Entropy Moe

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions through 5.6.2 **Description** The issue is related to a stack-based out-of-bounds write in the `mpol parse str` function in `mm/mempolicy.c` due to mishandling of an empty nodelist during mount option parsing. This could potentially allow for denial of service or privilege escalation. However, it is noted that the issue can only be triggered by a privileged user and does not grant any additional powers. **Recommendations** For Linux kernel versions through 5.6.2, as a temporary workaround, consider disabling the `mpol parse str` function until a patch is available. Restrict access to mount options to minimize the risk of exploitation. Avoid using empty nodelists in mount option parsing until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Joomla! versions 3.5.0 through 3.8.5 Description: The issue arises from the lack of type casting of a variable in a SQL statement, leading to a SQL injection vulnerability in the User Notes list view. Recommendations: For Joomla! versions 3.5.0 through 3.8.5, update to a version that includes the necessary type casting to prevent SQL injection.