CVE-2021-3024

HashiCorp Vault and Vault Enterprise disclosed the internal IP address of the Vault node when responding to some invalid, unauthenticated HTTP requests. Fixed in 1.6.2 & 1.5.7...

Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition

Summary Java SE issues disclosed in the Oracle October 2020 Critical Patch Update minus CVE-2020-14781 and CVE-2020-14782. CVE-2020-14781 and CVE-2020-14782 will be covered by additional bulletins. Vulnerability Details CVEID: CVE-2020-14792 DESCRIPTION: An unspecified vulnerability in Java SE...

Oracle Coherence (Jan 2021 CPU)

The version of the Oracle Coherence installed on the remote host is missing a critical patch update. It is, therefore, affected by a vulnerability, as referenced in the January 2021 CPU advisory. - Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware component: Core Component...

Oracle Releases January 2021 Security Bulletin

Oracle has released its Critical Patch Update for January 2021 to address 329 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Oracle January 2021...

Oracle Critical Patch Update Advisory - January 2021

A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches address vulnerabilities in Oracle code and in third-party components included in Oracle products. These patches are usually cumulative, but each advisory describes only the security patches add...

PT-2021-14078

Name of the Vulnerable Software and Affected Versions: acmailer versions 4.0.1 and earlier acmailer DB versions 1.1.3 and earlier Description: The issue allows remote attackers to execute an arbitrary OS command or gain administrative privilege, potentially resulting in the obtaining of sensitive...

Security Bulletin: A security vulnerability has been identified in IBM SDK, Java Technology shipped with IBM Maximo Asset Management (CVE-2020-14782)

Summary CVE-2020-14782 was disclosed as part of the October 2020 Critical Patch Update. Java is used by Maximo Asset Management, Maximo Asset Management Essentials, Maximo Asset Management for Energy Optimization, Maximo Asset Management Essentials, Maximo Industry Solutions including Maximo for...

Hotfix XS80E005 - For Citrix Hypervisor 8.0

Who Should Install This Hotfix? This is a hotfix for customers running Citrix Hypervisor 8.0. All customers who are affected by the issues described inCTX263477 - Citrix Hypervisor Multiple Security Updatesshould install this hotfix. Ensure that you also installCTX258428 - Hotfix XS80E006 - For...

Security Bulletin: Multiple vulnerabilities in current releases of the IBM® SDK, Java™ Technology Edition affect IBM Tivoli Netcool Configuration Manager.

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8, which is used by IBM Tivoli Netcool Configuration Manager IP Edition v6.4.1 and v6.4.2, which were disclosed in the Oracle Jul 2020 Critical Patch Update. Vulnerability Details Refer to the security...

Oracle Business Intelligence Publisher Multiple Vulnerabilities (Oct 2020 CPU)

The version of Oracle Business Intelligence Publisher or Oracle Analytics Server 5.5 running on the remote host is 11.1.1.9.x prior to 11.1.1.9.201020, 12.2.1.3.x prior to 12.2.1.3.201020, 12.2.1.4.x prior to 12.2.1.4.201020, or 12.2.5.5.x OAS 5.5 prior to 12.2.5.5.201012. It is, therefore,...

Oracle Rushes Emergency Fix for Critical WebLogic Server Flaw

Oracle has released a rare out-of-band patch for a remote code-execution flaw in several versions of its WebLogic server. The vulnerability CVE-2020-14750 has a CVSS base score of 9.8 out of 10, and is remotely exploitable without authentication meaning it may be exploited over a network without...

Oracle Kills 402 Bugs in Massive October Patch Update

Business software giant Oracle is urging customers to update their systems in the October release of its quarterly Critical Patch Update CPU, which fixes 402 vulnerabilities across various product families. Well over half 272 of these vulnerabilities open products up to remote exploitation withou...

Oracle Solaris Critical Patch Update : oct2020_SRU11_4_24_75_2

This Solaris system is missing necessary patches to address critical security updates : - Vulnerability in the Oracle Solaris product of Oracle Systems component: Filesystem. The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon t...

Oracle Solaris Critical Patch Update : oct2020_SRU11_4_26_75_4

This Solaris system is missing necessary patches to address critical security updates : - Vulnerability in the Oracle Solaris product of Oracle Systems component: Kernel. The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to th...

Oracle Releases October 2020 Security Bulletin

Oracle has released its Critical Patch Update for October 2020 to address 402 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users a...

KLA11984 Multiple vulnerabilities in Oracle VirtualBox

Multiple vulnerabilities were found in Oracle VirtualBox. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service, obtain sensitive information. Below is a complete list of vulnerabilities: 1. Security vulnerability in Core component of Oracle VM...

Oracle Critical Patch Update Advisory - October 2020

A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches address vulnerabilities in Oracle code and in third-party components included in Oracle products. These patches are usually cumulative, but each advisory describes only the security patches add...

Security update for rubygem-actionpack-5_1 (important)

openSUSE Security Update: Security update for rubygem-actionpack-51 Announcement ID: openSUSE-SU-2020:1536-1 Rating: important References: 1172177 Cross-References: CVE-2020-8164 Affected Products: openSUSE Leap 15.2 An update that fixes one vulnerability is now available. Description: This updat...

CVE-2020-1074

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to...

CVE-2020-0928

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on ...