Toshiharu Sugiyama

**Name of the Vulnerable Software and Affected Versions** DBD::PgPP versions 0.05 and earlier **Description** A SQL injection issue has been identified. **Recommendations** For DBD::PgPP versions 0.05 and earlier, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** jwt-scala versions 1.2.2 and earlier **Description** The issue is related to the incorrect verification of token signatures, potentially allowing an attacker to pass specially crafted JWT data as a correctly signed token. **Recommendations** For jwt-scala versions 1.2.2 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** HTML-Scrubber module versions prior to 0.15 **Description** The issue is related to a cross-site scripting (XSS) vulnerability. When the comment feature is enabled, remote attackers can inject arbitrary web script or HTML via a crafted comment. **Recommendations** For versions prior to 0.15, update to version 0.15 or later to resolve the issue. As a temporary workaround, consider disabling the comment feature until a patch is available.

**Name of the Vulnerable Software and Affected Versions** NAMSHI | JOSE versions 5.0.0 and earlier **Description** The issue allows remote attackers to bypass signature verification via crafted tokens in a JSON Web Tokens (JWT) header. **Recommendations** For versions 5.0.0 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** F21 JWT versions prior to 2.0 **Description** The issue allows remote attackers to bypass signature verification via crafted tokens. **Recommendations** For versions prior to 2.0, update to version 2.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** jigbrowser+ versions 1.8.1 and earlier **Description** The issue allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code. **Recommendations** For jigbrowser+ versions 1.8.1 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** DBD::mysqlPP versions 0.04 and earlier **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands. **Recommendations** For DBD::mysqlPP versions 0.04 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Redmine versions 0.7.2 and earlier Description: A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML. Recommendations: For versions 0.7.2 and earlier, update to a version later than 0.7.2 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Adobe Flash Player versions 7.0.0 through 7.0.70.0 Adobe Flash Player versions 8.0.0 through 8.0.35.0 Adobe Flash Player versions 9.0.0 through 9.0.48.0 **Description** The issue makes it easier for remote attackers to conduct cross-domain and cross-site scripting (XSS) attacks due to insufficient restriction of the interpretation and usage of cross-domain policy files. **Recommendations** For Adobe Flash Player versions 7.0.0 through 7.0.70.0, update to a version later than 7.0.70.0. For Adobe Flash Player versions 8.0.0 through 8.0.35.0, update to a version later than 8.0.35.0. For Adobe Flash Player versions 9.0.0 through 9.0.48.0, update to a version later than 9.0.48.0.