PT-2020-1544 · Oracle · Oracle Coherence

Name of the Vulnerable Software and Affected Versions: Oracle Coherence versions 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0, and 12.2.1.4.0 Description: The issue is related to insufficient access control in the Caching, CacheStore, Invocation component of Oracle Coherence, allowing an unauthenticated...

Oracle Coherence CVE-2020-2555 Multiple Remote Security Vulnerabilities

Description Oracle Coherence is prone to multiple remote security vulnerabilities. The vulnerability can be exploited over the 'T3' protocol. The 'Caching', 'CacheStore' and 'Invocation' components are affected. This vulnerability affects the following supported versions: 12.1.3.0.0, 12.2.1.3.0 a...

CVE-2019-18318

A vulnerability has been identified in SPPA-T3000 Application Server All versions Service Pack R8.2 SP2. An attacker with network access to the Application Server can cause a Denial-of-Service condition by sending specifically crafted objects via RMI. This vulnerability is independent from...

CVE-2019-18317

A vulnerability has been identified in SPPA-T3000 Application Server All versions Service Pack R8.2 SP2. An attacker with network access to the Application Server could cause a Denial-of-Service condition by sending specifically crafted objects via RMI. This vulnerability is independent from...

CVE-2019-18319

A vulnerability has been identified in SPPA-T3000 Application Server All versions Service Pack R8.2 SP2. An attacker with network access to the Application Server could cause a Denial-of-Service condition by sending specifically crafted objects via RMI. This vulnerability is independent from...

CVE-2019-18314

A vulnerability has been identified in SPPA-T3000 Application Server All versions Service Pack R8.2 SP2. An attacker with network access to the Application Server could gain remote code execution by sending specifically crafted objects via RMI. Please note that an attacker needs to have network...

CVE-2019-18288

A vulnerability has been identified in SPPA-T3000 Application Server All versions Service Pack R8.2 SP2. An attacker with valid authentication at the RMI interface could be able to gain remote code execution through an unsecured file upload. Please note that an attacker needs to have access to th...

Siemens SPPA-T3000 Application Server Improper Authentication Vulnerability (CNVD-2019-45374)

SPPA-T3000 is a distributed control system mainly used in thermal power plants and large-scale renewable energy power plants.Application Server is the application server in it, which provides the main system services including access control, distribution of data to thin clients and archiving. A...

Siemens SPPA-T3000 Application Server Sensitive Information Plaintext Transfer Vulnerability

SPPA-T3000 is a distributed control system mainly used in thermal power plants and large-scale renewable energy power plants.Application Server is the application server in it, which provides the main system services including access control, distribution of data to thin clients and archiving. A...

Siemens SPPA-T3000 improper authentication vulnerability (CNVD-2019-44769)

The SPPA-T3000 is a distributed control system mainly used in thermal power plants and large renewable energy power plants. A security vulnerability exists in the Siemens SPPA-T3000. An attacker with network access to the application server could cause a denial of service condition by sending...

Ruby has an unspecified vulnerability

Ruby is a simple and fast object-oriented object-oriented programming scripting language. An unspecified vulnerability exists in Ruby. An attacker can exploit this vulnerability to invoke arbitrary Ruby methods...

CVE-2019-2315

While invoking the API to copy from fd or local buffer to the secure buffer, Parameters being populated are from non secure environment. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music...

CVE-2019-2315

While invoking the API to copy from fd or local buffer to the secure buffer, Parameters being populated are from non secure environment. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music...

GHSA-MX7P-6679-8G3Q Polymorphic Typing in FasterXML jackson-databind

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint and the service has the commons-dbcp 1.4 jar in the classpath, and an attacker can find a...

ansible: sub parameters marked as no_log are not masked in certain failure scenarios

A flaw was found in ansible. When a module has an argumentspec with sub parameters marked as nolog, passing an invalid parameter name to the module will cause the task to fail before the nolog options in the sub parameters are processed. As a result, data in the sub parameter fields will not be...

ansible: sub parameters marked as no_log are not masked in certain failure scenarios

A flaw was found in ansible. When a module has an argumentspec with sub parameters marked as nolog, passing an invalid parameter name to the module will cause the task to fail before the nolog options in the sub parameters are processed. As a result, data in the sub parameter fields will not be...

ansible: sub parameters marked as no_log are not masked in certain failure scenarios

A flaw was found in ansible. When a module has an argumentspec with sub parameters marked as nolog, passing an invalid parameter name to the module will cause the task to fail before the nolog options in the sub parameters are processed. As a result, data in the sub parameter fields will not be...

Cross-site scripting in Apache JSPWiki

On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the plain editor, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victi...

openSUSE Security Update : php7 (openSUSE-2019-2272)

This update for php7 fixes the following issues : Security issues fixed : - CVE-2019-11041: Fixed heap buffer over-read in exifscanthumbnail bsc1146360. - CVE-2019-11042: Fixed heap buffer over-read in exifprocessusercomment bsc1145095. Non-security issue fixed : - Drop -n from php invocation fro...

CVE-2019-14958

JetBrains PyCharm before 2019.2 was allocating a buffer of unknown size for one of the connection processes. In a very specific situation, it could lead to a remote invocation of an OOM error message because of Uncontrolled Memory Allocation...