Eric Smith

**Name of the Vulnerable Software and Affected Versions** Drupal OpenID Connect / OAuth client versions prior to 1.5.0 **Description** A flaw exists in the OpenID Connect / OAuth client module that allows for privilege escalation due to improper handling of case sensitivity. The module does not adequately validate the uniqueness of user fields, potentially allowing a user to register with an email address already associated with another account. This can lead to data integrity issues when a user signs in for the first time. **Recommendations** Update to version 1.5.0 or later.

**Nome do Software Vulnerável e Versões Afetadas** Versões do Configuration Split de 0.0.0 a 1.9.x Versões do Configuration Split de 2.0.0 a 2.0.1 **Descrição** Uma vulnerabilidade de Falsificação de Solicitação Entre Sites (CSRF) afeta o módulo Configuration Split, permitindo que ações não autorizadas sejam realizadas. Esta vulnerabilidade pode ser explorada para realizar ações em nome de outro usuário sem seu conhecimento ou consentimento. **Recomendações** Para as versões do Configuration Split de 0.0.0 a 1.9.x, atualize para a versão 1.10.0 ou posterior. Para as versões do Configuration Split de 2.0.0 a 2.0.1, atualize para a versão 2.0.2 ou posterior.

**Name of the Vulnerable Software and Affected Versions** Cisco IOS versions prior to 12.3-7-JA2 on Aironet Wireless Access Points (WAP) **Description** The issue allows remote authenticated users to cause a denial of service by sending a large number of spoofed ARP packets to the management interface, which creates a large ARP table and exhausts memory. **Recommendations** For versions prior to 12.3-7-JA2, update to version 12.3-7-JA2 or later to resolve the issue. As a temporary workaround, consider restricting access to the management interface to minimize the risk of exploitation.