PT-2022-6851

Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 7u321, 8u311, 11.0.13, 17.0.1 Oracle GraalVM Enterprise Edition versions 20.3.4, 21.3.0 Description The issue allows an unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE an...

Oracle Critical Patch Update Advisory - January 2022

A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches address vulnerabilities in Oracle code and in third-party components included in Oracle products. These patches are usually cumulative, but each advisory describes only the security patches add...

PT-2022-6842

Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 11.0.13, 17.0.1 Oracle GraalVM Enterprise Edition versions 20.3.4, 21.3.0 Description The issue is related to an easily exploitable vulnerability in the ImageIO component of Oracle Java SE and Oracle GraalVM Enterprise...

Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - October 2021 - Includes Oracle October 2021 CPU (minus CVE-2021-35550/35561/35603) plus CVE-2021-41035

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 7, and 8 that are used by Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas and Maximo for...

PT-2022-10089 · Unknown · October Cms

Name of the Vulnerable Software and Affected Versions: October CMS versions prior to 1.0.473 and 1.1.6 Description: The issue allows an attacker with "create, modify and delete website pages" privileges in the backend to execute PHP code by running specially crafted Twig code in the template...

PT-2022-5002 · Mediawiki +1 · Mediawiki +1

Name of the Vulnerable Software and Affected Versions: MediaWiki versions 1.35.5 and earlier, 1.36.x before 1.36.3, 1.37.x before 1.37.1 Description: The issue is related to Blind Stored XSS via a URL to the Upload Image feature. This could allow a remote attacker to conduct a cross-site scriptin...

Security Bulletin: Oracle Database Server Vulnerability Affects IBM Emptoris Sourcing (CVE-2021-2335)

Summary An Oracle database server vulnerability was addressed in IBM Emptoris Sourcing. Vulnerability Details CVEID: CVE-2021-2335 DESCRIPTION: An unspecified vulnerability in Oracle Database Server related to the Database - Enterprise Edition Data Redaction component could allow an authenticated...

Security Bulletin: Oracle Database Server Vulnerability Affects IBM Emptoris Strategic Supply Management Platform (CVE-2021-2335)

Summary An Oracle database server vulnerability was addressed in IBM Emptoris Strategic Supply Management Platform. Vulnerability Details CVEID: CVE-2021-2335 DESCRIPTION: An unspecified vulnerability in Oracle Database Server related to the Database - Enterprise Edition Data Redaction component...

Security Bulletin: Oracle Database Server Vulnerability Affects IBM Emptoris Program Management (CVE-2021-2335)

Summary An Oracle database server vulnerability was addresed in IBM Emptoris Program Management. Vulnerability Details CVEID: CVE-2021-2335 DESCRIPTION: An unspecified vulnerability in Oracle Database Server related to the Database - Enterprise Edition Data Redaction component could allow an...

Security Bulletin: Oracle Database Server Vulnerability Affects IBM Emptoris Sourcing (CVE-2021-2334)

Summary An Oracle database server vulnerability was addressed in IBM Emptoris Sourcing. Vulnerability Details CVEID: CVE-2021-2334 DESCRIPTION: An unspecified vulnerability in Oracle Database Server related to the Database - Enterprise Edition Data Redaction component could allow an authenticated...

Security Bulletin: Oracle Database Server Vulnerability Affects IBM Emptoris Strategic Supply Management Platform (CVE-2021-2334)

Summary An Oracle database server vulnerability was addressed in IBM Emptoris Strategic Supply Management Platform. Vulnerability Details CVEID: CVE-2021-2334 DESCRIPTION: An unspecified vulnerability in Oracle Database Server related to the Database - Enterprise Edition Data Redaction component...

Security Bulletin: Oracle Database Server Vulnerability Affects IBM Emptoris Program Management (CVE-2021-2334)

Summary An Oracle database server vulnerability was addressed in IBM Emptoris Program Management. Vulnerability Details CVEID: CVE-2021-2334 DESCRIPTION: An unspecified vulnerability in Oracle Database Server related to the Database - Enterprise Edition Data Redaction component could allow an...

Security Bulletin: Oracle Database Server Vulnerability Affects IBM Emptoris Sourcing (CVE-2021-2336)

Summary An Oracle database server vulnerability was addressed by IBM Emptoris Sourcing. Vulnerability Details CVEID: CVE-2021-2336 DESCRIPTION: An unspecified vulnerability in Oracle Database Server related to the Database - Enterprise Edition Data Redaction component could allow an authenticated...

Security Bulletin: Oracle Database Server Vulnerability Affects IBM Emptoris Supplier Lifecycle Mgmt (CVE-2021-2336)

Summary An Oracle database server vulnerability was addressed in IBM Emptoris Supplier Lifecycle Management. Vulnerability Details CVEID: CVE-2021-2336 DESCRIPTION: An unspecified vulnerability in Oracle Database Server related to the Database - Enterprise Edition Data Redaction component could...

Citrix Endpoint Management (aka XenMobile Server) 10.13.0 Rolling Patch 5

Package name: xms10.13.0.10528.bin For: XenMobile Server 10.13.0 Deployment type: On-premises only Replaces: xms10.13.0.10426.bin, xms10.13.0.10329.bin, xms10.13.0.10212.bin, and xms10.13.0.10129.bin Date: December 2021 Languages supported: English US Important notes about this update As a best...

Security Bulletin: CVE-2021-2161 may affect IBM® SDK, Java™ Technology Edition used by IBM Data Studio Client

Summary CVE-2021-2161 was disclosed in the Oracle April 2021 Patch Update. Vulnerability Details CVEID: CVE-2021-2161 DESCRIPTION: An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity...

Security Bulletin: CVE-2021-2341 may affect IBM® SDK, Java™ Technology Edition

Summary CVE-2021-2341 was disclosed as part of the Oracle July 2021 Critical Patch Update. Vulnerability Details CVEID: CVE-2021-2341 DESCRIPTION: An unspecified vulnerability in Java SE related to the Networking component could allow an unauthenticated attacker to obtain sensitive information...

Bitdefender Endpoint Security Tool 安全漏洞

Bitdefender Endpoint Security Tool is an endpoint security management tool from the Romanian company Bitdefender. A security vulnerability exists in Bitdefender Endpoint Security Tools that stems from improper access control in the patch update API implemented in the software, which allows an...

Researchers Detail Privilege Escalation Bugs Reported in Oracle VirtualBox

A now-patched vulnerability affecting Oracle VM VirtualBox could be potentially exploited by an adversary to compromise the hypervisor and cause a denial-of-service DoS condition. "Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM...

CVE-2021-40830

The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority CA to the root CAs instead of overriding it on Unix systems. TLS handshakes will thus succeed if the peer can be verified either from the user-supplied CA or the system’s default trust-store...