This Oracle Critical Patch Update contains a group of patches for multiple security vulnerabilities that address 327 new security patches. Some of the vulnerabilities addressed this month impact various products. These patches address vulnerabilities in Oracle code and third-party components included in Oracle products. We urge customers to apply these time-sensitive Oracle Critical Patch Updates. … Continue reading “The January 2023 Oracle Critical Patch Update”
Tag: Oracle
CISA Added a Critical Oracle Access Manager Vulnerability in its Known Exploited Vulnerability Catalog (CVE-2021-35587)
CISA has warned security agencies to patch an actively exploited vulnerability in Oracle Access Manager by adding it to its Known Exploited Vulnerabilities Catalog. Tracked as CVE-2021-35587, it is a pre-authentication remote code execution vulnerability in the Oracle Access Manager (OAM). Oracle has rated this vulnerability as critical and provided a CVSS base score of … Continue reading “CISA Added a Critical Oracle Access Manager Vulnerability in its Known Exploited Vulnerability Catalog (CVE-2021-35587)”
Oracle Releases 370 Security Patches for Various Oracle Products in October 2022 Patch Tuesday
Oracle October 2022 Patch Tuesday edition is out. The security update contains a total of 370 critical security patches affecting various Oracle product families. In this month’s update, 290 out of 370 security updates addressed are non-Oracle CVEs, or security flaws in third-party products (such as open-source components), which are exploitable in the context … Continue reading “Oracle Releases 370 Security Patches for Various Oracle Products in October 2022 Patch Tuesday”
Oracle Releases 349 Security Patches for Various Oracle Products in July 2022 Patch Tuesday
Oracle has released a patch update addressing multiple vulnerabilities in its July 2022 Patch Tuesday edition. This patch update consists of 349 critical security patches in various Oracle product families. The July 2022 Critical Patch Update contains 261 out of 349 security updates that address non-Oracle CVEs, or security flaws in third-party products (such open-source … Continue reading “Oracle Releases 349 Security Patches for Various Oracle Products in July 2022 Patch Tuesday”
Oracle Releases 520 Security Patches for Various Oracle Product Families in April 2022 Patch Tuesday
Oracle has released a critical patch update for multiple vulnerabilities in its April 2022 Patch Tuesday. This patch update consists of 520 security patches in various Oracle product families. Out of these 520 security patches, 415 are for non-Oracle CVEs that include fixes for security issues in third-party products that are exploitable in the … Continue reading “Oracle Releases 520 Security Patches for Various Oracle Product Families in April 2022 Patch Tuesday”
GRUB2 Boothole Buffer Overflow Vulnerability (CVE-2020-10713)
On 29th July 2020, a team of security researchers disclosed a high priority bug in GRUB2(GRand Unified Bootloader version 2) , affecting billions of Linux and Windows systems using secure boot. CVE-2020-10713 is assigned to this buffer overflow vulnerability, termed as “Boothole”. “Boothole” Secure Boot is designed to verify all the firmware of the computer … Continue reading “GRUB2 Boothole Buffer Overflow Vulnerability (CVE-2020-10713)”
Oracle Solaris Local Privilege Escalation Vulnerability (CVE-2020-2944)
Summary: An unusual buffer overflow vulnerability. that allows LPE was observed prior to April’s PT (patch-tuesday) in various Oracle Solaris platform. The researcher have published a POC publicly that was acclaimed by Oracle as well for CVE-2020-2944. Description: A buffer overflow in the _SanityCheck() function in the Common Desktop Environment version distributed with Oracle Solaris … Continue reading “Oracle Solaris Local Privilege Escalation Vulnerability (CVE-2020-2944)”
Oracle WebLogic Server deserialization bug to remote code execution vulnerability (CVE-2020-2555)
Summary: Oracle WebLogic Server is a Java EE application server currently developed by Oracle Corporation. In the Oracle Critical Patch Update Advisory – January 2020, Oracle officially fixed a high-risk vulnerability (CVE-2020-2555) that affect to Oracle Coherence library in Oracle WebLogic Server. Description: Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 protocol to … Continue reading “Oracle WebLogic Server deserialization bug to remote code execution vulnerability (CVE-2020-2555)”
Oracle WebLogic Deserialization Vulnerability : CVE-2018-2893
A deserialization vulnerability in Oracle WebLogic has been disclosed by multiple 3rd party researchers and organizations. The vulnerability allows unauthenticated attackers to compromise WebLogic server via T3 protocol. The affected component is WLS Core components. Upon successful exploitation an attacker can take over the target server via remote code execution .CVE-2018-2893 has been assigned to … Continue reading “Oracle WebLogic Deserialization Vulnerability : CVE-2018-2893”
Oracle WebLogic Remote Upload Vulnerability : CVE-2018-2894
In the month of July 2018 Oracle had released advisory addressing many vulnerabilities in its suit of products. In this post will discuss about CVE-2018-2894. It is a remote file upload vulnerability in WebLogic server due to improper authentication enforcement. Normally this page should not be accessible without authentication. The affected versions are 10.3.6.0, 12.1.3.0, 12.2.1.2, … Continue reading “Oracle WebLogic Remote Upload Vulnerability : CVE-2018-2894”
