Endeca Latitude 2.2.2 Cross Site Request Forgery

Advisory: Endeca Latitude Cross-Site Request Forgery RedTeam Pentesting discovered a Cross-Site Request Forgery CSRF vulnerability in Endeca Latitude. Using this vulnerability, an attacker might be able to change several different settings of the Endeca Latitude instance or disable it entirely...

RHEL 5 : mysql55-mysql (RHSA-2014:0536)

Updated mysql55-mysql packages that fix several security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings...

CentOS 5 : mysql55-mysql (CESA-2014:0536)

Updated mysql55-mysql packages that fix several security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings...

Moderate: Red Hat Security Advisory: mysql55-mysql security update

Updated mysql55-mysql packages that fix several security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings...

Oracle Containers for J2EE Multiple Unspecified HTTP Vulnerabilities (April 2014 CPU)

The remote install of Oracle Containers for J2EE is missing a vendor-supplied update. It is, therefore, affected by multiple, unspecified vulnerabilities related to how HTTP requests are handled. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...

Moderate: Red Hat Security Advisory: mariadb55-mariadb security update

Updated mariadb55-mariadb packages that fix several security issues are now available for Red Hat Software Collections 1. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

IBM Domino 8.0.x / 8.5.x / 9.0.x with IBM Java < 1.6 SR15 FP1 Multiple Vulnerabilities (credentialed check)

The remote host has a version of IBM Domino formerly Lotus Domino 8.0.x / 8.5.x / 9.0.x that is bundled with an IBM Java version prior to 1.6 SR15 FP1. It is, therefore, affected by the vulnerabilities mentioned in the Oracle Java Critical Patch Update advisories for October 2013 and January 2014...

[SECURITY] [DSA 2919-1] mysql-5.5 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2919-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso May 03, 2014 http://www.debian.org/security/faq -...

Debian Security Advisory DSA 2919-1 (mysql-5.5 - security update)

Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.37. Please see the MySQL 5.5 Release Notes and Oracle's Critical Patch Update advisory for further details:...

Oracle / Sun / MySQL / PeopleSoft / OpenJDK applications multiple security vulnerabilities

104 vulnerabilities in quarterly Critical Patch Update...

Oracle Identity Analytics / Sun Role Manager Unspecified Remote Vulnerability (April 2014 CPU)

The remote Oracle Identity Analytics formerly known as Sun Role Manager install is affected by an unspecified vulnerability that can be exploited by remote, authenticated attackers. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...

April 2014 Oracle Critical Patch Update

Software maker and database management company Oracle yesterday released its quarterly Critical Patch Update. The release resolves more than 100 security vulnerabilities, many of which received high common vulnerability scoring system base scores and should be applied as soon as possible. Product...

Advantech WebAccess odeName2参数处理栈缓冲区溢出漏洞

CVE ID:CVE-2014-0766 Advantech WebAccess HMI/SCADA是一款HMI/SCADA软件。 Advantech WebAccess处理odeName2参数时不正确过滤用户输入，允许远程攻击者利用漏洞提交特殊参数触发基于栈的缓冲区溢出，可使应用程序崩溃或执行任意代码。 0 Advantech WebAccess 7.1 Advantech WebAccess 7.2版本已修复该漏洞，建议用户下载更新： http://webaccess.advantech.com/...

Oracle Critical Patch Update - April 2014

A Critical Patch Update CPU is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update...

Oracle Critical Patch Update - April 2014

A Critical Patch Update CPU is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update...

Oracle Business Intelligence Publisher (October 2012 CPU)

According to the self-reported version of the Remote Oracle Business Intelligence Publisher install, it is missing the October 2012 Critical Patch Update. It is, therefore, affected by multiple reflected cross-site scripting vulnerabilities and an XML eXternal Entity XXE injection vulnerability...

VMSA-2014-0002 : VMware vSphere updates to third-party libraries

a. DDoS vulnerability in NTP third-party libraries The NTP daemon has a DDoS vulnerability in the handling of the 'monlist' command. An attacker may send a forged request to a vulnerable NTP server resulting in an amplified response to the intended target of the DDoS attack. Mitigation Mitigation...

AIX Java Multiple Vulnerabilities (Oracle Java 2014 CPU)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 IBM SECURITY ADVISORY First Issued: Thu Mar 6 13:24:59 CST 2014 The most recent version of this document is available here: http://aix.software.ibm.com/aix/efixes/security/javajan2014advisory.asc...

Four Oracle Demantra Security Vulnerabilities Found

Oracle’s Demantra, part of the company’s Value Chain Planning suite of software, is fraught with vulnerabilities according to several bug disclosures issued over the weekend. Researchers at the London-based computer security firm Portcullis claim the application is plagued by a four vulnerabiliti...

RHEL 5 : mysql55-mysql (RHSA-2014:0186)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2014:0186 advisory. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and...