Parity versions 1.6.10 (stable) and below suffer from a same origin policy bypass vulnerability via a webproxy token reuse issue.
cbddfe13da39782b4f2a55b0f67f4f553e193db2a3a9f6177092af6bbd8ca0e4
beVX! has announced its call for papers. It will take place September 20th through the 21st, 2018 in Hong Kong.
bec537f06a7424b170bd86c02dc04456f73a802ff1e9996a480384813b13b111
Sangoma NetBorder / Vega Session Controller versions prior to 2.3.12-80-GA allows remote unauthenticated attackers to execute arbitrary commands via the web interface.
23b396713d3f48935304fe0c1474d19546d2999488112fed51d423e48f2e36ba
Tempest Security Intelligence ADV-12/2018 - A buffer overflow in Handy Password version 4.9.3 allows remote attackers to execute arbitrary code via a long "Title name" field in "mail box" data that is mishandled in an "Open from mail box" action.
db96f47d41838f40dfa6cda2444fb26a4a9d7ba6c7446485d9dce39966d6cd9b
WordPress Download Manager plugin version 2.9.60 suffers from a cross site request forgery vulnerability.
4ce02012a6774d62185b5146047e6e9eededc9dd500bb9ee967db1472a6520b7
Ubuntu Security Notice 3526-1 - It was discovered that SSSD incorrectly handled certain inputs when querying its local cache. An attacker could use this to inject arbitrary code and expose sensitive information.
b7922c4a9c676f88b0fe0cc2f64efa4fa7aa679e609d7ddd641dc4c26ac2454a
Ubuntu Security Notice 3525-1 - Jann Horn discovered that microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Meltdown. A local attacker could use this to expose sensitive information, including kernel memory.
6df80ee083282a9b59ef3b2427c3ebf021045160375212d96571d8fbc9d776a4
Ubuntu Security Notice 3524-2 - USN-3524-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. Jann Horn discovered that microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Meltdown. A local attacker could use this to expose sensitive information, including kernel memory. Various other issues were also addressed.
ca0ab7e170b499669e6ab21c6335229631f0f00144a96ee60e278ff4af08ab61
HPE Security Bulletin HPESBHF03805 4 - On January 3 2018, side-channel security vulnerabilities involving speculative execution were publicly disclosed. These vulnerabilities may impact the listed HPE products, potentially leading to information disclosure and elevation of privilege. Mitigation and resolution of these vulnerabilities may call for both an operating system update, provided by the OS vendor, and a system ROM update from HPE. Revision 4 of this advisory.
ac94c929c6e22558b91eb5ae898ace99f9e34456a07421d2c7647bf7ff3519cd
The Nuit Du Hack Call For Papers for 2018 has been announced. It will be held June 30th through July 1st, 2018 in Paris, France.
d7b29ca6ca10b8a3fe67770743a67b5dfb997969cc320f56bc496b969042bed3
DiskBoss Enterprise version 8.8.16 suffers from a buffer overflow vulnerability.
e914c2a3688425307771b9bceec2610fdfa9980984dec67d4da419843b118793
WordPress Service Finder Booking plugin versions prior to 3.2 suffer from a file disclosure vulnerability.
2f783b7627e401cd58c5d554ccc0889ab631b7fba1ee89ee6e4be091445d8f69
Android hardware service manager suffers from an arbitrary service replacement issue due to getpidcon.
f3c654241f72f6831aeb0f59add58d0444e58c9b772cb063afceb130c32cf237
WordPress Events Calendar plugin version 1.0 suffers from a remote SQL injection vulnerability.
075d02d328e0f3d7b1838fb18cd6e352f701cfc53d7a11cf0650fcdbfa6973ad
Muviko version 1.1 suffers from a remote SQL injection vulnerability.
8b1b612d8b14afe0aee6280bb49e03b74dda09f091420e19d3aaa5181780ac6d
WebKitGTK+ versions before 2.18.5 suffer from various CPU issues. Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker via a side-channel analysis.
43c0fb7f7af52d9932f66c052acb43b9fd23bbf87445e293c5c55aeb7464f02c
Microsoft Edge Chakra JIT suffers from a missing integer overflow check in Lowerer::LowerSetConcatStrMultiItem.
228fb8eccde76bcdb76fa5519ebb01ea7dcc1657dfc57e85ceb5485b7c3cfc13
53 bytes small Linux/x86 execve(/bin/sh) polymorphic shellcode.
efb10e1d3784559bfe33bd989b5dc61d8435daba2c91da1483c13af2d0e9765b
Polygonize PC version 1.1 suffers from a remote command execution vulnerability.
bc7b18c1d116b956ac3140448604dbacfb3b5fd10e968f8c0ab543e1357466b6