VMware Releases Patches for XSS, Cert. Validation Issue

VMware released a handful of patches late last week to fix several vulnerabilities, including a nasty cross-site scripting issue in one of its server virtualization platforms. The vulnerabilities lie in VMware’s vCenter Server Appliance vCSA – a module for VMware’s vCenter Server. The main bug, a...

CentOS 7 : mariadb (CESA-2014:1861)

Updated mariadb packages that fix several security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available...

Scientific Linux Security Update : mariadb on SL7.x x86_64 (20141117)

This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page CVE-2014-2494, CVE-2014-4207, CVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287, CVE-2014-4274, CVE-2014-6463,...

RHEL 7 : mariadb (RHSA-2014:1861)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2014:1861 advisory. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. This update fixes several vulnerabilities ...

Important: Red Hat Security Advisory: mariadb security update

Updated mariadb packages that fix several security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available...

Nibbleblog 4.0.1 Cross Site Scripting

============================================= MGC ALERT 2014-002 - Original release date: March 5, 2014 - Last revised: November 17, 2014 - Discovered by: Manuel Garcia Cardenas - Severity: 4,8/10 CVSS Base Score ============================================= I. VULNERABILITY...

SuSE 11.3 Security Update : Java OpenJDK (SAT Patch Number 9906)

Oracle Critical Patch Update Advisory - October 2014 Description : A Critical Patch Update CPU is a collection of patches for multiple security vulnerabilities. Find more information here: http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.h tml %NASLMINLEVEL 70300 C Tenable...

[SE-2014-01] Missing patches / inaccurate information regarding Oracle Oct CPU

Hello All, We've been recently informed by a 3rd party that Oracle planned to release fixes for the vulnerabilities covered by our SE-2014-01 1 project in Nov 2014. We initially thought that someone mistakenly took Oct for Nov Oracle CPU was released on Oct 14, 2014, but the credibility of the...

Oracle OpenSSO Agent Multiple Vulnerabilities (October 2014 CPU)

The Oracle OpenSSO agent installed on the remote host is missing a vendor-supplied update. It is, therefore, affected by multiple vulnerabilities in the bundled Mozilla Network Security Services, the most serious of which can allow remote code execution. %NASLMINLEVEL 70300 C Tenable Network...

Oracle Access Manager (October 2014 CPU)

The version of Oracle Access Manager installed on the remote host is affected by multiple unspecified vulnerabilities in the Admin Console. CVE-2014-6462, CVE-2014-6552, CVE-2014-6553, CVE-2014-6554 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...

SUSE-SU-2015:0833-1 Security update for Java OpenJDK

Oracle Critical Patch Update Advisory - October 2014 Description: A Critical Patch Update CPU is a collection of patches for multiple security vulnerabilities. Find more information here: http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html...

SUSE-SU-2015:0336-1 Security update for Java OpenJDK

Oracle Critical Patch Update Advisory - October 2014 Description: A Critical Patch Update CPU is a collection of patches for multiple security vulnerabilities. Find more information here: http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html...

Debian DSA-3054-1 : mysql-5.5 - security update

Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.40. Please see the MySQL 5.5 Release Notes and Oracle's Critical Patch Update advisory for further details : -...

Oracle Java SE remote security vulnerability(CVE-2 0 1 4-6 4 5 6)-vulnerability warning-the black bar safety net

Affected system: OracleJava SE 8u20 Oracle Java SE 7u67 Description: BUGTRAQ ID: 7 0 5 2 2 CVECAN ID: CVE-2 0 1 4-6 4 5 6 Java SE is based on the JDK and the JRE of the Java Platform, Standard Edition, for developing and deploying desktop, server and embedded devices and real-time environment of ...

Oracle Identity Manager (October 2014 CPU

The remote host is missing the October 2014 Critical Patch Update for Oracle Identity Manager. It is, therefore, affected by multiple vulnerabilities : - The application is affected by a vulnerability in Apache Commons BeanUtils in which ClassLoader objects can be set via the class attribute of a...

Oracle E-Business Multiple Vulnerabilities (October 2014 CPU)

The version of Oracle E-Business installed on the remote host is missing the October 2014 Oracle Critical Patch Update CPU. It is, therefore, affected by vulnerabilities in the following components : - Oracle Application Technology Stack - Oracle Applications Framework - Oracle Applications Objec...

Critical: Red Hat Security Advisory: java-1.7.0-oracle security update

Updated java-1.7.0-oracle packages that fix several security issues are now available for Oracle Java for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System CVSS base scores, which give...

October 2014 Oracle Java Security Patches

Problems with the maligned Java Reflection API, the molten core of far too many exploited Java vulnerabilities in 2013, have surfaced again. Researchers with Security Explorations yesterday published details of a number of critical vulnerabilities in Java; the disclosures were made on the same da...

Oracle Solaris Critical Patch Update : oct2014_SRU11_1_20_5_0

This Solaris system is missing necessary patches to address a critical security update : - Vulnerability in the Solaris component of Oracle Sun Systems Products Suite subcomponent: iSCSI Data MoverIDM. Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows...

Oracle Solaris Critical Patch Update : jan2013_SRU11_1_2_5_0

This Solaris system is missing necessary patches to address a critical security update : - Vulnerability in the Solaris component of Oracle Sun Products Suite subcomponent: Kernel. The supported version that is affected is 11. Easily exploitable vulnerability requiring logon to Operating System...