Robert Scott

**Name of the Vulnerable Software and Affected Versions** bsdiff4 versions prior to 1.2.0 **Description** A buffer overflow in the patching routine allows an attacker to write to heap memory beyond allocated bounds via a crafted patch file. **Recommendations** For versions prior to 1.2.0, update to version 1.2.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Cisco AnyConnect Secure Mobility Client for Linux (affected versions not specified) **Description** A vulnerability in the HostScan component could allow an unauthenticated, remote attacker to read sensitive information on an affected system. The issue exists due to improper bounds checks, allowing an attacker to exploit it by crafting HTTP traffic for the affected component to download and process. A successful exploit could allow the attacker to read sensitive information on the affected system. The vulnerability is related to a buffer overflow in memory, which can be exploited using specially crafted HTTP traffic. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.