The server in Luca through 1.1.14 allows remote attackers to cause a denial of service (insertion of many fake records related to COVID-19) because Phone Number data lacks a digital signature.

wire-ios is the iOS version of Wire, an open-source secure messaging app. wire-ios versions 3.8.0 and earlier have a bug in which a conversation could be incorrectly set to "unverified. This occurs when: - Self user is added to a new conversation - Self user is added to an existing conversation - All the participants in the conversation were previously marked as verified. The vulnerability is patched in wire-ios version 3.8.1. As a workaround, one can unverify & verify a device in the conversation.

An issue was discovered in Pillow before 8.2.0. For BLP data, BlpImagePlugin did not properly check that reads (after jumping to file offsets) returned data. This could lead to a DoS where the decoder could be run a large number of times on empty data.

A flaw was found in openstack-neutron's default Open vSwitch firewall rules. By sending carefully crafted packets, anyone in control of a server instance connected to the virtual switch can impersonate the IPv6 addresses of other systems on the network, resulting in denial of service or in some cases possibly interception of traffic intended for other destinations. Only deployments using the Open vSwitch driver are affected. Source: OpenStack project. Versions before openstack-neutron 15.3.3, openstack-neutron 16.3.1 and openstack-neutron 17.1.1 are affected.

Insufficient Verification of Data Authenticity in Nagios Fusion 4.1.8 and earlier and Nagios XI 5.7.5 and earlier allows for Escalation of Privileges or Code Execution as root via vectors related to an untrusted update package to upgrade_to_latest.sh.

There is a denial of service vulnerability in some versions of ManageOne. In specific scenarios, due to the insufficient verification of the parameter, an attacker may craft some specific parameter. Successful exploit may cause some services abnormal.

The USB firmware update script of homee Brain Cube v2 (2.28.2 and 2.28.4) devices allows an attacker with physical access to install compromised firmware. This occurs because of insufficient validation of the firmware image file and can lead to code execution on the device.

In JetBrains PyCharm before 2020.3.4, local code execution was possible because of insufficient checks when getting the project from VCS.

CODESYS Development System 3 before 3.5.17.0 displays or executes malicious documents or files embedded in libraries without first checking their validity.

show_default.php in the LocalFilesEditor extension before 11.4.0.1 for Piwigo allows Local File Inclusion because the file parameter is not validated with a proper regular-expression check.