Important: kernel-livepatch-4.14.299-223.520

Issue Overview: A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function ipv6renewoptions of the component IPv6 Handler. The manipulation leads to memory leak. The attack can be launched remotely. It is recommended to apply a...

MySQL -- Multiple vulnerabilities

Oracle reports: This Critical Patch Update contains 37 new security patches for Oracle MySQL. 8 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network withouti requiring user credentials...

Oracle Solaris Critical Patch Update : jan2023_SRU11_4_53_132_2

This Solaris system is missing necessary patches to address critical security updates : - Vulnerability in the Oracle Communications Session Border Controller product of Oracle Communications component: Routing glibc. Supported versions that are affected are 8.4, 9.0 and 9.1. Difficult to exploit...

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to issue due to IBM® SDK, Java™ Technology Edition (CVE-2021-2163)

Summary IBM Sterling Partner Engagement Manager has addressed all applicable Java SE CVEs published by Oracle as part of their July 2022 Critical Patch Update. Vulnerability Details CVEID:CVE-2021-2163 DESCRIPTION: An unspecified vulnerability in Java SE related to the Libraries component could...

Security Bulletin: A vulnerability exists in the IBM® SDK, Java™ Technology Edition affecting IBM Tivoli Netcool Configuration Manager (CVE-2022-21541, CVE-2022-21540).

Summary A vulnerability exists in IBM® SDK Java™ Technology Edition, Version 8, which is used by IBM Tivoli Netcool Configuration Manager IP Edition v6.4.2, which was disclosed in the Oracle July 2022 Critical Patch Update Vulnerability Details CVEID:CVE-2022-21541 DESCRIPTION: An unspecified...

PT-2023-14495 · WordPress · 3D Flipbook Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: 3D FlipBook WordPress plugin versions 1.13.2 and earlier Description: The issue concerns the 3D FlipBook WordPress plugin, which does not validate or escape some of its shortcode attributes before outputting them back in the page. This could...

PT-2023-14143 · Servicenow · Servicenow

Name of the Vulnerable Software and Affected Versions: ServiceNow versions Quebec through San Diego Description: A cross-site scripting XSS issue allows remote attackers to inject arbitrary web script via the Standard Ticket Conversations widget in the Employee Service Center and Service Portal...

Oracle Enterprise Manager Ops Center UI or Other Patch (Oct 2019 CPU)

The version of Oracle Enterprise Manager Ops Center installed on the remote host is affected by a vulnerability as described in the October 2019 Critical Patch Update CPU. Vulnerability in the Enterprise Manager Ops Center product of Oracle Enterprise Manager component: Networking jQuery. Support...

Security Bulletin: Security vulnerabilities have been identified in IBM® SDK, Java™ Technology Edition used in IBM WebSphere Application Server used by IBM Master Data Management

Summary CVE-2022-21299 was disclosed as part of the Oracle January 2022 Critical Patch Update. An unspecified vulnerability in Java SE related to the JAXP component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack...

Security Bulletin: Security vulnerabilities have been identified in IBM® SDK, Java™ Technology Edition used in IBM WebSphere Application Server and used by IBM Master Data Management

Summary CVE-2021-35561 was disclosed as part of the Oracle October 2021 Critical Patch Update. Vulnerability Details CVEID:CVE-2021-35561 DESCRIPTION: An unspecified vulnerability in Java SE related to the Utility component could allow an unauthenticated attacker to cause a denial of service...

PT-2023-1032 · Adobe · Incopy

Name of the Vulnerable Software and Affected Versions: Adobe InCopy versions 18.0 and earlier Adobe InCopy versions 17.4 and earlier Description: The issue is related to improper input validation, which could result in arbitrary code execution in the context of the current user. Exploitation of...

PT-2023-1022 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows versions prior to the fixed version Description: The issue is related to the implementation of the Layer 2 Tunneling Protocol L2TP in Microsoft Windows, specifically involving the use of memory after it has been freed. This can be...

Security Bulletin: The IBM® Engineering Lifecycle Engineering products using IBM® SDK, Java™ Technology Edition are affected by multiple vulnerabilities ( CVE-2022-21541, CVE-2022-21540 )

Summary All applicable Java SE CVEs published by Oracle as part of their July 2022 Critical Patch Update. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulletin: IBM Engineering Test Management, BM Jazz Reporting Service , I...

PT-2022-6000 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.14 and earlier Description: The issue exists due to inadequate protection of the web page structure in Adobe Experience Manager, allowing a remote attacker to perform cross-site scripting attacks using a...

CISA Warns of Actively Exploited Critical Oracle Fusion Middleware Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Monday added a critical flaw impacting Oracle Fusion Middleware to its Known Exploited Vulnerabilities KEV Catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2021-35587, carries a CVSS score of 9.8 a...

PT-2022-25362 · WordPress · Appointment Hour Booking

Name of the Vulnerable Software and Affected Versions: Appointment Hour Booking plugin for WordPress versions up to, and including, 1.3.72 Description: The issue is related to a CAPTCHA bypass due to the use of an insufficiently strong hashing algorithm on the CAPTCHA secret. This secret is also...

PT-2022-6787 · Google +1 · Google Chrome +1

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 108.0.5359.71 Description: The issue is related to an uninitialized use in FFmpeg within Google Chrome, allowing a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. This is due...

PT-2022-22381 · Datadog +1 · Datadog +2

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 12.1 through 15.3.5 GitLab CE/EE versions 15.4 through 15.4.4 GitLab CE/EE versions 15.5 through 15.5.2 Description: An issue has been discovered in GitLab CE/EE. A malicious maintainer could exfiltrate a Datadog...

CVE-2022-39323 SQL Injection on REST API in GLPI

GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Time based attack using a SQL injection in api REST usertoken. This issue has been patched, please...

PT-2022-27229 · Typo3 · Femanager

Name of the Vulnerable Software and Affected Versions: femanager extension versions prior to 5.5.2 femanager extension versions 6.x prior to 6.3.3 femanager extension versions 7.x prior to 7.0.1 Description: The issue allows creation of frontend users in restricted groups if there is a usergroup...