Marcus

**Name of the Vulnerable Software and Affected Versions** WP FullCalendar versions through 1.6 **Description** The WP FullCalendar software contains a missing authorization flaw. This allows exploitation of incorrectly configured access control security levels. No information is available regarding the number of potentially affected devices or any real-world incidents where this issue was exploited. **Recommendations** Update WP FullCalendar to a version later than 1.6.

**Name of the Vulnerable Software and Affected Versions** WP FullCalendar versions through 1.6 **Description** A flaw exists in WP FullCalendar that allows the retrieval of embedded sensitive data. This issue potentially exposes sensitive system information to unauthorized access. **Recommendations** Update WP FullCalendar to a version later than 1.6.

**Name of the Vulnerable Software and Affected Versions** openSUSE Open Build Service versions prior to 2.9.3 **Description** A missing permission check in the review handling of openSUSE Open Build Service allowed all authenticated users to modify sources in projects where they do not have write permissions. **Recommendations** For versions prior to 2.9.3, update to version 2.9.3 or later to resolve the issue.