C0D3G33K

Name of the Vulnerable Software and Affected Versions: Rocket.Chat desktop application version 2.17.11 Description: The issue concerns the Rocket.Chat desktop application, which opens external links without requiring user interaction. Recommendations: For Rocket.Chat desktop application version 2.17.11, consider disabling the automatic opening of external links as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Safari versions prior to 13.1.2 iOS versions prior to 13.6 iPadOS versions prior to 13.6 **Description** A logic issue was addressed with improved restrictions. A malicious attacker may cause Safari to suggest a password for the wrong domain. **Recommendations** For Safari versions prior to 13.1.2, update to Safari 13.1.2 or later. For iOS versions prior to 13.6, update to iOS 13.6 or later. For iPadOS versions prior to 13.6, update to iPadOS 13.6 or later.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 13.6 iPadOS versions prior to 13.6 Safari versions prior to 13.1.2 **Description** A logic issue was addressed with improved restrictions. The issue may allow a remote attacker to bypass the Same Origin Policy in Safari Reader mode. **Recommendations** For iOS versions prior to 13.6, update to iOS 13.6 or later. For iPadOS versions prior to 13.6, update to iPadOS 13.6 or later. For Safari versions prior to 13.1.2, update to Safari 13.1.2 or later.

**Name of the Vulnerable Software and Affected Versions** Safari versions prior to 13.1.2 **Description** A logic issue was addressed with improved restrictions. A malicious attacker may be able to change the origin of a frame for a download in Safari Reader mode. **Recommendations** For versions prior to 13.1.2, update to Safari 13.1.2 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 13.4 iPadOS versions prior to 13.4 **Description** The issue allows a user to potentially grant website permissions to a site they did not intend to. This occurs due to a problem with website permission prompts after navigation. **Recommendations** For iOS versions prior to 13.4, update to iOS 13.4 or later to resolve the issue. For iPadOS versions prior to 13.4, update to iPadOS 13.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Safari versions prior to 13.0.5 **Description** The issue is related to an inconsistent user interface that could be exploited by visiting a malicious website, potentially leading to address bar spoofing. **Recommendations** For versions prior to 13.0.5, update to Safari 13.0.5 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Monstra CMS versions prior to 3.0.5 **Description** The issue concerns a problem with the title function in the pages.plugin.php file within the plugins/box/pages directory. This problem allows for XSS attacks when a page title is sent to admin/index.php. **Recommendations** For Monstra CMS versions prior to 3.0.5, update to version 3.0.5 or later to resolve the issue.