Lus Miguel Ferreira Da Silva

Name of the Vulnerable Software and Affected Versions: TORQUE Resource Manager versions 2.0.0p8 and earlier Description: The issue allows local users to create arbitrary files via a symlink attack on job output files in /usr/spool/PBS/spool and possibly job files in /usr/spool/PBS/mom priv/jobs. This is due to a flaw in the resmom/start exec.c component of pbs mom in TORQUE Resource Manager. Recommendations: For versions 2.0.0p8 and earlier, consider restricting access to the /usr/spool/PBS/spool and /usr/spool/PBS/mom priv/jobs directories to minimize the risk of exploitation. As a temporary workaround, monitor these directories closely for any suspicious activity. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IBM Client Security Password Manager (affected versions not specified) **Description** The issue allows remote attackers to obtain username and password credentials by changing the title of an HTML page, as the password manager stores and distributes saved passwords based on the title of a website. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.