Weekly Vulnerabilities Reports > August 23 to 29, 2021

Cachet is an open source status page system.

Cachet is an open source status page system.

Cachet is an open source status page system.

Heap buffer overflow in Bookmarks in Google Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Use after free in File System API in Google Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Out of bounds write in Tab Groups in Google Chrome prior to 92.0.4515.131 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory write via a crafted HTML page.

Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

Use after free in Printing in Google Chrome prior to 92.0.4515.159 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

Use after free in Extensions API in Google Chrome prior to 92.0.4515.159 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.

Use after free in WebRTC in Google Chrome prior to 92.0.4515.159 allowed an attacker who convinced a user to visit a malicious website to potentially exploit heap corruption via a crafted HTML page.

Use after free in ANGLE in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Application Policy Infrastructure Controller (Cloud APIC) could allow an authenticated, remote attacker to elevate privileges to Administrator on an affected device.

A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Application Policy Infrastructure Controller (Cloud APIC) could allow an authenticated, remote attacker with Administrator read-only credentials to elevate privileges on an affected system.

nbgitpuller is a Jupyter server extension to sync a git repository one-way to a local path.

A type confusion issue was addressed with improved memory handling.

A buffer overflow issue was addressed with improved memory handling.

A logic issue was addressed with improved validation.

A use after free issue was addressed with improved memory management.

A use after free issue was addressed with improved memory management.

An out-of-bounds read was addressed with improved bounds checking.

A memory corruption vulnerability was addressed with improved locking.

A type confusion issue was addressed with improved memory handling.

A buffer overflow issue was addressed with improved memory handling.

A use after free issue was addressed with improved memory management.

In Plib through 1.85, there is an integer overflow vulnerability that could result in arbitrary code execution.

includes/configure_client.php in RaspAP 2.6.6 allows attackers to execute commands via command injection.

raspap-webgui in RaspAP 2.6.6 allows attackers to execute commands as root because of the insecure sudoers permissions.

XStream is a simple library to serialize objects to XML and back again.

The daac_delete_booking_callback function, hooked to the daac_delete_booking AJAX action, takes the id POST parameter which is passed into the SQL statement without proper sanitisation, validation or escaping, leading to a SQL Injection issue.

The HM Multiple Roles WordPress plugin before 1.3 does not have any access control to prevent low privilege users to set themselves as admin via their profile page

Certain NetModule devices allow credentials via GET parameters to CLI-PHP.

This affects the package object-path before 0.11.6.

A vulnerability in the Multi-Pod or Multi-Site network configurations for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an unauthenticated, remote attacker to unexpectedly restart the device, resulting in a denial of service (DoS) condition.

A vulnerability in the VXLAN Operation, Administration, and Maintenance (OAM) feature of Cisco NX-OS Software, known as NGOAM, could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

A vulnerability in the MPLS Operation, Administration, and Maintenance (OAM) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

A vulnerability in Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) Mode could allow an unauthenticated, remote attacker to cause a queue wedge on a leaf switch, which could result in critical control plane traffic to the device being dropped.

This issue was addressed by disabling execution of JavaScript when viewing a scripting dictionary.

A logic issue was addressed with improved state management.

A logic issue was addressed with improved state management.

XStream is a simple library to serialize objects to XML and back again.

XStream is a simple library to serialize objects to XML and back again.

XStream is a simple library to serialize objects to XML and back again.

XStream is a simple library to serialize objects to XML and back again.

XStream is a simple library to serialize objects to XML and back again.

XStream is a simple library to serialize objects to XML and back again.

XStream is a simple library to serialize objects to XML and back again.

XStream is a simple library to serialize objects to XML and back again.

XStream is a simple library to serialize objects to XML and back again.

XStream is a simple library to serialize objects to XML and back again.

XStream is a simple library to serialize objects to XML and back again.

XStream is a simple library to serialize objects to XML and back again.

Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures.

squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash.

Out of bounds read in Tab Strip in Google Chrome prior to 92.0.4515.131 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafted HTML page.

A buffer overflow issue was addressed with improved memory handling.

Exiv2 0.27.99.0 has a global buffer over-read in Exiv2::Internal::Nikon1MakerNote::print0x0088 in nikonmn_int.cpp which can result in an information leak.

grant table v2 status pages may remain accessible after de-allocation Guest get permitted access to certain Xen-owned pages of memory.

An unsafe deserialization vulnerability exists in the Engine.plugin ProfileInformation ProfileData functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17.

An out-of-bounds read was addressed with improved input validation.

Multiple out-of-bounds write issues were addressed with improved bounds checking.

A memory corruption issue was addressed with improved input validation.

Description: A memory corruption issue in the processing of ICC profiles was addressed with improved input validation.

A use after free issue was addressed with improved memory management.

A memory corruption vulnerability was addressed with improved locking.

An out-of-bounds read was addressed with improved bounds checking.

Description: A memory corruption issue in the processing of ICC profiles was addressed with improved input validation.

This issue was addressed with improved checks.

A memory corruption issue was addressed with improved state management.

An integer overflow was addressed with improved input validation.

A type confusion issue was addressed with improved memory handling.

A buffer overflow issue was addressed with improved memory handling.

An out-of-bounds read was addressed with improved input validation.

A path handling issue was addressed with improved validation.

