#oracle

Microsoft on Tuesday rolled out fixes for as many as 74 security vulnerabilities, including one for a zero-day bug that's being actively exploited in the wild. Of the 74 issues, seven are rated Critical, 66 are rated Important, and one is rated low in severity. Two of the flaws are listed as publicly known at the time of release. These encompass 24 remote code execution (RCE), 21 elevation of

Company delivers new vulnerability management offering to help resource-constrained organizations combat increasing attacks on mission-critical SAP applications .

Hotel Management System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter at the login page.

Hotel Management System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter at the login page.

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between April 29 and May 6. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,... [[ This is only the beginning! Please visit the blog for the complete entry ]]

Red Hat Security Advisory 2022-1716-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. Issues addressed include bypass, crlf injection, and memory leak vulnerabilities.

New packages for Red Hat Ceph Storage 4.3 are now available on Red Hat Enterprise Linux 8.5. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-25658: python-rsa: bleichenbacher timing oracle attack against RSA decryption * CVE-2021-3524: ceph object gateway: radosgw: CRLF injection * CVE-2021-3979: ceph: Ceph volume does not honour osd_dmcrypt_key_size

After extensive testing on RHEL 8.2, 8.4, 8.6 and 9 using the SAP HANA validation test suite, Red Hat’s engineering team concluded that SELinux can run in Enforcing mode with minimal impact to database performance. This is important because it means that RHEL customers will be able to apply higher security levels to their hosts running SAP HANA and tailor the policies to their needs.

SAP NetWeaver JAVA suffers from a denial of service vulnerability.

SAP Web Dispatcher suffers from an HTTP request smuggling vulnerability.