Moxa MX-AOPC UA server version 1.5 suffers from an XML external entity injection vulnerability.
fddbaa2065c62aecad0a07d6e23c2ad0e44f16c3227860ed21d602dfbc005faa
While investigating bug 60718, it was noticed that some calls to application listeners did not use the appropriate facade object. When running an untrusted application under a SecurityManager, it was therefore possible for that untrusted application to retain a reference to the request or response object and thereby access and/or modify information associated with another web application. Apache Tomcat versions 7.0.0 through 7.0.75, 8.0.0.RC1 through 8.0.41, 8.5.0 through 8.5.11, and 9.0.0.M1 through 9.0.0.M17 are affected.
193ab6114148905ba8825ba1b184c06507caac43be27d616db0d37daee7cc903
Moxa MXView version 2.8 suffers from a denial of service vulnerability.
ee15ff8c93b9a8b1fad8541acf0ff16c7a615ec4a3eed39ac5fac990068aed38
Code Igniter version 3.1.3 suffers from an HTTP response header injection vulnerability.
e52bee02d270e61fcc601feb04ba41a21c63d1351ad0c4f5b84ee7ac4a8b1654
WordPress Tribulant Slideshow Gallery plugin versions 1.6.4 and below suffer from multiple cross site scripting vulnerabilities.
cf36f49a86ea3f82a1046c388c6f6d17ba5ee7c62071ee2bd4e998f1681cc18f
The refactoring of the HTTP connectors for 8.5.x onwards, introduced a regression in the send file processing. If the send file processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could result in the same Processor being used for multiple requests which in turn could lead to unexpected errors and/or response mix-up. Apache Tomcat versions 8.5.0 through 8.5.12 and 9.0.0.M1 through 9.0.0.M18 are affected.
9e9a2ed68a0484d3c5eedcf6b96e3c1f556c0d256bfd0937b7b5acc81297e9ef
Jobscript4Web version 4.5 suffers from a remote SQL injection vulnerability that can be leveraged for authentication bypass.
e3042b7a5235e668d70888481a9699ca205535e70908ebd279fb977de3e90c6d
Moxa MXview version 2.8 suffers from a remote private key disclosure vulnerability.
5986ef93e2d09ab2475fbda2fb170751a1e9f4689785e02af7f737e55b418d01
LastPass allows global properties to be modified across isolated worlds allowing for remote code execution.
9ed079fcb0d244aa6283137999747a3a863596c417d774f11999caccfd2cde18
Xen suffers from a broken check in memory_exchange() that permits a PV guest breakout.
06a65900927d0ae50f499bf381cb1f57f6ac4ce13a285e0843a65faa968b723b
The MacOS/iOS kernel suffers from double free due to bad locking in fsevents device.
262850b875faadf8b393c23f94ab67e4e7ce65d2c09fc67f94f884cdd86d1fd1
MacOS suffers from a kernel memory corruption due to an off-by-one in audit_pipe_open.
21a54047c8b3039a933e7ce82e134cfd26daad4f5ee3621c596b46d11e4ca14c
The MacOS/iOS kernel suffers from a heap overflow in bpf.
6b66f0500cb0eaf62440d1831b24b32d2950c87be93216f6251071c3b8466ec2
WebKit suffers from a cross site scripting vulnerability via a synchronous page load.
92735631e0e061d11a4e9bee27724d113f8e61007a2e2baf066275e4b780138e
WebKit suffers from a cross site scripting vulnerability via a focus event and a link element.
150fd73a684ece855490a6f6c898fd1b32492efd3abf6b355ecf7177e77dc76a
The MacOS/iOS kernel suffers from a use-after-free vulnerability due to bad locking in necp_open.
d334d5641f00902e731e8078d52aee2b598b18a6157983f48de2e66a278c8cd4
WebKit suffers from a use-after-free vulnerability in WebCore::toJS.
adb86ce12fcc6e8a86e2e77aaae5414ee3c6f2d62117a441a2dc1b2f81ae2f4d