Hou Jingyi

**Name of the Vulnerable Software and Affected Versions** Lenovo PC Manager versions prior to 2.8.90.11211 **Description** A vulnerability was reported that could allow a local attacker to escalate privileges. **Recommendations** For versions prior to 2.8.90.11211, update to version 2.8.90.11211 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Cisco FXOS Software and Cisco NX-OS Software (affected versions not specified) **Description** A vulnerability in the Cisco Discovery Protocol service could allow an unauthenticated, adjacent attacker to cause the service to restart, resulting in a denial of service (DoS) condition. This is due to improper handling of Cisco Discovery Protocol messages processed by the service. An attacker could exploit this by sending malicious Cisco Discovery Protocol messages to an affected device, potentially causing the service to fail and restart. In rare conditions, repeated failures could cause the entire device to restart. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. However, according to the provided information, Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. As a temporary workaround, consider disabling the Cisco Discovery Protocol service until a patch is available. Restrict access to the Cisco Discovery Protocol service to minimize the risk of exploitation. Avoid using the Cisco Discovery Protocol until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 94 Thunderbird versions prior to 91.3 Firefox ESR versions prior to 91.3 **Description** The issue is related to inadequate access control in Mozilla Firefox, Firefox ESR, and the Thunderbird email client for Mac OS operating systems. It is associated with the handling of .inetloc files, which can run commands on a user's computer due to a flaw in Mac OS. The vulnerability can be exploited by a remote attacker to execute arbitrary code when loading .inetloc files. This issue only affects Mac OS operating systems, with other operating systems being unaffected. **Recommendations** For Firefox versions prior to 94, update to version 94 or later to resolve the issue. For Thunderbird versions prior to 91.3, update to version 91.3 or later to resolve the issue. For Firefox ESR versions prior to 91.3, update to version 91.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Cisco Packet Tracer for Windows (affected versions not specified) **Description** A vulnerability in Cisco Packet Tracer for Windows could allow an authenticated, local attacker to perform a DLL injection attack on an affected device. To exploit this vulnerability, the attacker must have valid credentials on the Windows system. This vulnerability is due to incorrect handling of directory paths at run time. An attacker could exploit this vulnerability by inserting a configuration file in a specific path on the system, which can cause a malicious DLL file to be loaded when the application starts. A successful exploit could allow an attacker with normal user privileges to execute arbitrary code on the affected system with the privileges of another user’s account. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Lenovo PCManager versions prior to 3.0.500.5102 Description: A DLL search path issue was reported that could allow privilege escalation. Recommendations: For versions prior to 3.0.500.5102, update to version 3.0.500.5102 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple tvOS versions prior to 14.6 Apple iOS versions prior to 14.6 Apple iPadOS versions prior to 14.6 Apple macOS versions prior to 11.4 Apple watchOS versions prior to 7.5 Apple macOS Mojave versions prior to Security Update 2021-004 Apple macOS Catalina versions prior to Security Update 2021-003 **Description** The issue is related to an out-of-bounds read in the ImageIO component, which can be exploited by processing a maliciously crafted image, potentially leading to the disclosure of user information. **Recommendations** For tvOS versions prior to 14.6, update to tvOS 14.6 or later. For iOS versions prior to 14.6, update to iOS 14.6 or later. For iPadOS versions prior to 14.6, update to iPadOS 14.6 or later. For macOS Big Sur versions prior to 11.4, update to macOS Big Sur 11.4 or later. For watchOS versions prior to 7.5, update to watchOS 7.5 or later. For macOS Mojave versions prior to Security Update 2021-004, apply Security Update 2021-004 or later. For macOS Catalina versions prior to Security Update 2021-003, apply Security Update 2021-003 or later.

**Name of the Vulnerable Software and Affected Versions** VMware Workstation versions 16.x prior to 16.1.2 Horizon Client for Windows versions 5.x prior to 5.5.2 **Description** The issue is related to an out-of-bounds read vulnerability in the Cortado ThinPrint component, specifically the TTC Parser. This vulnerability can be exploited by a malicious actor with access to a virtual machine or remote desktop, potentially leading to information disclosure from the TPView process. The exploitation may allow a remote attacker to disclose protected information. **Recommendations** For VMware Workstation versions 16.x prior to 16.1.2, update to version 16.1.2 or later. For Horizon Client for Windows versions 5.x prior to 5.5.2, update to version 5.5.2 or later.

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 11.3 iOS versions prior to 14.5 iPadOS versions prior to 14.5 watchOS versions prior to 7.4 tvOS versions prior to 14.5 Description: An out-of-bounds read issue was addressed with improved input validation. Processing a maliciously crafted font file may lead to arbitrary code execution. Recommendations: For macOS versions prior to 11.3, update to macOS Big Sur 11.3 or later. For iOS versions prior to 14.5, update to iOS 14.5 or later. For iPadOS versions prior to 14.5, update to iPadOS 14.5 or later. For watchOS versions prior to 7.4, update to watchOS 7.4 or later. For tvOS versions prior to 14.5, update to tvOS 14.5 or later. As a temporary workaround, consider avoiding the use of maliciously crafted font files until a patch is available.

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 11.2 Security Update versions prior to 2021-001 Catalina Security Update versions prior to 2021-001 Mojave tvOS versions prior to 14.4 iOS versions prior to 14.4 iPadOS versions prior to 14.4 Description: An out-of-bounds read issue was addressed through improved input validation. Processing a maliciously crafted image may lead to arbitrary code execution. Recommendations: For macOS versions prior to 11.2, update to macOS Big Sur 11.2. For Security Update versions prior to 2021-001 Catalina, apply Security Update 2021-001 Catalina. For Security Update versions prior to 2021-001 Mojave, apply Security Update 2021-001 Mojave. For tvOS versions prior to 14.4, update to tvOS 14.4. For iOS versions prior to 14.4, update to iOS 14.4. For iPadOS versions prior to 14.4, update to iPadOS 14.4.

