phpMyAdmin version 4.8.1 suffers from a local file inclusion vulnerability that can lead to code execution.

phpLDAPadmin version 1.2.2 suffers from a server_id LDAP injection vulnerability.

GreenCMS version 2.3.0603 suffers from a sensitive information disclosure vulnerability.

phpMyAdmin version 4.8.1 suffers from an authenticated local file inclusion vulnerabilities.

This whitepaper is a case study that analyzes the security of modern bluetooth keyboards. In the course of this research project, SySS GmbH analyzed three currently popular wireless keyboards using Bluetooth technology that can be bought on the Amazon marketplace for security vulnerabilities. The following three devices were tested for security issues from different attacker perspectives: 1byoneKeyboard, LogitechK480, and MicrosoftDesignerBluetoothDesktop (Model1678 2017).

Ubuntu Security Notice 3691-1 - It was discovered that the Security component of OpenJDK did not correctly perform merging of multiple sections for the same file listed in JAR archive file manifests. An attacker could possibly use this to modify attributes in a manifest without invalidating the signature. Francesco Palmarini, Marco Squarcina, Mauro Tempesta, and Riccardo Focardi discovered that the Security component of OpenJDK did not restrict which classes could be used when deserializing keys from the JCEKS key stores. An attacker could use this to specially craft a JCEKS key store to execute arbitrary code. Various other issues were also addressed.

NewMark CMS version 2.1 suffers from a remote SQL injection vulnerability.

LFCMS version 3.7.0 suffers from an add user cross site request forgery vulnerability.

Orchid Core VMS is vulnerable to a directory traversal attack. This affects Linux and Windows operating systems. This allows a remote, unauthenticated attacker to send crafted GET requests to the application, which results in the ability to read arbitrary files outside of the applications web directory. This issue is further compounded as the Linux version of Orchid Core VMS application is running in context of a user in the sudoers group. As such, any file on the underlying system, for which the location is known, can be read. This Metasploit module was tested against 2.0.5. This has been fixed in 2.0.6.

Apache CouchDB versions prior to 2.1.0 remote code execution proof of concept exploit.

TP-Link TL-WA850RE suffers from a remote command execution vulnerability.

Dell EMC RecoverPoint versions prior to 5.1.2 suffer from a local root command execution vulnerability.

LFCMS version 3.7.0 suffers from an add administrator cross site request forgery vulnerability.

Mirasys DVMS Workstation versions 5.12.6 and below suffer from a path traversal vulnerability.

Dell EMC RecoverPoint versions prior to 5.1.2 suffer from a remote root command execution vulnerability.

FreeBSD Security Advisory - A subset of Intel processors can allow a local thread to infer data from another thread through a speculative execution side channel when Lazy FPU state restore is used. Any local thread can potentially read FPU state information from other threads running on the host. This could include cryptographic keys when the AES-NI CPU feature is present.

Opencart versions 3.0.2.0 and below suffer from a google_sitemap remote denial of service vulnerability.

ntp version 4.2.8p11 local buffer overflow proof of concept exploit.

VideoInsight WebClient version 5 suffers from a remote SQL injection vulnerability.

Redis version 5.0 suffers from a denial of service vulnerability.

MaDDash version 2.0.2 suffers from a directory listing disclosure vulnerability.

Slackware Security Advisory - New gnupg packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue.

Debian Linux Security Advisory 4232-1 - This update provides mitigations for the "lazy FPU" vulnerability affecting a range of Intel CPUs, which could result in leaking CPU register states belonging to another vCPU previously scheduled on the same CPU.

Red Hat Security Advisory 2018-1954-01 - GlusterFS is a key building block of Red Hat Gluster Storage. It is based on a stackable user-space design and can deliver exceptional performance for diverse workloads. GlusterFS aggregates various storage servers over network interconnections into one large, parallel network file system. Issues addressed include an access control issue.