9532, 2591 Security Vulnerabilities

CVE-2019-2591

Vulnerability in the PeopleSoft Enterprise HRMS component of Oracle PeopleSoft Products (subcomponent: Candidate Gateway). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft...

CVE-2019-2591

Vulnerability in the PeopleSoft Enterprise HRMS component of Oracle PeopleSoft Products (subcomponent: Candidate Gateway). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft...

Code injection

Vulnerability in the PeopleSoft Enterprise HRMS component of Oracle PeopleSoft Products (subcomponent: Candidate Gateway). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft...

CVE-2019-2591

Vulnerability in the PeopleSoft Enterprise HRMS component of Oracle PeopleSoft Products (subcomponent: Candidate Gateway). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft...

Oracle Critical Patch Update Advisory - April 2019

A Critical Patch Update is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories.....

Denial Of Service (DoS)

rh-mysql57-mysql is vulnerable to denial of service (DoS) attacks. The vulnerability exists as a vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily...

CVE-2018-9532

In ixheaacd_extract_frame_info_ld of ixheaacd_env_extr.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions:...

Out-of-bounds

In ixheaacd_extract_frame_info_ld of ixheaacd_env_extr.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions:...

CVE-2018-9532

In ixheaacd_extract_frame_info_ld of ixheaacd_env_extr.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions:...

CVE-2018-9532

In ixheaacd_extract_frame_info_ld of ixheaacd_env_extr.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions:...

openSUSE: Security Advisory for zutils (openSUSE-SU-2018:2591-1)

The remote host is missing an update for...

Security update for zutils (moderate)

This update for zutils to version 1.7 fixes one security issue: CVE-2018-1000637: buffer overrun in zcat utility (boo#1103878) Please note that the zutils zcat utility is distinct from the default gzip zcat...

Reusable NTLM Connections

libcurl.so is vulnerable to reusable NTLM connections. The vulnerability exists due to the improper checks of the NTLM state when checking if a connection exists, allowing reusable NTLM...

Information Disclosure

libcurl.so is vulnerable to information disclosure. HTTP headers are sent to both proxy and destination servers. This can lead to confidential information such as basic authorization headers containing user credentials being exposed to remote proxy...

EulerOS 2.0 SP2 : 389-ds-base (EulerOS-SA-2018-1190)

According to the versions of the 389-ds-base packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : It was found that 389-ds-base did not properly handle long search filters with characters needing escapes, possibly leading to...

EulerOS 2.0 SP3 : libtiff (EulerOS-SA-2018-1165)

According to the versions of the libtiff packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Off-by-one error in the t2p_readwrite_pdf_image_tile function in tools/tiff2pdf.c in LibTIFF 4.0.7 allows remote attackers to have...

Denial Of Service (DoS)

libtiff.so is vulnerable to denial of service (DoS) attacks. A malicious user can pass a tif file to the writeBufferToSeparateStrips function in tiffcrop.c to cause an out-of-bounds read that can crash the...

Authentication Bypass

libcurl.so is vulnerable to authentication bypass. The library does not properly close Negotiate connections, allowing a malicious user to impersonate other users with a...

CVE-2017-2591

389-ds-base before version 1.3.6 is vulnerable to an improperly NULL terminated array in the uniqueness_entry_to_config() function in the "attribute uniqueness" plugin of 389 Directory Server. An authenticated, or possibly unauthenticated, attacker could use this flaw to force an out-of-bound heap....

CVE-2017-2591

389-ds-base before version 1.3.6 is vulnerable to an improperly NULL terminated array in the uniqueness_entry_to_config() function in the "attribute uniqueness" plugin of 389 Directory Server. An authenticated, or possibly unauthenticated, attacker could use this flaw to force an out-of-bound heap....

CVE-2017-2591

389-ds-base before version 1.3.6 is vulnerable to an improperly NULL terminated array in the uniqueness_entry_to_config() function in the "attribute uniqueness" plugin of 389 Directory Server. An authenticated, or possibly unauthenticated, attacker could use this flaw to force an out-of-bound heap....

Design/Logic Flaw

389-ds-base before version 1.3.6 is vulnerable to an improperly NULL terminated array in the uniqueness_entry_to_config() function in the "attribute uniqueness" plugin of 389 Directory Server. An authenticated, or possibly unauthenticated, attacker could use this flaw to force an out-of-bound heap....

CVE-2017-2591

389-ds-base before version 1.3.6 is vulnerable to an improperly NULL terminated array in the uniqueness_entry_to_config() function in the "attribute uniqueness" plugin of 389 Directory Server. An authenticated, or possibly unauthenticated, attacker could use this flaw to force an out-of-bound heap....

CVE-2017-2591

389-ds-base before version 1.3.6 is vulnerable to an improperly NULL terminated array in the uniqueness_entry_to_config() function in the "attribute uniqueness" plugin of 389 Directory Server. An authenticated, or possibly unauthenticated, attacker could use this flaw to force an out-of-bound heap....

polatkan.com XSS vulnerability

Open Bug Bounty ID: OBB-599229 Description| Value ---|--- Affected Website:| polatkan.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS (Cross Site Scripting) / CWE-79 CVSSv3 Score:| 6.1...

