CWE-862

Missing permission check on fork relation creation in GitLab CE/EE 11.3 and later through 13.0.1 allows guest users to create a fork relation on restricted public projects via API

User is allowed to set an email as a notification email even without verifying the new email in all previous GitLab CE/EE versions through 13.0.1

Zoho ManageEngine Service Plus before 11.1 build 11112 allows low-privilege authenticated users to discover the File Protection password via a getFileProtectionSettings call to AjaxServlet.

Studio in Open edX Ironwood 2.5, when CodeJail is not used, allows a user to go to the “Create New course>New section>New subsection>New unit>Add new component>Problem button>Advanced tab>Custom Python evaluated code” screen, edit the problem, and execute Python code. This leads to arbitrary code execution.

DEPSTECH WiFi Digital Microscope 3 allows remote attackers to change the SSID and password, and demand a ransom payment from the rightful device owner, because there is no way to reset to Factory Default settings.

An issue was discovered on Samsung mobile devices with Q(10.0) software. Attackers can bypass the locked-state protection mechanism and access clipboard content via USSD. The Samsung ID is SVE-2019-16556 (May 2020).