WSO2 Identity Sever version 5.3.0 suffers from multiple persistent cross site scripting vulnerabilities.

Red Hat Security Advisory 2018-1213-02 - The python-paramiko package provides a Python module that implements the SSH2 protocol for encrypted and authenticated connections to remote machines. Unlike SSL, the SSH2 protocol does not require hierarchical certificates signed by a powerful central authority. The protocol also includes the ability to open arbitrary channels to remote services across an encrypted tunnel. Issues addressed include a bypass vulnerability.

Ubuntu Security Notice 3633-1 - Jann Horn discovered that the Berkeley Packet Filter implementation in the Linux kernel improperly performed sign extension in some situations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice 3632-1 - It was discovered that a race condition leading to a use-after-free vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the KVM implementation in the Linux kernel allowed passthrough of the diagnostic I/O port 0x80. An attacker in a guest VM could use this to cause a denial of service in the host OS. Various other issues were also addressed.

Ubuntu Security Notice 3631-2 - USN-3631-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that a buffer overread vulnerability existed in the keyring subsystem of the Linux kernel. A local attacker could possibly use this to expose sensitive information. Various other issues were also addressed.

Ubuntu Security Notice 3631-1 - It was discovered that a buffer overread vulnerability existed in the keyring subsystem of the Linux kernel. A local attacker could possibly use this to expose sensitive information. It was discovered that the DM04/QQBOX USB driver in the Linux kernel did not properly handle device attachment and warm-start. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

Ubuntu Security Notice 3630-2 - USN-3630-1 fixed a vulnerability in the Linux kernel for Ubuntu 17.10. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS. It was discovered that the Broadcom UniMAC MDIO bus controller driver in the Linux kernel did not properly validate device resources. A local attacker could use this to cause a denial of service.

Ubuntu Security Notice 3630-1 - It was discovered that the Broadcom UniMAC MDIO bus controller driver in the Linux kernel did not properly validate device resources. A local attacker could use this to cause a denial of service.

WordPress UK Cookie Consent plugin version 2.3.9 suffers from a persistent cross site scripting vulnerability.

Wuzhi CMS version 4.1.0 suffers from a cross site request forgery vulnerability.

Gentoo Linux Security Advisory 201804-22 - Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the execution of arbitrary code. Versions less than 66.0.3359.117 are affected.

Ubuntu Security Notice 3629-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.60 in Ubuntu 14.04 LTS. Ubuntu 16.04 LTS, and Ubuntu 17.10 have been updated to MySQL 5.7.22. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.

MyBB Threads to Link plugin version 1.3 suffers from a cross site scripting vulnerability.

Kaspersky KSN suffers from a remote code execution vulnerability.

Gentoo Linux Security Advisory 201804-21 - A vulnerability has been found in librelp that may allow a remote attacker to execute arbitrary code. Versions less than 1.2.15 are affected.

Red Hat Security Advisory 2018-1200-01 - The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file. Patch should be installed because it is a common way of upgrading applications. Issues addressed include a patching vulnerability.

Red Hat Security Advisory 2018-1199-01 - The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file. Patch should be installed because it is a common way of upgrading applications. Issues addressed include a patching vulnerability.

Red Hat Security Advisory 2018-1206-01 - Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 7 to version 7 Update 181. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2018-1205-01 - Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 6 to version 6 Update 191. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2018-1201-01 - Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 7 to version 7 Update 181. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2018-1195-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 66.0.3359.117. Issues addressed include buffer overflow, bypass, remote shell upload, and use-after-free vulnerabilities.

BadParser is a vulnerability parser designed to aid in the testing of fuzzers by simulating different kinds of memory corruption issues. Vulnerabilities are simulated by causing write-access violations at specific addresses, which serve as unique identifiers for the different issues. BadParser supports JSON and XML input files, with other file formats planned.

WordPress WD Instagram Feed version 1.3.0 suffers from multiple cross site scripting vulnerabilities.

Gentoo Linux Security Advisory 201804-20 - Multiple vulnerabilities have been found in unADF that may allow a remote attacker to execute arbitrary code. Versions less than 0.7.12-r1 are affected.