Security Bulletin: Multiple vulnerabilities in IBM WebSphere Real Time

Abstract Issues disclosed in the Oracle October 2013 Java SE Critical Patch Update, plus 6 additional vulnerabilities. Content VULNERABILITY DETAILS: CVE IDs: CVE-2013-5456 CVE-2013-5457 CVE-2013-5458 CVE-2013-4041 CVE-2013-5375 CVE-2013-5372 CVE-2013-5843 CVE-2013-5789 CVE-2013-5830 CVE-2013-582...

Security Bulletin: Potential security vulnerabilities in WebSphere Partner Gateway Express for the Oracle CPU April 2013.

Abstract The IBM WebSphere Partner Gateway is shipped with an IBM Java SDK that is based on the Oracle SDK. Oracle has released April 2013 critical patch updates CPU which contain security vulnerability fixes and the IBM Java SDK that WebSphere Partner Gateway ships is affected. Content...

Security Bulletin: IBM Tivoli Composite Application Manager for Transactions affected by multiple vulnerabilities in IBM JRE (Multiple CVEs)

Abstract IBM Tivoli Composite Application Manager for Transactions is shipped with two IBM JREs that are based on Oracle Java. It is also dependent on ITM 6.2.1 Framework, which also has it own JRE. Oracle has released a October 2013 Critical Patch Update CPU that contains security vulnerability...

Security Bulletin: Multiple vulnerabilities in the IBM Java SDK

Abstract Issues disclosed in the Oracle June 2013 Java SE Critical Patch Update, plus 8 additional vulnerabilities. Content VULNERABILITY DETAILS: CVE IDs: CVE-2013-3006 CVE-2013-3007 CVE-2013-3008 CVE-2013-3009 CVE-2013-3010 CVE-2013-3011 CVE-2013-3012 CVE-2013-4002 CVE-2013-2468 CVE-2013-2469...

Security Bulletin: Multiple vulnerabilities in IBM WebSphere Real Time

Abstract Issues disclosed in the Oracle June 2013 Java SE Critical Patch Update, plus 7 additional vulnerabilities Content VULNERABILITY DETAILS: CVE IDs: CVE-2013-3006 CVE-2013-3007 CVE-2013-3008 CVE-2013-3009 CVE-2013-3010 CVE-2013-3011 CVE-2013-3012 CVE-2013-2468 CVE-2013-2469 CVE-2013-2465...

Security Bulletin: IBM Tivoli Composite Application Manager for Transactions affected by vulnerabilities in IBM JRE (Multiple CVEs)

Abstract IBM Tivoli Composite Application Manager for Transactions is shipped with two IBM JREs that are based on Oracle Java. It is also dependent on ITM 6.2.1 Framework, which also has its own JRE. Oracle has released an April 2013 Critical Patch Update CPU that contains security vulnerability...

Security Bulletin: IBM FileNet Business Process Manager – Oracle Critical Patch Updates April 2013 (CVE-2013-0169)

Abstract Potential security vulnerabilities exist in the IBM Java SDK that is shipped with the IBM FileNet Business Process Manager. Content The products that are listed below can be affected by security vulnerabilities as reported by Oracle April 2013 Critical Patch updates: · IBM FileNet Busine...

Security Bulletin: IBM Tivoli Composite Application Manager for Transactions affected by vulnerabilities in IBM JRE (Multiple CVEs)

Abstract IBM Tivoli Composite Application Manager for Transactions is shipped with two IBM JREs that are based on Oracle Java. It is also dependent on ITM 6.2.1 Framework, which also has it own JRE. Oracle has released a June 2013 Critical Patch Update CPU that contains security vulnerability fix...

PT-2022-5156 · Adobe · Incopy

Name of the Vulnerable Software and Affected Versions: Adobe InCopy versions 17.3 and earlier Adobe InCopy versions 16.4.2 and earlier Description: The issue is related to an out-of-bounds read vulnerability in memory. This could allow an attacker to gain unauthorized access to protected...

PT-2022-24357 · Lief · Lief

Name of the Vulnerable Software and Affected Versions: LIEF version 5d1d643 Description: A segmentation violation was discovered in LIEF via the function LIEF::MachO::SegmentCommand::file offset at /MachO/SegmentCommand.cpp. Recommendations: For LIEF version 5d1d643, update to a version that...

PT-2022-24427 · Lief · Lief

Name of the Vulnerable Software and Affected Versions: LIEF version 365a16a Description: A heap-buffer overflow issue was discovered via the function print binary at /c/macho reader.c. This issue affects LIEF and can be exploited. Recommendations: For LIEF version 365a16a, update to a version tha...

PT-2022-5235 · Adobe · Bridge

Name of the Vulnerable Software and Affected Versions: Adobe Bridge versions 11.1.3 and earlier Adobe Bridge versions 12.0.2 and earlier Description: The issue is related to a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this...

PT-2022-5114 · Adobe · Photoshop

Name of the Vulnerable Software and Affected Versions: Adobe Photoshop versions 22.5.8 and earlier Adobe Photoshop versions 23.4.2 and earlier Description: The issue is related to an out-of-bounds write that could result in arbitrary code execution in the context of the current user. Exploitation...

Design/Logic Flaw

An externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, This could allow an attacker to modify system files. We have already fixed the vulnerability in the following versions: QTS 5.0.1: Photo Station 6.1.2 and later...

PT-2022-19583 · WordPress · Wp-Useronline

Name of the Vulnerable Software and Affected Versions: WP-UserOnline plugin for WordPress versions up to, and including 2.88.0 Description: The issue is due to the lack of proper sanitization and escaping of user input in the "Naming Conventions" section, allowing authenticated attackers with...

Security Bulletin: Multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8, affect IBM Workload Scheduler.

Summary Vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8, affect IBM Workload Scheduler. These issue's were disclosed as part of the Oracle January 2022 Critical Patch Update. These vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2022-21365 DESCRIPTION: An...

Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition

Summary Java SE issues disclosed in the Oracle July 2022 Critical Patch Update Vulnerability Details CVEID:CVE-2022-21541 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity...

Elastic Stack 8.4.0, 7.17.6 Security Statement

Elastic Statement for Oracle July Critical Patch Update CVE-2022-21540, CVE-2022-21541, CVE-2022-21549, CVE-2022-25647, CVE-2022-34169 Summary : Oracle released their July Critical Patch Update for Java SE which contains 5 CVEs. Elastic has analyzed the flaws described by these CVEs and the...

PT-2022-14566 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-13 Description: The issue concerns a missing permission check in the SELinux policy, which could allow local information disclosure about the websites being opened in the browser. This can be exploited without...

Oracle Solaris Critical Patch Update : jul2022_SRU11_4_42_113_1

This Solaris system is missing necessary patches to address a critical security update : - Vulnerability in the Oracle Solaris product of Oracle Systems component: Kernel. Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows high privileged attacker with log...