Autor: Peter Leibling

Ein lokaler Angreifer kann eine Schwachstelle in Red Hat Enterprise Linux in der Komponente „cloud-init“ ausnutzen, um Informationen offenzulegen.

Ein entfernter authentifizierter Angreifer kann mehrere Schwachstellen in Mitel SIP Phone ausnutzen, um beliebigen Code auszuführen.

In the CVE header, added the overall Severity and Impact information. This is an informational change only.

Revised the Security Updates table to include PowerShell 7.5 installed on Windows, PowerShell 7.5 installed on Linux, and PowerShell 7.5 installed on MacOC because these versions of PowerShell 7 are affected by this vulnerability. See [https://github.com/PowerShell/Announcements/issues/74](https://github.com/PowerShell/Announcements/issues/74) for more information.

Missing authorization in Microsoft Account allows an unauthorized attacker to elevate privileges over a network.

Revised the Security Updates table to include PowerShell 7.5 installed on Windows, PowerShell 7.5 installed on Linux, and PowerShell 7.5 installed on MacOC because these versions of PowerShell 7 are affected by this vulnerability. See [https://github.com/PowerShell/Announcements/issues/73](https://github.com/PowerShell/Announcements/issues/73) for more information.

In the Security Updates table, corrected the Impact to Security Feature Bypass. This is an informational change only.

Updated information to include CVSS scores. This is an informational change only.

Authentication bypass by spoofing in Azure AI Face Service allows an authorized attacker to elevate privileges over a network.

Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Red Hat Enterprise Linux ausnutzen, um Informationen auszuspähen.