MySQL -- Multiple vulnerabilities

Oracle reports: This Critical Patch Update contains 37 new security patches, plus additional third party patches noted below, for Oracle MySQL. 9 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials...

Oracle Critical Patch Update Advisory - October 2023

A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches address vulnerabilities in Oracle code and in third party components included in Oracle products. These patches are usually cumulative, but each advisory describes only the security patches add...

Security Bulletin: The IBM® Engineering Lifecycle Engineering product using IBM® SDK, Java™ Technology Edition is affected by multiple vulnerabilities (CVE-2023-22045, CVE-2023-22049)

Summary This bulletin covers all applicable Java SE CVEs published by Oracle as part of their July 2023 Critical Patch Update. Following IBM® Engineering Lifecycle Engineering product is vulnerable to this attack, it has been addressed in this bulletin: IBM Engineering Lifecycle Optimization -...

CLSA-2023-1696351966 Fix CVE(s): CVE-2022-48541

SECURITY UPDATE: a memory leak that allows remote attackers to perform a denial of service via the "identify -help" command - debian/patches/CVE-2022-48541.patch: added missing calls to destroy methods - CVE-2022-48541...

PT-2023-5267

Name of the Vulnerable Software and Affected Versions Trend Micro Apex One on-prem and SaaS versions affected versions not specified Worry-Free Business Security versions affected versions not specified Worry-Free Business Security Services versions affected versions not specified Description A...

PT-2023-28078 · Synology · Synology Router Manager

Name of the Vulnerable Software and Affected Versions: Synology Router Manager SRM versions prior to 1.3.1-9346-6 Description: The issue is related to improper neutralization of special elements used in an OS command, allowing remote authenticated users to execute arbitrary commands via unspecifi...

CVE-2023-39348 Improper log output when using GitHub Status Notifications in spinnaker

Spinnaker is an open source, multi-cloud continuous delivery platform. Log output when updating GitHub status is improperly set to FULL always. It's recommended to apply the patch and rotate the GitHub token used for github status notifications. Given that this would output github tokens to a log...

PT-2023-8186 · Mikrotik · Routeros +1

Name of the Vulnerable Software and Affected Versions: MikroTik RouterOS versions 7.1 through 7.11 Description: The issue is related to incorrect access control mechanisms in place for the Rest API, which can allow a remote attacker to disclose protected information. Recommendations: For versions...

PT-2023-4621 · Unknown · Tn-5900 Series

Name of the Vulnerable Software and Affected Versions: TN-5900 Series firmware versions v3.3 and prior Description: The issue stems from insufficient input validation and improper authentication in the key-generation function. This could potentially allow malicious users to execute remote code on...

PT-2023-8075 · Foxit · Foxit Pdf Reader +1

Name of the Vulnerable Software and Affected Versions: Foxit PDF Reader affected versions not specified Foxit PDF Editor affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the...

PT-2023-8021 · Abb · Abb Freelance Controllers Ac 700F +1

Name of the Vulnerable Software and Affected Versions: ABB Freelance controllers AC 700F versions 9.0;0 through V9.2 SP2, through Freelance 2013, through Freelance 2013SP1, through Freelance 2016, through Freelance 2016SP1, through Freelance 2019, through Freelance 2019 SP1, through Freelance 201...

CVE-2023-35082 – Remote Unauthenticated API Access Vulnerability

DESCRIPTION: Update: Since originally reporting CVE-2023-35082 on 2 August 2023 at 10:00 MDT, Ivanti has continued its investigation and has found that this vulnerability impacts all versions of Ivanti Endpoint Manager Mobile EPMM 11.10, 11.9 and 11.8 and MobileIron Core 11.7 and below. The risk ...

CVE-2023-37895

Java object deserialization issue in Jackrabbit webapp/standalone on all platforms allows attacker to remotely execute code via RMIVersions up to including 2.20.10 stable branch and 2.21.17 unstable branch use the component "commons-beanutils", which contains a class that can be used for remote...

Oracle Solaris Critical Patch Update : jul2023_SRU11_4_59_144_2

This Solaris system is missing necessary patches to address critical security updates : - Vulnerability in the MySQL Enterprise Monitor product of Oracle MySQL component: Monitoring: General Apache Tomcat. Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability...

Oracle WebLogic Server (July 2023 CPU)

The version of Oracle WebLogic Server installed on the remote host is missing a security patch from the July 2023 Critical Patch Update CPU. It is, therefore, affected by multiple vulnerabilities, including: - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware...

Oracle Solaris Critical Patch Update : jul2023_SRU11_3_36_32_0

This Solaris system is missing necessary patches to address critical security updates : - Vulnerability in the Oracle Solaris product of Oracle Systems component: Device Driver Interface. The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker...

Oracle Solaris Critical Patch Update : jul2023_SRU11_4_58_144_3

This Solaris system is missing necessary patches to address critical security updates : %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the Oracle CPU for jul2023. include'deprecatednasllevel.inc'; include'compat.inc'...

Oracle Solaris Critical Patch Update : jul2023_SRU11_4_57_144_3

This Solaris system is missing necessary patches to address critical security updates : - Vulnerability in the Oracle Solaris product of Oracle Systems component: Device Driver Interface. The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker...

Oracle Patch Tuesday, July 2023 Security Update Review

Oracle has released its third quarterly edition of Critical Patch Update, which contains a group of patches for 508 security vulnerabilities. Some of the vulnerabilities addressed this month impact more than one product. These patches address vulnerabilities in Oracle code and third-party...

Oracle Critical Patch Update Advisory - July 2023

A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches address vulnerabilities in Oracle code and in third party components included in Oracle products. These patches are usually cumulative, but each advisory describes only the security patches add...