Slackware Security Advisory - New kernel packages are available for Slackware 14.2 to fix a regression in the getsockopt() function and to fix two denial-of-service security issues.
1256fc37bd7798ca0038f9ea2c63351eac1f24df934e86d4c82697a7436ab1e3
Epic Games Launcher version 7.9.4-4058369 suffers from an insecure file permissions vulnerability.
35af3e355a869f4fe36fe821e7896477dc9771a67740fc68f1b82e8653dc2005
Epic Games Fortnite version 4.2-CL-4072250 suffers from an insecure file permissions vulnerability.
82e1a10d5236259fccb3a81757ea9d23ed75cd14df44d99e2f2baf0d3be46b8d
Qualys performed an extensive audit of procps-ng. They discovered hundreds of bugs and vulnerabilities.
6d895899f31fb860118c7f19ea72747036e5eb147127ca183af8defd7ed85eff
Feedy RSS News Ticker version 2.0 suffers from a remote SQL injection vulnerability.
8cf08676d5ed7a336c93d2791ece1db513560228c9cf7ca4c053f947c622fc16
QNAP PhotoStation versions prior to 5.x suffer from a cross site scripting vulnerability.
52812aac543d17d1afa1a4789a77b9d3c4cef54c6a2c6e28c3dcb857dce53824
Debian Linux Security Advisory 4207-1 - Matthias Gerstner discovered that PackageKit, a DBus abstraction layer for simple software management tasks, contains an authentication bypass flaw allowing users without privileges to install local packages.
62b118d487e09c2247075e70088dbe07c6b76b4fde60cac976ef6049f72d6450
Debian Linux Security Advisory 4208-1 - The Qualys Research Labs discovered multiple vulnerabilities in procps, a set of command line and full screen utilities for browsing procfs.
e68fd20d426ce3b9af8dba966514831f2fd6dce2e702836ab9c951452f1788a8
EasyService Billing version 1.0 suffers from cross site scripting and remote SQL injection vulnerabilities.
5e0c599cdc7c6893419a5b4dbfa859bdc71d855ca1c7b03b2de1125a87f17fdc
FTPShell Server version 6.80 local buffer overflow exploit with SafeSEH bypass.
5a9b8d94cdc7bf869d728e88d88191c7eb6ff2150dccc21aad6fd4d4bc4fdc41
Teradek VidiU Pro version 3.0.3 suffers from a stream disclosure vulnerability in snapshot.cgi.
1ec16c77ff64530a16f5ee014a1d612f9f673ff0d860df47d7438147ddb9ecf5
Teradek Slice version 7.3.15 suffers from a stream disclosure vulnerability in snapshot.cgi.
526c66045fa6be523cc8edfa55dcf7233f85933c7c408e5105ac9f7a66500f44
Teradek T-RAX version 7.3.2 suffers from a stream disclosure vulnerability in snapshot.cgi.
69d8a2bfab670f5bce274a6f980f3cf8b6cd28a765740ec72516f1a6fc6cb370
PaulPrinting CMS Printing version 1.0 suffers from a remote SQL injection vulnerability.
42d1956fe499cfd87e3740f5b19397ac6574a273c8af4f314072356c9180a777
Siemens SIMATIC S7-1200 CPU suffers from a cross site scripting vulnerability.
1702461e2f3509bc3cc061c3ff42fe5455c97f574a8755c76dd490aab176cbbf
Teradek Slice version 7.3.15 suffers from a password changing cross site request forgery vulnerability.
9fe24e1a2cc0e89eb5a248f50e361796e26513a7c452b93aaa4937d78c971e0d
Teradek Cube version 7.3.6 suffers from a password changing cross site request forgery vulnerability.
78335d35d86d8f1850259a01ed658fd8b03cc60b1814ca7a7fd3138c40564a2e
NewsBee CMS version 1.4 suffers from a remote SQL injection vulnerability in home-text-edit.php.
c4158a46d7fd0b3c6941b48e20cb79c818fbcd34a48b3a0b38b600c4e1c094aa
Teradek Cube version 7.3.6 suffers from a stream disclosure vulnerability in snapshot.cgi.
88954f646ded8b7e83029b9f42aae86899a385a53ce2d403178347c0cae7ba17
ERPnext version 11.x.x suffers from a cross site scripting vulnerability.
1404a458e609e9aabc984ca6b4e14dcef6d973f1faa805f617a0c6cd220e7621
Siemens SIMATIC S7-1200 suffers from a CPU functionality related cross site request forgery vulnerability.
8c2e5fb98b7508c36b55a7b3e06dc592c881362ae41570c7b65c00ae8e74bb36
Nordex N149/4.0-4.5 Wind Turbine Web Server suffers from a remote SQL injection vulnerability.
3ed62c4798ef52c9e786e8bf7c7d8bad6f15ef2f24c371b9f9ba0773331447c9
This Metasploit module exploits a race condition and use-after-free in the packet_set_ring function in net/packet/af_packet.c (AF_PACKET) in the Linux kernel to execute code as root (CVE-2016-8655). The bug was initially introduced in 2011 and patched in 2016 in version 4.4.0-53.74, potentially affecting a large number of kernels; however this exploit targets only systems using Ubuntu (Trusty / Xenial) kernels 4.4.0 < 4.4.0-53, including Linux distros based on Ubuntu, such as Linux Mint. The target system must have unprivileged user namespaces enabled and two or more CPU cores. Bypasses for SMEP, SMAP and KASLR are included. Failed exploitation may crash the kernel. This Metasploit module has been tested successfully on Linux Mint 17.3 (x86_64); Linux Mint 18 (x86_64); and Ubuntu 16.04.2 (x86_64) with kernel versions 4.4.0-45-generic and 4.4.0-51-generic.
2c972042e97ba752bad7ba25468c594d74162a227ca514649eb33c75bf60c5e6
ILIAS versions 5.3.2, 5.2.14, and 5.1.25 suffer from a cross site scripting vulnerability.
2aac0222aebf2e7413630a3b07065dedd067ddc45d6a86a9fc12a1676428cf5d
Red Hat Security Advisory 2018-1630-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include a bypass vulnerability.
7e70f12e450e11a411755e67c7bdc3b92d6061f604dfc7dec95f44ae514ce60e