#web

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ian Sadovy WordPress Tables plugin <= 1.3.9 versions.

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in MrDemonWolf Livestream Notice plugin <= 1.2.0 versions.

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Webcodin WCP OpenWeather plugin <= 2.5.0 versions.

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in XootiX Side Cart Woocommerce (Ajax) plugin <= 2.2 versions.

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Davidsword Mobile Call Now & Map Buttons plugin <= 1.5.0 versions.

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Reservation.Studio Reservation.Studio widget plugin <= 1.0.11 versions.

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Didier Sampaolo SpamReferrerBlock plugin <= 2.22 versions.

Ubuntu Security Notice 6320-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Lukas Bernhard discovered that Firefox did not properly manage memory when the "UpdateRegExpStatics" attempted to access "initialStringHeap". An attacker could potentially exploit this issue to cause a denial of service.

Ubuntu Security Notice 6317-1 - Daniel Moghimi discovered that some Intel Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. Tavis Ormandy discovered that some AMD processors did not properly handle speculative execution of certain vector register instructions. A local attacker could use this to expose sensitive information.

Ubuntu Security Notice 6318-1 - Daniel Moghimi discovered that some Intel Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. Tavis Ormandy discovered that some AMD processors did not properly handle speculative execution of certain vector register instructions. A local attacker could use this to expose sensitive information.