Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition

Summary This bulletin covers all applicable Java SE CVEs published by Oracle as part of their October 2022 Critical Patch Update. For more information please refer to Oracle's October 2022 CPU Advisory and the X-Force database entries referenced below. Vulnerability Details CVEID:CVE-2022-21628...

Oracle Essbase (April 2023 CPU)

The version of Oracle Essbase installed on the remote host is missing a security patch from the April 2023 Critical Patch Update CPU. It is, therefore, affected by multiple vulnerabilities, including following that are remotely exploitable: - Vulnerability in Security and Provisioning component o...

Oracle Patch Tuesday April 2023 Security Update Review

Oracle has released the second quarterly edition of Critical Patch Update, which contains a group of patches for 433 security vulnerabilities. Some of the vulnerabilities addressed this month impact various products. These patches address vulnerabilities in Oracle code and third-party components...

Oracle Solaris Critical Patch Update : apr2023_SRU11_4_55_138_3

This Solaris system is missing necessary patches to address critical security updates : - Vulnerability in the Oracle Solaris product of Oracle Systems component: Libraries. The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with network...

MySQL -- Multiple vulnerabilities

Oracle reports: This Critical Patch Update contains 34 new security patches, plus additional third party patches noted below, for Oracle MySQL. 11 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials...

Oracle Solaris Critical Patch Update : apr2023_SRU11_4_46_119_2

This Solaris system is missing necessary patches to address a critical security update : - Vulnerability in the Oracle Solaris product of Oracle Systems component: NSSwitch. Supported versions that are affected are 10 and 11. Difficult to exploit vulnerability allows low privileged attacker with...

PT-2023-2386 · Cisco · Cisco Industrial Network Director

Name of the Vulnerable Software and Affected Versions: Cisco Industrial Network Director affected versions not specified Description: The issue exists due to improper input validation when uploading a Device Pack, allowing an authenticated, remote attacker to execute arbitrary commands with...

Oracle Solaris Critical Patch Update : apr2023_SRU11_4_56_138_2

This Solaris system is missing necessary patches to address a critical security update : - Vulnerability in the Oracle Solaris product of Oracle Systems component: Utility. Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows high privileged attacker with...

Oracle Solaris Critical Patch Update : apr2023_SRU11_4_54_138_1

This Solaris system is missing necessary patches to address a critical security update : - Vulnerability in the Oracle Solaris product of Oracle Systems component: IPS repository daemon. The supported version that is affected is 11. Difficult to exploit vulnerability allows high privileged attack...

Oracle WebLogic Server (Apr 2023 CPU)

The version of Oracle WebLogic Server installed on the remote host is missing a security patch from the April 2023 Critical Patch Update CPU. It is, therefore, affected by multiple vulnerabilities, including: - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware...

Google Releases Urgent Chrome Update to Fix Actively Exploited Zero-Day Vulnerability

Google on Friday released out-of-band updates to resolve an actively exploited zero-day flaw in its Chrome web browser, making it the first such bug to be addressed since the start of the year. Tracked as CVE-2023-2033 , the high-severity vulnerability has been described as a type confusion issue...

Security Bulletin: CVE-2022-21426 may affect IBM® SDK, Java™ Technology Edition

Summary CVE-2022-21426 was disclosed as part of the Oracle April 2022 Critical Patch Update. Vulnerability Details CVEID:CVE-2022-21426 DESCRIPTION: An unspecified vulnerability in Java SE related to the JAXP component could allow an unauthenticated attacker to cause a denial of service resulting...

Important: kernel-livepatch-4.14.305-227.531

Issue Overview: In the Linux kernel before 6.1.13, there is a double free in net/mpls/afmpls.c upon an allocation failure for registering the sysctl table under a new location during the renaming of a device. CVE-2023-26545 Affected Packages: kernel-livepatch-4.14.305-227.531 Issue Correction:...

CLSA-2023-1679943745 Fix CVE(s): CVE-2023-25690

SECURITY UPDATE: proxy configuration may trigger HTTP request smuggling attack - debian/patches/CVE-2023-25690.patch: don't forward invalid query strings - CVE-2023-25690...

PT-2023-1772 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows versions prior to the fixed version Description: The issue exists due to insufficient input validation in the Procedure Call Runtime of Windows operating systems. This allows a remote attacker to execute arbitrary code. Recommendation...

PT-2023-1825 · Adobe · Substance3D - Stager

Name of the Vulnerable Software and Affected Versions: Adobe Substance 3D Stager versions 2.0.0 and earlier Description: The issue is caused by improper input validation, which could result in arbitrary code execution in the context of the current user. Exploitation requires user interaction, whe...

Oracle Database 19c Access Bypass Vulnerability

Oracle Database Vault had a flaw that would allow unauthorized privileged users to extract data from a protected table. Oracle 19c versions 19.18 and below are affected. Fixed in the Oracle Critical Patch Update October 2022. Title: Oracle Database Vault Protected Table With Realm Data Extraction...

CLSA-2023-1678136704 Fix CVE(s): CVE-2023-24329

SECURITY UPDATE: Improper input validation - debian/patches/CVE-2023-24329-v2.7.patch: Prevent urllib.parse.urlparse from accepting schemes that don't begin with an alphabetical ASCII character - CVE-2023-24329...

SUSE SLES12 Security Update : kernel (Live Patch 37 for SLE 12 SP5) (SUSE-SU-2023:0525-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2023:0525-1 advisory. - A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2capreassemblesdu of the file...

PT-2023-15068 · Checkmk · Checkmk

Name of the Vulnerable Software and Affected Versions: Checkmk versions 1.6.0 through 1.6.0p29 Checkmk versions 2.0.0 through 2.0.0p27 Checkmk versions 2.1.0 through 2.1.0p10 Description: The issue allows an attacker to inject and execute PHP code in the auth.php and hosttags.php files of the...