Oracle Patch Tuesday, July 2023 Security Update Review

Oracle has released its third quarterly edition of Critical Patch Update, which contains a group of patches for 508 security vulnerabilities. Some of the vulnerabilities addressed this month impact more than one product. These patches address vulnerabilities in Oracle code and third-party...

CVE-2023-3753 Creativeitem Mastery LMS browse cross site scripting

A vulnerability classified as problematic has been found in Creativeitem Mastery LMS 1.2. This affects an unknown part of the file /browse. The manipulation of the argument search/featured/recommended/skill leads to cross site scripting. It is possible to initiate the attack remotely. The...

Fedora 38 : firefox (2023-d5759f1edb)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-d5759f1edb advisory. - Updated to latest upstream 115.0.2 - Enabled LTO Tenable has extracted the preceding description block directly from the Fedora security advisory. Note tha...

CVE-2023-22061

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics component: Visual Analyzer. The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

CVE-2023-22056

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

CVE-2023-22057

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Replication. Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

CVE-2023-22037

Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite component: MS Excel Specific. Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Orac...

CVE-2023-22008

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of thi...

CVE-2023-22007

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Replication. Supported versions that are affected are 5.7.41 and prior and 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

Design/Logic Flaw

Vulnerability in the Oracle Hyperion Essbase Administration Services product of Oracle Essbase component: EAS Administration and EAS Console. The supported version that is affected is 21.4.3.0.0. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure whe...

Design/Logic Flaw

Vulnerability in the Unified Audit component of Oracle Database Server. Supported versions that are affected are 19.3-19.19 and 21.3-21.10. Easily exploitable vulnerability allows high privileged attacker having SYSDBA privilege with network access via Oracle Net to compromise Unified Audit...

Design/Logic Flaw

Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain component: WebClient. The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks require human...

Code injection

Vulnerability in the Application Express Team Calendar Plugin product of Oracle Application Express component: User Account. Supported versions that are affected are Application Express Team Calendar Plugin: 18.2-22.1. Easily exploitable vulnerability allows low privileged attacker with network...

CVE-2023-22055

CVE-2023-22055 affects Oracle JD Edwards EnterpriseOne Tools, Web Runtime SEC. Vulnerable in versions prior to 9.2.7.4; attacker with network access over HTTP can compromise JD Edwards EnterpriseOne Tools, with attacks requiring user interaction. Consequences include unauthorized updates/inserts/...

CVE-2023-22040

CVE-2023-22040 (Oracle WebLogic Server Core) affects Oracle WebLogic Server within Oracle Fusion Middleware. The publicly documented impact: on affected versions 12.2.1.4.0 and 14.1.1.0.0, a high-privileged attacker with network access via multiple protocols can compromise the server, potentially...

CVE-2023-22008

CVE-2023-22008 affects Oracle MySQL Server (InnoDB) with vulnerable versions 8.0.33 and earlier. An attacker with network access through multiple protocols and high privileges can cause a hang or frequent crash (DoS) of MySQL Server (CVSS 4.9, AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Connected sourc...

CVE-2023-22007

CVE-2023-22007 affects Oracle MySQL Server (Server: Replication). Affected versions are 5.7.41 and earlier, and 8.0.32 and earlier. The vulnerability allows a high-privilege attacker with network access via multiple protocols to cause a hang or frequent crashes (DoS) of MySQL Server. The CVSS 3.1...

CVE-2023-21994

CVE-2023-21994 affects Oracle Fusion Middleware’s Oracle Mobile Security Suite (Android Mobile Authenticator App). Affected versions are prior to 11.1.2.3.1. The issue allows an unauthenticated attacker with access to the hardware’s physical communication segment to compromise the Mobile Security...

CVE-2023-21974

The CVE-2023-21974 entry maps to Oracle Application Express Team Calendar Plugin (versions 18.2–22.1). The vulnerability stems from insufficient input validation in the plugin’s User Account component, allowing a low-privileged attacker with network access via HTTP to compromise the plugin, with ...