulnerability-found-by-positive-technologies/).

Multiple vulnerabilities were discovered in Citrix Endpoint Management (CEM) on-premise instances, also referred to as XenMobile Server. The following CVEs are part of the [CTX277457](https://support.citrix.com/article/CTX277457) security bulletin: CVE-2020-8208, CVE-2020-8209, CVE-2020-8210, CVE-2020-8211, and CVE-2020-8212. Of these, CVEs 2020-8208 and 2020-8209 are considered critical. Details on CVE-2020-8209 are [available from Positive Technologies here](https://www.ptsecurity.com/ww-en/about/news/citrix-fixes-xenmobile-vulnerability-found-by-positive-technologies/).

Multiple vulnerabilities were discovered in Citrix Endpoint Management (CEM) on-premise instances, also referred to as XenMobile Server. The following CVEs are part of the [CTX277457](https://support.citrix.com/article/CTX277457) security bulletin: CVE-2020-8208, CVE-2020-8209, CVE-2020-8210, CVE-2020-8211, and CVE-2020-8212. Of these, CVEs 2020-8208 and 2020-8209 are considered critical. Details on CVE-2020-8209 are [available from Positive Technologies here](https://www.ptsecurity.com/ww-en/about/news/citrix-fixes-xenmobile-vulnerability-found-by-positive-technologies/).