Davide Cioccia

**Name of the Vulnerable Software and Affected Versions** IBM Workload Scheduler Distributed versions 9.2 through 9.5 **Description** The issue allows a local user to write files as root in the file system, potentially enabling the attacker to gain root privileges. **Recommendations** For versions 9.2 through 9.5, update to a version that contains a fix for this issue to prevent local users from writing files as root and gaining elevated privileges.

**Name of the Vulnerable Software and Affected Versions** QNAP Systems Inc. QTS versions prior to 4.2.6 on build 20180711 QNAP Systems Inc. QTS versions prior to 4.3.3 on build 20180725 QNAP Systems Inc. QTS versions prior to 4.3.4 on build 20180710 **Description** A Cross-site Scripting (XSS) issue allows attackers to inject javascript, affecting QNAP Systems Inc. QTS. **Recommendations** For QNAP Systems Inc. QTS versions prior to 4.2.6 on build 20180711, update to a version newer than 4.2.6. For QNAP Systems Inc. QTS versions prior to 4.3.3 on build 20180725, update to a version newer than 4.3.3. For QNAP Systems Inc. QTS versions prior to 4.3.4 on build 20180710, update to a version newer than 4.3.4.