(RHSA-2018:0587) Important: rh-mysql56-mysql security update

MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs. The following packages have been upgraded to a later upstream version: rh-mysql56-mysql (5.6.39). (BZ#1533831) Security Fix(es): mysql: sha256_password...

Security Update for Microsoft SharePoint Enterprise Server 2013 (KB4011688)

A security vulnerability exists in Microsoft SharePoint Enterprise Server 2013 that could allow arbitrary code to run when a maliciously modified file is opened. This update resolves that...

MySQL: Multiple vulnerabilities

Background A fast, multi-threaded, multi-user SQL database server. Description Multiple vulnerabilities have been discovered in MySQL. Please review the referenced CVE identifiers for details. Impact A remote attacker could execute arbitrary code without authentication or cause a partial denial...

GLSA-201802-04 : MySQL: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201802-04 (MySQL: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in MySQL. Please review the referenced CVE identifiers for details. Impact : A remote attacker could execute arbitrary code without...

K24715544 : MySQL vulnerabilities CVE-2018-2591, CVE-2018-2600, CVE-2018-2612, CVE-2018-2622, and CVE-2018-2640

Security Advisory Description CVE-2018-2591 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows high privileged attacker with...

Security update for mysql-community-server (important)

This update for mysql-community-server to version 5.6.39 fixes several issues. These security issues were fixed: CVE-2018-2622: Vulnerability in the subcomponent: Server: DDL. Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols...

openSUSE Security Update : mysql-community-server (openSUSE-2018-90)

This update for mysql-community-server to version 5.6.39 fixes several issues. These security issues were fixed : CVE-2018-2622: Vulnerability in the subcomponent: Server: DDL. Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols...

openSUSE: Security Advisory for mysql-community-server (openSUSE-SU-2018:0223-1)

The remote host is missing an update for...

FreeBSD : MySQL -- multiple vulnerabilities (e3445736-fd01-11e7-ac58-b499baebfeaf)

Oracle reports : Not all vulnerabilities are relevant for all flavors/versions of the servers and clients Vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized...

CVE-2018-2591

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise.....

CVE-2018-2591

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise.....

CVE-2018-2591

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise.....

Code injection

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise.....

CVE-2018-2591

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise.....

CVE-2018-2591

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise.....

CVE-2018-2591

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise.....

Oracle Mysql Security Updates (jan2018-3236628) 05 - Windows

Oracle MySQL is prone to a denial of service (DoS)...

MySQL 5.7.x < 5.7.21 Multiple Vulnerabilities (RPM Check) (January 2018 CPU)

The version of MySQL running on the remote host is 5.7.x prior to 5.7.21. It is, therefore, affected by multiple vulnerabilities as noted in the January 2018 Critical Patch Update advisory. Please consult the CVRF details for the applicable CVEs for additional information. Note that Nessus has not....

Oracle Mysql Security Updates (jan2018-3236628) 05 - Linux

Oracle MySQL is prone to a denial of service (DoS)...

MySQL 5.6.x < 5.6.39 Multiple Vulnerabilities (RPM Check) (January 2018 CPU)

The version of MySQL running on the remote host is 5.6.x prior to 5.6.39. It is, therefore, affected by multiple vulnerabilities as noted in the January 2018 Critical Patch Update advisory. Please consult the CVRF details for the applicable CVEs for additional information. Note that Nessus has not....

MySQL 5.7.x < 5.7.21 Multiple Vulnerabilities (January 2018 CPU)

The version of MySQL running on the remote host is 5.7.x prior to 5.7.21. It is, therefore, affected by multiple vulnerabilities as noted in the January 2018 Critical Patch Update advisory. Please consult the CVRF details for the applicable CVEs for additional information. Note that Nessus has not....

MySQL 5.6.x < 5.6.39 Multiple Vulnerabilities (January 2018 CPU)

The version of MySQL running on the remote host is 5.6.x prior to 5.6.39. It is, therefore, affected by multiple vulnerabilities as noted in the January 2018 Critical Patch Update advisory. Please consult the CVRF details for the applicable CVEs for additional information. Note that Nessus has not....

Oracle Critical Patch Update - January 2018

A Critical Patch Update is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories.....

openSUSE Security Update : 389-ds (openSUSE-2017-1396)

This update for 389-ds fixes the following issues : CVE-2017-7551: 389-ds-base: Password brute-force possible for locked account due to different return codes (bsc#1051997) CVE-2016-4992: 389-ds: Information disclosure via repeated use of LDAP ADD operation (bsc#997256) ...

(RHSA-2017:3442) Important: rh-mysql57-mysql security update

MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs. The following packages have been upgraded to a later upstream version: rh-mysql57-mysql (5.7.20). (BZ#1505114) Security Fix(es): This update fixes several...