PT-2022-24903 · Nextcloud +1 · Nextcloud Enterprise Server +3

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 23.0.10 and 24.0.6 Nextcloud Enterprise Server versions prior to 22.2.10, 23.0.10, and 24.0.6 Description: The issue allows a logged-in attacker to slow down the system by generating a lot of database/cpu...

PT-2022-22590 · Usermin · Usermin

Name of the Vulnerable Software and Affected Versions: Usermin versions prior to 1.851 Description: The issue allows a remote authenticated user to execute OS commands via command injection in a filename for the GPG module. Recommendations: For versions prior to 1.851, update to version 1.851 or...

Oracle WebCenter Portal Multiple Vulnerabilities (Oct 2022 CPU)

The version of Oracle WebCenter Portal installed on the remote host is missing a security patch from the Oct 2022 Critical Patch Update CPU. It is, therefore, affected by multiple vulnerabilites: - Vulnerability in the Oracle Communications Convergence product of Oracle Communications Application...

Oracle Releases October 2022 Critical Patch Update

Oracle has released its Critical Patch Update for October 2022. This update addresses 366 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Oracle’s...

Security Bulletin: The IBM® Engineering Lifecycle Management products recommendation for Java SE CVEs (CVE-2022-21496, CVE-2022-21434, CVE-2022-21443)

Summary Oracle Java SE released list of CVEs and their corresponding patches in April Quarterly updates. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Products | Version ---|--- Jazz Foundation | CLM 6.0.6.1, CLM 6.0.6...

KLA20010 Multiple vulnerabilities in Oracle VirtualBox

Multiple vulnerabilities were found in Oracle VirtualBox. Malicious users can exploit these vulnerabilities to cause denial of service, obtain sensitive information, gain privileges. Below is a complete list of vulnerabilities: 1. A denial of service in Core can be exploited to cause denial of...

Oracle Critical Patch Update Advisory - October 2022

A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches address vulnerabilities in Oracle code and in third-party components included in Oracle products. These patches are usually cumulative, but each advisory describes only the security patches add...

CVE-2022-41606

HashiCorp Nomad and Nomad Enterprise 1.0.2 up to 1.2.12, and 1.3.5 jobs submitted with an artifact stanza using invalid S3 or GCS URLs can be used to crash client agents. Fixed in 1.2.13, 1.3.6, and 1.4.0...

CVE-2022-39274 Buffer Overflow in `ProcessRadioRxDone` in LoRaMac-node

LoRaMac-node is a reference implementation and documentation of a LoRa network node. Versions of LoRaMac-node prior to 4.7.0 are vulnerable to a buffer overflow. Improper size validation of the incoming radio frames can lead to an 65280-byte out-of-bounds write. The function ProcessRadioRxDone...

Oracle Linux 7 : squid (ELSA-2022-6815)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-6815 advisory. - Resolves: CVE-2021-28651 squid: Bug 5104: Memory leak in RFC 2169 response parsing 778 - Resolves: CVE-2021-28652 squid: Bug 5106: Broken cache manager URL...

Design/Logic Flaw

If folder security is misconfigured for Actian Zen PSQL BEFORE Patch Update 1 for Zen 15 SP1 v15.11.005, Patch Update 4 for Zen 15 v15.01.017, or Patch Update 5 for Zen 14 SP2 v14.21.022, it can allow an attacker with file read/write access to remove specific security files in order to reset the...

Security Bulletin: CVE-2021-35561 may affect IBM® SDK, Java™ Technology Edition for Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections

Summary CVE-2021-35561 was disclosed as part of the Oracle October 2021 Critical Patch Update. Vulnerability Details CVEID:CVE-2021-35561 DESCRIPTION: An unspecified vulnerability in Java SE related to the Utility component could allow an unauthenticated attacker to cause a denial of service...

Security Bulletin: Multiple vulnerabilities in current releases of the IBM® SDK, Java™ Technology Edition

Abstract Issues disclosed in the Oracle October 2013 Java SE Critical Patch Update, plus 6 additional vulnerabilities Content VULNERABILITY DETAILS: CVE IDs: CVE-2013-5456 CVE-2013-5457 CVE-2013-5458 CVE-2013-4041 CVE-2013-5375 CVE-2013-5372 CVE-2013-5843 CVE-2013-5789 CVE-2013-5830 CVE-2013-5829...

Security Bulletin: Multiple vulnerabilities in current IBM SDK for Java for WebSphere Application Server October 2013 CPU

Abstract Multiple security vulnerabilities exist in the IBM SDK for Java that is shipped with IBM WebSphere Application Server Content The IBM WebSphere Application Server is shipped with an IBM SDK for Java that is based on the Oracle JDK. Oracle has released October 2013 critical patch updates...

Security Bulletin: Multiple vulnerabilities in IBM WebSphere Real Time

Abstract Issues disclosed in the Oracle October 2013 Java SE Critical Patch Update, plus 6 additional vulnerabilities. Content VULNERABILITY DETAILS: CVE IDs: CVE-2013-5456 CVE-2013-5457 CVE-2013-5458 CVE-2013-4041 CVE-2013-5375 CVE-2013-5372 CVE-2013-5843 CVE-2013-5789 CVE-2013-5830 CVE-2013-582...

Security Bulletin: IBM Tivoli Composite Application Manager for Transactions affected by vulnerabilities in IBM JRE (Multiple CVEs)

Abstract IBM Tivoli Composite Application Manager for Transactions is shipped with two IBM JREs that are based on Oracle Java. It is also dependent on ITM 6.2.1 Framework, which also has its own JRE. Oracle has released an April 2013 Critical Patch Update CPU that contains security vulnerability...

Security Bulletin: Multiple vulnerabilities in IBM WebSphere Real Time

Abstract Issues disclosed in the Oracle June 2013 Java SE Critical Patch Update, plus 7 additional vulnerabilities Content VULNERABILITY DETAILS: CVE IDs: CVE-2013-3006 CVE-2013-3007 CVE-2013-3008 CVE-2013-3009 CVE-2013-3010 CVE-2013-3011 CVE-2013-3012 CVE-2013-2468 CVE-2013-2469 CVE-2013-2465...

Security Bulletin: IBM Tivoli Composite Application Manager for Transactions affected by vulnerabilities in IBM JRE (Multiple CVEs)

Abstract IBM Tivoli Composite Application Manager for Transactions is shipped with two IBM JREs that are based on Oracle Java. It is also dependent on ITM 6.2.1 Framework, which also has it own JRE. Oracle has released a June 2013 Critical Patch Update CPU that contains security vulnerability fix...

Security Bulletin: Multiple vulnerabilities in the IBM Java SDK

Abstract Issues disclosed in the Oracle June 2013 Java SE Critical Patch Update, plus 8 additional vulnerabilities. Content VULNERABILITY DETAILS: CVE IDs: CVE-2013-3006 CVE-2013-3007 CVE-2013-3008 CVE-2013-3009 CVE-2013-3010 CVE-2013-3011 CVE-2013-3012 CVE-2013-4002 CVE-2013-2468 CVE-2013-2469...

Security Bulletin: IBM Tivoli Composite Application Manager for Transactions affected by multiple vulnerabilities in IBM JRE (Multiple CVEs)

Abstract IBM Tivoli Composite Application Manager for Transactions is shipped with two IBM JREs that are based on Oracle Java. It is also dependent on ITM 6.2.1 Framework, which also has it own JRE. Oracle has released a October 2013 Critical Patch Update CPU that contains security vulnerability...