**Name of the Vulnerable Software and Affected Versions** Cisco Advanced Malware Protection (AMP) for Endpoints for Windows (affected versions not specified) Cisco Immunet for Windows (affected versions not specified) **Description** A vulnerability in the loading mechanism of specific DLLs could allow an authenticated, local attacker to perform a DLL hijacking attack. The attacker would need valid credentials on the Windows system to exploit this vulnerability, which is due to incorrect handling of directory search paths at run time. An attacker could exploit this vulnerability by placing a malicious DLL file on the targeted system, allowing the execution of arbitrary code on the targeted system with SYSTEM privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Cisco Webex Teams (affected versions not specified) Description: A vulnerability in Cisco Webex Teams could allow an unauthenticated, remote attacker to manipulate file names within the messaging interface. The issue exists due to the software's mishandling of character rendering. An attacker could exploit this by sharing a file within the application interface, potentially allowing them to modify how the shared file name displays. This could enable the attacker to conduct phishing or spoofing attacks. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IBM DB2 Accessories Suite for Linux, UNIX, and Windows, DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) versions 9.7, 10.1, 10.5, 11.1, and 11.5 **Description** The issue allows a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. By placing a specially crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. **Recommendations** For versions 9.7, 10.1, 10.5, 11.1, and 11.5, consider restricting access to compromised folders to minimize the risk of exploitation. As a temporary workaround, consider implementing additional security measures to prevent the placement of specially crafted files in sensitive directories. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: MongoDB Compass versions 1.3.0 through 1.24.0 Description: The issue is related to insecure privilege management in the MongoDB Compass graphical user interface for the MongoDB database management system. A malicious third-party with local access to the Windows machine where MongoDB Compass is installed can execute arbitrary software with the privileges of the user running MongoDB Compass. Recommendations: For MongoDB Compass versions 1.3.0 through 1.24.0, update to version 1.25.0 or later to resolve the issue. As a temporary workaround, consider restricting the privileges of the user running MongoDB Compass to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** macOS Big Sur versions prior to 11.1 macOS Big Sur version 11.0.1 Security Update 2020-001 Catalina Security Update 2020-007 Mojave **Description** An out-of-bounds write issue was addressed with improved input validation. Processing a maliciously crafted image may lead to arbitrary code execution. **Recommendations** For macOS Big Sur versions prior to 11.1, update to macOS Big Sur 11.1. For macOS Big Sur version 11.0.1, update to macOS Big Sur 11.1. For Security Update 2020-001 Catalina, apply Security Update 2020-001 Catalina. For Security Update 2020-007 Mojave, apply Security Update 2020-007 Mojave.

**Name of the Vulnerable Software and Affected Versions** Cisco Webex Teams for Windows (affected versions not specified) **Description** The issue is related to errors in handling directory paths, which can be exploited by an attacker to load a malicious library. This can occur when a malicious DLL file is placed in a specific location on the targeted system, allowing the attacker to execute arbitrary code with the privileges of another user's account. The attacker needs valid credentials on the Windows system to exploit this vulnerability. **Recommendations** To resolve the issue, update to a version of Cisco Webex Teams for Windows that correctly handles directory paths at run time. As a temporary workaround, consider restricting access to the directory where the DLL files are loaded to minimize the risk of exploitation. Avoid placing untrusted DLL files in locations where they could be loaded by the vulnerable application.

**Name of the Vulnerable Software and Affected Versions** Bitdefender Engines versions prior to 7.85448 **Description** An improper Input Validation vulnerability in the code handling file renaming and recovery in Bitdefender Engines allows an attacker to write an arbitrary file in a location hardcoded in a specially-crafted malicious file name. **Recommendations** For Bitdefender Engines versions prior to 7.85448, update to version 7.85448 or later to resolve the issue. As a temporary workaround, consider restricting file renaming and recovery operations to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** InstallBuilder for Qt Windows versions prior to 20.7.0 **Description** The issue allows an attacker to potentially execute code with the security scope of the installer by planting a malicious library in a predictable location where the installer looks for plugins at initialization time. This location is writable by non-admin users, and while the plugins are not required, they are loaded if present. **Recommendations** For versions prior to 20.7.0, update to version 20.7.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Dell Encryption versions prior to 10.8 Dell Endpoint Security Suite versions prior to 2.8 **Description** The issue is related to a privilege escalation vulnerability due to an incomplete fix. A local malicious user with low privileges could potentially exploit this to gain elevated privilege on the affected system with the help of a symbolic link. **Recommendations** For Dell Encryption versions prior to 10.8, update to version 10.8 or later. For Dell Endpoint Security Suite versions prior to 2.8, update to version 2.8 or later.

**Name of the Vulnerable Software and Affected Versions** Cisco AnyConnect Secure Mobility Client for Mac OS (affected versions not specified) **Description** A vulnerability in the uninstaller component could allow an authenticated, local attacker to corrupt the content of any file in the filesystem. The issue is due to the incorrect handling of directory paths. An attacker could exploit this by creating a symbolic link (symlink) to a target file on a specific path. A successful exploit could allow the attacker to corrupt the contents of the file, potentially leading to a denial of service condition if the file is critical to the system. The attacker would need valid credentials on the system to exploit this vulnerability. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Huawei PCManager versions prior to 10.0.5.51 **Description** The issue is a privilege escalation vulnerability in Huawei PCManager products. An authenticated, local attacker can perform a specific operation to exploit this vulnerability, potentially obtaining higher privileges. **Recommendations** For versions prior to 10.0.5.51, update to version 10.0.5.51 or later to resolve the issue.