Oracle Essbase Multiple Vulnerabilities (October 2025 CPU)

The version of Oracle Essbase installed on the remote host is missing a security patch from the October 2025 Critical Patch Update CPU. It is, therefore, affected by: - Vulnerability in Oracle Essbase component: Security and Provisioning Bouncy Castle Java Library. The supported version that is...

CVE-2025-62480

Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems component: Naming Subsystem. The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle ZFS Storage Appliance Kit...

CVE-2025-61762

Vulnerability in the PeopleSoft Enterprise FIN Payables product of Oracle PeopleSoft component: Payables. The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FIN Payables...

django: Potential partial directory-traversal via archive.extract()

A flaw was found in Django. The django.utils.archive.extract function, used by startapp --templateand startproject --template, allowed partial directory-traversal via an archive with file paths sharing a common prefix with the target directory...

CVE-2025-62480

Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems component: Naming Subsystem. The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle ZFS Storage Appliance Kit...

CVE-2025-62479

Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems component: Block Storage. The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle ZFS Storage Appliance Kit...

CVE-2025-61762

Vulnerability in the PeopleSoft Enterprise FIN Payables product of Oracle PeopleSoft component: Payables. The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FIN Payables...

CVE-2025-61762

Vulnerability in the PeopleSoft Enterprise FIN Payables product of Oracle PeopleSoft component: Payables. The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FIN Payables...

EUVD-2025-35228

Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems component: Naming Subsystem. The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle ZFS Storage Appliance Kit...

EUVD-2025-35226

Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems component: Block Storage. The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle ZFS Storage Appliance Kit...

EUVD-2025-35248

Vulnerability in the PeopleSoft Enterprise FIN Payables product of Oracle PeopleSoft component: Payables. The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FIN Payables...

CVE-2025-9133

A missing authorization vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50W series firmware versions from V4.16 through V5.40, and USG20W-VPN series firmware versions from V4.16 through V5.40 could...

CVE-2025-9133

Summary of CVE-2025-9133 (Zyxel devices) Technical details in the connected PT-2025-42828 entry show a missing authorization flaw in Zyxel ATP series, Zyxel USG FLEX series, and Zyxel USG20(W)-VPN devices. The vulnerability arises from insufficient input validation/logic in the CGI interface, spe...

Oracle PeopleSoft 安全漏洞

Oracle PeopleSoft is a suite of enterprise human capital management solutions from Oracle Corporation USA. The product provides human capital management, financial management, vendor relationship management, and other functions. A security vulnerability exists in Oracle PeopleSoft's PeopleSoft...

Oracle ZFS Storage Appliance Kit 安全漏洞

Oracle ZFS Storage Appliance Kit is a storage appliance from Oracle Corporation that supports flash memory, petabyte file storage and has a built-in Oracle database. A security vulnerability exists in Oracle Systems' Oracle ZFS Storage Appliance Kit version 8.8, which originates from an attack by...

Oracle PeopleSoft 安全漏洞

Oracle PeopleSoft is a suite of enterprise human capital management solutions from Oracle Corporation USA. The product provides human capital management, financial management, vendor relationship management, and other capabilities. A security vulnerability exists in Oracle PeopleSoft's PeopleSoft...

Oracle Linux 7 : kernel (ELSA-2025-17161)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-17161 advisory. - ALSA: usb-audio: Fix an out-of-bounds bug in sndusbparseaudiointerface CVE-2022-48701 Orabug: 38493400 - md-raid10: fix KASAN warning CVE-2022-50211...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987512)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987512 advisory. In the Linux kernel, the following vulnerability has been resolved: tty: Fix out-of-bound vmalloc access in imageblit This issue happens when a userspace program doe...

CLSA-2025-1760712981 Fix CVE(s): CVE-2025-24813

SECURITY UPDATE: path Equivalence leads to Remote Code Execution and/or Information disclosure - debian/patches/CVE-2025-24813.patch: Enhance lifecycle of temporary files used by partial PUT - CVE-2025-24813...

CVE-2023-53556

In the Linux kernel, the following vulnerability has been resolved: iavf: Fix use-after-free in freenetdev We do netifnapiadd for all allocated qvectors, but potentially do netifnapidel for part of them, then kfree qvectors and leave invalid pointers at dev-napilist. Reproducer: root@host cat...