GHSA-29R8-GVX4-R9W3 Authentication Bypass in extension "E-Mail MFA Provider" (mfa_email)

The extension fails to properly reset the generated MFA code after successful authentication. This leads to a possible MFA bypass for future login attempts by providing an empty string as MFA code to the extensions MFA provider...

CVE-2018-12248

An issue was discovered in mruby 1.4.1. There is a heap-based buffer over-read associated with OPENTER because mrbgems/mruby-fiber/src/fiber.c does not extend the stack in cases of many arguments to fiber...