It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys. On a multi-user system using xdmcp, a local attacker could potentially use information available from the process list to brute force the key, allowing them to hijack other users’ sessions.
WordPress 4.9.4 - DoS vulnerability from 4.9.228/02/2018
8 months ago.
#Op Black Friday23/11/2018
9 days to go.