Advisories

The Optimizely admin interface was vulnerable to DOM-based cross-site scripting (XSS), which could allow an attacker to execute malicious Javascript code in a legitimate user's browser. 

WithSecure researchers have discovered a vulnerability in Single App Mode on iOS devices that could potentially allow an attacker to bypass the feature's restrictions and gain unauthorised access to the device. 

Finnish Digital and Population Data Services Agency (DVV) provides a Card Reader Software which can be used for strong authentication and digital signing with the DVV issued identity cards. The Fujitsu mPollux DigiSign application communicates with the identity card and allows log in to official e-services and/or digitally sign documents. The Fujitsu mPollux DigiSign Client for macOS version 4.2.4c-8322 and previous contains two security vulnerabilities that in the worst-case scenario can lead to full system compromise. 

LTE (4G) Modems and Routers from ZTE contained an SQL Injection vulnerability in the SMS functionality. 

The Synology Router Manager (SRM) web portal contains a DOM based reflected XSS vulnerability. The SRM web portal is used by multiple Synology routers. The vulnerability allows a malicious user to run JavaScript code in the context of the victim's browser, if the victim clicks a crafted URL.