CVE-2018-21053

An issue was discovered on Samsung mobile devices with N7.x, O8.x, and P9.0 software. There is Clipboard access in the lockscreen state via a physical keyboard. The Samsung ID is SVE-2018-12684 October 2018...

Lenovo K5 Pro phone has information leakage vulnerability

The Lenovo K5pro phone is an extremely low-priced mass model released in mid-October 2018 by Lenovo. The Lenovo K5 Pro phone has an information disclosure vulnerability that can be exploited by attackers to gain access to sensitive information...

Cumulative Update 18 for Microsoft Dynamics 365 Business Central October'18 on-premises (Application Build 41909, Platform Build 41879)

Cumulative Update 18 for Microsoft Dynamics 365 Business Central October'18 on-premises Application Build 41909, Platform Build 41879 This article applies to Microsoft Dynamics 365 Business Central on-premises deployments for all countries and all language locales. An information disclosure...

CVE-2018-21053

An issue was discovered on Samsung mobile devices with N7.x, O8.x, and P9.0 software. There is Clipboard access in the lockscreen state via a physical keyboard. The Samsung ID is SVE-2018-12684 October 2018...

CVE-2018-21052

An issue was discovered on Samsung mobile devices with N7.x and O8.X Exynos chipsets software. There is incorrect usage of shared memory in the vaultkeeper Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2018-12855 October 2018...

CVE-2018-21053

An issue was discovered on Samsung mobile devices with N7.x, O8.x, and P9.0 software. There is Clipboard access in the lockscreen state via a physical keyboard. The Samsung ID is SVE-2018-12684 October 2018...

CVE-2018-21051

An issue was discovered on Samsung mobile devices with N7.x and O8.x Exynos chipsets software. There is an invalid free in the fingerprint Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2018-12853 October 2018...

Oracle GoldenGate Multiple Vulnerabilities (October 2018 CPU)

The version of Oracle GoldenGate installed on the remote host is affected by the following vulnerabilities as noted in the October 2018 CPU advisory : - A denial of service DoS vulnerability exists in the manager component of GoldenGate. An unauthenticated, remote attacker can exploit this by...

CVE-2018-18852

Cerio DT-300N 1.1.6 through 1.1.12 devices allow OS command injection because of improper input validation of the web-interface PING feature's use of Save.cgi to execute a ping command, as exploited in the wild in October 2018...

Command injection

Cerio DT-300N 1.1.6 through 1.1.12 devices allow OS command injection because of improper input validation of the web-interface PING feature's use of Save.cgi to execute a ping command, as exploited in the wild in October 2018...

Oracle Java SE 6 < Update 211 / 7 < Update 201 / 8 < Update 191 / 11 < Update 1 Multiple Vulnerabilities (October 2018 CPU)

Binary data 700659.prm...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Developer for i and Rational Developer for AIX and Linux - October 2018

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 that is used by Rational Developer for i and Version 7 that is used by Rational Developer for AIX and Linux. These issues were disclosed as part of the IBM Java SDK updates in October 2018 CVE-2018-3180...

MySQL 5.5.x < 5.5.62 Multiple Vulnerabilities (October 2018 CPU)

Binary data 700617.prm...

Oracle Fusion Middleware Oracle HTTP Server Multiple Vulnerabilities (October 2018 CPU)

The version of Oracle HTTP Server installed on the remote host is affected by vulnerabilities as noted in the October 2018 CPU advisory: - A vulnerability exists in the Oracle HTTP Server component of Oracle Fusion Middleware subcomponent: Web Listener curl. The affected version is 12.2.1.3. This...

October 2018 Preview of the Quality Rollups for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, and 4.7.2 for Windows 7 SP1 and Server 2008 R2 SP1 (KB 4462500)

October 2018 Preview of the Quality Rollups for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, and 4.7.2 for Windows 7 SP1 and Server 2008 R2 SP1 KB 4462500 Applies to: Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, Microsoft .NET...

Security Bulletin: Vulnerabilities in IBM Java SDK (October 2018) affecting IBM Application Delivery Intelligence for IBM Z V5.1.0, V5.0.5 and V5.0.4 (CVE-2018-3139, CVE-2018-3180)

Summary Multiple vulnerabilities are identified in IBM® SDK Java™ Technology Edition Version 1.7 and Version 1.8 that are used by IBM Application Delivery Intelligence for IBM Z V5.1.0, V5.0.5, and V5.0.4 respectively. These issues were disclosed as part of the IBM Java SDK updates in October 201...

February 2019 Oracle Outside In Library Security Update

Microsoft Exchange Server contains some elements of the Oracle Outside In libraries. The February 12, 2019 releases of Microsoft Exchange Server contain fixes to vulnerabilities which are described in: Oracle Critical Patch Update Advisory - October 2018 The following software releases include...

Critical Zcash Bug Could Have Allowed 'Infinite Counterfeit' Cryptocurrency

The developers behind the privacy-minded Zcash cryptocurrency have recently discovered and patched a highly dangerous vulnerability in the most secretive way that could have allowed an attacker to coin an infinite number of Zcash ZEC. Yes, infinite… like a never-ending source of money. Launched i...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM PureApplication System (July and October 2018 updates)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6 and 7, used by the IBM PureApplication System. These issues were disclosed as part of the IBM Java SDK quarterly updates in July and October 2018, and the following vulnerabilities have been addressed...

Fedora 29 : 1:mysql-connector-java (2018-6b350bb946)

Fixes CVE-2018-3258 Connector/J unspecified vulnerability CPU October 2018 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without...