Oracle Warns of Critical Remotely Exploitable Weblogic Server Flaws

Oracle on Tuesday released its quarterly Critical Patch Update for July 2021 with 342 fixes spanning across multiple products, some of which could be exploited by a remote attacker to take control of an affected system. Chief among them is CVE-2019-2729, a critical deserialization vulnerability v...

CVE-2021-2351

Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option...

CVE-2021-2351

Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option...

Oracle Solaris Critical Patch Update : jul2021_SRU11_3_36_26_0

This Solaris system is missing necessary patches to address a critical security update : - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Encryption OpenSSL. Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable...

Oracle Solaris Critical Patch Update : jul2021_SRU11_4_34_94_4

This Solaris system is missing necessary patches to address a critical security update : - Vulnerability in the Oracle Solaris product of Oracle Systems component: Kernel. The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to t...

Solaris 10 (sparc) : 153100-03

SunOS 5.10: Install and Patch Utilities Patch. Date this patch was last updated by Sun : Jul/19/21 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include"compat.inc"; if...

CVE-2021-2351

Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option...

Oracle Releases July 2021 Critical Patch Update

Oracle has released its Critical Patch Update for July 2021 to address 342 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Oracle July 2021 Critica...

Oracle Critical Patch Update Advisory - July 2021

A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches address vulnerabilities in Oracle code and in third-party components included in Oracle products. These patches are usually cumulative, but each advisory describes only the security patches add...

PT-2021-3944 · Adobe · Media Encoder

Name of the Vulnerable Software and Affected Versions: Adobe Media Encoder versions 15.2 and earlier Description: The issue is caused by a buffer overflow when parsing a specially crafted file, potentially allowing a remote attacker to execute arbitrary code. An unauthenticated attacker could...

Debian DLA-2709-1 : firefox-esr - LTS security update

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2709 advisory. - Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted...

Design/Logic Flaw

An issue was discovered in ProxyServlet.java in the /proxy servlet in Zimbra Collaboration Suite 8.8 before 8.8.15 Patch 23 and 9.x before 9.0.0 Patch 16. The value of the X-Host header overwrites the value of the Host header in proxied requests. The value of X-Host header is not checked against...

PT-2021-3528

Name of the Vulnerable Software and Affected Versions Microsoft Windows Print Spooler affected versions not specified Description The Windows Print Spooler service contains a flaw in how it handles file operations, potentially allowing a remote attacker to execute arbitrary code with SYSTEM...

Unbreakable Enterprise kernel-container security update

5.4.17-2102.202.5 - sctp: delay autoasconf init until binding the first addr Xin Long Orabug: 32907967 CVE-2021-23133 - dm ioctl: fix out of bounds array access when no devices Mikulas Patocka Orabug: 32860491 CVE-2021-31916 - uek-rpm: update kABI lists for the new symbols Saeed Mirzamohammadi...

Exploit for CVE-2021-2173

CVE-2021-2173 CVE-2021-2173 PoC is explained here: ht...

Security update for polkit (important)

openSUSE Security Update: Security update for polkit Announcement ID: openSUSE-SU-2021:0838-1 Rating: important References: 1186497 Cross-References: CVE-2021-3560 CVSS scores: CVE-2021-3560 SUSE: 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Leap 15.2 An update tha...

Security Bulletin: A vulnerability in the IBM® SDK, Java™ Technology Edition affects IBM Tivoli Network Manager CVE-2020-14782.

Summary A vulnerability exists in IBM® SDK Java™ Technology Edition, Version 8, which is used by IBM Tivoli Network Manager IP Edition v4.2, which was disclosed in the Oracle October 2020 Critical Patch Update, but deferred until the release associated with the IBM February 2021 Critical Patch...

Security update for monitoring-plugins-smart (important)

openSUSE Security Update: Security update for monitoring-plugins-smart Announcement ID: openSUSE-SU-2021:0706-1 Rating: important References: 1183057 Affected Products: openSUSE Leap 15.2 openSUSE Backports SLE-15-SP2 openSUSE Backports SLE-15-SP1 An update that contains security fixes can now be...

PT-2024-11157 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.13.0-rc1+ Description: A divide-by-zero error can be triggered in the Linux kernel by a user-supplied value, specifically the user entry size, which is used as a denominator to calculate the number of entries...

Oracle Coherence (Apr 2021 CPU)

The version of the Oracle Coherence installed on the remote host is missing a critical patch update. It is, therefore, affected by a vulnerability, as referenced in the April 2021 CPU advisory. - Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware component: Core...