An out-of-bounds write issue was addressed with improved bounds checking.

A buffer overflow was addressed with improved bounds checking.

A buffer overflow issue was addressed with improved memory handling.

A use after free issue was addressed with improved memory management.

A buffer overflow was addressed with improved bounds checking.

A buffer overflow issue was addressed with improved memory handling.

An out-of-bounds write issue was addressed with improved bounds checking.

An out-of-bounds read was addressed with improved bounds checking.

A type confusion issue was addressed with improved state handling.

An out-of-bounds read was addressed with improved input validation.

A logic issue was addressed with improved state management.

An input validation issue was addressed with improved memory handling.

A memory corruption issue was addressed with improved memory handling.

A use after free issue was addressed with improved memory management.

A memory corruption issue was addressed with improved input validation.

An out-of-bounds write issue was addressed with improved bounds checking.

Multiple out-of-bounds write issues were addressed with improved bounds checking.

A use after free issue was addressed with improved memory management.

This issue was addressed with improved checks.

This issue was addressed with improved checks.

An integer overflow was addressed through improved input validation.

A memory corruption issue was addressed with improved memory handling.

A memory corruption issue was addressed with improved input validation.

A memory corruption issue was addressed with improved memory handling.

A memory corruption issue existed in the processing of ICC profiles.

An out-of-bounds write was addressed with improved input validation.

A type confusion issue was addressed with improved state handling.

An integer overflow was addressed with improved input validation.

Adobe After Effects version 18.2 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability when parsing a specially crafted file.

Adobe After Effects version 18.2 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability when parsing a specially crafted file.

This issue was addressed with improved checks.

Zoho ManageEngine Log360 before Build 5219 allows unrestricted file upload with resultant remote code execution.

Zoho ManageEngine Log360 before Build 5225 allows remote code execution via BCP file overwrite.

An arbitrary file upload vulnerability in the /uploads/dede component of DedeCMS V5.7SP2 allows attackers to upload a webshell in HTM format.

The GET parameter "id" in WMS v1.0 is passed without filtering, which allows attackers to perform SQL injection.

OpenZepplin is a library for smart contract development.

OpenZepplin is a library for smart contract development.

Nuishop v2.3 contains a SQL injection vulnerability in /goods/getGoodsListByConditions/.

IBM API Connect 5.0.0.0 through 5.0.8.11 could allow a user to potentially inject code due to unsanitized user input.

Data race in WebAudio in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

EmTec ZOC before 8.02.2 allows \e[201~ pastes, a different vulnerability than CVE-2021-32198.

thinkphp-zcms as of 20190715 allows SQL injection via index.php?m=home&c=message&a=add.

gdImageGd2Ptr in gd_gd2.c in the GD Graphics Library (aka LibGD) through 2.3.2 has a double free.

ForgeRock Access Management (AM) before 7.0.2, when configured with Active Directory as the Identity Store, has an authentication-bypass issue.

opensysusers through 0.6 does not safely use eval on files in sysusers.d that may contain shell metacharacters.

Istio is an open source platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data.

Istio is an open source platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data.

Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures.

A S/MIME issue existed in the handling of encrypted email.

Description: A logic issue was addressed with improved state management.

A deserialization issue was addressed through improved validation.

A denial of service issue was addressed with improved state handling.

A logic issue was addressed with improved state management.

A race condition was addressed with improved state handling.

An authorization issue was addressed with improved state management.

A logic issue was addressed with improved validation.

An issue was discovered in D-Link DIR-816 DIR-816A2_FWv1.10CNB05_R1B011D88210 The HTTP request parameter is used in the handler function of /goform/form2userconfig.cgi route, which can construct the user name string to delete the user function.

An issue was discovered in D-Link DIR816_A1_FW101CNB04 750m11ac wireless router, The HTTP request parameter is used in the handler function of /goform/form2userconfig.cgi route, which can construct the user name string to delete the user function.

Multiple SQL injection vulnerabilities in SmartDataSoft SmartBlog for PrestaShop before 4.06 allow a remote unauthenticated attacker to execute arbitrary SQL commands via the day, month, or year parameter to the controllers/front/archive.php archive controller, or the id_category parameter to the controllers/front/category.php category controller.

This affects all versions of package mootools.

This affects the package pac-resolver before 5.0.0.

A segmentation violation in the Iec104_Deal_I function of IEC104 v1.0 allows attackers to cause a denial of service (DOS).

A segmentation violation in the Iec104_Deal_FirmUpdate function of IEC104 v1.0 allows attackers to cause a denial of service (DOS).

The Edit Comments WordPress plugin through 0.3 does not sanitise, validate or escape the jal_edit_comments GET parameter before using it in a SQL statement, leading to a SQL injection issue

The LMS by LifterLMS – Online Course, Membership & Learning Management System Plugin for WordPress plugin before 4.21.2 was affected by an IDOR issue, allowing students to see other student answers and grades

Certain NetModule devices have Insecure Password Handling (cleartext or reversible encryption), These models with firmware before 4.3.0.113, 4.4.0.111, and 4.5.0.105 are affected: NB800, NB1600, NB1601, NB1800, NB1810, NB2700, NB2710, NB2800, NB2810, NB3700, NB3701, NB3710, NB3711, NB3720, and NB3800.

