Moderate: Red Hat Security Advisory: mysql55-mysql security update

Updated mysql55-mysql packages that fix several security issues are now available for Red Hat Software Collections 1. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

Oracle Identity Manager (April 2012 CPU)

The remote host is missing the April 2012 Critical Patch Update for Oracle Identity Manager. It is, therefore, affected by an unspecified vulnerability related to User Config Management. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...

Information on recently-fixed Oracle VM VirtualBox vulnerabilities

Hi there, Recently I found a few vulnerabilities in Oracle VM VirtualBox, the open-source virtualization product. These have already been reported to the project, fixed and disclosed in the form of the recent January 2014 Oracle Critical Patch Update at...

kernel to 3.11.10 (important)

The Linux Kernel was updated to version 3.11.10, fixing security issues and bugs: - floppy: bail out in open if drive is not responding to block0 read bnc773058. - compatsysrecvmmsg X32 fix bnc860993 CVE-2014-0038. - HID: usbhid: fix sis quirk bnc859804. - hwmon: coretemp Fix truncated name of...

Oracle Identity Manager (October 2013 CPU

The remote host is missing the October 2013 Critical Patch Update for Oracle Identity Manager. It is, therefore, affected by an unspecified vulnerability in the End User Self Service component of the application. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc...

Oracle Identity Manager Identity Console (January 2014 CPU)

The remote host is missing the January 2014 Critical Patch Update for Oracle Identity Manager. It is, therefore, potentially affected by multiple, unspecified vulnerabilities in the Identity Console sub-component of Oracle Identity Manager. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

EC-CUBE vulnerable to authorization bypass

Overview EC-CUBE contains an authorization bypass vulnerability. EC-CUBE from EC-CUBE CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains an authorization bypass vulnerability CWE-639. The developer reported this vulnerability to JPCERT/CC under Information Security...

Oracle E-Business (January 2014 CPU)

The version of Oracle E-Business installed on the remote host is missing the January 2014 Critical Patch Update CPU. It is, therefore, affected by vulnerabilities in the following components : - Oracle Payroll - Oracle Application Object Library - Oracle Applications Framework %NASLMINLEVEL 70300...

Oracle Patches 36 Java Flaws in January 2014 CPU

All has been relatively quiet of late on the Java security front, which is in stark contrast to a year ago when Java was the scourge of the Internet. Vulnerabilities in Java were being exploited at an alarming rate in a number of targeted attacks including watering hole attacks against prominent...

Oracle Releases January 2014 Security Advisory

Oracle has released its Critical Patch Update for January 2014 to address 144 vulnerabilities across multiple products. This update contains the following security fixes: 5 for Oracle Database Server 22 for Oracle Fusion Middleware 2 for Oracle Hyperion 4 for Oracle E-Business Suite 16 for Oracle...

Oracle Critical Patch Update - January 2014

A Critical Patch Update CPU is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update...

Oracle Critical Patch Update - January 2014

A Critical Patch Update CPU is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update...

EC-CUBE information disclosure vulnerability

Overview EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains an information disclosure vulnerability due to an issue in processing front features. LAC Co., Ltd. reported this vulnerability to the developer. JPCERT/CC coordinated with the develope...

FreeBSD-SA-13:14.openssh

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-13:14.openssh Security Advisory The FreeBSD Project Topic: OpenSSH AES-GCM memory corruption vulnerability Category: contrib Module: openssh Announced:...

Oracle Java java.awt.image.ByteComponentRaster Overflow

Added: 10/24/2013 CVE: CVE-2013-2473 BID: 60623 OSVDB: 94336 Background Java is a programming language that compiles programs to bytecode, which is then executed inside a Java Virtual Machine. This is optimal for applications that must run on various hardware platforms, such as web applets. Probl...

Oracle Database Management Plug-In Unix (October 2013 CPU) (credentialed check)

The Oracle Database Management Plug-In installed on the remote host is missing the October 2013 Critical Patch Update CPU. It is, therefore, affected by multiple vulnerabilities in the Enterprise Manager Base Platform component : - An unspecified flaw exists in the Schema Management subcomponent...

Oracle JavaServer Faces contains multiple vulnerabilities

Overview Oracle JavaServer Faces contains multiple vulnerabilities which could allow an attacker to obtain sensitive information. Description Oracle JavaServer Faces contains multiple vulnerabilities which could allow an attacker to obtain sensitive information.Alex Kouzemtchenko and Jon Passki o...

Critical: Red Hat Security Advisory: java-1.7.0-oracle security update

Updated java-1.7.0-oracle packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System CVSS base scores, which give...

October 2013 Oracle Java Critical Patch Update

On Tuesday, for the first time, Java security updates were included with the quarterly Oracle Critical Patch Update – and just as quickly, Java wasted no time elevating itself as the top concern for Oracle admins and security experts. Of the 51 Java patches released, 50 allow for remote code...

Oracle Database Multiple Vulnerabilities (October 2013 CPU) (BEAST)

The remote Oracle database server is missing the October 2013 Critical Patch Update CPU. It is, therefore, affected by multiple security vulnerabilities in the following components : - Core RDBMS - Oracle Security service - XML Parser %NASLMINLEVEL 70300 C Tenable Network Security, Inc...