Oracle Tuxedo Information Disclosure (Apr 2018 CPU)

The version of Oracle Tuxedo installed on the remote host is missing a security patch. It is, therefore, affected by an information disclosure vulnerability due to a carry propagating bug in the x8664 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. An...

FreeBSD : MySQL Client -- Multiple vulerabilities (622b5c47-855b-11ea-a5e2-d4c9ef517024)

Oracle reports : This Critical Patch Update contains 45 new security patches for Oracle MySQL. 9 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. C Tenable Network Security, Inc. The descriptive...

Design/Logic Flaw

Insufficiently protected credentials vulnerability on Micro Focus enterprise developer and enterprise server, affecting all version prior to 4.0 Patch Update 16, and version 5.0 Patch Update 6. The vulnerability could allow an attacker to transmit hashed credentials for the user account running t...

Oracle Solaris Critical Patch Update : apr2020_SRU11_4_15_5_0

This Solaris system is missing necessary patches to address a critical security update : - Vulnerability in the Oracle Solaris product of Oracle Systems component: Whodo. Supported versions that are affected are 10 and 11. Difficult to exploit vulnerability allows low privileged attacker with log...

Oracle Releases April 2020 Security Bulletin

Oracle has released its Critical Patch Update for April 2020 to address 397 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and...

Oracle Oracle E-Business Suite (Apr 2020 CPU)

The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the April 2020 Oracle Critical Patch Update CPU advisory, including the following: - A vulnerability in the Oracle Email Center product of...

Oracle Database Server Multiple Vulnerabilities (Apr 2020 CPU)

The remote Oracle Database Server is missing the April 2020 Critical Patch Update CPU. It is, therefore, affected by multiple vulnerabilities: - Vulnerability in the Oracle Multimedia component of Oracle Database Server. The supported version that is affected is 12.1.0.2. Easily exploitable...

Oracle Critical Patch Update Advisory - April 2020

A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches are usually cumulative, but each advisory describes only the security patches added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be...

PT-2020-6849

Name of the Vulnerable Software and Affected Versions Pi-hole Web version 4.3.2 Description The issue allows remote code execution by privileged dashboard users via a crafted DHCP static lease. This is due to the failure to neutralize special elements used in the operating system command...

Critical Patch Released for 'Wormable' SMBv3 Vulnerability — Install It ASAP!

Microsoft today finally released an emergency software update to patch the recently disclosed very dangerous vulnerability in SMBv3 protocol that could let attackers launch wormable malware, which can propagate itself from one vulnerable computer to another automatically. The vulnerability, track...

Security Bulletin: Multiple vulnerabilities in current releases of the IBM® SDK, Java™ Technology Edition affect IBM Tivoli Netcool Configuration Manager.

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8, which is used by IBM Tivoli Netcool Configuration Manager IP Edition v6.4.1 and v6.4.2, which were disclosed in the Oracle October 2019 Critical Patch Update. Vulnerability Details Refer to the security...

Security Bulletin: Multiple vulnerabilities in current releases of the IBM® SDK, Java™ Technology Edition affect IBM Tivoli Netcool Configuration Manager (CVE-2019-11771, CVE-2019-4473)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8, which is used by IBM Tivoli Netcool Configuration Manager IP Edition v6.4.1 and v6.4.2, which were disclosed in the Oracle July 2019 Critical Patch Update. Vulnerability Details CVEID: CVE-2019-4473...

CVE-2015-2287

...

Fixed in Apache Tomcat 9.0.31

Important: AJP Request Injection and potential Remote Code Execution CVE-2020-1938 When using the Apache JServ Protocol AJP, care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. I...

Security Bulletin: A vulnerability in IBM Java SDK affects Rational Application Developer for WebSphere (CVE-2014-0453)

Summary There is a vulnerability in IBM SDK Java Technology Edition, Versions 5, 6, and 7 that is used by Rational Application Developer for WebSphere. This issue was disclosed as part of the IBM Java SDK updates in April 2014. Vulnerability Details | Subscribe to My Notifications to be notified ...

Oracle E-Business Suite Multiple Vulnerabilities (Jan 2020 CPU)

The version of Oracle E-Business installed on the remote host is missing the January 2020 Oracle Critical Patch Update CPU. It is, as noted in the January 2020 Critical Patch Update advisory, affected by flaws in the following components : - Oracle Human Resources - Oracle CRM Technical Foundatio...

MySQL Cluster 7.2.x < 7.2.33 / 7.3.x < 7.3.21 / 7.4.x < 7.4.19 / 7.5.x < 7.5.10 Denial of Service Vulnerability

The version of MySQL Cluster running on the remote host is 7.2.x prior to 7.2.33, 7.3.x prior to 7.3.21, 7.4.x prior to 7.4.19 or 7.5.x prior to 7.5.10. It is, therefore, affected by a denial of service vulnerability in the MySQL Cluster component of Oracle MySQL subcomponent: Cluster:...

Microsoft Warns of Unpatched IE Browser Zero-Day That's Under Active Attacks

Internet Explorer is dead, but not the mess it left behind. Microsoft earlier today issued an emergency security advisory warning millions of Windows users of a new zero-day vulnerability in Internet Explorer IE browser that attackers are actively exploiting in the wild — and there is no patch ye...

Oracle Solaris Critical Patch Update : jan2020_SRU11_4_16_4_0

This Solaris system is missing necessary patches to address critical security updates : - Vulnerability in the Oracle Solaris product of Oracle Systems component: Kernel. The supported version that is affected is 11. Easily exploitable vulnerability allows unauthenticated attacker with network...

MySQL 5.7.x < 5.7.29 Multiple Vulnerabilities (Jan 2020 CPU)

The version of MySQL running on the remote host is 5.7.x prior to 5.7.29. It is, therefore, affected by multiple vulnerabilities, including three of the top vulnerabilities below, as noted in the January 2020 Critical Patch Update advisory: - Vulnerability in the MySQL Server product of Oracle...