Pale Moon Browser versions prior to 27.9.3 suffer from a use-after-free vulnerability.

Nikto version 2.1.6 suffers from a csv injection vulnerability.

Redatam Web Server prior to version 7 suffer from a directory traversal vulnerability.

Redis-cli versions prior to 5.0 buffer overflow proof of concept exploit.

Audiograbber version 1.83 local SEH buffer overflow exploit.

Joomla Jomres component version 9.11.2 suffers from a cross site request forgery vulnerability.

phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to prevent use of the preg_replace (aka eval) modifier, which might allow remote attackers to execute arbitrary PHP code via a crafted string, as demonstrated by the table search-and-replace implementation.

Tapplock Smart Lock suffers from multiple insecure direct object reference vulnerabilities.

Ubuntu Security Notice 3675-3 - USN-3675-1 fixed a vulnerability in GnuPG. This update provides the corresponding update for Ubuntu 12.04 ESM. Marcus Brinkmann discovered that during decryption or verification, GnuPG did not properly filter out terminal sequences when reporting the original filename. An attacker could use this to specially craft a file that would cause an application parsing GnuPG output to incorrectly interpret the status of the cryptographic operation reported by GnuPG. Various other issues were also addressed.

Ubuntu Security Notice 3687-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

Debian Linux Security Advisory 4231-1 - It was discovered that Libgcrypt is prone to a local side-channel attack allowing recovery of ECDSA private keys.

Debian Linux Security Advisory 4230-1 - Multiple vulnerabilities were discovered in the Lua subsystem of Redis, a persistent key-value database, which could result in denial of service.

Debian Linux Security Advisory 4229-1 - Two vulnerabilities were discovered in strongSwan, an IKE/IPsec suite.

HP Security Bulletin MFSBGN03810 1 - A potential vulnerability has been identified in UCMDB Server. This vulnerability could be exploited to Deserialization and Cross-site Request forgery (CSRF). Revision 1 of this advisory.

HP Security Bulletin MFSBGN03809 1 - A potential vulnerability has been identified in UCMDB Browser. This vulnerability could be exploited to Deserialization and Cross-site Request forgery (CSRF). Revision 1 of this advisory.

WordPress Redirection plugin version 2.7.1 suffers from a code execution vulnerability.

CA Technologies Support is alerting customers to multiple potential risks with CA Privileged Access Manager. Multiple vulnerabilities exist that can allow a remote attacker to conduct a variety of attacks. These risks include seven vulnerabilities privately reported within the past year to CA Technologies by security researchers, and nine vulnerabilities for Xceedium Xsuite that were publicly disclosed in July 2015. CA Technologies acquired Xceedium in August 2015, and Xceedium products were renamed and became part of Privileged Access Management solutions from CA Technologies. Sixteen vulnerabilities are outlined in this advisory.

Apple Security Advisory 2018-06-13-01 - Xcode 9.4.1 is now available and addresses code execution vulnerabilities.

Easy Chat Server version 3.1 add user local buffer overflow exploit.

RSA Authentication Manager versions prior to 8.3 P1 suffer from a cross site scripting vulnerability.

Debian Linux Security Advisory 4228-1 - Several vulnerabilities were found in SPIP, a website engine for publishing, resulting in cross-site scripting and PHP injection.

Ubuntu Security Notice 3678-4 - Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 file system that caused a denial of service when mounted. It was discovered that the 802.11 software simulator implementation in the Linux kernel contained a memory leak when handling certain error conditions. A local attacker could possibly use this to cause a denial of service. Various other issues were also addressed.

Red Hat Security Advisory 2018-1852-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include an information leakage vulnerability.

Ubuntu Security Notice 3675-2 - USN-3675-1 fixed a vulnerability in GnuPG 2 for Ubuntu 18.04 LTS and Ubuntu 17.10. This update provides the corresponding update for GnuPG 2 in Ubuntu 16.04 LTS and Ubuntu 14.04 LTS. Marcus Brinkmann discovered that during decryption or verification, GnuPG did not properly filter out terminal sequences when reporting the original filename. An attacker could use this to specially craft a file that would cause an application parsing GnuPG output to incorrectly interpret the status of the cryptographic operation reported by GnuPG. Various other issues were also addressed.