Cross-site scripting (XSS) vulnerability in the EU Cookie Compliance module 7.x-1.x before 7.x-1.12 for Drupal allows remote authenticated administrators with the "Administer EU Cookie Compliance. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable.
GNOME Display Manager (gdm) 3.4.1 and earlier, when disable-user-list is set to true, allows local users to cause a denial of service (unable to login) by pressing the cancel button after entering a. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.