An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS).

An issue was discovered in Mbed TLS before 2.24.0 (and before 2.16.8 LTS and before 2.7.17 LTS).

An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS).

An out-of-bounds write flaw was found in the UAS (USB Attached SCSI) device emulation of QEMU in versions prior to 6.2.0-rc0.

An information leakage issue was addressed.

ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length.

IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the kernel to gain root privileges.

A remote code execution (RCE) vulnerability in template_user.php of ZZCMS version 2018 allows attackers to execute arbitrary PHP code via the "ml" and "title" parameters.

Multiple vulnerabilities in the web UI and API endpoints of Cisco Application Policy Infrastructure Controller (APIC) or Cisco Cloud APIC could allow a remote attacker to perform a command injection or file upload attack on an affected system.

The Paytm – Donation Plugin WordPress plugin through 1.3.2 does not sanitise, validate or escape the id GET parameter before using it in a SQL statement when deleting donations, leading to an authenticated SQL injection issue

An out-of-bounds read was addressed with improved bounds checking.

An out-of-bounds read was addressed with improved bounds checking.

An out-of-bounds read was addressed with improved bounds checking.

An out-of-bounds read was addressed with improved bounds checking.

An out-of-bounds array read in the apr_time_exp*() functions was fixed in the Apache Portable Runtime 1.6.3 release (CVE-2017-12613).

A race condition was addressed with improved state handling.

A race condition was addressed with improved locking.

A race condition was addressed with improved locking.

A race condition was addressed with improved state handling.

A race condition was addressed with improved state handling.

A race condition was addressed with improved state handling.

A race condition was addressed with improved locking.

A race condition was addressed with improved locking.

A race condition was addressed with improved state handling.

Zoho ManageEngine Log360 before Build 5219 allows a CSRF attack on proxy settings.

Zoho ManageEngine Cloud Security Plus before Build 4117 allows a CSRF attack on the server proxy settings.

Zoho ManageEngine Log360 before Build 5224 allows a CSRF attack for disabling the logon security settings.

Heap-based Buffer Overflow vulnerability exists in ok-file-formats 1 via the ok_jpg_generate_huffman_table function in ok_jpg.c.

IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables to specify regions of memory which should be left untranslated, which typically means these addresses should pass the translation phase unaltered.

ngiflib 0.4 has a heap overflow in GetByteStr() at ngiflib.c:108 in NGIFLIB_NO_FILE mode, GetByteStr() copy memory buffer without checking the boundary.

ngiflib 0.4 has a heap overflow in GetByte() at ngiflib.c:70 in NGIFLIB_NO_FILE mode, GetByte() reads memory buffer without checking the boundary.

Use after free in Page Info UI in Google Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via physical access to the device.

Use after free in Browser UI in Google Chrome on Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via physical access to the device.

yourls is vulnerable to Improper Restriction of Rendered UI Layers or Frames

An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1.

An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1.

An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1.

An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1.

An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1.

An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1.

An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1.

An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1.

An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1.

Cscape (All Versions prior to 9.90 SP5) lacks proper validation of user-supplied data when parsing project files.

Cscape (All Versions prior to 9.90 SP5) lacks proper validation of user-supplied data when parsing project files.

Cscape (All Versions prior to 9.90 SP5) lacks proper validation of user-supplied data when parsing project files.

The plus/search.php component in DedeCMS 5.7 SP2 allows remote attackers to execute arbitrary PHP code via the typename parameter because the contents of typename.inc are under an attacker's control.

This issue was addressed by improving Face ID anti-spoofing models.

Adobe Animate version 21.0.6 (and earlier) is affected by an Out-of-bounds Read vulnerability.

Adobe Animate version 21.0.6 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file.

Acrobat Reader DC versions versions 2021.001.20155 (and earlier), 2020.001.30025 (and earlier) and 2017.011.30196 (and earlier) are affected by an Out-of-bounds read vulnerability.

Acrobat Reader DC versions versions 2021.001.20155 (and earlier), 2020.001.30025 (and earlier) and 2017.011.30196 (and earlier) are affected by an Use After Free vulnerability.

Acrobat Reader DC versions versions 2021.001.20155 (and earlier), 2020.001.30025 (and earlier) and 2017.011.30196 (and earlier) are affected by an Out-of-bounds Read vulnerability.

Adobe After Effects version 18.2 (and earlier) is affected by a memory corruption vulnerability when parsing a specially crafted file.

Acrobat Reader DC versions versions 2021.001.20155 (and earlier), 2020.001.30025 (and earlier) and 2017.011.30196 (and earlier) are affected by an Use After Free vulnerability.

Acrobat Reader DC versions versions 2021.001.20155 (and earlier), 2020.001.30025 (and earlier) and 2017.011.30196 (and earlier) are affected by an Use After Free vulnerability.

ok-file-formats through 2021-04-29 has a heap-based buffer overflow in the ok_csv_circular_buffer_read function in ok_csv.c.

The package joplin before 2.3.2 are vulnerable to Cross-site Request Forgery (CSRF) due to missing CSRF checks in various forms.

Adobe Media Encoder version 15.2 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file.

NVCaffe's python required dependencies list used to contain `gfortran`version prior to 0.17.4, entry which does not exist in the repository pypi.org.

LedgerSMB does not check the origin of HTML fragments merged into the browser's DOM.

