Oracle Releases Security Bulletin

Oracle has released its Critical Patch Update for July 2017 to address 308 vulnerabilities across multiple products. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review the Oracle July...

EulerOS 2.0 SP1 : mariadb (EulerOS-SA-2016-1011)

According to the versions of the mariadb packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was found that the MariaDB client library did not properly check host names against server identities noted in the X.509 certificates when...

Kernel security update: CVE-2017-5970 and other; Virtuozzo ReadyKernel patch 20.0 for Virtuozzo 7.0.x

The cumulative Virtuozzo ReadyKernel patch updated with security fixes. The patch applies to Virtuozzo kernels 3.10.0-327.18.2.vz7.15.2 Virtuozzo 7.0.0, 3.10.0-327.36.1.vz7.18.7 Virtuozzo 7.0.1, and 3.10.0-327.36.1.vz7.20.18 Virtuozzo 7.0.3. Vulnerability id: CVE-2017-5970 A vulnerability was fou...

Debian DSA-3834-1 : mysql-5.5 - security update (Riddle)

Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.55, which includes additional changes, such as performance improvements, bug fixes, new features, and possibly incompatible changes. Please see th...

Record Oracle Patch Update Addresses ShadowBrokers, Struts 2 Vulnerabilities

Oracle released its biggest Critical Patch Update ever on Tuesday, and with it came added urgency in the form of patches for the Solaris vulnerabilities exposed by the ShadowBrokers last week, as well as the recent Apache Struts 2 vulnerability, also under public attack. In all, Oracle admins hav...

Oracle Database Multiple Vulnerabilities (April 2017 CPU)

The remote Oracle Database Server is missing the April 2017 Critical Patch Update CPU. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the SQLPlus component that allows a local attacker to impact confidentiality, integrity, and availability. CVE-2017-3486 ...

Oracle E-Business Multiple Vulnerabilities (April 2017 CPU)

The version of Oracle E-Business installed on the remote host is missing the April 2017 Oracle Critical Patch Update CPU. It is, therefore, affected by the following vulnerabilities : - An unspecified flaw exists in the Oracle Marketing component within the User Interface subcomponent that allows...

Oracle Identity Manager Rules Engine Vulnerability (April 2017 CPU)

The remote host is missing the April 2017 Critical Patch Update for Oracle Identity Manager. It is, therefore, affected by an unspecified vulnerability in the Rules Engine subcomponent that allows an authenticated, remote attacker to impact confidentiality, integrity, and availability...

MySQL -- multiple vulnerabilities

Oracle reports: This Critical Patch Update contains 39 new security fixes for Oracle MySQL. 11 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials...

Oracle Releases Security Bulletin

Oracle has released its Critical Patch Update for April 2017 to address 299 vulnerabilities across multiple products. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review the Oracle April...

The Word exposed 0day vulnerabilities: no need to enable the macros, open the document it automatically install a malicious program-vulnerability warning-the black bar safety net

! In fact, the use of Word macros as the distribution of malicious programs is the way today's conventional via, so many people choose to disable macros, but if you say disable the macros are useless, such a malicious Word document danger is quite different. Recently, McAfee and FireEye security...

SAP Vulnerability Puts Business Data at Risk for Thousands of Companies

SAP’s patch update for this month included a fix for a critical remote code execution vulnerability in the SAP GUI client that provides remote access to a central SAP server in a corporate network. Researchers at ERPScan, a Dutch company specializing in business application security, disclosed so...

Command injection

Remote Command Execution in com.trend.iwss.gui.servlet.ManagePatches in Trend Micro Interscan Web Security Virtual Appliance IWSVA version 6.5-SP2BuildLinux1707 and earlier allows authenticated, remote users with least privileges to run arbitrary commands on the system as root via Patch Update...

CVE-2016-9269

Remote Command Execution in com.trend.iwss.gui.servlet.ManagePatches in Trend Micro Interscan Web Security Virtual Appliance IWSVA version 6.5-SP2BuildLinux1707 and earlier allows authenticated, remote users with least privileges to run arbitrary commands on the system as root via Patch Update...

CVE-2016-9269

Remote Command Execution in com.trend.iwss.gui.servlet.ManagePatches in Trend Micro Interscan Web Security Virtual Appliance IWSVA version 6.5-SP2BuildLinux1707 and earlier allows authenticated, remote users with least privileges to run arbitrary commands on the system as root via Patch Update...

CVE-2016-9269

Remote Command Execution in com.trend.iwss.gui.servlet.ManagePatches in Trend Micro Interscan Web Security Virtual Appliance IWSVA version 6.5-SP2BuildLinux1707 and earlier allows authenticated, remote users with least privileges to run arbitrary commands on the system as root via Patch Update...

CVE-2016-9269

CVE-2016-9269 affects Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5.x before Build 1737. The vulnerability lies in the ManagePatches servlet (com.trend.iwss.gui.servlet.ManagePatches) where insecure access controls during patch updates allow an authenticated, remote user with l...

openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2017-278)

This update for java-170-openjdk fixes the following issues : - Oracle Critical Patch Update of January 2017 to OpenJDK 7u131 bsc1020905 : - Security Fixes - S8138725: Add options for Javadoc generation - S8140353: Improve signature checking - S8151934, CVE-2017-3231: Resolve class resolution -...

SUSE SLED12 / SLES12 Security Update : java-1_7_0-openjdk (SUSE-SU-2017:0490-1)

This update for java-170-openjdk fixes the following issues : - Oracle Critical Patch Update of January 2017 to OpenJDK 7u131 bsc1020905 : - Security Fixes - S8138725: Add options for Javadoc generation - S8140353: Improve signature checking - S8151934, CVE-2017-3231: Resolve class resolution -...

openSUSE: Security Advisory for java-1_7_0-openjdk (openSUSE-SU-2017:0513-1)

The remote host is missing an update for the Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...