Christian Rellmann discovered that RabbitMQ Server did not properly
sanitize user input when adding a new user via the management UI. An
attacker could possibly use this issue to perform cross site scripting and
obtain sensitive information. (CVE-2021-32718)
Fahimhusain Raydurg discovered that RabbitMQ Server did not properly
sanitize user input when using the federation management plugin. An
attacker could possibly use this issue to perform cross site scripting and
obtain sensitive information. (CVE-2021-32719)
Several security issues were discovered in the WebKitGTK Web and JavaScript
engines. If a user were tricked into viewing a malicious website, a remote
attacker could exploit a variety of issues related to web browser security,
including cross-site scripting attacks, denial of service attacks, and
arbitrary code execution.
It was discovered that Tinyproxy did not properly manage memory under
certain circumstances. An attacker could possibly use this issue to leak
left-over heap data if custom error page templates containing special
non-standard variables are used.