LedgerSMB does not sufficiently HTML-encode error messages sent to the browser.

The Contact Form 7 Captcha WordPress plugin before 0.0.9 does not have any CSRF check in place when saving its settings, allowing attacker to make a logged in user with the manage_options change them.

A vulnerability in Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an authenticated, local attacker to elevate privileges on an affected device.

OpenMage magento-lts is an alternative to the Magento CE official releases.

A lack of filtering for searched keywords in the search bar of YouDianCMS 8.0 allows attackers to perform SQL injection.

SQL Injection vulnerability in cxuucms 3.1 ivia the pid parameter in public/admin.php.

SQL Injection vulnerability in Hucart CMS 5.7.4 via the basic information field found in the avatar usd_image field.

SQL Injection vulnerability in Hucart CMS 5.7.4 via the purchase enquiry field found in the Message con_content field.

A SQL injection vulnerability in admin.php of DOYOCMS 2.3 allows attackers to execute arbitrary SQL commands via the orders[] parameter.

Due to improper handling of OAuth client IDs, new subscriptions generated OAuth tokens on an incorrect OAuth client application.

An access issue was addressed with improved access restrictions.

An issue existed in the specification for the resource timing API.

A logic issue was addressed with improved state management.

A user privacy issue was addressed by removing the broadcast MAC address.

A logic issue existed in the handling of document loads.

Adobe Experience Manager Cloud Service offering, as well as versions 6.5.8.0 (and below) is affected by a Server-side Request Forgery.

Philips Healthcare Tasy Electronic Medical Record (EMR) 3.06 allows SQL injection via the WAdvancedFilter/getDimensionItemsByCode FilterValue parameter.

Philips Healthcare Tasy Electronic Medical Record (EMR) 3.06 allows SQL injection via the CorCad_F2/executaConsultaEspecifico IE_CORPO_ASSIST or CD_USUARIO_CONVENIO parameter.

An invalid memory access in the decode function in iptc.cpp of Exiv2 0.27.99.0 allows attackers to cause a denial of service (DOS) via a crafted tif file.

A float point exception in the printLong function in tags_int.cpp of Exiv2 0.27.99.0 allows attackers to cause a denial of service (DOS) via a crafted tif file.

The Giveaway WordPress plugin through 1.2.2 is vulnerable to an SQL Injection issue which allows an administrative user to execute arbitrary SQL commands via the $post_id on the options.php page.

The Slider Hero with Animation, Video Background & Intro Maker WordPress plugin before 8.2.7 does not sanitise or escape the id attribute of its hero-button shortcode before using it in a SQL statement, allowing users with a role as low as Contributor to perform SQL injection.

The Broken Link Manager WordPress plugin through 0.6.5 does not sanitise, validate or escape the url GET parameter before using it in a SQL statement when retrieving an URL to edit, leading to an authenticated SQL injection issue

The Simple Events Calendar WordPress plugin through 1.4.0 does not sanitise, validate or escape the event_id POST parameter before using it in a SQL statement when deleting events, leading to an authenticated SQL injection issue

The Timeline Calendar WordPress plugin through 1.2 does not sanitise, validate or escape the edit GET parameter before using it in a SQL statement when editing events, leading to an authenticated SQL injection issue.

The update functionality in the rslider_page uses an rs_id POST parameter which is not validated, sanitised or escaped before being inserted in sql query, therefore leading to SQL injection for users having Administrator role.

The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field.

IBM API Connect 5.0.0.0 through 5.0.8.11 could alllow a remote user to obtain sensitive information or conduct denial of serivce attacks due to open ports.

An issue was discovered in Joomla! 4.0.0.

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

XStream is a simple library to serialize objects to XML and back again.

Multiple Cross Site Scripting (XSS) vulneratiblities exist in Cacti 1.2.12 in (1) reports_admin.php, (2) data_queries.php, (3) data_input.php, (4) graph_templates.php, (5) graphs.php, (6) reports_admin.php, and (7) data_input.php.

A validation issue was addressed with improved input sanitization.

A logic issue was addressed with improved state management.

Adobe Creative Cloud Desktop Application (installer) version 2.4 (and earlier) is affected by an Insecure temporary file creation vulnerability.

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

A race condition was addressed with improved locking.

An issue was discovered in Mbed TLS before 2.24.0.

octobercms in a CMS platform based on the Laravel PHP Framework.

An improper sanitization of input vulnerability in B.

Adobe After Effects version 18.2 (and earlier) is affected by an Our-of-bounds Read vulnerability when parsing a specially crafted file.

Adobe After Effects version 18.2 (and earlier) is affected by an Our-of-bounds Read vulnerability when parsing a specially crafted file.

Adobe After Effects version 18.2 (and earlier) is affected by an Our-of-bounds Read vulnerability when parsing a specially crafted file.

Adobe After Effects version 18.2 (and earlier) is affected by an Our-of-bounds Read vulnerability when parsing a specially crafted file.

long running loops in grant table handling In order to properly monitor resource use, Xen maintains information on the grant mappings a domain may create to map grants offered by other domains.

Improper authorization in GitLab CE/EE affecting all versions since 13.3 allowed users to view and delete impersonation tokens that administrators created for their account

Improper authorization in GitLab CE/EE affecting all versions since 12.6 allowed guest users to create issues for Sentry errors and track their status

There's a flaw in OpenEXR's rleUncompress functionality in versions prior to 3.0.5.

