Security
Headlines
HeadlinesLatestCVEs

Tag

#sql

CVE-2016-0642: Oracle Critical Patch Update Advisory - April 2016

Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local users to affect integrity and availability via vectors related to Federated.

CVE
Open in Source
#sql#vulnerability#web#mac#windows#apple#google#amazon#linux#cisco#js#java#oracle#kubernetes#intel#ldap#aws#auth#ssh#zero_day#docker#ssl
CVE-2015-7502: Red Hat Customer Portal - Access to 24x7 support and knowledge

Red Hat CloudForms 3.2 Management Engine (CFME) 5.4.4 and CloudForms 4.0 Management Engine (CFME) 5.5.0 do not properly encrypt data in the backend PostgreSQL database, which might allow local users to obtain sensitive data and consequently gain privileges by leveraging access to (1) database exports or (2) log files.

CVE-2016-0502: Oracle Critical Patch Update - January 2016

Unspecified vulnerability in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.

CVE-2015-5289: Release 9.3.10

Multiple stack-based buffer overflows in json parsing in PostgreSQL before 9.3.x before 9.3.10 and 9.4.x before 9.4.5 allow attackers to cause a denial of service (server crash) via unspecified vectors, which are not properly handled in (1) json or (2) jsonb values.

CVE-2015-4879: Oracle Critical Patch Update Advisory - October 2015

Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to DML.

CVE-2015-4734: Oracle Critical Patch Update Advisory - October 2015

Unspecified vulnerability in Oracle Java SE 6u101, 7u85 and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via vectors related to JGSS.

CVE-2015-2582: Oracle Critical Patch Update Advisory - July 2015

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to GIS.

CVE-2015-2590: Oracle Critical Patch Update Advisory - July 2015

Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2015-4732.

July 2015 Security Updates

Today we released security updates for Microsoft Windows, Microsoft Office, Microsoft SQL Server, and Internet Explorer. As a best practice, we encourage customers to apply security updates as soon as they are released. For more information about this month’s security updates and advisories visit the Security TechNet Library. You can also follow the Microsoft Security Response Center (MSRC) team on Twitter at @MSFTSecResponse

CVE-2015-3415: SQLite: Check-in [02e3c88f]

The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE TABLE statement.