Security Bulletin: IBM FileNet Business Process Manager – Oracle Critical Patch Updates April 2013 (CVE-2013-0169)

Abstract Potential security vulnerabilities exist in the IBM Java SDK that is shipped with the IBM FileNet Business Process Manager. Content The products that are listed below can be affected by security vulnerabilities as reported by Oracle April 2013 Critical Patch updates: · IBM FileNet Busine...

Security Bulletin: Potential security vulnerabilities in WebSphere Partner Gateway Express for the Oracle CPU April 2013.

Abstract The IBM WebSphere Partner Gateway is shipped with an IBM Java SDK that is based on the Oracle SDK. Oracle has released April 2013 critical patch updates CPU which contain security vulnerability fixes and the IBM Java SDK that WebSphere Partner Gateway ships is affected. Content...

Security Bulletin: IBM Tivoli Composite Application Manager for Transactions affected by multiple vulnerabilities in IBM JRE (Multiple CVEs)

Abstract IBM Tivoli Composite Application Manager for Transactions is shipped with two IBM JREs that are based on Oracle Java. It is also dependent on ITM 6.2.1 Framework, which also has it own JRE. Oracle has released a October 2013 Critical Patch Update CPU that contains security vulnerability...

PT-2022-5114 · Adobe · Photoshop

Name of the Vulnerable Software and Affected Versions: Adobe Photoshop versions 22.5.8 and earlier Adobe Photoshop versions 23.4.2 and earlier Description: The issue is related to an out-of-bounds write that could result in arbitrary code execution in the context of the current user. Exploitation...

PT-2022-5156 · Adobe · Incopy

Name of the Vulnerable Software and Affected Versions: Adobe InCopy versions 17.3 and earlier Adobe InCopy versions 16.4.2 and earlier Description: The issue is related to an out-of-bounds read vulnerability in memory. This could allow an attacker to gain unauthorized access to protected...

PT-2022-5235 · Adobe · Bridge

Name of the Vulnerable Software and Affected Versions: Adobe Bridge versions 11.1.3 and earlier Adobe Bridge versions 12.0.2 and earlier Description: The issue is related to a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this...

PT-2022-24357 · Lief · Lief

Name of the Vulnerable Software and Affected Versions: LIEF version 5d1d643 Description: A segmentation violation was discovered in LIEF via the function LIEF::MachO::SegmentCommand::file offset at /MachO/SegmentCommand.cpp. Recommendations: For LIEF version 5d1d643, update to a version that...

PT-2022-24427 · Lief · Lief

Name of the Vulnerable Software and Affected Versions: LIEF version 365a16a Description: A heap-buffer overflow issue was discovered via the function print binary at /c/macho reader.c. This issue affects LIEF and can be exploited. Recommendations: For LIEF version 365a16a, update to a version tha...

Design/Logic Flaw

An externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, This could allow an attacker to modify system files. We have already fixed the vulnerability in the following versions: QTS 5.0.1: Photo Station 6.1.2 and later...

PT-2022-19583 · WordPress · Wp-Useronline

Name of the Vulnerable Software and Affected Versions: WP-UserOnline plugin for WordPress versions up to, and including 2.88.0 Description: The issue is due to the lack of proper sanitization and escaping of user input in the "Naming Conventions" section, allowing authenticated attackers with...

Security Bulletin: Multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8, affect IBM Workload Scheduler.

Summary Vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8, affect IBM Workload Scheduler. These issue's were disclosed as part of the Oracle January 2022 Critical Patch Update. These vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2022-21365 DESCRIPTION: An...

Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition

Summary Java SE issues disclosed in the Oracle July 2022 Critical Patch Update Vulnerability Details CVEID:CVE-2022-21541 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity...

Elastic Stack 8.4.0, 7.17.6 Security Statement

Elastic Statement for Oracle July Critical Patch Update CVE-2022-21540, CVE-2022-21541, CVE-2022-21549, CVE-2022-25647, CVE-2022-34169 Summary : Oracle released their July Critical Patch Update for Java SE which contains 5 CVEs. Elastic has analyzed the flaws described by these CVEs and the...

PT-2022-14566 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-13 Description: The issue concerns a missing permission check in the SELinux policy, which could allow local information disclosure about the websites being opened in the browser. This can be exploited without...

Oracle Solaris Critical Patch Update : jul2022_SRU11_4_46_119_2

This Solaris system is missing necessary patches to address a critical security update : - Vulnerability in the Oracle Solaris product of Oracle Systems component: Remote Administration Daemon. The supported version that is affected is 11. Easily exploitable vulnerability allows unauthenticated...

Oracle Solaris Critical Patch Update : jul2022_SRU11_4_42_113_1

This Solaris system is missing necessary patches to address a critical security update : - Vulnerability in the Oracle Solaris product of Oracle Systems component: Kernel. Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows high privileged attacker with log...

PT-2022-6617

Name of the Vulnerable Software and Affected Versions Trend Micro Apex Central versions 2019 through Build 6016 Description The issue is related to incorrect handling of the dbCert parameter in the set certificates config request to the modTMMS endpoint. This can allow a remote attacker to execut...

java-11-openjdk security, bug fix, and enhancement update

1:11.0.16.0.8-1.0.1 - link atomic for ix86 build 1:11.0.16.0.8-1 - Update to jdk-11.0.16+8 - Update release notes to 11.0.16+8 - Use same tarball naming style as java-17-openjdk and java-latest-openjdk - Drop JDK-8284920 patch now upstreamed - Print release file during build, which should now...

Oracle Releases July 2022 Critical Patch Update

Oracle has released its Critical Patch Update for July 2022 to address 349 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Oracle July 2022 Critica...

Oracle WebCenter Portal RCE (Jul 2022 CPU)

The version of Oracle WebCenter Portal installed on the remote host is missing a security patch from the July 2022 Critical Patch Update CPU. It is, therefore, affected a remote code execution vulnerability: - Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware...