In the Linux kernel, the following vulnerability has been resolved: Bluetooth: msft: fix slab-use-after-free in msft_do_close() Tying the msft->data lifetime to hdev by freeing it in hci_release_dev() to fix the following case: [use] msft_do_close() msft = hdev->msft_data; if (!msft) …

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HCI: Fix potential null-ptr-deref Fix potential null-ptr-deref in hci_le_big_sync_established_evt().

An authentication bypass vulnerability in Veeam Agent for Microsoft Windows allows for local privilege escalation.

Veeam Backup Enterprise Manager allows high-privileged users to steal NTLM hash of Enterprise manager service account.

Veeam Backup Enterprise Manager allows high-privileged users to read backup session logs.

Veeam Backup Enterprise Manager allows account takeover via NTLM relay.

Veeam Backup Enterprise Manager allows unauthenticated users to log in as any user to enterprise manager web interface.

An SQL Injection vulnerability in a web component of EPMM versions before 12.1.0.0 allows an authenticated user with appropriate privilege to access or modify data in the underlying database.

An SQL Injection vulnerability in web component of EPMM before 12.1.0.0 allows an authenticated user with appropriate privilege to access or modify data in the underlying database.

A local privilege escalation vulnerability in EPMM before 12.1.0.0 allows an authenticated local user to bypass shell restriction and execute arbitrary commands on the appliance.