Yuriy Dyachenko

**Name of the Vulnerable Software and Affected Versions** Grafana versions 6.4.3 and earlier **Description** The issue allows an authenticated attacker with privileges to modify data source configurations to read arbitrary files. This can be exploited by an attacker who has the necessary permissions to access and modify the data source configurations. **Recommendations** For Grafana versions 6.4.3 and earlier, update to a version later than 6.4.3 to resolve the issue. At the moment, there is no information about other specific fixes for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Moodle versions 3.5 through 3.5.9 Moodle versions 3.6 through 3.6.7 Moodle versions 3.7 through 3.7.3 **Description** A reflected XSS is possible from some fatal error messages. This issue affects various versions of Moodle, allowing for potential exploitation through specific error messages. **Recommendations** For Moodle versions 3.5 through 3.5.9, update to version 3.5.9 or later to resolve the issue. For Moodle versions 3.6 through 3.6.7, update to version 3.6.7 or later to resolve the issue. For Moodle versions 3.7 through 3.7.3, update to version 3.7.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Zend Framework versions 2.2.x through 2.2.8 Zend Framework versions 2.3.x through 2.3.3 **Description** The issue allows remote attackers to create valid sessions without using session validators, potentially leading to unauthorized access. **Recommendations** For versions 2.2.x through 2.2.8, update to version 2.2.9 or later. For versions 2.3.x through 2.3.3, update to version 2.3.4 or later.