Oracle Solaris Critical Patch Update : apr2023_SRU11_4_54_138_1

This Solaris system is missing necessary patches to address a critical security update : - Vulnerability in the Oracle Solaris product of Oracle Systems component: IPS repository daemon. The supported version that is affected is 11. Difficult to exploit vulnerability allows high privileged attack...

Oracle Solaris Critical Patch Update : apr2023_SRU11_4_56_138_2

This Solaris system is missing necessary patches to address a critical security update : - Vulnerability in the Oracle Solaris product of Oracle Systems component: Utility. Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows high privileged attacker with...

Oracle Solaris Critical Patch Update : apr2023_SRU11_4_46_119_2

This Solaris system is missing necessary patches to address a critical security update : - Vulnerability in the Oracle Solaris product of Oracle Systems component: NSSwitch. Supported versions that are affected are 10 and 11. Difficult to exploit vulnerability allows low privileged attacker with...

MySQL -- Multiple vulnerabilities

Oracle reports: This Critical Patch Update contains 34 new security patches, plus additional third party patches noted below, for Oracle MySQL. 11 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials...

Google Releases Urgent Chrome Update to Fix Actively Exploited Zero-Day Vulnerability

Google on Friday released out-of-band updates to resolve an actively exploited zero-day flaw in its Chrome web browser, making it the first such bug to be addressed since the start of the year. Tracked as CVE-2023-2033 , the high-severity vulnerability has been described as a type confusion issue...

Security Bulletin: CVE-2022-21426 may affect IBM® SDK, Java™ Technology Edition

Summary CVE-2022-21426 was disclosed as part of the Oracle April 2022 Critical Patch Update. Vulnerability Details CVEID:CVE-2022-21426 DESCRIPTION: An unspecified vulnerability in Java SE related to the JAXP component could allow an unauthenticated attacker to cause a denial of service resulting...

Important: kernel-livepatch-4.14.305-227.531

Issue Overview: In the Linux kernel before 6.1.13, there is a double free in net/mpls/afmpls.c upon an allocation failure for registering the sysctl table under a new location during the renaming of a device. CVE-2023-26545 Affected Packages: kernel-livepatch-4.14.305-227.531 Issue Correction:...

CLSA-2023-1679943745 Fix CVE(s): CVE-2023-25690

SECURITY UPDATE: proxy configuration may trigger HTTP request smuggling attack - debian/patches/CVE-2023-25690.patch: don't forward invalid query strings - CVE-2023-25690...

PT-2023-1825 · Adobe · Substance3D - Stager

Name of the Vulnerable Software and Affected Versions: Adobe Substance 3D Stager versions 2.0.0 and earlier Description: The issue is caused by improper input validation, which could result in arbitrary code execution in the context of the current user. Exploitation requires user interaction, whe...

PT-2023-1772 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows versions prior to the fixed version Description: The issue exists due to insufficient input validation in the Procedure Call Runtime of Windows operating systems. This allows a remote attacker to execute arbitrary code. Recommendation...

Oracle Database 19c Access Bypass Vulnerability

Oracle Database Vault had a flaw that would allow unauthorized privileged users to extract data from a protected table. Oracle 19c versions 19.18 and below are affected. Fixed in the Oracle Critical Patch Update October 2022. Title: Oracle Database Vault Protected Table With Realm Data Extraction...

CLSA-2023-1678136704 Fix CVE(s): CVE-2023-24329

SECURITY UPDATE: Improper input validation - debian/patches/CVE-2023-24329-v2.7.patch: Prevent urllib.parse.urlparse from accepting schemes that don't begin with an alphabetical ASCII character - CVE-2023-24329...

SUSE SLES12 Security Update : kernel (Live Patch 37 for SLE 12 SP5) (SUSE-SU-2023:0525-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2023:0525-1 advisory. - A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2capreassemblesdu of the file...

PT-2023-15068 · Checkmk · Checkmk

Name of the Vulnerable Software and Affected Versions: Checkmk versions 1.6.0 through 1.6.0p29 Checkmk versions 2.0.0 through 2.0.0p27 Checkmk versions 2.1.0 through 2.1.0p10 Description: The issue allows an attacker to inject and execute PHP code in the auth.php and hosttags.php files of the...

Oracle Essbase (Jan 2023 CPU)

The version of Oracle Essbase installed on the remote host is missing a security patch from the January 2023 Critical Patch Update CPU. It is, therefore, affected by multiple vulnerabilities, including: - Vulnerability in Oracle Essbase component: Essbase Web Platform OpenSSL. The supported versi...

CVE-2022-21587: Rapid7 Observed Exploitation of Oracle E-Business Suite Vulnerability

Emergent threats evolve quickly, and as we learn more about this vulnerability, this blog post will evolve, too. Rapid7 is responding to various compromises arising from the exploitation of CVE-2022-21587, a critical arbitrary file upload vulnerability rated 9.8 on the CVSS v3 risk metric impacti...

CISA Alert: Oracle E-Business Suite and SugarCRM Vulnerabilities Under Attack

The U.S. Cybersecurity and Infrastructure Security Agency CISA on February 2 added two security flaws to its Known Exploited Vulnerabilities KEV Catalog, citing evidence of active exploitation. The first of the two vulnerabilities is CVE-2022-21587 CVSS score: 9.8, a critical issue impacting...

Security Bulletin: Multiple vulnerabilities in IBM® SDK Java™ Technology Edition affect IBM Workload Scheduler.

Summary Vulnerabilities in IBM® SDK Java™ Technology Edition potentially affect IBM Workload Scheduler. These issues were disclosed as part of the Oracle July 2022 Critical Patch Update. These vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2022-21541 DESCRIPTION: An...

Security Bulletin: Multiple vulnerabilities in IBM® SDK Java™ Technology Edition affect IBM Workload Scheduler.

Summary Vulnerabilities in IBM® SDK Java™ Technology Edition potentially affect IBM Workload Scheduler. These issues were disclosed as part of the Oracle April 2022 Critical Patch Update. These vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2022-21496 DESCRIPTION: An...

PT-2023-1959

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.2 Description A flaw was found in the Linux kernel's OverlayFS subsystem, allowing unauthorized access to the execution of the setuid file with capabilities. This uid mapping bug enables a local user to escalat...