Microsoft DirectWrite / AFDKO suffers from an out-of-bounds read vulnerability in OpenType font handling due to undefined FontName index.

MD5 | 15c7ccf9e674ae48cbdea2b4707dd238

Microsoft DirectWrite / AFDKO suffers from multiple bugs in OpenType font handling related to the “post” table.

MD5 | 03a8863a15856003f71eeae5cd1770df

Microsoft DirectWrite / AFDKO suffers from a NULL pointer dereferences vulnerability in OpenType font handling while accessing empty dynarrays.

MD5 | 3952521fdd8e47962dae0060e8032151

pArAnoIA is a toolkit designed to surf the Internet. It’s a browser with TOR built-in, spoofing of user-agent and other functions, ensures strict use of TLS, and more.

MD5 | e2a44992ab1bd2de5febbdf82d4f685c

Oracle has released an advance notification regarding the July 2019 Critical Patch Update (CPU) to be released on July 16, 2019. The update addresses 322 vulnerabilities affecting the following software:
Application Express, versions 5.1, 18.2
Oracle Database Server, versions 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, 19c
Oracle Global Lifecycle Management OPatchAuto, versions prior to 12.2.0.1.14
Oracle Berkeley DB, versions 12.1.6.1.23, 12.1.6.1.26, 12.1.6.1.29, 12.1.6.1.36, 12.1.6.2.23, 12.1.6.2.32
Oracle Communications Application Session Controller, versions 3.7.1, 3.8.0
Oracle Communications Billing and Revenue Management, versions 7.5, 12.0
Oracle Communications Converged Application Server, versions 5.1, 7.0, 7.1
Oracle Communications Converged Application Server – Service Controller, versions 6.0, 6.1
Oracle Communications Convergence, version 3.0.2
Oracle Communications Diameter Signaling Router (DSR), versions 8.0, 8.1, 8.2, 8.3
Oracle Communications EAGLE (Software), versions 46.5, 46.6, 46.7
Oracle Communications Instant Messaging Server, version 10.0.1.2.0
Oracle Communications Interactive Session Recorder, versions 6.0, 6.1, 6.2
Oracle Communications Messaging Server, versions 8.0.2, 8.1.0
Oracle Communications Online Mediation Controller, version 6.1
Oracle Communications Unified, version 8.0.0.2.0
Instantis EnterpriseTrack, versions 17.1, 17.2, 17.3
Primavera Analytics, version 18.8
Primavera Gateway, versions 15.2, 16.2, 17.12, 18.8
Primavera Unifier, versions 16.1, 16.2, 17.7 – 17.12, 18.8
Oracle E-Business Suite, versions 12.1.1 – 12.1.3, 12.2.3 – 12.2.8
Enterprise Manager Base Platform, versions 12.1.0.5.0, 13.2.0.0.0, 13.3.0.0.0
Enterprise Manager for Fusion Middleware, versions 13.2, 13.3
Enterprise Manager for Virtualization, versions 13.1, 13.2, 13.3
Enterprise Manager Ops Center, versions 12.3.3, 12.4.0
Oracle Application Testing Suite, versions 13.1, 13.2, 13.3
Oracle Enterprise Manager Base Platform, versions 12.1.0.5.0, 13.2.0.0.0, 13.3.0.0.0
Oracle Banking Platform, versions 2.4.0 – 2.7.1
Oracle Financial Services – Regulatory Reporting for Reserve Bank of India – Lombard Risk Integration Pack, version 8.0.7
Oracle Financial Services – Regulatory Reporting for US Federal Reserve – Lombard Risk Integration Pack, versions 8.0.4 – 8.0.7
Oracle Financial Services Analytical Applications Infrastructure, versions 7.3.3 – 7.3.5, 8.0.2 – 8.0.8
Oracle Financial Services Analytical Applications Reconciliation Framework, versions 8.0.4 – 8.0.7
Oracle Financial Services Asset Liability Management, versions 8.0.4 – 8.0.7
Oracle Financial Services Basel Regulatory Capital Basic, versions 8.0.4 – 8.0.7
Oracle Financial Services Basel Regulatory Capital Internal Ratings Based Approach, versions 8.0.4 – 8.0.7
