Oracle Critical Patch Update Advisory - January 2021

A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches address vulnerabilities in Oracle code and in third-party components included in Oracle products. These patches are usually cumulative, but each advisory describes only the security patches add...

PT-2021-14078

Name of the Vulnerable Software and Affected Versions: acmailer versions 4.0.1 and earlier acmailer DB versions 1.1.3 and earlier Description: The issue allows remote attackers to execute an arbitrary OS command or gain administrative privilege, potentially resulting in the obtaining of sensitive...

Security Bulletin: A security vulnerability has been identified in IBM SDK, Java Technology shipped with IBM Maximo Asset Management (CVE-2020-14782)

Summary CVE-2020-14782 was disclosed as part of the October 2020 Critical Patch Update. Java is used by Maximo Asset Management, Maximo Asset Management Essentials, Maximo Asset Management for Energy Optimization, Maximo Asset Management Essentials, Maximo Industry Solutions including Maximo for...

Hotfix XS80E005 - For Citrix Hypervisor 8.0

Who Should Install This Hotfix? This is a hotfix for customers running Citrix Hypervisor 8.0. All customers who are affected by the issues described inCTX263477 - Citrix Hypervisor Multiple Security Updatesshould install this hotfix. Ensure that you also installCTX258428 - Hotfix XS80E006 - For...

Security Bulletin: Multiple vulnerabilities in current releases of the IBM® SDK, Java™ Technology Edition affect IBM Tivoli Netcool Configuration Manager.

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8, which is used by IBM Tivoli Netcool Configuration Manager IP Edition v6.4.1 and v6.4.2, which were disclosed in the Oracle Jul 2020 Critical Patch Update. Vulnerability Details Refer to the security...

Oracle Business Intelligence Publisher Multiple Vulnerabilities (Oct 2020 CPU)

The version of Oracle Business Intelligence Publisher or Oracle Analytics Server 5.5 running on the remote host is 11.1.1.9.x prior to 11.1.1.9.201020, 12.2.1.3.x prior to 12.2.1.3.201020, 12.2.1.4.x prior to 12.2.1.4.201020, or 12.2.5.5.x OAS 5.5 prior to 12.2.5.5.201012. It is, therefore,...

Oracle Rushes Emergency Fix for Critical WebLogic Server Flaw

Oracle has released a rare out-of-band patch for a remote code-execution flaw in several versions of its WebLogic server. The vulnerability CVE-2020-14750 has a CVSS base score of 9.8 out of 10, and is remotely exploitable without authentication meaning it may be exploited over a network without...

Oracle Kills 402 Bugs in Massive October Patch Update

Business software giant Oracle is urging customers to update their systems in the October release of its quarterly Critical Patch Update CPU, which fixes 402 vulnerabilities across various product families. Well over half 272 of these vulnerabilities open products up to remote exploitation withou...

Oracle Solaris Critical Patch Update : oct2020_SRU11_4_24_75_2

This Solaris system is missing necessary patches to address critical security updates : - Vulnerability in the Oracle Solaris product of Oracle Systems component: Filesystem. The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon t...

Oracle Solaris Critical Patch Update : oct2020_SRU11_4_26_75_4

This Solaris system is missing necessary patches to address critical security updates : - Vulnerability in the Oracle Solaris product of Oracle Systems component: Kernel. The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to th...

Oracle Releases October 2020 Security Bulletin

Oracle has released its Critical Patch Update for October 2020 to address 402 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users a...

KLA11984 Multiple vulnerabilities in Oracle VirtualBox

Multiple vulnerabilities were found in Oracle VirtualBox. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service, obtain sensitive information. Below is a complete list of vulnerabilities: 1. Security vulnerability in Core component of Oracle VM...

Oracle Critical Patch Update Advisory - October 2020

A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches address vulnerabilities in Oracle code and in third-party components included in Oracle products. These patches are usually cumulative, but each advisory describes only the security patches add...

Security update for rubygem-actionpack-5_1 (important)

openSUSE Security Update: Security update for rubygem-actionpack-51 Announcement ID: openSUSE-SU-2020:1536-1 Rating: important References: 1172177 Cross-References: CVE-2020-8164 Affected Products: openSUSE Leap 15.2 An update that fixes one vulnerability is now available. Description: This updat...

CVE-2020-1074

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to...

CVE-2020-0928

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on ...

PT-2020-8619 · Ingenico · Ingenico Telium 2

Name of the Vulnerable Software and Affected Versions: Ingenico Telium 2 POS terminals versions prior to Telium 2 SDK v9.32.03 patch N Description: The issue concerns undeclared TRACE protocol commands in Ingenico Telium 2 POS terminals. This problem is resolved in Telium 2 SDK v9.32.03 patch N...

GHSA-J5QG-46P9-W2RP Malicious Package in jekyll-for-github-projects

Version 0.2.12 of jekyll-for-github-projects contained malicious code. The code when executed in the browser would enumerate password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment...

openSUSE: Security Advisory for go1.13 (openSUSE-SU-2020:1178-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

PXC Release update for April 2020 MySQL security patches | Cloud Foundry

Severity Critical Vendor Cloud Foundry Foundation Description Cloud Foundry Deployment, through its consumption of Percona XtraDB Cluster Release, is vulnerable to various MySQL vulnerabilities patched in the April 2020 Critical Patch Update, including the following high and critical issues:...