The MOLIE WordPress plugin through 0.5 does not escape the course_id parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting issue

Server-Side Request Forgery in Canvas LMS 2020-07-29 allows a remote, unauthenticated attacker to cause the Canvas application to perform HTTP GET requests to arbitrary domains.

A buffer overflow is present in canvas version <= 1.6.9, which could lead to a Denial of Service or execution of arbitrary code when it processes a user-provided image.

Synaptive Medical ClearCanvas ImageServer 3.0 Alpha allows XSS (and HTML injection) via the Default.aspx UserName parameter. NOTE: the issues/227 reference does not imply that the affected product can be downloaded from GitHub. It was simply a convenient location for a public bug report.

Open redirect in proxy.php in FlashCanvas before 1.6 allows remote attackers to redirect users to arbitrary web sites and conduct cross-site scripting (XSS) attacks via the HTTP Referer header.

An exploitable out-of-bounds write exists in the CALS Raster file format-parsing functionality of Canvas Draw version 5.0.0.28. A specially crafted CAL image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a CAL image to trigger this vulnerability and gain code execution.

An exploitable out-of-bounds write exists in the TIFF-parsing functionality of Canvas Draw version 5.0.0. A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this vulnerability and gain code execution.

An exploitable out of bounds write exists in the CAL parsing functionality of Canvas Draw version 5.0.0. A specially crafted CAL image processed via the application can lead to an out of bounds write overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability and gain code execution.

The Coolpad Canvas device with a build fingerprint of Coolpad/cp3636a/cp3636a:7.0/NRD90M/093031423:user/release-keys contains a platform app with a package name of com.qualcomm.qti.modemtestmode (versionCode=24, versionName=7.0) that contains an exported service app component named com.qualcomm.qti.modemtestmode.MbnTestService that allows any app on the device to set certain system properties as the com.android.phone user. When an app sets the persist.service.logr.enable system property to a value of 1, an app with a package name of com.yulong.logredirect (versionCode=20160622, versionName=5.25_20160622_01) will start writing the system-wide logcat log, kernel log, and a tcpdump network traffic capture to external storage. Furthermore, on the Coolpad Canvas device, the com.android.phone app writes the destination phone number and body of the text message for outgoing text messages. A notification when logging can be avoided if the log is enabled after device startup and disabled prior…

An exploitable out-of-bounds write exists in the TIFF-parsing functionality of Canvas Draw version 5.0.0. An attacker can deliver a TIFF image to trigger this vulnerability and gain code execution.