A cross site scripting vulnerability has been discovered in the AIR5750 modem of the AirTies manufacturer. AirTies Air 5750 devices have XSS via the top.html productboardtype parameter.
>> ARCHIVE: 2018-09
gVisor reuses pagetables across levels without paging-structure invalidation.
WordPress Breadcrumb NavXT plugin version 6.1.0 suffers from a username disclosure vulnerability.
WordPress WebARX Website Firewall plugin version 4.9.8 suffers from bypass and cross site scripting vulnerabilities.
Microsoft Edge suffers from a sandbox escape vulnerability.
iWay Data Quality Suite Web Console version 10.6.1.ga suffers from an XML external entity injection vulnerability.
ManageEngine Desktop Central version 10.0.271 suffers from a cross site scripting vulnerability.
Rausoft ID.prove version 2.95 suffers from a remote SQL injection vulnerability.
PCProtect 4 version 8.35 suffers from a weak file permission privilege escalation vulnerability.
AppArmor has an issue where filesystem blacklisting can be bypassed by moving parents.