Oracle Primavera P6 Enterprise Project Portfolio Management HTTP Response Splitting

Exploit Title: Oracle Primavera P6 Enterprise Project Portfolio Management HTTP Response Splitting Date: 16-02-2018 Exploit Author: Marios Nicolaides - RUNESEC Reviewers: Simon Loizides and Nicolas Markitanis - RUNESEC Vendor Homepage: https://www.oracle.com Affected Software: Oracle Primavera P6...

Moderate: Red Hat Security Advisory: rh-mariadb100-mariadb security update

An update for rh-mariadb100-mariadb is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Oracle Financial Services Analytical Applications 7.3.5.x / 8.0.x XXE Injection(CVE-2018-2660) / XSS(CVE-2018-2661)

Vendor description: ------------------- "Oracle is the unchallenged leader in Financial Services, with an integrated, best-in-class, end-to-end solution of intelligent software and powerful hardware designed to meet every financial service need." Source:...

Debian DSA-4091-1 : mysql-5.5 - security update

Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.59, which includes additional changes. Please see the MySQL 5.5 Release Notes and Oracle's Critical Patch Update advisory for further details : -...

Important: Red Hat Security Advisory: java-1.7.0-oracle security update

An update for java-1.7.0-oracle is now available for Oracle Java for Red Hat Enterprise Linux 6 and Oracle Java for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which giv...

Critical: Red Hat Security Advisory: java-1.8.0-oracle security update

An update for java-1.8.0-oracle is now available for Oracle Java for Red Hat Enterprise Linux 6 and Oracle Java for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which give...

[SECURITY] [DSA 4091-1] mysql-5.5 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4091-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 18, 2018 https://www.debian.org/security/faq -...

Oracle Identity Manager Multiple Vulnerabilities (January 2018 CPU)

The remote host is missing the January 2018 Critical Patch Update for Oracle Identity Manager. It is, therefore, affected by multiple vulnerabilities as described in the January 2018 critical patch update advisory. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

Oracle Solaris Critical Patch Update : jan2018_SRU11_1_12_5_0

This Solaris system is missing necessary patches to address critical security updates : - Vulnerability in the Solaris component of Oracle Sun Systems Products Suite subcomponent: Kernel. The supported version that is affected is 10. Easily exploitable vulnerability allows unauthenticated attacke...

MySQL 5.5.x < 5.5.59 Multiple Vulnerabilities (January 2018 CPU)

The version of MySQL running on the remote host is 5.5.x prior to 5.5.59. It is, therefore, affected by multiple vulnerabilities as noted in the January 2018 Critical Patch Update advisory. Please consult the CVRF details for the applicable CVEs for additional information. Note that Nessus has no...

Oracle E-Business Multiple Vulnerabilities (January 2018 CPU)

The version of Oracle E-Business installed on the remote host is missing the January 2018 Oracle Critical Patch Update CPU. It is, therefore, affected by multiple vulnerabilities as noted in the January 2018 Critical Patch Update advisory. Please consult the CVRF details for the applicable CVEs f...

Oracle VM VirtualBox 5.1.x < 5.1.32 / 5.2.x < 5.2.6 (January 2018 CPU)

The version of Oracle VM VirtualBox running on the remote host is 5.1.x prior to 5.1.32 or 5.2.x prior to 5.2.6. It is, therefore, affected by multiple vulnerabilities as noted in the January 2018 Critical Patch Update advisory. Please consult the CVRF details for the applicable CVEs for addition...

Oracle Releases January 2018 Security Bulletin

Oracle has released its Critical Patch Update for January 2018 to address 237 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to obtain access to sensitive information. NCCIC/US-CERT encourages users and administrators to review the Oracle...

Oracle WebLogic Server WLS Security Component Deserialization Vulnerability

Added: 01/09/2018 BID: 101304 Background Oracle WebLogic Server formerly BEA WebLogic Server is a Java web application platform. Problem Oracle WebLogic Server has a vulnerability in the WLS Security wls-wsat component that could allow an unauthenticated remote attacker who has HTTP access to the...

Oracle WebLogic Server WLS Security Component Deserialization Vulnerability

Added: 01/09/2018 BID: 101304 Background Oracle WebLogic Server formerly BEA WebLogic Server is a Java web application platform. Problem Oracle WebLogic Server has a vulnerability in the WLS Security wls-wsat component that could allow an unauthenticated remote attacker who has HTTP access to the...

Oracle WebLogic Server WLS Security Component Deserialization Vulnerability

Added: 01/09/2018 BID: 101304 Background Oracle WebLogic Server formerly BEA WebLogic Server is a Java web application platform. Problem Oracle WebLogic Server has a vulnerability in the WLS Security wls-wsat component that could allow an unauthenticated remote attacker who has HTTP access to the...

U.S. Dept Of Defense: WebLogic Server Side Request Forgery

Universal Description Discovery and Integration UDDI application is publicly available on this WebLogic server. The SearchPublicRegistries.jsp page can be abused by unauthenticated attackers to cause the WebLogic web server to connect to an arbitrary TCP port of an arbitrary host. Responses...

Important: Red Hat Security Advisory: rh-mysql57-mysql security update

An update for rh-mysql57-mysql is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Emergency Oracle Patch Closes Bug Rated 10 in Severity

Oracle pushed out an emergency update for a bug in Oracle Identity Manager that is as bad as it gets. Scoring a 10 on the CVSS scale, the vulnerability, CVE-2017-10151, enables an attacker to remotely take over the software without the need for authentication. “While the vulnerability is in Oracl...

Oracle E-Business Multiple Vulnerabilities (October 2017 CPU)

The version of Oracle E-Business installed on the remote host is 12.x.x prior to 12.2.8. It is, therefore, affected by multiple vulnerabilities as noted in the October 2017 Critical Patch Update advisory. Please consult the CVRF details for the applicable CVEs for additional information. Note tha...