CVE-2020-2876

Vulnerability in the Oracle Marketing product of Oracle E-Business Suite component: Marketing Administration. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracl...

CVE-2020-2699

Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications component: Infrastructure. Supported versions that are affected are 12.0.1-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTT...

CVE-2024-21067

Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager component: Host Management. The supported version that is affected is 13.5.0.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Enterpris...

CVE-2025-21529

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Information Schema. Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple...

CVE-2025-21556

Vulnerability in the Oracle Agile PLM Framework product of Oracle Supply Chain component: Agile Integration Services. The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM...

CVE-2024-43705

CVE-2024-43705 affects Imagination Technologies PowerVR-GPU (Imagination GPU Driver). The issue stems from a vulnerability in the GPU kernel driver where PVRSRVBridgePhysmemWrapExtMem can write to arbitrary read-only system files mapped into application memory, allowing a non-privileged user to p...

Debian dla-3997 : php-illuminate-auth - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-3997 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3997-1 [email protected] https://www.debian.org/lts/security/...

CVE-2024-54003

Jenkins Simple Queue Plugin 1.4.4 and earlier does not escape the view name, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with View/Create permission...

[slackware-security] expat

New expat packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/expat-2.6.4-i586-1slack15.0.txz: Upgraded. This update fixes bugs and a security issue: Fix crash within function XMLResumeParser from ...

Security Bulletin: IBM Security QRadar EDR Software has weaker than expected security due to an included component (CVE-2024-39689)

Summary IBM Security QRadar EDR Software includes a vulnerable component e.g., framework library that could be identified and exploited with automated tools. This has been addressed in an update. Vulnerability Details CVEID:CVE-2024-39689 DESCRIPTION: Certifi python-certifi could provide weaker...

CVE-2024-36401

GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.22.6, 2.23.6, 2.24.4, and 2.25.2, multiple OGC request parameters allow Remote Code Execution RCE by unauthenticated users through specially crafted input against a default GeoServer...

Autodesk AutoCAD Memory Corruption Vulnerability

Autodesk AutoCAD is a set of professional 3D drawing software from the American Autodesk Corporation. A memory corruption vulnerability exists in Autodesk AutoCAD version 2024.1.4, which originates from a write access conflict when parsing maliciously crafted CATPART, XB, and STEP files in...

python3.11 security update

3.11.7-1.1 - Security fix for CVE-2023-6597 - Fix tests for XMLPullParser with Expat with fixed CVE Resolves: RHEL-33884...

CVE-2024-24789 Mishandling of corrupt central directory record in archive/zip

The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects...

RHEL 7 : libtasn1 (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libtasn1: Stack-based buffer overflow in asn1findnode CVE-2017-6891 - libtasn1: Infinite loop in...

CVE-2024-21001

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics component: BI Platform Security. The supported version that is affected is 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

GHSA-3J27-563V-28WF *const c_void / ExternalPointer unsoundness leading to use-after-free

Summary Use of inherently unsafe const cvoid and ExternalPointer leads to use-after-free access of the underlying structure, resulting in arbitrary code execution. Details const cvoid and ExternalPointer defined via external! macros types are used to represent v8::External wrapping arbitrary void...

*const c_void / ExternalPointer unsoundness leading to use-after-free

Summary Use of inherently unsafe const cvoid and ExternalPointer leads to use-after-free access of the underlying structure, resulting in arbitrary code execution. Details const cvoid and ExternalPointer defined via external! macros types are used to represent v8::External wrapping arbitrary void...

BIT-MYSQL-CLIENT-2020-14789

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: FTS. Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2024)

Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of MySQL Server...