This is the very thorough blog write-up discussing three variants of side-channel attacks that can be leveraged against CPU data cache timing.
9107d6c0e85e587e6d3264885ffff091ea3bdc700da9a36dac144dc15d23913b
Joomla JHotelReservation extension version 6.0.5 suffers from a remote SQL injection vulnerability.
eda2c2942ce036c939482b7bfd38874cc49a0e154d455016aa9509a48c0720c6
Red Hat Security Advisory 2018-0007-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Note: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software mitigation for this hardware issue at a cost of potential performance penalty.
7fe31c9b63d722e2f70ddf68ea2cfca7ad83bce1ee865044491f020f5ebc17de
Red Hat Security Advisory 2018-0008-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Note: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software mitigation for this hardware issue at a cost of potential performance penalty.
64a18764e1b0e14f21628c73fa8d2b878cd7ba637b38f69fbba000ad5c5d4903
The Linksys WVBR0-25 Wireless Video Bridge, used by DirecTV to connect wireless Genie cable boxes to the Genie DVR, is vulnerable to OS command injection in versions prior to 1.0.41 of the web management portal via the User-Agent header. Authentication is not required to exploit this vulnerability.
60407736f7e1de1519b05fc55add0932a67fcd3d6570595d9a8476a3162c5651
This Metasploit module exploits a command injection vulnerability in Xplico. Unauthenticated users can register a new account and then execute a terminal command under the context of the root user.
651a38434d2ab0908b45d4a1f3933f9debbdefd5170e43cc8c63abccb34a9de0
Red Hat Security Advisory 2018-0011-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Note: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software mitigation for this hardware issue at a cost of potential performance penalty.
592de4d13efdf05b076cd033a93be8768900663b9339bddce1eaba98644f8629
Red Hat Security Advisory 2018-0009-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Note: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software mitigation for this hardware issue at a cost of potential performance penalty.
737dece209d165444a4c57151e2eb21f00b587246a9fe688414e0290316e5e05
Red Hat Security Advisory 2018-0010-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Note: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software mitigation for this hardware issue at a cost of potential performance penalty.
8d2fdc3492dc5a0f44e0c714f4e730610f5fbd86da886e4335f3b53ed77a643c
Ubuntu Security Notice 3480-3 - USN-3480-2 fixed regressions in Apport. The update introduced a new regression in the container support. This update addresses the problem. Sander Bos discovered that Apport incorrectly handled core dumps for setuid binaries. A local attacker could use this issue to perform a denial of service via resource exhaustion or possibly gain root privileges. Various other issues were also addressed.
2ec01f00e48e50750b0daa61d47bd2e2f5a7576bc7e6d70bce03464154d64fc0
Ubuntu Security Notice 3514-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
cc51760beb17c3fed2c181ff2eddf8e76818da3dcbf01741e8ea427ac0aaee05
Kingsoft Antivirus / Internet Security version 9+ suffers from privilege escalation vulnerability.
2e250b3b0eb3e0f3d8d8bcc4d179c394fdd3363bbbe0d305c4aac5274b95fb88
Boost My Campaign version 1.1 suffers from multiple information disclosure vulnerabilities.
c69e9a047b8aa3c59f64690cc5694c3ac6d1b36720c653d0c87f120b8487160e
Atmail version 7.1.1 PRO suffers from a cross site scripting vulnerability.
20360ae54f135d996831ee29a36e3e7909f1def3db6727ad312a367b48621099