ClickHouse before 19.13.5.44 allows HTTP header injection via the url table function.
An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-18 Unauthenticated Sensitive Information Disclosure via /gateway/services/EdgeServiceImpl issue.
An issue was discovered on Samsung mobile devices with M(6.0) and N(7.x) software. There is an arbitrary write in a trustlet. The Samsung ID is SVE-2017-8893 (August 2017).
Cross Site Scripting (XSS) vulnerability in GetSimpleCMS <= 3.3.15 in admin/changedata.php via the redirect_url parameter and the headers_sent function.