Oracle Business Intelligence Publisher (October 2012 CPU)

According to the self-reported version of the Remote Oracle Business Intelligence Publisher install, it is missing the October 2012 Critical Patch Update. It is, therefore, affected by multiple reflected cross-site scripting vulnerabilities and an XML eXternal Entity XXE injection vulnerability...

VMSA-2014-0002 : VMware vSphere updates to third-party libraries

a. DDoS vulnerability in NTP third-party libraries The NTP daemon has a DDoS vulnerability in the handling of the 'monlist' command. An attacker may send a forged request to a vulnerable NTP server resulting in an amplified response to the intended target of the DDoS attack. Mitigation Mitigation...

AIX Java Multiple Vulnerabilities (Oracle Java 2014 CPU)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 IBM SECURITY ADVISORY First Issued: Thu Mar 6 13:24:59 CST 2014 The most recent version of this document is available here: http://aix.software.ibm.com/aix/efixes/security/javajan2014advisory.asc...

Four Oracle Demantra Security Vulnerabilities Found

Oracle’s Demantra, part of the company’s Value Chain Planning suite of software, is fraught with vulnerabilities according to several bug disclosures issued over the weekend. Researchers at the London-based computer security firm Portcullis claim the application is plagued by a four vulnerabiliti...

RHEL 5 : mysql55-mysql (RHSA-2014:0186)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2014:0186 advisory. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and...

Moderate: Red Hat Security Advisory: mysql55-mysql security update

Updated mysql55-mysql packages that fix several security issues are now available for Red Hat Software Collections 1. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

Information on recently-fixed Oracle VM VirtualBox vulnerabilities

Hi there, Recently I found a few vulnerabilities in Oracle VM VirtualBox, the open-source virtualization product. These have already been reported to the project, fixed and disclosed in the form of the recent January 2014 Oracle Critical Patch Update at...

Oracle Identity Manager (April 2012 CPU)

The remote host is missing the April 2012 Critical Patch Update for Oracle Identity Manager. It is, therefore, affected by an unspecified vulnerability related to User Config Management. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...

kernel to 3.11.10 (important)

The Linux Kernel was updated to version 3.11.10, fixing security issues and bugs: - floppy: bail out in open if drive is not responding to block0 read bnc773058. - compatsysrecvmmsg X32 fix bnc860993 CVE-2014-0038. - HID: usbhid: fix sis quirk bnc859804. - hwmon: coretemp Fix truncated name of...

Oracle Identity Manager (October 2013 CPU

The remote host is missing the October 2013 Critical Patch Update for Oracle Identity Manager. It is, therefore, affected by an unspecified vulnerability in the End User Self Service component of the application. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc...

Oracle Identity Manager Identity Console (January 2014 CPU)

The remote host is missing the January 2014 Critical Patch Update for Oracle Identity Manager. It is, therefore, potentially affected by multiple, unspecified vulnerabilities in the Identity Console sub-component of Oracle Identity Manager. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

EC-CUBE vulnerable to authorization bypass

Overview EC-CUBE contains an authorization bypass vulnerability. EC-CUBE from EC-CUBE CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains an authorization bypass vulnerability CWE-639. The developer reported this vulnerability to JPCERT/CC under Information Security...

Oracle E-Business (January 2014 CPU)

The version of Oracle E-Business installed on the remote host is missing the January 2014 Critical Patch Update CPU. It is, therefore, affected by vulnerabilities in the following components : - Oracle Payroll - Oracle Application Object Library - Oracle Applications Framework %NASLMINLEVEL 70300...

Oracle Patches 36 Java Flaws in January 2014 CPU

All has been relatively quiet of late on the Java security front, which is in stark contrast to a year ago when Java was the scourge of the Internet. Vulnerabilities in Java were being exploited at an alarming rate in a number of targeted attacks including watering hole attacks against prominent...

Oracle Releases January 2014 Security Advisory

Oracle has released its Critical Patch Update for January 2014 to address 144 vulnerabilities across multiple products. This update contains the following security fixes: 5 for Oracle Database Server 22 for Oracle Fusion Middleware 2 for Oracle Hyperion 4 for Oracle E-Business Suite 16 for Oracle...

Oracle Critical Patch Update - January 2014

A Critical Patch Update CPU is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update...

Oracle Critical Patch Update - January 2014

A Critical Patch Update CPU is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update...

EC-CUBE information disclosure vulnerability

Overview EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains an information disclosure vulnerability due to an issue in processing front features. LAC Co., Ltd. reported this vulnerability to the developer. JPCERT/CC coordinated with the develope...

FreeBSD-SA-13:14.openssh

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-13:14.openssh Security Advisory The FreeBSD Project Topic: OpenSSH AES-GCM memory corruption vulnerability Category: contrib Module: openssh Announced:...

Oracle Java java.awt.image.ByteComponentRaster Overflow

Added: 10/24/2013 CVE: CVE-2013-2473 BID: 60623 OSVDB: 94336 Background Java is a programming language that compiles programs to bytecode, which is then executed inside a Java Virtual Machine. This is optimal for applications that must run on various hardware platforms, such as web applets. Probl...