PT-2022-3739 · Oracle · Mysql Cluster

Name of the Vulnerable Software and Affected Versions: MySQL Cluster versions 8.0.29 and prior Description: The issue is related to insufficient input validation in the MySQL Cluster product, which can be exploited by a remote attacker to cause a denial of service. This can result in the ability ...

Oracle Critical Patch Update Advisory - July 2022

A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches address vulnerabilities in Oracle code and in third-party components included in Oracle products. These patches are usually cumulative, but each advisory describes only the security patches add...

CISA Urges Patch of Exploited Windows 11 Bug by Aug. 2

A Windows 11 vulnerability, part of Microsoft’s Patch Tuesday roundup of fixes, is being exploited in the wild, prompting the U.S. Cybersecurity and Infrastructure Security Agency CISA to advise patching of the elevation of privileges flaw by August 2. The recommendation is directed at federal...

CLSA-2022-1657815972 Fix CVE(s): CVE-2022-34903

SECURITY UPDATE: signature forgery via injection into the status line - debian/patches/CVE-2022-34903.patch: Fix garbled status messages in NOTATIONDATA in g10/cpr.c. - CVE-2022-34903...

Vulnerability Spotlight: Adobe Acrobat DC use-after-free issues could lead to arbitrary code execution

Aleksandar Nikolic of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered two use-after-free vulnerabilities in Adobe Acrobat Reader DC that could allow an attacker to eventually gain the ability to execute arbitrary code. Acrobat is one of the most...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Business Developer

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 and 8 and IBM® Runtime Environment Java™ Version 7 and 8 used by Rational Business Developer. Rational Business Developer has provided fixes for the applicable CVEs. These issues were disclosed as part of t...

Security Bulletin: CVE-2020-35550 may affect IBM® SDK, Java™ Technology Edition for IBM Content Collector for SAP Applications

Summary CVE-2021-35550 was disclosed as part of the Oracle October 2021 Critical Patch Update. Vulnerability Details CVEID: CVE-2021-35550 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to obtain sensitive information...

GHSA-Q559-8M2M-G699 Change in port should be considered a change in origin

Impact Authorization and Cookie headers on requests are sensitive information. On making a request which responds with a redirect to a URI with a different port, if we choose to follow it, we should remove the Authorization and Cookie headers from the request, before containing. Previously, we...

PT-2022-3303 · Microsoft · Sharepoint Server +3

Name of the Vulnerable Software and Affected Versions: Microsoft Office affected versions not specified Microsoft SharePoint Server affected versions not specified Microsoft SharePoint Enterprise Server affected versions not specified Microsoft Office Web Apps Server affected versions not specifi...

Johnson Controls Metasys ADS ADX OAS Servers

1. EXECUTIVE SUMMARY CVSS v3 8.7 ATTENTION: Low attack complexity/exploitable remotely Vendor: Johnson Controls, Inc. Equipment: Metasys ADS/ADX/OAS Servers Vulnerabilities: Unverified Password Change, Cross-site Scripting 2. RISK EVALUATION Successful exploitation of these vulnerabilities could...

Security Bulletin: CVE-2020-14782 may affect IBM® SDK, Java™ Technology Edition for Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections

Summary CVE-2020-14782 was disclosed as part of the Oracle October 2020 Critical Patch Update. Vulnerability Details CVEID: CVE-2021-35603 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to obtain sensitive information...

Security Bulletin: CVE-2020-14782 may affect IBM® SDK, Java™ Technology Edition for Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections

Summary CVE-2020-14782 was disclosed as part of the Oracle October 2020 Critical Patch Update. Vulnerability Details CVEID: CVE-2021-35550 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to obtain sensitive information...

CVE-2022-31027 Authorization Bypass Through User-Controlled Key when using CILogonOAuthenticator in oauthenticator

OAuthenticator is an OAuth token library for the JupyerHub login handler. CILogonOAuthenticator is provided by the OAuthenticator package, and lets users log in to a JupyterHub via CILogon. This is primarily used to restrict a JupyterHub only to users of a given institute. The allowedidps...

Unpatched Critical Flaws Disclosed in U-Boot Bootloader for Embedded Devices

Cybersecurity researchers have disclosed two unpatched security vulnerabilities in the open-source U-Boot boot loader. The issues, which were uncovered in the IP defragmentation algorithm implemented in U-Boot by NCC Group, could be abused to achieve arbitrary out-of-bounds write and...

Security Bulletin: CVE-2022-21299 may affect IBM® SDK, Java™ Technology Edition

Summary CVE-2022-21299 was disclosed as part of the Oracle January 2022 Critical Patch Update. Vulnerability Details CVEID: CVE-2022-21299 DESCRIPTION: An unspecified vulnerability in Java SE related to the JAXP component could allow an unauthenticated attacker to cause a denial of service...

Security Bulletin: CVE-2021-35561 may affect IBM® SDK, Java™ Technology Edition

Summary CVE-2021-35561 was disclosed as part of the Oracle October 2021 Critical Patch Update. Vulnerability Details CVEID: CVE-2021-35561 DESCRIPTION: An unspecified vulnerability in Java SE related to the Utility component could allow an unauthenticated attacker to cause a denial of service...

Magento 2 Community Edition RCE Vulnerability

A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with privileges to manipulate layouts and images can insert a malicious payload into the page layout. As per the Magento Release 2.3.3, if you have already...

Security Bulletin: A vulnerabbility exists in the IBM® SDK, Java™ Technology Edition affect IBM Tivoli Network Manager (CVE-2021-35550).

Summary A vulnerability exists in IBM® SDK Java™ Technology Edition, Version 8, which is used by IBM Tivoli Network Manager IP Edition v4.2, which was disclosed in the Oracle October 2021 Critical Patch Update. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes...

CVE-2022-0486

Improper file permissions in the CommandPost, Collector, Sensor, and Sandbox components of Fidelis Network and Deception enables an attacker with local, administrative access to the CLI to modify affected files and enable escalation of privileges equivalent to the root user. The vulnerability is...

CVE-2022-24394

Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface using the “updatecheckfile” value for the “filename” parameter. The vulnerability could allow a specially crafted HTTP request to execute system commands on the CommandPost...