An out-of-bounds read was addressed with improved bounds checking.

Description: A logic issue was addressed with improved state management.

A memory initialization issue was addressed with improved memory handling.

Description: A permissions issue was addressed with improved validation.

Description: A permissions issue was addressed with improved validation.

An access issue was addressed with additional sandbox restrictions on third party applications.

A logic issue was addressed with improved state management.

This issue was addressed with improved checks.

An out-of-bounds write issue was addressed with improved bounds checking.

A logic issue was addressed with improved validation.

A buffer overflow issue was addressed with improved memory handling.

A buffer overflow issue was addressed with improved memory handling.

A logic issue was addressed with improved restrictions.

An access issue was addressed with additional sandbox restrictions.

A logic issue was addressed with improved state management.

A buffer overflow issue was addressed with improved memory handling.

A buffer overflow issue was addressed with improved memory handling.

A buffer overflow issue was addressed with improved memory handling.

A buffer overflow issue was addressed with improved memory handling.

An inherited permissions issue was addressed with additional restrictions.

Description: A permissions issue was addressed with improved validation.

A validation issue related to hard link behavior was addressed with improved sandbox restrictions.

A logic issue was addressed with improved state management.

An out-of-bounds read was addressed with improved input validation.

A logic issue was addressed with improved state management.

A device configuration issue was addressed with an updated configuration.

An access issue was addressed with improved access restrictions.

Description: A permissions issue was addressed with improved validation.

A logic issue was addressed with improved validation.

This issue was addressed with improved handling of file metadata.

This issue was addressed with improved checks.

A validation issue existed in the handling of symlinks.

A logic issue was addressed with improved state management.

The issue was addressed with improved authentication.

This issue was addressed with a new entitlement.

An inherited permissions issue was addressed with additional restrictions.

A logic issue was addressed with improved restrictions.

A logic issue was addressed with improved restrictions.

An out-of-bounds read was addressed with improved bounds checking.

An out-of-bounds read was addressed with improved bounds checking.

An out-of-bounds read was addressed with improved bounds checking.

The issue was addressed with improved permissions logic.

The issue was addressed with improved permissions logic.

A permissions issue was addressed with improved validation.

Adobe Animate version 21.0.6 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file.

A vulnerability in the web UI of Cisco Application Policy Infrastructure Controller (APIC) or Cisco Cloud APIC could allow an authenticated, remote attacker to perform a stored cross-site scripting attack on an affected system.

The Simple Social Media Share Buttons – Social Sharing for Everyone WordPress plugin before 3.2.3 did not escape the align and like_button_size parameters of its SSB shortcode, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks.

The Grid Gallery – Photo Image Grid Gallery WordPress plugin before 1.2.5 does not properly sanitize the title field for image galleries when adding them via the admin dashboard, resulting in an authenticated Stored Cross-Site Scripting vulnerability.

The Charitable – Donation Plugin WordPress plugin before 1.6.51 is affected by an authenticated stored cross-site scripting vulnerability which was found in the add donation feature.

Access Restriction Bypass via referrer spoof was discovered in SolarWinds Web Help Desk 12.7.2.

A vulnerability in the implementation of the system login block-for command for Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a login process to unexpectedly restart, causing a denial of service (DoS) condition.

A vulnerability in the EtherChannel port subscription logic of Cisco Nexus 9500 Series Switches could allow an unauthenticated, remote attacker to bypass access control list (ACL) rules that are configured on an affected device.

A S/MIME issue existed in the handling of encrypted email.

A sync issue was addressed with improved state validation.

A logic issue was addressed with improved state management.

Passport-SAML is a SAML 2.0 authentication provider for Passport, the Node.js authentication library.

In OPC Foundation Local Discovery Server (LDS) before 1.04.402.463, remote attackers can cause a denial of service (DoS) by sending carefully crafted messages that lead to Access of a Memory Location After the End of a Buffer.

Cachet is an open source status page.

An SSRF vulnerability in Gotenberg through 6.2.1 exists in the remote URL to PDF conversion, which results in a remote attacker being able to read local files or fetch intranet resources.

A denial of service vulnerability exists in the ASDU message processing functionality of MZ Automation GmbH lib60870.NET 2.2.0.

The AP4_CttsAtom class in Core/Ap4CttsAtom.cpp in Bento4 1.5.1.0 allows remote attackers to cause a denial of service (application crash), related to a memory allocation failure, as demonstrated by mp2aac.

A Missing Authentication for Critical Function vulnerability in B.

A Cleartext Transmission of Sensitive Information vulnerability in B.

An Unrestricted Upload of File with Dangerous Type vulnerability in B.

Knot Resolver before 5.3.2 is prone to an assertion failure, triggerable by a remote attacker in an edge case (NSEC3 with too many iterations used for a positive wildcard proof).

Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures.

Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures.

Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures.

EARCLINK ESPCMS-P8 was discovered to contain a SQL injection vulnerability in the espcms_web/Search.php component via the attr_array parameter.

detect-character-encoding is an open source character encoding inspection library.

Adobe Experience Manager Cloud Service offering, as well as versions 6.5.8.0 (and below) is affected by an Improper Authorization vulnerability allowing users to create nodes under a location.

go-ethereum is the official Go implementation of the Ethereum protocol.

In NASCENT RemKon Device Manager 4.0.0.0, a Directory Traversal vulnerability in a log-reading function in maintenance/readLog.php allows an attacker to read any file via a specialized URL.

All versions of package transpile are vulnerable to Denial of Service (DoS) due to a lack of input sanitization or whitelisting, coupled with improper exception handling in the .to() function.

All versions of package startserver are vulnerable to Directory Traversal due to missing sanitization.

D-Link DVX-2000MS contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file.

A stack buffer overflow in /ddsi/q_bitset.h of Eclipse IOT Cyclone DDS Project v0.1.0 causes the DDS subscriber server to crash.

A heap buffer overflow in /src/dds_stream.c of Eclipse IOT Cyclone DDS Project v0.1.0 causes the DDS subscriber server to crash.

Improper authorization on the pipelines page in GitLab CE/EE affecting all versions since 13.12 allowed unauthorized users to view some pipeline information for public projects that have access to pipelines restricted to members only

There is a denial of service vulnerability in some huawei products.

There is a denial of service vulnerability in Huawei products.

There is a logic vulnerability in Elf-G10HN 1.0.0.608.

IBM Security SOAR uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

IBM Security SOAR performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.

Hardcoded .htaccess Credentials for getlogs.cgi exist on Altus Nexto, Nexto Xpress, and Hadron Xtorm devices.

An XML external entity (XXE) injection in PyWPS before 4.4.5 allows an attacker to view files on the application server filesystem by assigning a path to the entity.

Canon Oce Print Exec Workgroup 1.3.2 allows Host header injection.

xen/arm: No memory limit for dom0less domUs The dom0less feature allows an administrator to create multiple unprivileged domains directly from Xen.

IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a vulnerability in the AIX kernel to cause a denial of service.

IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service.

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to redirect users to a malicious URL via a reverse tabnapping vulnerability in the Project Shortcuts feature.

An issue was discovered in PrimeKey EJBCA before 7.6.0.

Improper authorization in GitLab EE affecting all versions since 13.4 allowed a user who previously had the necessary access to trigger deployments to protected environments under specific conditions after the access has been removed

The GiveWP – Donation Plugin and Fundraising Platform WordPress plugin before 2.12.0 did not escape the Donation Level setting of its Donation Forms, allowing high privilege users to use Cross-Site Scripting payloads in them.

The issue was resolved with additional restrictions on CSS compositing.

The issue was addressed with improved permissions logic.

An inconsistent user interface issue was addressed with improved state management.

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

Untrusted search path vulnerability in the installer of Sony Audio USB Driver V1.10 and prior and the installer of HAP Music Transfer Ver.1.3.0 and prior allows an attacker to gain privileges and execute arbitrary code via a Trojan horse DLL in an unspecified directory.

A vulnerability in the fabric infrastructure file system access control of Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an authenticated, local attacker to read arbitrary files on an affected system.

Zoho ManageEngine Log360 before Build 5225 allows stored XSS.

Zoho ManageEngine Log360 before Build 5224 allows stored XSS via the LOGO_PATH key value in the logon settings.

Certain Canon devices manufactured in 2012 through 2020 (such as imageRUNNER ADVANCE iR-ADV C5250), when Catwalk Server is enabled for HTTP access, allow remote attackers to modify an e-mail address setting, and thus cause the device to send sensitive information through e-mail to the attacker.

Cross Site Scripting (XSS) in Blog_mini v1.0 allows remote attackers to execute arbitrary code via the component '/admin/custom/blog-plugin/add'.

Cross Site Scripting (XSS) in Blog_mini v1.0 allows remote attackers to execute arbitrary code via the component '/admin/submit-articles'.

Cross Site Scripting (XSS) in Simiki v1.6.2.1 and prior allows remote attackers to execute arbitrary code via line 54 of the component 'simiki/blob/master/simiki/generators.py'.

Cross Site Scripting (XSS) in Mezzanine v4.3.1 allows remote attackers to execute arbitrary code via the 'Description' field of the component 'admin/blog/blogpost/add/'.

The useradm service 1.14.0 (in Northern.tech Mender Enterprise 2.7.x before 2.7.1) and 1.13.0 (in Northern.tech Mender Enterprise 2.6.x before 2.6.1) allows users to access the system with their JWT token after logout, because of missing invalidation (if the JWT verification cache is enabled).

Incorrect security UI in Navigation in Google Chrome on Android prior to 92.0.4515.131 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

DigitalDruid HotelDruid 3.0.2 has an XSS vulnerability in prenota.php affecting the fineperiodo1 parameter.

It is possible to inject HTML and/or JavaScript in the HTML to PDF conversion in Gotenberg through 6.2.1 via the /convert/html endpoint.

A cross-site scripting (XSS) vulnerability in the referer parameter of Dzzoffice 2.02 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

Insufficient filtering of the tag parameters in feehicms 0.1.3 allows attackers to execute arbitrary web or HTML via a crafted payload.

Cross-site scripting vulnerability in Search screen of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.44 and earlier, and Movable Type Premium Advanced 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors.

