USN-3459-1 mysql-5.5, mysql-5.7 vulnerabilities

Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.58 in Ubuntu 14.04 LTS. Ubuntu 16.04 LTS, Ubuntu 17.04 and Ubuntu 17.10 have been updated to MySQL 5.7.20. In addition to security fixes, the...

CVE-2017-10373

Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of Oracle PeopleSoft Products subcomponent: Health Center. Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...

Laravel Security Bypass Vulnerability

Laravel is a PHP development framework for developing web applications and provides syntax highlighting, documentation and extension packages. A security vulnerability exists in Laravel versions prior to 5.5.10 that stems from the program failing to properly handle the rememberme token validation...

X-Pack Security 5.5.2 security update

X-Pack Security TLS certificate verification error ESA-2017-15 An error was found in the X-Pack Security TLS trust manager for versions 5.0.0 to 5.5.1. If reloading the trust material fails the trust manager will be replaced with an instance that trusts all certificates. This could allow any node...

CVE-2017-10251

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products subcomponent: Test Framework. Supported versions that are affected are 8.54 and 8.55. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where PeopleSoft...

PT-2017-12164 · Gnu +4 · Gcc +4

Name of the Vulnerable Software and Affected Versions: GNU Compiler Collection GCC versions 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 Description: The issue arises in the ix86 expand builtin function in i386.c, where under certain circumstances, it generates instruction sequences that...

strongSwan ASN.1 Parser Denial of Service Vulnerability

strongSwan is an open source IPsec-based VPN solution for Linux platforms maintained by Andreas Steffen, a Swiss software developer. The solution includes authentication mechanisms such as X.509 public key certificates, secure storage of private keys, smart cards, etc. The ASN.1 parser is a tool...

IBM WebSphere Application Server Information Disclosure Vulnerability (CNVD-2017-07382)

IBM WebSphere Application Server WAS is an application server product developed and distributed by IBM in the U.S. It is a platform for Java EE and Web services applications, and is the foundation of the IBM WebSphere software platform. A security vulnerability exists in IBM WAS version 8.0, 8.5...

CVE-2016-8916

IBM Tivoli Storage Manager 5.5, 6.1-6.4, and 7.1 stores password information in a log file that could be read by a local user when a set password command is issued. IBM X-Force ID: 118472...

Oracle PeopleSoft Enterprise PeopleTools Unauthorized Read Vulnerability

Oracle PeopleSoft Products is a suite of enterprise human capital management solutions from Oracle Corporation, and PeopleSoft Enterprise PeopleTools is one of the tools and technology components that transforms the way organizations manage, use, and maintain their PeopleSoft software. PeopleSoft...

CVE-2017-3552

Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications subcomponent: OPERA Room Image/Picture Setup. Supported versions that are affected are 5.4.0.x, 5.4.1.x, 5.4.2.x, 5.4.3.x, 5.5.0.x and 5.5.1.x. Easily "exploitable" vulnerability allows...

PT-2017-15982

Name of the Vulnerable Software and Affected Versions Oracle PeopleSoft Products version 8.54 Oracle PeopleSoft Products version 8.55 Description The issue allows an unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools, resulting in unauthorized re...

CVE-2016-8216

EMC Data Domain OS DD OS 5.4 all versions, EMC Data Domain OS DD OS 5.5 family all versions prior to 5.5.5.0, EMC Data Domain OS DD OS 5.6 family all versions prior to 5.6.2.0, EMC Data Domain OS DD OS 5.7 family all versions prior to 5.7.2.10 has a command injection vulnerability that could...

VMware ESXi HTML Injection Vulnerability

VMware ESXi is a bare-metal virtualization hypervisor from VMware that is installed directly on a physical server and divides the physical server into multiple virtual machines. The program features less disk space, higher reliability and security. An HTML injection vulnerability exists in VMware...

VMware vSphere Client XML External Entity Information Disclosure Vulnerability

VMware vSphere is a virtualization platform for building cloud computing infrastructures from VMware that simplifies IT operations by separating applications and operating systems from the underlying hardware.VMware vSphere Client is a client software for VMware vSphere. An XML external entity...

PT-2016-7899 · Oracle +7 · Mysql Server +6

Name of the Vulnerable Software and Affected Versions: MySQL Server versions 5.5.56 and earlier MySQL Server versions 5.6.36 and earlier MySQL Server versions 5.7.18 and earlier Description: The issue allows a low privileged attacker with network access via multiple protocols to compromise MySQL...

CVE-2016-2997

Cross-site scripting XSS vulnerability in the Web UI in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2995, CVE-2016-300...

PHP SPL Extended Integer Overflow Vulnerability

PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community.SPL Standard PHP Library is a collection of interfaces and class extensions for solving typical problems. SPL Standard PHP Library is an extensio...

Unspecified Vulnerability in Oracle PeopleSoft Products PeopleSoft Enterprise PeopleTools Component (CNVD-2016-05308)

Oracle PeopleSoft Products is a suite of enterprise human capital management solutions from Oracle Corporation, and PeopleSoft Enterprise PeopleTools is one of the tools and technology components that transforms the way organizations manage, use, and maintain their PeopleSoft software. PeopleSoft...

Unspecified Vulnerability in Oracle MySQL Server (CNVD-2016-05391)

Oracle MySQL Server is a lightweight relational database system. A security vulnerability exists in Oracle MySQL Server versions 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier, which can be exploited by an authenticated, local attacker to affect availability...