CVE-2021-2102

The CVE-2021-2102 issue is in Oracle Complex Maintenance, Repair, and Overhaul (Dialog Box) for versions 11.5.10, 12.1, 12.2. It stems from insufficient access control, enabling an unauthenticated, network-accessible attacker (via HTTP) to access or modify data after user interaction. The Red Hat...

CVE-2021-2103

CVE-2021-2103 affects Oracle’s Complex Maintenance, Repair, and Overhaul (dialog box) in Oracle Supply Chain. Affected versions: 11.5.10, 12.1, 12.2. The issue allows an unauthenticated attacker with network access via HTTP to compromise the system; exploitation requires human interaction. Impact...

PT-2021-1742 · Oracle · Oracle Complex Maintenance

Name of the Vulnerable Software and Affected Versions: Oracle Complex Maintenance, Repair, and Overhaul versions 11.5.10, 12.1, 12.2 Description: The issue is related to insufficient access control in the Dialog Box component of the Oracle Complex Maintenance, Repair, and Overhaul product. This...

Oracle Supply Chain Security Vulnerability

Oracle Supply Chain Products Suite is a set of supply chain solutions from Oracle Oracle. The product provides value chain planning, value chain execution, product lifecycle management and other functions. A security vulnerability exists in Oracle Supply Chain's Oracle Complex Maintenance, Repair...

PT-2021-1743 · Oracle · Oracle Complex Maintenance

Name of the Vulnerable Software and Affected Versions: Oracle Complex Maintenance, Repair, and Overhaul versions 11.5.10, 12.1, 12.2 Description: The issue is related to insufficient access control in the Dialog Box component of Oracle Complex Maintenance, Repair, and Overhaul. It allows an...

Oracle Dialog Box Security Vulnerability

Oracle Dialog Box is the United States Oracle Oracle company can generate a dialog box Windows API functions. This file exists in many Oracle products and provides dialog box support for the products. A security vulnerability exists in Oracle Dialog Box that could allow an unauthenticated attacke...

PT-2021-1774 · Oracle · Oracle Complex Maintenance

Name of the Vulnerable Software and Affected Versions: Oracle Complex Maintenance, Repair, and Overhaul versions 11.5.10, 12.1, and 12.2 Description: The issue is related to insufficient access control in the Dialog Box component of the Oracle Complex Maintenance, Repair, and Overhaul product. It...

Simplify compliance and manage risk with Microsoft Compliance Manager

The cost of non-compliance is more than twice that of compliance costs. Non-compliance with the ever-increasing and changing regulatory requirements can have a significant impact on your organizations brand, reputation, and revenue. According to a study by the Ponemon Institute and Globalscape,...

SUSE SLES12 Security Update : postgresql12 (SUSE-SU-2020:3630-1)

This update for postgresql12 fixes the following issues : Upgrade to version 12.5 : CVE-2020-25695, bsc1178666: Block DECLARE CURSOR ... WITH HOLD and firing of deferred triggers within index expressions and materialized view queries. CVE-2020-25694, bsc1178667: a Fix usage of complex...

openSUSE Security Update : postgresql12 (openSUSE-2020-2029)

This update for postgresql12 fixes the following issues : - Upgrade to version 12.5 : - CVE-2020-25695, bsc1178666: Block DECLARE CURSOR ... WITH HOLD and firing of deferred triggers within index expressions and materialized view queries. - CVE-2020-25694, bsc1178667: a Fix usage of complex...

CVE-2020-7020

Elasticsearch versions before 6.8.13 and 7.9.2 contain a document disclosure flaw when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain complex queries. This could result in the search disclosing the existence of documen...

Akamai Edge Cloud: Scaling IoT, Part 1

The Internet of Things IoT ecosystem is an exciting emerging market that is disrupting the way we design infrastructure to support businesses. Smart devices, homes, cities, cars, and automation supporting the Industry 4.0 industrial revolution are all placing new demands on existing internet...

Elasticsearch Information Disclosure Vulnerability (CNVD-2020-60336)

Elasticsearch is the Netherlands Elasticsearch company's set of open source distributed RESTful search engine built on Lucene . The product is mainly used in cloud computing , and supports data indexing via HTTP using JSON. security is one of the data protection components. An information...

UBUNTU-CVE-2020-7020

Elasticsearch versions before 6.8.13 and 7.9.2 contain a document disclosure flaw when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain complex queries. This could result in the search disclosing the existence of documen...

Design/Logic Flaw

Elasticsearch versions before 6.8.13 and 7.9.2 contain a document disclosure flaw when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain complex queries. This could result in the search disclosing the existence of documen...

CVE-2020-7020

Elasticsearch versions before 6.8.13 and 7.9.2 contain a document disclosure flaw when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain complex queries. This could result in the search disclosing the existence of documen...

PT-2020-19345 · Elastic · Elasticsearch

Name of the Vulnerable Software and Affected Versions: Elasticsearch versions prior to 6.8.13 Elasticsearch versions prior to 7.9.2 Description: The issue is related to a document disclosure flaw when Document or Field Level Security is used in Elasticsearch. Search queries do not properly preser...

CVE-2020-16158

GoPro gpmf-parser through 1.5 has a stack out-of-bounds write vulnerability in GPMFExpandComplexTYPE. Parsing malicious input can result in a crash or potentially arbitrary code execution...

Large, Complex DDoS Attacks on the Rise in 2020

While we've highlighted both record PPS and BPS attacks mitigated on the Akamai Prolexic Platform over the past few weeks, these attacks are part of a broader trend of increasingly large and complex DDoS activity. We have seen clear indications across the industry of high-water mark DDoS attacks...

Simplicity is the Key to Enterprise Cybersecurity

Editor’s Note: Sam Bocetta, a guest author on the VMware Carbon Black blog, is a freelance journalist specializing in U.S. diplomacy and national security, with emphases on technology trends in cyber warfare, cyber defense, and cryptography. In today’s digital environment, companies are...