Off-by-one error in the ecryptfs_decode_from_filename function in fs/ecryptfs/crypto.c in the eCryptfs subsystem in the Linux kernel before 3.18.2 allows local users to cause a denial of service. Rated low severity (CVSS 3.6), this vulnerability is low attack complexity. No vendor patch available.
Cross-site scripting (XSS) vulnerability in the Entity API module before 7.x-1.6 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a field label in the Token API. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.