Cross-site scripting vulnerability in Create screens of Entry, Page, and Content Type of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.44 and earlier, and Movable Type Premium Advanced 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors.

Cross-site scripting vulnerability in Website Management screen of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.44 and earlier, and Movable Type Premium Advanced 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors.

Cross-site scripting vulnerability in List of Assets screen of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.44 and earlier, and Movable Type Premium Advanced 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors.

Cross-site scripting vulnerability in Setting screen of Server Sync of Movable Type (Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series) and Movable Type Premium Advanced 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors.

Cross-site scripting vulnerability in Edit screen of Content Data of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series) and Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series)) allows remote attackers to inject arbitrary script or HTML via unspecified vectors.

Cross-site scripting vulnerability in Setting screen of ContentType Information Widget Plugin of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), and Movable Type Premium 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors.

Cross-site scripting vulnerability in Edit Boilerplate screen of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.44 and earlier, and Movable Type Premium Advanced 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors.

A vulnerability in the way Cisco UCS Manager software handles SSH sessions could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

Cross Site Request Forgery (CSRF) vulnerability exist in PopojiCMS 2.0.1 in po-admin/route.php?mod=user&act=multidelete.

Stack-based Buffer Overflow in PoDoFo v0.9.6 allows attackers to cause a denial of service via the component 'src/base/PdfDictionary.cpp:65'.

Exposure of Sensitive Information to an Unauthorized Actor in PoDoFo v0.9.6 allows attackers to obtain sensitive information via 'IsNextToken' in the component 'src/base/PdfToenizer.cpp'.

Buffer Overflow in Netwide Assembler (NASM) v2.15.xx allows attackers to cause a denial of service via 'crc64i' in the component 'nasmlib/crc64'.

Buffer Overflow in Tcpreplay v4.3.2 allows attackers to cause a Denial of Service via the 'do_checksum' function in 'checksum.c'.

An issue in the handling of group membership was resolved with improved logic.

The issue was addressed with improved permissions logic.

Adobe Animate version 21.0.6 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file.

Adobe After Effects version 18.2 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file.

Adobe After Effects version 18.2 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file.

Adobe After Effects version 18.2 (and earlier) is affected by an Our-of-bounds Read vulnerability when parsing a specially crafted file.

Adobe Experience Manager Cloud Service offering, as well as versions 6.5.8.0 (and below) is affected by a Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

Adobe Experience Manager Cloud Service offering, as well as versions 6.5.8.0 (and below) is affected by a Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

Multiple Cross Site Scripting (XSS) vulnerabilities exists in CXUUCMS 3.1 in the search and c parameters in (1) public/search.php and in the (2) c parameter in admin.php.

In Libav 12.3, there is a heap-based buffer over-read in vc1_decode_b_mb_intfi in vc1_block.c that allows an attacker to cause denial-of-service via a crafted file.

In Libav 12.3, there is a segmentation fault in vc1_decode_b_mb_intfr in vc1_block.c that allows an attacker to cause denial-of-service via a crafted file.

In Libav 12.3, there is a heap-based buffer over-read in vc1_decode_p_mb_intfi in vc1_block.c that allows an attacker to cause denial-of-service via a crafted file.

firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)

firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)

firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)

LedgerSMB does not sufficiently guard against being wrapped by other sites, making it vulnerable to 'clickjacking'.

The kento_email_subscriber_ajax AJAX action of the Email Subscriber WordPress plugin through 1.1, does not properly sanitise, validate and escape the submitted subscribe_email and subscribe_name POST parameters, inserting them in the DB and then outputting them back in the Subscriber list (/wp-admin/edit.php?post_type=kes_campaign&page=kento_email_subscriber_list_settings), leading a Stored XSS issue.

Cross-Site Request Forgery (CSRF) exists on Altus Nexto, Nexto Xpress, and Hadron Xtorm devices via any CGI endpoint.

Canon Oce Print Exec Workgroup 1.3.2 allows XSS via the lang parameter.

Directory Traversal vulnerability exists in PopojiCMS 2.0.1 via the id parameter in admin.php.

Under specialized conditions, GitLab may allow a user with an impersonation token to perform Git actions even if impersonation is disabled.

Under specialized conditions, GitLab CE/EE versions starting 7.10 may allow existing GitLab users to use an invite URL meant for another email address to gain access into a group.

Improper authorization in the vulnerability report feature in GitLab EE affecting all versions since 13.1 allowed a reporter to access vulnerability data

Improper validation of commit author in GitLab CE/EE affecting all versions allowed an attacker to make several pages in a project impossible to view

Improper authorization in GitLab CE/EE affecting all versions since 13.0 allows guests in private projects to view CI/CD analytics

Improper check in CheckboxGroup in com.vaadin:vaadin-checkbox-flow versions 1.2.0 prior to 2.0.0 (Vaadin 12.0.0 prior to 14.0.0), 2.0.0 prior to 3.0.0 (Vaadin 14.0.0 prior to 14.5.0), 3.0.0 through 4.0.1 (Vaadin 15.0.0 through 17.0.11), 14.5.0 through 14.6.7 (Vaadin 14.5.0 through 14.6.7), and 18.0.0 through 20.0.5 (Vaadin 18.0.0 through 20.0.5) allows attackers to modify the value of a disabled Checkbox inside enabled CheckboxGroup component via unspecified vectors.

