Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote attackers to obtain sensitive stack layout information via crafted Edge Side Includes (ESI) responses, related to incorrect use of assert and. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 16.5%.
The Cybozu kintone mobile application 1.x before 1.0.6 for Android allows attackers to discover an authentication token via a crafted application. Rated low severity (CVSS 2.5), this vulnerability is no authentication required. No vendor patch available.