Oracle Database Multiple Vulnerabilities (October 2017 CPU)

The remote Oracle Database Server is missing the October 2017 Critical Patch Update CPU. It is, therefore, affected by multiple vulnerabilities as noted in the October 2017 Critical Patch Update advisory. Please consult the CVRF details for the applicable CVEs for additional information. Note tha...

MySQL 5.5.x < 5.5.58 Multiple Vulnerabilities (RPM Check) (October 2017 CPU)

The version of MySQL running on the remote host is 5.5.x prior to 5.5.58. It is, therefore, affected by multiple vulnerabilities as noted in the October 2017 Critical Patch Update advisory. Please consult the CVRF details for the applicable CVEs for additional information. Note that Nessus has no...

MySQL 5.6.x < 5.6.38 Multiple Vulnerabilities (RPM Check) (October 2017 CPU)

The version of MySQL running on the remote host is 5.6.x prior to 5.6.38. It is, therefore, affected by multiple vulnerabilities as noted in the October 2017 Critical Patch Update advisory. Please consult the CVRF details for the applicable CVEs for additional information. Note that Nessus has no...

Critical Code Execution Flaw Patched in PeopleSoft Core Engine

Organizations that have their PeopleSoft installations exposed to the internet should pay special attention to a remote code execution vulnerability patched on Tuesday as part of Oracle’s massive quarterly Critical Patch Update. The flaw, CVE-2017-10366, allows an attacker to gain remote code...

Oracle Patches 250 Bugs in Quarterly Critical Patch Update

Oracle patched 250 vulnerabilities across hundreds of different products as part of its quarterly Critical Patch Update released today. Rounding out the list of products with the most patches is Oracle Fusion Middleware with 38, Oracle Hospitality Applications with 37 and Oracle MySQL with 25. Of...

Oracle Releases Security Bulletin

Oracle has released its Critical Patch Update for October 2017 to address 252 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. Users and administrators are encouraged to review the Oracle October 2017...

Oracle Critical Patch Update - October 2017

A Critical Patch Update CPU is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update...

PT-2017-4168

Name of the Vulnerable Software and Affected Versions Roundcube Webmail versions prior to 1.1.10 Roundcube Webmail versions 1.2.x prior to 1.2.7 Roundcube Webmail versions 1.3.x prior to 1.3.3 Description The issue is related to file-based attachment plugins and allows unauthorized access to...

Apache Struts2–052 vulnerability research alert-vulnerability warning-the black bar safety net

The REST Plugin is using a XStreamHandler with an instance of XStream for deserialization without any type of filtering and this can lead to Remote Code Execution when deserializing XML payloads. - The Apache Struts civil peace Bulletinreference 1 2017 9 5 March, the Apache Struts announcement of...

CVE–2017–8543 Windows Search remote code execution vulnerability alerts-a vulnerability alert-the black bar safety net

Recently, 360CERT confirm the number CVE-2017-8543 Microsoft Windows Search serious vulnerability there is a remote attack the viability of the vulnerability being successfully exploited on Windows users have a serious security threat, this is again warning the use of Windows platform users...

Oracle Database Multiple Vulnerabilities (July 2017 CPU) (POODLE) (SWEET32)

The remote Oracle Database Server is missing the July 2017 Critical Patch Update CPU. It is, therefore, affected by multiple vulnerabilities : - A man-in-the-middle MitM information disclosure vulnerability, known as POODLE, exists due to the way SSL 3.0 handles padding bytes when decrypting...

Oracle Solaris Critical Patch Update : jul2017_SRU11_3_20_6_0

This Solaris system is missing necessary patches to address a critical security update : - Vulnerability in the Solaris component of Oracle Sun Systems Products Suite subcomponent: Kernel. The supported version that is affected is 11. Easily exploitable vulnerability allows unauthenticated attack...

Oracle Solaris Critical Patch Update : jul2017_SRU11_3_2_4_0

This Solaris system is missing necessary patches to address a critical security update : - Vulnerability in the Solaris component of Oracle Sun Systems Products Suite subcomponent: NFSv4. Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated...

Oracle Solaris Critical Patch Update : jul2017_SRU11_3_0_0_0

This Solaris system is missing necessary patches to address a critical security update : - Vulnerability in the Solaris component of Oracle Sun Systems Products Suite subcomponent: Network Services Library. The supported version that is affected is 10. Difficult to exploit vulnerability allows lo...

Oracle Releases Security Bulletin

Oracle has released its Critical Patch Update for July 2017 to address 308 vulnerabilities across multiple products. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review the Oracle July...

EulerOS 2.0 SP1 : mariadb (EulerOS-SA-2016-1011)

According to the versions of the mariadb packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was found that the MariaDB client library did not properly check host names against server identities noted in the X.509 certificates when...

Kernel security update: CVE-2017-5970 and other; Virtuozzo ReadyKernel patch 20.0 for Virtuozzo 7.0.x

The cumulative Virtuozzo ReadyKernel patch updated with security fixes. The patch applies to Virtuozzo kernels 3.10.0-327.18.2.vz7.15.2 Virtuozzo 7.0.0, 3.10.0-327.36.1.vz7.18.7 Virtuozzo 7.0.1, and 3.10.0-327.36.1.vz7.20.18 Virtuozzo 7.0.3. Vulnerability id: CVE-2017-5970 A vulnerability was fou...

Debian DSA-3834-1 : mysql-5.5 - security update (Riddle)

Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.55, which includes additional changes, such as performance improvements, bug fixes, new features, and possibly incompatible changes. Please see th...

Record Oracle Patch Update Addresses ShadowBrokers, Struts 2 Vulnerabilities

Oracle released its biggest Critical Patch Update ever on Tuesday, and with it came added urgency in the form of patches for the Solaris vulnerabilities exposed by the ShadowBrokers last week, as well as the recent Apache Struts 2 vulnerability, also under public attack. In all, Oracle admins hav...

Oracle E-Business Multiple Vulnerabilities (April 2017 CPU)

The version of Oracle E-Business installed on the remote host is missing the April 2017 Oracle Critical Patch Update CPU. It is, therefore, affected by the following vulnerabilities : - An unspecified flaw exists in the Oracle Marketing component within the User Interface subcomponent that allows...