Solaris 11.4 - xscreensaver Privilege Escalation

@Mediaservice.net Security Advisory 2019-02 last updated on 2019-10-16 Title: Local privilege escalation on Solaris 11.x via xscreensaver Application: Jamie Zawinski's xscreensaver 5.39 distributed with Solaris 11.4 Jamie Zawinski's xscreensaver 5.15 distributed with Solaris 11.3 Other versions...

Oracle E-Business Suite Multiple Vulnerabilities (Oct 2019 CPU)

The version of Oracle E-Business installed on the remote host is missing the October 2019 Oracle Critical Patch Update CPU. It is, as noted in the October 2019 Critical Patch Update advisory, affected by flaws in the following components : - Oracle Advanced Outbound Telephony - Oracle Application...

MySQL 8.0.x < 8.0.18 Multiple Vulnerabilities (Oct 2019 CPU)

The version of MySQL running on the remote host is 8.0.x prior to 8.0.18. It is, therefore, affected by multiple vulnerabilities, including three of the top vulnerabilities below, as noted in the October 2019 Critical Patch Update advisory: - Vulnerability in the MySQL Server product of Oracle...

MySQL 5.7.x < 5.7.28 Multiple Vulnerabilities (Oct 2019 CPU)

The version of MySQL running on the remote host is 5.7.x prior to 5.7.28. It is, therefore, affected by multiple vulnerabilities, including three of the top vulnerabilities below, as noted in the October 2019 Critical Patch Update advisory: - Vulnerabilities in the MySQL Server product of Oracle...

Oracle Solaris Critical Patch Update : oct2019_SRU11_4_14_5_0

This Solaris system is missing necessary patches to address a critical security update : - Vulnerability in the Oracle Solaris product of Oracle Systems component: Filesystem. Supported versions that are affected are 10 and 11. Difficult to exploit vulnerability allows low privileged attacker wit...

Oracle Solaris Critical Patch Update : oct2019_SRU11_4_13_4_0

This Solaris system is missing necessary patches to address critical security updates : - Vulnerability in the Oracle Solaris product of Oracle Systems component: SMF services & legacy daemons. The supported version that is affected is 11. Difficult to exploit vulnerability allows low privileged...

Oracle Releases October 2019 Security Bulletin

Oracle has released its Critical Patch Update for October 2019 to address 219 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users a...

Oracle October 2019 Critical Patch Update Multiple Vulnerabilities

Description Oracle has released an advance notification regarding the October 2019 Critical Patch Update CPU to be released on October 15, 2019. The update addresses 240 vulnerabilities affecting the following software: Oracle Database Server, versions 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, 19c Oracl...

patch security update

2.7.1-12 - Fixed CVE-2018-20969, invoke ed directly instead of using the shell...

CVE-2019-11651

The CVE-2019-11651 entry concerns a Reflected XSS in Micro Focus Enterprise Developer and Enterprise Server . All versions prior to specific patch updates are affected (3.0 Patch Update 20, 4.0 Patch Update 12, 5.0 Patch Update 2). The vulnerability could be exploited to redirect users to a malic...

CVE-2019-11651

Reflected XSS on Micro Focus Enterprise Developer and Enterprise Server, all versions prior to version 3.0 Patch Update 20, version 4.0 Patch Update 12, and version 5.0 Patch Update 2. The vulnerability could be exploited to redirect a user to a malicious page or forge certain types of web reques...

PT-2019-14787 · Imagemagick +4 · Imagemagick +4

Name of the Vulnerable Software and Affected Versions: ImageMagick version 7.0.8-43 Description: The issue is related to a memory leak in the Huffman2DEncodeImage function, located in the coders/ps3.c file, as demonstrated by the WritePS3Image function. This memory leak can potentially lead to...

Fedora 29 : python-mitogen (2019-1f17485159)

Latest upstream 0.2.8 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C Tenable Network Security,...

Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition

Summary Java SE issues disclosed in the Oracle July 2019 Critical Patch Update, plus four additional vulnerabilities Vulnerability Details VULNERABILITY DETAILS: CVE IDs: CVE-2019-7317 CVE-2019-2769 CVE-2019-2762 CVE-2019-2816 CVE-2019-2786 CVE-2019-2766 CVE-2019-11772 CVE-2019-11775 CVE-2019-447...

Google Discloses 20-Year-Old Unpatched Flaw Affecting All Versions of Windows

Update — With this month's patch Tuesday updates, Microsoft has finally addressed this vulnerability, tracked as CVE-2019-1162, by correcting how the Windows operating system handles calls to Advanced Local Procedure Call ALPC. A Google security researcher has just disclosed details of a...

Security update for vlc (important)

openSUSE Security Update: Security update for vlc Announcement ID: openSUSE-SU-2019:1840-1 Rating: important References: 1118586 1138354 1138933 1141522 1142161 1143547 1143549 Cross-References: CVE-2018-19857 CVE-2019-12874 CVE-2019-13602 CVE-2019-13962 CVE-2019-5439 CVE-2019-5459 CVE-2019-5460...

Debian DLA-1864-1 : patch security update

An issue with quoting has been found in patch, a tool to apply a diff file to an original, when invoking ed. In order to avoid this, ed is now directly started instead of calling a shell which starts ed. For Debian 8 'Jessie', this problem has been fixed in version 2.7.5-1+deb8u3. We recommend th...

Critical RCE Flaw in Palo Alto Gateways Hits Uber

A remote code-execution RCE vulnerability has been uncovered in the GlobalProtect portal and GlobalProtect Gateway interface security products from Palo Alto Networks. It’s an unusual zero-day case, having been previously unknown but inadvertently fixed in later releases — but some large companie...

Oracle Identity Manager Remote Security Vulnerability (Jul 2019 CPU)

The remote host is missing the July 2019 Critical Patch Update for Oracle Identity Manager. It is, therefore, affected by an unspecified vulnerability in the Advanced Console of Oracle Identity Manager, which could allow an authenticated, remote attacker via HTTP to compromise Oracle Identity...

Oracle Database Server Multiple Vulnerabilities (Jul 2019 CPU)

The remote Oracle Database Server is missing the July 2019 Critical Patch Update CPU. It is, therefore, affected by multiple vulnerabilities : - An unspecified vulnerability in the Spatial component of Oracle Database Server, which could allow an authenticated, remote attacker to cause a partial...