Frans Rosén

**Name of the Vulnerable Software and Affected Versions** CodeIgniter versions prior to 2.2.4 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is due to a SQL injection vulnerability in the offset method in the Active Record class. The vulnerability can be exploited via vectors involving the `offset` variable. **Recommendations** For versions prior to 2.2.4, update to version 2.2.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the offset method in the Active Record class to minimize the risk of exploitation. Avoid using the `offset` variable in sensitive queries until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 11 Safari versions prior to 11 iCloud versions prior to 7.0 on Windows **Description** The issue involves the WebKit component and allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that is mishandled during parent-tab processing. **Recommendations** For iOS versions prior to 11, update to version 11 or later. For Safari versions prior to 11, update to version 11 or later. For iCloud versions prior to 7.0 on Windows, update to version 7.0 or later.

**Name of the Vulnerable Software and Affected Versions** tcpdf versions prior to 6.2.0 **Description** The issue allows tcpdf to upload files from the server generating PDF-files to an external FTP. **Recommendations** For versions prior to 6.2.0, update to version 6.2.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** ownCloud Server versions prior to 9.0.4 Nextcloud Server versions prior to 9.0.52 **Description** A cross-site scripting (XSS) issue exists in the gallery application of ownCloud and Nextcloud servers, specifically in the share.js file. This allows remote authenticated users to inject arbitrary web script or HTML via a crafted directory name. **Recommendations** For ownCloud Server versions prior to 9.0.4, update to version 9.0.4 or later. For Nextcloud Server versions prior to 9.0.52, update to version 9.0.52 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 42.0 **Description** The issue is related to the URL parsing implementation, which improperly recognizes escaped characters in hostnames within Location headers. This allows remote attackers to obtain sensitive information via vectors involving a redirect. The exploitation of this issue can enable a remote attacker to access protected information by redirecting the user to another site. **Recommendations** For versions prior to 42.0, update to version 42.0 or later to resolve the issue.