An issue was discovered in PrimeKey EJBCA before 7.6.0.

A Buffer Overflow vulnerabilty exists in Miniftpd 1.0 in the do_mkd function in the ftpproto.c file, which could let a remote malicious user cause a Denial of Service.

A verbose error message in GitLab EE affecting all versions since 12.2 could disclose the private email address of a user invited to a group

Improper validation of invited users' email address in GitLab EE affecting all versions since 12.2 allowed projects to add members with email address domain that should be blocked by group settings

A confusion between tag and branch names in GitLab CE/EE affecting all versions since 13.7 allowed a Developer to access protected CI variables which should only be accessible to Maintainers

The AceIDE WordPress plugin through 2.6.2 does not sanitise or validate the user input which is appended to system paths before using it in various actions, such as to read arbitrary files from the server.

A Denial-of-Service (DoS) vulnerability was discovered in all versions of F-Secure Atlant whereby the SAVAPI component used in certain F-Secure products can crash while scanning fuzzed files.

Certain Arm products before 2021-08-23 do not properly consider the effect of exceptions on a VLLDM instruction.

IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting.

Misskey is a decentralized microblogging platform.

A remote cross-site scripting (XSS) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.13.0.

Cross Site Scripting (XSS) vulnerabilty exists in BigTree-CMS 4.4.3 in the tag name field found in the Tags page under the General menu via a crafted website name by doing an authenticated POST HTTP request to admin/tags/create.

Cross Site Scripting (XSS) vulnerability exists in qdPM 9.1 in the Heading field found in the Login Page page under the General menu via a crafted website name by doing an authenticated POST HTTP request to /qdPM_9.1/index.php/configuration.

Stored cross-site scripting (XSS) vulnerability in the Copyright Text field found in the Application page under the Configuration menu in Rukovoditel 2.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted website name by doing an authenticated POST HTTP request to /rukovoditel_2.4.1/index.php?module=configuration/save&redirect_to=configuration/application.

Stored cross-site scripting (XSS) vulnerability in the Name of application field found in the General Configuration page in Rukovoditel 2.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted website name by doing an authenticated POST HTTP request to rukovoditel_2.4.1/install/index.php.

Cross Site Scripting (XSS) vulnerabilty exists in Hucart CMS 5.7.4 is via the mes_title field.

Stored cross-site scripting (XSS) vulnerability in Care2x Hospital Information Management 2.7 Alpha.

A stored cross-site scripting (XSS) vulnerability via ResourceController.java in spring-boot-admin as of 20190710 allows attackers to execute arbitrary web scripts or HTML.

Cross Site Scripting (XSS) vulnerability exists in PopojiCMS 2.0.1 in admin.php?mod=menumanager--------- edit menu.

Insufficient input sanitization in Mermaid markdown in GitLab CE/EE version 11.4 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted markdown

A user with permission to log on to the machine hosting the AXIS Device Manager client could under certain conditions extract a memory dump from the built-in Windows Task Manager application.

baserCMS is an open source content management system with a focus on Japanese language support.

An issue was discovered in PrimeKey EJBCA before 7.6.0.

Cross Site Scripting (XSS) vulnerability exiss in FlatCore-CMS 2.0.7 via the upload image function.

The Maintenance WordPress plugin before 4.03 does not sanitise or escape some of its settings, allowing high privilege users such as admin to se Cross-Site Scripting payload in them (even when the unfiltered_html capability is disallowed), which will be triggered in the frontend

The KN Fix Your Title WordPress plugin through 1.0.1 was vulnerable to Authenticated Stored XSS in the separator field.

The pspin_duplicate_post_save_as_new_post function of the Project Status WordPress plugin through 1.6 does not sanitise, validate or escape the post GET parameter passed to it before outputting it in an error message when the related post does not exist, leading to a reflected XSS issue

The WP SMS WordPress plugin before 5.4.13 does not sanitise the "wp_group_name" parameter before outputting it back in the "Groups" page, leading to an Authenticated Stored Cross-Site Scripting issue

The WPFront Scroll Top WordPress plugin before 2.0.6.07225 does not sanitise or escape its Image ALT setting before outputting it attributes, leading to an Authenticated Stored Cross-Site Scripting issues even when the unfiltered_html capability is disallowed.

The HD Quiz WordPress plugin before 1.8.4 does not escape some of its Answers before outputting them in attribute when generating the Quiz, which could lead to Stored Cross-Site Scripting issues

The Simple Banner WordPress plugin before 2.10.4 does not sanitise and escape one of its settings, allowing high privilege users such as admin to use Cross-Site Scripting payload even when the unfiltered_html capability is disallowed.

The Erident Custom Login and Dashboard WordPress plugin before 3.5.9 did not properly sanitise its settings, allowing high privilege users to use XSS payloads in them (even when the unfileted_html is disabled)

An access issue was addressed with improved access restrictions.

A permissions issue was addressed with improved validation.

A lock screen issue allowed access to contacts on a locked device.

An authentication issue was addressed with improved state management.

A lock screen issue allowed access to contacts on a locked device.

A logic issue was addressed with improved state management.

A Lock Screen issue was addressed with improved state management.

Discourse is an open source platform for community discussion.

An issue was discovered in PrimeKey EJBCA before 7.6.0.