CVE-2022-29180 Charm vulnerable to server-side request forgery (SSRF)

A vulnerability in which attackers could forge HTTP requests to manipulate the charm data directory to access or delete anything on the server. This has been patched and is available in release v0.12.1. We recommend that all users running self-hosted charm instances update immediately. This...

CVE-2022-28790

Improper authentication in Link to Windows Service prior to version 2.3.04.1 allows attacker to lock the device. The patch adds proper caller signature check logic...

CVE-2022-28783

Improper validation of removing package name in Galaxy Themes prior to SMR May-2022 Release 1 allows attackers to uninstall arbitrary packages without permission. The patch adds proper validation logic for removing package name...

Oracle Tuxedo RCE (Apr 2022 CPU)

The version of Tuxedo installed on the remote host is missing a security patch. It is, therefore affected by a remote code execution vulnerability in the bundled Apache Log4J component. Successful exploitation of this vulnerability allow an unauthenticated attacker with network access via HTTP...

Oracle releases massive Critical Patch Update containing 520 security patches

Oracle has issued a Critical Patch Update which contains 520 new security patches across various product families. A few of these updates may need your urgent attention if you are a user of the affected product. Publicly disclosed computer security flaws are listed in the Common Vulnerabilities a...

Security Bulletin: IBM Emptoris Supplier Lifecycle Management vulnerable to unspecified vulnerability due to Oracle Database Server (CVE-2021-35576)

Summary IBM Emptoris Supplier Lifecycle Management supports Oracle database server as an application backend database. Oracle database server is vulnerable to an unspecified vulnerability that has been addressed. Vulnerability Details CVEID: CVE-2021-35576 DESCRIPTION: An unspecified vulnerabilit...

Oracle Solaris Critical Patch Update : apr2022_SRU11_4_42_113_1

This Solaris system is missing necessary patches to address critical security updates : - Vulnerability in the Oracle Solaris product of Oracle Systems component: Utility. The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to t...

Security Bulletin: IBM Emptoris Contract Management is vulnerable to unspecified vulnerability due to Oracle Database Server (CVE-2021-35576)

Summary IBM Emptoris Contract Management supports usage of Oracle Database Server as a backend application database. Oracle Database Server is vulnerable to unspecified vulnerabilities that has been addressed. Vulnerability Details CVEID: CVE-2021-35576 DESCRIPTION: An unspecified vulnerability i...

Security Bulletin: IBM Emptoris Strategic Supply Management Platform is vulnerable to unspecified vulnerability due to Oracle Database Server (CVE-2021-35576)

Summary IBM Emptoris Strategic Supply Management Platform supports usage of Oracle Database Server as a backend application database. Oracle Database Server is vulnerable to unspecified vulnerabilities that has been addressed. Vulnerability Details CVEID: CVE-2021-35576 DESCRIPTION: An unspecifie...

Oracle Releases April 2022 Critical Patch Update

Oracle has released its Critical Patch Update for April 2022 to address 520 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Oracle April 2022...

Oracle Critical Patch Update Advisory - April 2022

A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches address vulnerabilities in Oracle code and in third-party components included in Oracle products. These patches are usually cumulative, but each advisory describes only the security patches add...

MySQL -- Multiple vulnerabilities

Oracle reports: The 2022 April Critical Patch Update contains 43 new security patches for Oracle MySQL. 11 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials...

FreeBSD : MySQL -- Multiple vulnerabilities (add683be-bd76-11ec-a06f-d4c9ef517024)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the add683be-bd76-11ec-a06f-d4c9ef517024 advisory. - Oracle reports: The 2022 April Critical Patch Update contains 43 new security patches for Oracle MySQ...

Citrix Endpoint Management (aka XenMobile Server) 10.13.0 Rolling Patch 8

Package name: xms10.13.0.10817.bin For: XenMobile Server 10.13.0 Deployment type: On-premises only zReplaces: xms10.13.0.10723.bin, xms10.13.0.10603.bin, xms10.13.0.10528.bin, xms10.13.0.10426.bin, xms10.13.0.10329.bin, xms10.13.0.10212.bin, and xms10.13.0.10129.bin. Date: April 2022 Languages...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Spectrum Control and Tivoli Storage Productivity Center April 2016 CPU (CVE-2016-3426)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™ Technology Edition that is shipped and used by IBM Spectrum Control and Tivoli Storage Productivity Center. These issues were disclosed as part of the IBM Java SDK updates in April...

openssl security update

1.0.2k-24.0.3 - fix CVE-2022-0778 openssl: Fix possible infinite loop in BNmodsqrt - Change Epoch from 1 to 10 - Fix DH self-test to add shared secret comparison Orabug: 32467026 - Add DH support changes for SP 800-56A rev3 requirements Orabug: 32467059 - Add TLS KDF self-test Orabug: 32467193 -...

PT-2022-12909 · Unknown · Swagger-Ui-Dist

Name of the Vulnerable Software and Affected Versions: swagger-ui-dist versions prior to 4.1.3 Description: The issue allows a remote attacker to hijack the clicking action of the victim by persuading them to visit a malicious website, potentially leading to further attacks against the victim...

Security Bulletin: Oracle Database Server Vulnerability Affects IBM Emptoris Strategic Supply Management Platform (CVE-2021-2332)

Summary IBM Emptoris Strategic Supply Management Platform supports Oracle database server as a backend database. The remediated version of Oracle database server has been certified by IBM Emptoris Strategic Supply Management Platform. Vulnerability Details CVEID: CVE-2021-2332 DESCRIPTION: An...

Security Bulletin: Oracle Database Server Vulnerability Affects IBM Emptoris Supplier Lifecycle Management (CVE-2021-2332)

Summary IBM Emptoris Supplier Lifecycle Management supports Oracle database server as a backend database. The remediated version of Oracle database server has been certified by IBM Emptoris Supplier Lifecycle Management. Vulnerability Details CVEID: CVE-2021-2332 DESCRIPTION: An unspecified...

Security Bulletin: Oracle Database Server Vulnerability Affects IBM Emptoris Strategic Supply Management Platform (CVE-2021-35557)

Summary IBM Emptoris Strategic Supply Management Platform supports Oracle database server as a backend database. The remediated version of Oracle database server has been certified by IBM Emptoris Strategic Supply Management Platform. Vulnerability Details CVEID: CVE-2021-35557 DESCRIPTION: An...