Oracle Solaris Third-Party Patch Update : libxml2 (cve_2010_4008_denial_of)

The remote Solaris system is missing necessary patches to address security updates : - libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which...

Oracle Solaris Third-Party Patch Update : xorg (cve_2013_4396_use_after)

The remote Solaris system is missing necessary patches to address security updates : - Use-after-free vulnerability in the doImageText function in dix/dixfonts.c in the xorg-server module before 1.14.4 in X.Org X11 allows remote authenticated users to cause a denial of service daemon crash or...

Oracle Solaris Third-Party Patch Update : python (cve_2010_1634_integer_overflow)

The remote Solaris system is missing necessary patches to address security updates : - Multiple integer overflows in audioop.c in the audioop module in Python 2.6, 2.7, 3.1, and 3.2 allow context-dependent attackers to cause a denial of service application crash via a large fragment, as...

Oracle Solaris Third-Party Patch Update : libcurl (cve_2014_3707_information_disclosure)

The remote Solaris system is missing necessary patches to address security updates : - The curleasyduphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPTCOPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds rea...

RHEL 5 : ntp (RHSA-2014:2025)

Updated ntp packages that fix several security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

VMware Releases Patches for XSS, Cert. Validation Issue

VMware released a handful of patches late last week to fix several vulnerabilities, including a nasty cross-site scripting issue in one of its server virtualization platforms. The vulnerabilities lie in VMware’s vCenter Server Appliance vCSA – a module for VMware’s vCenter Server. The main bug, a...

CentOS 7 : mariadb (CESA-2014:1861)

Updated mariadb packages that fix several security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available...

Scientific Linux Security Update : mariadb on SL7.x x86_64 (20141117)

This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page CVE-2014-2494, CVE-2014-4207, CVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287, CVE-2014-4274, CVE-2014-6463,...

RHEL 7 : mariadb (RHSA-2014:1861)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2014:1861 advisory. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. This update fixes several vulnerabilities ...

Important: Red Hat Security Advisory: mariadb security update

Updated mariadb packages that fix several security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available...

Nibbleblog 4.0.1 Cross Site Scripting

============================================= MGC ALERT 2014-002 - Original release date: March 5, 2014 - Last revised: November 17, 2014 - Discovered by: Manuel Garcia Cardenas - Severity: 4,8/10 CVSS Base Score ============================================= I. VULNERABILITY...

SuSE 11.3 Security Update : Java OpenJDK (SAT Patch Number 9906)

Oracle Critical Patch Update Advisory - October 2014 Description : A Critical Patch Update CPU is a collection of patches for multiple security vulnerabilities. Find more information here: http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.h tml %NASLMINLEVEL 70300 C Tenable...

[SE-2014-01] Missing patches / inaccurate information regarding Oracle Oct CPU

Hello All, We've been recently informed by a 3rd party that Oracle planned to release fixes for the vulnerabilities covered by our SE-2014-01 1 project in Nov 2014. We initially thought that someone mistakenly took Oct for Nov Oracle CPU was released on Oct 14, 2014, but the credibility of the...

Oracle OpenSSO Agent Multiple Vulnerabilities (October 2014 CPU)

The Oracle OpenSSO agent installed on the remote host is missing a vendor-supplied update. It is, therefore, affected by multiple vulnerabilities in the bundled Mozilla Network Security Services, the most serious of which can allow remote code execution. %NASLMINLEVEL 70300 C Tenable Network...

Oracle Access Manager (October 2014 CPU)

The version of Oracle Access Manager installed on the remote host is affected by multiple unspecified vulnerabilities in the Admin Console. CVE-2014-6462, CVE-2014-6552, CVE-2014-6553, CVE-2014-6554 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...

SUSE-SU-2015:0833-1 Security update for Java OpenJDK

Oracle Critical Patch Update Advisory - October 2014 Description: A Critical Patch Update CPU is a collection of patches for multiple security vulnerabilities. Find more information here: http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html...

SUSE-SU-2015:0336-1 Security update for Java OpenJDK

Oracle Critical Patch Update Advisory - October 2014 Description: A Critical Patch Update CPU is a collection of patches for multiple security vulnerabilities. Find more information here: http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html...

Debian DSA-3054-1 : mysql-5.5 - security update

Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.40. Please see the MySQL 5.5 Release Notes and Oracle's Critical Patch Update advisory for further details : -...

Oracle Java SE remote security vulnerability(CVE-2 0 1 4-6 4 5 6)-vulnerability warning-the black bar safety net

Affected system: OracleJava SE 8u20 Oracle Java SE 7u67 Description: BUGTRAQ ID: 7 0 5 2 2 CVECAN ID: CVE-2 0 1 4-6 4 5 6 Java SE is based on the JDK and the JRE of the Java Platform, Standard Edition, for developing and deploying desktop, server and embedded devices and real-time environment of ...

Oracle E-Business Multiple Vulnerabilities (October 2014 CPU)

The version of Oracle E-Business installed on the remote host is missing the October 2014 Oracle Critical Patch Update CPU. It is, therefore, affected by vulnerabilities in the following components : - Oracle Application Technology Stack - Oracle Applications Framework - Oracle Applications Objec...