Security
Headlines
HeadlinesLatestCVEs

Tag

#sql

CVE-2015-2582: Oracle Critical Patch Update Advisory - July 2015

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to GIS.

CVE
Open in Source
#sql#vulnerability#web#mac#windows#apple#google#microsoft#linux#red_hat#apache#memcached#js#java#oracle#kubernetes#intel#ldap#auth#zero_day#docker#wifi#ssl
CVE-2015-2590: Oracle Critical Patch Update Advisory - July 2015

Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2015-4732.

July 2015 Security Updates

Today we released security updates for Microsoft Windows, Microsoft Office, Microsoft SQL Server, and Internet Explorer. As a best practice, we encourage customers to apply security updates as soon as they are released. For more information about this month’s security updates and advisories visit the Security TechNet Library. You can also follow the Microsoft Security Response Center (MSRC) team on Twitter at @MSFTSecResponse

CVE-2015-3415: SQLite: Check-in [02e3c88f]

The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE TABLE statement.

CVE-2015-3416: SQLite: Check-in [c494171f]

The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement.

CVE-2015-0501: Oracle Critical Patch Update - April 2015

Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Compiling.

CVE-2015-0480: Oracle Critical Patch Update - April 2015

Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect integrity and availability via unknown vectors related to Tools.

CVE-2015-1352: security - Re: CVE Request: PHP

The build_tablename function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP through 5.6.7 does not validate token extraction for table names, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted name.

CVE-2015-1385: Full Disclosure: Blubrry PowerPress Security Advisory - XSS Vulnerability

Cross-site scripting (XSS) vulnerability in the Blubrry PowerPress Podcasting plugin before 6.0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cat parameter in a powerpress-editcategoryfeed action in the powerpressadmin_categoryfeeds.php page to wp-admin/admin.php.

CVE-2015-0391: Oracle Critical Patch Update Advisory - January 2015

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.