OpenJDK: certificate path validation issue during client authentication (8309966)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf, 11.0.20, 17.0.8, 21; Oracle GraalVM for JDK: 17.0.8, 21; Oracle GraalVM Enterprise...

OESA-2023-1813 openjdk-1.8.0 security update

The OpenJDK runtime environment 8. Security Fixes: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: CORBA. Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf; Oracle GraalVM Enterprise Edition: 20.3.11 and 21.3.7...

Fedora 39 : mediawiki (2023-7e9d6015f6)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-7e9d6015f6 advisory. https://lists.wikimedia.org/hyperkitty/list/mediawiki- [email protected]/thread/H46H5ZYZG2PYUQ5STK7NWKF7GXYW7H6B/ Tenable has extracted t...

CVE-2023-42670 Samba: ad dc busy rpc multiple listener dos

A flaw was found in Samba. It is susceptible to a vulnerability where multiple incompatible RPC listeners can be initiated, causing disruptions in the AD DC service. When Samba's RPC server experiences a high load or unresponsiveness, servers intended for non-AD DC purposes for example,...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : java-17-openjdk (SUSE-SU-2023:4289-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4289-1 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK...

SUSE CVE-2021-2010

Vulnerability in the MySQL Client product of Oracle MySQL component: C API. Supported versions that are affected are 5.6.50 and prior, 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise...

SUSE CVE-2021-2232

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Group Replication Plugin. Supported versions that are affected are 8.0.23 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to...

Oracle Linux 8 : java-11-openjdk (ELSA-2023-5742)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-5742 advisory. - OpenJDK: certificate path validation issue during client authentication 8309966 CVE-2023-22081 Tenable has extracted the preceding description block directly...

Information disclosure

vCenter Server contains a partial information disclosure vulnerability. A malicious actor with non-administrative privileges to vCenter Server may leverage this issue to access unauthorized data...

CVE-2023-43510 Authenticated Remote Command Injection in ClearPass Policy Manager Web-Based Management Interface Leading to Partial System Compromise

A vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as a non-privileged user on the underlying operating system...

CVE-2023-43510 Authenticated Remote Command Injection in ClearPass Policy Manager Web-Based Management Interface Leading to Partial System Compromise

A vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as a non-privileged user on the underlying operating system...

PT-2023-6425 · Vmware · Vcenter Server +1

Name of the Vulnerable Software and Affected Versions: vCenter Server versions affected versions not specified Description: The issue is related to a partial information disclosure vulnerability in vCenter Server. It may allow a malicious actor with non-administrative privileges to access...

Medium: java-11-amazon-corretto

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf, 11.0.20, 17.0.8, 20.0.2; Oracle GraalVM for JDK: 17.0.8 and 20.0.2. Easily exploitable vulnerability...

Medium: java-1.8.0-amazon-corretto

Issue Overview: Vulnerability in Oracle Java SE component: CORBA. Supported versions that are affected are Oracle Java SE: 8u381 and 8u381-perf. Easily exploitable vulnerability allows unauthenticated attacker with network access via CORBA to compromise Oracle Java SE. Successful attacks of this...

CVE-2023-4919 iframe <= 4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'iframe' Shortcode

The iframe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the iframe shortcode in versions up to, and including, 4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permission and above, ...

The vulnerability of the Database Sharding component of the Oracle Database Server system allows a hacker to perform a partial denial-of-service attack.

The vulnerability of the Database Sharding component of the Oracle Database Server management system is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to perform a partial denial-of-service attack remotely...

The vulnerability of the Database Sharding component of the Oracle Database Server management system allows a hacker to perform a partial service outage.

The vulnerability of the Database Sharding component of the Oracle Database Server management system is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to cause a partial service failure...

Medium: java-17-amazon-corretto

Issue Overview: Memory corruption bug on JDK 21 and 20 when AVX-512 is enabled. CVE-2023-22025 Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf, 11.0.20, 17.0.8, 20.0.2...

Medium: java-1.8.0-amazon-corretto

Issue Overview: Vulnerability in Oracle Java SE component: CORBA. Supported versions that are affected are Oracle Java SE: 8u381 and 8u381-perf. Easily exploitable vulnerability allows unauthenticated attacker with network access via CORBA to compromise Oracle Java SE. Successful attacks of this...

Oracle Linux 7 : java-1.8.0-openjdk (ELSA-2023-5761)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-5761 advisory. 1:1.8.0.392.b08-2 - Revert jcmd move as jcmd will not operate without tools.jar - Related: RHEL-13577 1:1.8.0.392.b08-1 - Update to...