Debian Linux Security Advisory 4179-1 - This update doesn't fix a vulnerability in linux-tools, but provides support for building Linux kernel modules with the "retpoline" mitigation for CVE-2017-5715 (Spectre variant 2).
e29587414760c63eeb7cf858b2e6b01daa6dc707328f9c69d310f296e1f5a324
Whitepaper that shows how easy you can build a fuzzer for the MQTT protocol by using the Polymorph framework.
08c5ab2ad5f854437afe7515216244845ac796c7dae4ab83db7966b2c5810898
Red Hat Security Advisory 2018-1224-01 - PackageKit is a D-Bus abstraction layer that allows the session user to manage packages in a secure way using a cross-distribution, cross-architecture API. Issues addressed include a bypass vulnerability.
bad710e17201049c5319f02471a51b4c1cb154a5e6001c710ddad4784dd532bf
Allok Video to DVD Burner version 2.6.1217 suffers from a buffer overflow vulnerability.
8901ee721d781e1fd0a856549d7129ba2ac82247d4649a08ad4868f126920ae9
WordPress Woo Import Export plugin version 1.0 suffers from an arbitrary file deletion vulnerability.
415d9978fdf0f28a062fa30021e625eaa7abb1680f6ca29af05bc9eb3d49434d
Easy File Sharing Web Server version 7.2 UserID remote buffer overflow exploit with DEP bypass.
4921ef9c36be40af22b9321dd08429c158a520e6f64cea812a68495053776355
VLC Media Player/Kodi/PopcornTime versions prior to 2.2.5 Red Chimera memory corruption proof of concept exploit.
073a715dedfca9fc8d37477886c92074525cfc2bbaa16ec36747c4c85515e2ac
This paper documents a minor but somewhat easy way to compromise air gapped systems that share a kvm.
6294f7c7ccaeb2b6e4ec63378230b7fa7a831884b254b64da4282f5734847e6c
Zyxel ZyWALL ZLD versions 4.30 and below suffer from a cross site scripting vulnerability.
70cc9aaccabd73574249df6071fa934b5a0458febf8117a3a9555126bb2a51d1
WSO2 Identity Sever version 5.3.0 suffers from multiple persistent cross site scripting vulnerabilities.
4990846341d76b6fb9e53aeae7fb7c68f1253c3a015c256315cf5ff03976dd38
Red Hat Security Advisory 2018-1213-02 - The python-paramiko package provides a Python module that implements the SSH2 protocol for encrypted and authenticated connections to remote machines. Unlike SSL, the SSH2 protocol does not require hierarchical certificates signed by a powerful central authority. The protocol also includes the ability to open arbitrary channels to remote services across an encrypted tunnel. Issues addressed include a bypass vulnerability.
1df1649f7680fb00e771e7c01cd1480e5c94068d2c416d51b43ef7b2c6a5ba1c
Ubuntu Security Notice 3633-1 - Jann Horn discovered that the Berkeley Packet Filter implementation in the Linux kernel improperly performed sign extension in some situations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
d3de2ae1cc871a46858dde71234bd3509254083fcd27c016ea8f204362973d8e
Ubuntu Security Notice 3632-1 - It was discovered that a race condition leading to a use-after-free vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the KVM implementation in the Linux kernel allowed passthrough of the diagnostic I/O port 0x80. An attacker in a guest VM could use this to cause a denial of service in the host OS. Various other issues were also addressed.
f8553fc2b1fbe9a47e2b4b2ce0f11da61f2c04cd45e5a0719d72c05c601fef36
Ubuntu Security Notice 3631-2 - USN-3631-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that a buffer overread vulnerability existed in the keyring subsystem of the Linux kernel. A local attacker could possibly use this to expose sensitive information. Various other issues were also addressed.
8c11dde9cfc9285201a93a634d7dc7a7c852023b641bd9ef89d596e787a65db5
Ubuntu Security Notice 3631-1 - It was discovered that a buffer overread vulnerability existed in the keyring subsystem of the Linux kernel. A local attacker could possibly use this to expose sensitive information. It was discovered that the DM04/QQBOX USB driver in the Linux kernel did not properly handle device attachment and warm-start. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
0f29ea5c7c19aa1c45fa2652f9df2d46bdaad22952487e8f4b2f06d34b2f3331
Ubuntu Security Notice 3630-2 - USN-3630-1 fixed a vulnerability in the Linux kernel for Ubuntu 17.10. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS. It was discovered that the Broadcom UniMAC MDIO bus controller driver in the Linux kernel did not properly validate device resources. A local attacker could use this to cause a denial of service.
da5edcf5fe7d9960c0fc14a80dbcbbe63c373993eb63a21aa1cb6b5209540b01
Ubuntu Security Notice 3630-1 - It was discovered that the Broadcom UniMAC MDIO bus controller driver in the Linux kernel did not properly validate device resources. A local attacker could use this to cause a denial of service.
841517345a366bff6a67067a64330277230469e84daa8bef61a90d192b4f7a97
74 bytes small Linux/x86 cp /bin/sh /tmp/sh; chmod +s /tmp/sh shellcode.
c0151711757b8e9e9755280b992b9197b1b83e5cafa60a05e7d4e526c3c9d0f1
WordPress UK Cookie Consent plugin version 2.3.9 suffers from a persistent cross site scripting vulnerability.
4525b3db4d8f5559251bd4d6bda7310e49a4a07217daf9542e7dc57871d6a6cf
Wuzhi CMS version 4.1.0 suffers from a cross site request forgery vulnerability.
c86fb6753dd60d9fb1f38c751103511e57cf0d1d9d2f1bf62e0a17d2c8a8bdb5
Gentoo Linux Security Advisory 201804-22 - Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the execution of arbitrary code. Versions less than 66.0.3359.117 are affected.
c353629d367b741906fb92bc8f04662831005a826bbcd2a2e00f2f1d4211197f
Ubuntu Security Notice 3629-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.60 in Ubuntu 14.04 LTS. Ubuntu 16.04 LTS, and Ubuntu 17.10 have been updated to MySQL 5.7.22. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.
b058dfe15513ee9316cb817d677615050b385f79d3fd61096f81213a82157fc9
MyBB Threads to Link plugin version 1.3 suffers from a cross site scripting vulnerability.
96173d80bddfd3f77cb73fdb4398da9ccbd0be0229284f03a26bf59ac24808e1
Gentoo Linux Security Advisory 201804-21 - A vulnerability has been found in librelp that may allow a remote attacker to execute arbitrary code. Versions less than 1.2.15 are affected.
c46159ad1b4b4733d6c42107d6759724abe8738e5d3eec6257edcaccea0850de
Red Hat Security Advisory 2018-1200-01 - The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file. Patch should be installed because it is a common way of upgrading applications. Issues addressed include a patching vulnerability.
008a77af21110101f7579caf2f6d8f354605f116ebadf9c11d7e03e0418ba3e6