Oracle

Pierluigi Paganini April 24, 2019
Zero-day vulnerability in Oracle WebLogic

Security experts are warning of a dangerous zero-day remote code vulnerability that affects the Oracle WebLogic service platform. Oracle WebLogic wls9_async and wls-wsat components are affected by a deserialization remote command execution zero-day vulnerability. This zero-day flaw affects all Weblogic versions, including the latest one, that have the wls9_async_response.war and wls-wsat.war components enabled. Oracle WebLogic Server is a Java EE application […]

Pierluigi Paganini April 08, 2019
Unofficial patches released for Java flaws disclosed by Google Project Zero

Unofficial security patches have been released for two Oracle Java Runtime Environment (RE) flaws yet to be fixed discovered by Google Project Zero researcher. Unofficial security patches have been released for two Oracle Java Runtime Environment (RE) vulnerabilities discovered by Google Project Zero researcher Mateusz Jurczyk. The company hasn’t yet released an official update to […]

Pierluigi Paganini January 18, 2019
Oracle critical patch advisory addresses 284 flaws, 33 critical

Oracle released the first critical patch advisory for 2019 that addresses a total of 284 vulnerabilities, 33 of them are rated “critical”. Let’s give a close look at some of the vulnerabilities fixed by this patch advisory. The advisory fixed the CVE-2016-1000031 flaw, a remote code execution (RCE) bug in the Apache Commons FileUpload,  disclosed in November […]

Pierluigi Paganini October 17, 2018
Brazil expert discovers Oracle flaw that allows massive DDoS attacks

Oracle has just released a security update to prevent 2.3 million servers running the RPCBIND service from being used in amplified DDoS attacks. The flaw was discovered by the Brazilian researcher Mauricio Corrêa, founder of Brazilian security company XLabs. The exploitation of this vulnerability could cause major problems on the Internet. “A proof of concept […]

Pierluigi Paganini August 13, 2018
Oracle warns of CVE-2018-3110 Critical Vulnerability in Oracle Database product, patch it now!

Last week Oracle disclosed a critical vulnerability in its Oracle Database product, the issue tracked as CVE-2018-3110 has received a CVSS score of 9.9, On Friday, Oracle released security patches to address a critical vulnerability affecting its Database product, the company is urging install them as soon as possible. The vulnerability resides in the Java VM component […]

Pierluigi Paganini June 25, 2018
Oracle issued security patches for recently discovered Spectre and Meltdown issues

Last week Oracle started releasing software and microcode updates for products affected by the recently disclosed variants of the Spectre and Meltdown flaws. In May, tech giants Intel, AMD, ARM, IBM, Microsoft and other tech firms teamed to disclose two new variants of both Meltdown and Spectre issues. The so-called Variant 4 (CVE-2018-3639) relies on a Speculative Store Bypass (SSB), […]

Pierluigi Paganini April 30, 2018
Oracle botches CVE-2018-2628 patch and hackers promptly start scanning for vulnerable WebLogic installs

According to a security expert, Oracle appears to have botched the CVE-2018-2628 fix, this means that attackers could bypass it to take over WebLogic servers. Earlier April, Oracle patched the critical CVE-2018-2628 vulnerability in Oracle WebLogic server, but an Alibaba security researcher @pyn3rd discovered that the proposed fix could be bypassed. #CVE-2018-2628 Weblogic Server Deserialization Remote […]

Pierluigi Paganini January 17, 2018
Oracle January 2018 Critical Patch Update also addresses Spectre and Meltdown

Oracle rolled out the January 2018 Critical Patch Update that includes 237 security fixes in its products, the majority of which is remotely exploitable without authentication. The January 2018 Critical Patch Update also includes security updates that address Spectre and Meltdown vulnerabilities. “The January 2018 Critical Patch Update provides fixes for certain Oracle products for the […]

Pierluigi Paganini November 17, 2017
Oracle issues emergency patches for JOLTANDBLEED flaws

JoltandBleed – Oracle issued an emergency patch for vulnerabilities affecting several of its products that rely on the proprietary Jolt protocol. Oracle issued an emergency patch for vulnerabilities affecting several of its products that rely on the proprietary Jolt protocol. The vulnerabilities were reported by experts at ERPScan who named the set of five vulnerabilities JoltandBleed. The most critical flaw […]

Pierluigi Paganini October 19, 2017
October 2017 Oracle Critical Patch Update addresses 252 Vulnerabilities

Oracle released the October 2017 Critical Patch Update (CPU) that addresses a total of 252 security vulnerabilities that affect multiple products. Most of the vulnerabilities fixed by Oracle could be remotely exploitable without authentication. This is the last Oracle Critical Patch Update of 2017, this year the tech giant already resolved 1119 vulnerabilities, or 22% […]