Rui Yang

Name of the Vulnerable Software and Affected Versions: fblog versions through 983bede Description: The issue allows account takeover via the password reset feature because the `SERVER NAME` is not configured, causing the reset to depend on the `Host` HTTP header. Recommendations: For versions through 983bede, configure the `SERVER NAME` to prevent the password reset feature from relying on the `Host` HTTP header. As a temporary workaround, consider restricting access to the password reset feature until the `SERVER NAME` is properly configured.

Name of the Vulnerable Software and Affected Versions: Hashview version 0.8.1 Description: The issue allows for account takeover via the password reset feature. This is because the `SERVER NAME` is not configured, causing the password reset to depend on the `Host` HTTP header. Recommendations: For Hashview version 0.8.1, configure the `SERVER NAME` to prevent the password reset feature from relying on the `Host` HTTP header. As a temporary workaround, consider restricting access to the password reset feature until the `SERVER NAME` is properly configured.

Name of the Vulnerable Software and Affected Versions: flask-boilerplate versions through a170e7c Description: The issue allows account takeover via the password reset feature. This is because the `SERVER NAME` is not configured, and thus the password reset depends on the `Host` HTTP header. Recommendations: For versions through a170e7c, configure the `SERVER NAME` to prevent the password reset feature from depending on the `Host` HTTP header. As a temporary workaround, consider restricting access to the password reset feature until the `SERVER NAME` is properly configured.

Name of the Vulnerable Software and Affected Versions: JobCenter versions through 7e7b0b2 Description: The issue allows for account takeover via the password reset feature. This is because the `SERVER NAME` is not configured, causing the password reset to depend on the `Host` HTTP header. Recommendations: For versions through 7e7b0b2, configure the `SERVER NAME` to prevent the password reset feature from relying on the `Host` HTTP header. As a temporary workaround, consider restricting access to the password reset feature until the `SERVER NAME` is properly configured.

**Name of the Vulnerable Software and Affected Versions** macOS Big Sur versions prior to 11.6.1 macOS Monterey versions prior to 12.0.1 iOS versions prior to 15.1 iPadOS versions prior to 15.1 macOS Catalina versions without Security Update 2021-007 **Description** An out-of-bounds read issue was addressed with improved bounds checking. Processing a maliciously crafted USD file may disclose memory contents. **Recommendations** For macOS Big Sur versions prior to 11.6.1, update to version 11.6.1 or later. For macOS Monterey versions prior to 12.0.1, update to version 12.0.1 or later. For iOS versions prior to 15.1, update to version 15.1 or later. For iPadOS versions prior to 15.1, update to version 15.1 or later. For macOS Catalina, apply Security Update 2021-007.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 12.1 iOS versions prior to 15.2 iPadOS versions prior to 15.2 macOS Big Sur versions prior to 11.6.2 macOS Catalina versions prior to Security Update 2021-008 **Description** An out-of-bounds write issue was addressed with improved bounds checking. Processing a maliciously crafted USD file may disclose memory contents. **Recommendations** For macOS versions prior to 12.1, update to macOS Monterey 12.1 or later. For iOS versions prior to 15.2, update to iOS 15.2 or later. For iPadOS versions prior to 15.2, update to iPadOS 15.2 or later. For macOS Big Sur versions prior to 11.6.2, update to macOS Big Sur 11.6.2 or later. For macOS Catalina versions prior to Security Update 2021-008, apply Security Update 2021-008 or later.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 12.1 iOS versions prior to 15.2 iPadOS versions prior to 15.2 macOS Big Sur versions prior to 11.6.2 macOS Catalina versions prior to Security Update 2021-008 **Description** A buffer overflow issue was addressed with improved memory handling. Processing a maliciously crafted USD file may disclose memory contents. **Recommendations** For macOS versions prior to 12.1, update to macOS Monterey 12.1 or later. For iOS versions prior to 15.2, update to iOS 15.2 or later. For iPadOS versions prior to 15.2, update to iPadOS 15.2 or later. For macOS Big Sur versions prior to 11.6.2, update to macOS Big Sur 11.6.2 or later. For macOS Catalina versions prior to Security Update 2021-008, apply Security Update 2021-008 or later.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 12.1 iOS versions prior to 15.2 iPadOS versions prior to 15.2 macOS Big Sur versions prior to 11.6.2 macOS Catalina versions prior to Security Update 2021-008 **Description** A buffer overflow issue was addressed with improved memory handling. Processing a maliciously crafted USD file may disclose memory contents. **Recommendations** For macOS versions prior to 12.1, update to macOS Monterey 12.1 or later. For iOS versions prior to 15.2, update to iOS 15.2 or later. For iPadOS versions prior to 15.2, update to iPadOS 15.2 or later. For macOS Big Sur versions prior to 11.6.2, update to macOS Big Sur 11.6.2 or later. For macOS Catalina versions prior to Security Update 2021-008, apply Security Update 2021-008 or later.