The Gluster file system through versions 4.1.4 and 3.12 is vulnerable to a heap-based buffer overflow in the '__server_getspec' function via the 'gf_getspec_req' RPC message. A remote authenticated attacker could exploit this to cause a denial of service or other potential unspecified impact.
member/Orderinfo.asp in ASP4CMS AspCMS 2.7.2 allows remote authenticated users to read arbitrary order information via a modified OrderNo parameter.
pandao Editor.md 1.5.0 allows XSS via an attribute of an ABBR or SUP element.
An issue was discovered on Samsung mobile devices with P(9.0) software. The Motion photo player allows attackers to bypass the Secure Folder feature to view images. The Samsung ID is SVE-2019-14653 (August 2019).