Elazar Broad

**Name of the Vulnerable Software and Affected Versions** Cisco AnyConnect Secure Mobility Client versions prior to 2.5.3041 Cisco AnyConnect Secure Mobility Client versions 3.0.x prior to 3.0.629 **Description** The issue allows remote attackers to execute arbitrary code via the `url` property to a Java applet. This is due to the helper application in Cisco AnyConnect Secure Mobility Client downloading a client executable file (`vpndownloader.exe`) without verifying its authenticity. **Recommendations** For versions prior to 2.5.3041, update to version 2.5.3041 or later. For versions 3.0.x prior to 3.0.629, update to version 3.0.629 or later.

**Name of the Vulnerable Software and Affected Versions** ComponentOne FlexGrid version 7.1 Light **Description** The issue is related to multiple stack-based buffer overflows in the VSFlexGrid.VSFlexGridL ActiveX control. This can be exploited by remote attackers who send a long string in the `Text`, `EditSelText`, `EditText`, and `CellFontName` property values, potentially leading to a denial of service and possibly the execution of arbitrary code. **Recommendations** For ComponentOne FlexGrid version 7.1 Light, consider disabling the VSFlexGrid.VSFlexGridL ActiveX control until a patch is available to prevent potential exploitation. Avoid using long strings in the `Text`, `EditSelText`, `EditText`, and `CellFontName` property values to minimize the risk of triggering the buffer overflows.