FreeBSD : MySQL -- Multiple vulnerabilities (ca5cb202-4f51-11e6-b2ec-b499baebfeaf)

Oracle reports : The quarterly Critical Patch Update contains 22 new security fixes for Oracle MySQL 5.5.49, 5.6.30, 5.7.13 and earlier %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database :...

Oracle Database Multiple Vulnerabilities (July 2016 CPU) (FREAK)

The remote Oracle Database Server is missing the July 2016 Critical Patch Update CPU. It is, therefore, affected by multiple vulnerabilities : - A security feature bypass vulnerability, known as FREAK Factoring attack on RSA-EXPORT Keys, exists in the RDBMS HTTPS Listener package due to the suppo...

Oracle Fixes 276 Vulnerabilites in July Critical Patch Update

Oracle has one-upped itself once again. The company fixed a record 276 vulnerabilities – more than half of which are remotely exploitable – as part of its July Critical Patch Update released Tuesday afternoon. The quarterly patch update resolves vulnerabilities in 84 different products, including...

Oracle Solaris Critical Patch Update : jul2016_SRU11_2_14_5_0

This Solaris system is missing necessary patches to address a critical security update : - Vulnerability in the Solaris component of Oracle Sun Systems Products Suite subcomponent: Kernel. The supported version that is affected is 10. Easily exploitable vulnerability allows low privileged attacke...

Oracle Releases Security Bulletin

Oracle has released its Critical Patch Update for July 2016 to address 276 vulnerabilities across multiple products. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review the Oracle Ju...

Debian DSA-3621-1 : mysql-connector-java - security update

A vulnerability was discovered in mysql-connector-java, a Java database JDBC driver for MySQL, which may result in unauthorized update, insert or delete access to some MySQL Connectors accessible data as well as read access to a subset of MySQL Connectors accessible data. The vulnerability was...

Oracle Critical Patch Update - July 2016

A Critical Patch Update CPU is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update...

KLA10954 Remote Security Vulnerability in Oracle VM VirtualBox

A remote security vulnerability was found in Oracle Virtualization Oracle VM VirtualBox component. By exploiting this vulnerability malicious users can gain privileges and cause a partial denial of service. This vulnerability can be exploited remotely over the HTTP protocol. Technical details...

Oracle Outside in Libraries Elevation of Privilege Vulnerabilities

This security update addresses the following vulnerabilities, which are described in Oracle Critical Patch Update Advisory - January 2016: CVE-2015-6013: Oracle Outside In 8.5.2 WK4 stack buffer overflow CVE-2015-6014: Oracle Outside In 8.5.2 DOC stack buffer overflow CVE-2015-6015: Oracle OIT...

Critical: Red Hat Security Advisory: rh-mysql56-mysql security update

An update for rh-mysql56-mysql is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Debian DSA-3557-1 : mysql-5.5 - security update

Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.49. Please see the MySQL 5.5 Release Notes and Oracle's Critical Patch Update advisory for further details : -...

Oracle Database Multiple Vulnerabilities (April 2016 CPU)

The remote Oracle Database Server is missing the April 2016 Critical Patch Update CPU. It is, therefore, affected by multiple vulnerabilities in the following components : - An unspecified flaw exists in the RDBMS Security component that allows a local attacker to cause a denial of service...

[SECURITY] [DSA 3557-1] mysql-5.5 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3557-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 26, 2016 https://www.debian.org/security/faq -...

EC-CUBE vulnerable to cross-site request forgery

Overview EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site request forgery vulnerability CWE-352. LOCKON CO.,LTD. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and LOCKON CO.,LTD...

EC-CUBE fails to restrict access permissions

Overview EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE fails to restrict access permissions. Note that this vulnerability is different from JVN47473944. Gen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA. JPCERT/CC...

EC-CUBE fails to restrict access permissions

Overview EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE fails to restrict access permissions. Note that this vulnerability is different from JVN11458774. Gen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA. JPCERT/CC...

Oracle's April patch update fixes 1 3 6 vulnerability-vulnerability warning-the black bar safety net

This week,Oracle Corporation in this quarterly critical vulnerabilities to repair program,to fix the present in 4 of 6 different products in 1 3 6 vulnerabilities. Which has more than half of the vulnerabilitiesa total of 7 2have been a corresponding CVE number,these vulnerabilities can in no...

Critical: Red Hat Security Advisory: java-1.8.0-oracle security update

An update for java-1.8.0-oracle is now available for Oracle Java for Red Hat Enterprise Linux 6 and Oracle Java for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which give...

Oracle Solaris Critical Patch Update : apr2016_SRU11_3_5_6_0

This Solaris system is missing necessary patches to address critical security updates : - Vulnerability in the Solaris component of Oracle Sun Systems Products Suite subcomponent: Automated Installer. The supported version that is affected is 11.3. Easily exploitable vulnerability allows...

Oracle iPlanet Web Proxy Server 4.0.x < 4.0.27 NSS ASN.1 Decoder RCE (April 2016 CPU)

According to its self-reported version, the Oracle iPlanet Web Proxy Server formerly known as Sun Java System Web Proxy Server installed on the remote host is version 4.0.x prior to 4.0.27. It is, therefore, affected by a heap buffer overflow condition in the ASN.1 decoder in the Network Security...