Security Bulletin: CVE-2022-21299 may affect IBM® SDK, Java™ Technology Edition

Summary CVE-2022-21299 was disclosed as part of the Oracle January 2022 Critical Patch Update. Vulnerability Details CVEID: CVE-2022-21299 DESCRIPTION: An unspecified vulnerability in Java SE related to the JAXP component could allow an unauthenticated attacker to cause a denial of service...

Security Bulletin: CVE-2021-35561 may affect IBM® SDK, Java™ Technology Edition

Summary CVE-2021-35561 was disclosed as part of the Oracle October 2021 Critical Patch Update. Vulnerability Details CVEID: CVE-2021-35561 DESCRIPTION: An unspecified vulnerability in Java SE related to the Utility component could allow an unauthenticated attacker to cause a denial of service...

Magento 2 Community Edition RCE Vulnerability

A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with privileges to manipulate layouts and images can insert a malicious payload into the page layout. As per the Magento Release 2.3.3, if you have already...

Security Bulletin: A vulnerabbility exists in the IBM® SDK, Java™ Technology Edition affect IBM Tivoli Network Manager (CVE-2021-35550).

Summary A vulnerability exists in IBM® SDK Java™ Technology Edition, Version 8, which is used by IBM Tivoli Network Manager IP Edition v4.2, which was disclosed in the Oracle October 2021 Critical Patch Update. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes...

CVE-2022-0486

Improper file permissions in the CommandPost, Collector, Sensor, and Sandbox components of Fidelis Network and Deception enables an attacker with local, administrative access to the CLI to modify affected files and enable escalation of privileges equivalent to the root user. The vulnerability is...

CVE-2022-24394

Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface using the “updatecheckfile” value for the “filename” parameter. The vulnerability could allow a specially crafted HTTP request to execute system commands on the CommandPost...

CVE-2022-29180 Charm vulnerable to server-side request forgery (SSRF)

A vulnerability in which attackers could forge HTTP requests to manipulate the charm data directory to access or delete anything on the server. This has been patched and is available in release v0.12.1. We recommend that all users running self-hosted charm instances update immediately. This...

CVE-2022-28783

Improper validation of removing package name in Galaxy Themes prior to SMR May-2022 Release 1 allows attackers to uninstall arbitrary packages without permission. The patch adds proper validation logic for removing package name...

CVE-2022-28790

Improper authentication in Link to Windows Service prior to version 2.3.04.1 allows attacker to lock the device. The patch adds proper caller signature check logic...

Oracle Tuxedo RCE (Apr 2022 CPU)

The version of Tuxedo installed on the remote host is missing a security patch. It is, therefore affected by a remote code execution vulnerability in the bundled Apache Log4J component. Successful exploitation of this vulnerability allow an unauthenticated attacker with network access via HTTP...

Oracle releases massive Critical Patch Update containing 520 security patches

Oracle has issued a Critical Patch Update which contains 520 new security patches across various product families. A few of these updates may need your urgent attention if you are a user of the affected product. Publicly disclosed computer security flaws are listed in the Common Vulnerabilities a...

Security Bulletin: IBM Emptoris Supplier Lifecycle Management vulnerable to unspecified vulnerability due to Oracle Database Server (CVE-2021-35576)

Summary IBM Emptoris Supplier Lifecycle Management supports Oracle database server as an application backend database. Oracle database server is vulnerable to an unspecified vulnerability that has been addressed. Vulnerability Details CVEID: CVE-2021-35576 DESCRIPTION: An unspecified vulnerabilit...

Oracle Solaris Critical Patch Update : apr2022_SRU11_4_42_113_1

This Solaris system is missing necessary patches to address critical security updates : - Vulnerability in the Oracle Solaris product of Oracle Systems component: Utility. The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to t...

Security Bulletin: IBM Emptoris Contract Management is vulnerable to unspecified vulnerability due to Oracle Database Server (CVE-2021-35576)

Summary IBM Emptoris Contract Management supports usage of Oracle Database Server as a backend application database. Oracle Database Server is vulnerable to unspecified vulnerabilities that has been addressed. Vulnerability Details CVEID: CVE-2021-35576 DESCRIPTION: An unspecified vulnerability i...

Security Bulletin: IBM Emptoris Strategic Supply Management Platform is vulnerable to unspecified vulnerability due to Oracle Database Server (CVE-2021-35576)

Summary IBM Emptoris Strategic Supply Management Platform supports usage of Oracle Database Server as a backend application database. Oracle Database Server is vulnerable to unspecified vulnerabilities that has been addressed. Vulnerability Details CVEID: CVE-2021-35576 DESCRIPTION: An unspecifie...

Oracle Releases April 2022 Critical Patch Update

Oracle has released its Critical Patch Update for April 2022 to address 520 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Oracle April 2022...

Oracle Critical Patch Update Advisory - April 2022

A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches address vulnerabilities in Oracle code and in third-party components included in Oracle products. These patches are usually cumulative, but each advisory describes only the security patches add...

MySQL -- Multiple vulnerabilities

Oracle reports: The 2022 April Critical Patch Update contains 43 new security patches for Oracle MySQL. 11 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials...

FreeBSD : MySQL -- Multiple vulnerabilities (add683be-bd76-11ec-a06f-d4c9ef517024)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the add683be-bd76-11ec-a06f-d4c9ef517024 advisory. - Oracle reports: The 2022 April Critical Patch Update contains 43 new security patches for Oracle MySQ...

Citrix Endpoint Management (aka XenMobile Server) 10.13.0 Rolling Patch 8

Package name: xms10.13.0.10817.bin For: XenMobile Server 10.13.0 Deployment type: On-premises only zReplaces: xms10.13.0.10723.bin, xms10.13.0.10603.bin, xms10.13.0.10528.bin, xms10.13.0.10426.bin, xms10.13.0.10329.bin, xms10.13.0.10212.bin, and xms10.13.0.10129.bin. Date: April 2022 Languages...