Oracle Financial Services Data Foundation, versions 8.0.4 – 8.0.8
Oracle Financial Services Data Integration Hub, versions 8.0.5 – 8.0.7
Oracle Financial Services Funds Transfer Pricing, versions 8.0.4 – 8.0.7
Oracle Financial Services Hedge Management and IFRS Valuations, versions 8.0.4 – 8.0.7
Oracle Financial Services Institutional Performance Analytics, versions 8.0.4 – 8.0.7
Oracle Financial Services Liquidity Risk Management, versions 8.0.1, 8.0.2, 8.0.4, 8.0.5, 8.0.6
Oracle Financial Services Liquidity Risk Measurement and Management, versions 8.0.7, 8.0.8
Oracle Financial Services Loan Loss Forecasting and Provisioning, versions 8.0.2 – 8.0.7
Oracle Financial Services Market Risk Measurement and Management, versions 8.0.5, 8.0.6, 8.0.8
Oracle Financial Services Price Creation and Discovery, versions 8.0.4 – 8.0.7
Oracle Financial Services Profitability Management, versions 8.0.4 – 8.0.7
Oracle Financial Services Regulatory Reporting for European Banking Authority, versions 8.0.6, 8.0.7
Oracle Financial Services Regulatory Reporting for European Banking Authority – Integration Pack for Lombard Risk, versions 8.0.6, 8.0.7
Oracle Financial Services Regulatory Reporting for US Federal Reserve, versions 8.0.4 – 8.0.7
Oracle Financial Services Retail Customer Analytics, versions 8.0.4 – 8.0.6
Oracle Financial Services Revenue Management and Billing, versions 2.4.0.0, 2.4.0.1
Oracle FLEXCUBE Core Banking, versions 5.2.0, 11.6.0, 11.7.0, 11.8.0
Oracle FLEXCUBE Enterprise Limits and Collateral Management, versions 12.0, 12.1
Oracle FLEXCUBE Investor Servicing, versions 12.0.1, 12.0.3, 12.0.4, 12.1.0, 12.3.0, 12.4.0, 14.0.0, 14.1.0
Oracle FLEXCUBE Private Banking, versions 12.0.1, 12.0.3, 12.1.0
Oracle FLEXCUBE Universal Banking, versions 12.0.1 – 12.0.3, 12.1.0 – 12.4.0, 14.0.0 – 14.2.0
Oracle Insurance Allocation Manager for Enterprise Profitability, version 8.0.8
Oracle Insurance Data Foundation, versions 8.0.4 – 8.0.7
Oracle Insurance IFRS 17 Analyzer, versions 8.0.6, 8.0.7
Oracle Insurance Performance Insight, version 8.0.7
Oracle Hospitality Gift and Loyalty, versions 9.0.0, 9.1.0
Oracle Hospitality Simphony, version 18.2.1
Oracle BI Publisher, versions 11.1.1.9.0, 12.2.1.3.0
Oracle Business Intelligence Enterprise Edition, versions 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0
Oracle Data Integrator, version 12.2.1.3.0
Oracle Endeca Information Discovery Integrator, version 3.2.0
Oracle Endeca Server, version 7.7.0
Oracle Enterprise Repository, version 12.1.3.0.0
Oracle HTTP Server, versions 11.1.1.9.0, 12.1.3.0.0, 12.2.1.3.0
Oracle Identity Manager, versions 11.1.2.2.0, 11.1.2.3.0, 12.2.1.3.0
Oracle Outside In Technology, version 8.5.4
Oracle Security Service, versions 11.1.1.9.0, 12.1.3.0.0, 12.2.1.3.0
Oracle SOA Suite, version 12.2.1.3.0
Oracle WebCenter Sites, version 12.2.1.3.0
Oracle WebLogic Server, versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0
Oracle Hospitality Guest Access, versions 4.2, 4.2.1
Oracle Hospitality Suite8, versions 8.9.6, 8.10.2, 8.11 – 8.14
Oracle Hyperion Planning, version 11.1.2.4
Oracle Hyperion Workspace, version 11.1.2.4
Oracle Insurance Calculation Engine, versions 9.7, 10.0, 10.1, 10.2
Oracle Insurance Policy Administration J2EE, versions 10.0, 10.1, 10.2, 11.0
Oracle Insurance Rules Palette, versions 10.0, 10.1, 10.2, 11.0
Oracle Java SE, versions 7u221, 8u212, 11.0.3, 12.0.1
Oracle Java SE Embedded, version 8u211
Oracle GraalVM Enterprise Edition, version 19.0.0
JD Edwards EnterpriseOne Tools, version 9.2
JD Edwards World Security, versions A9.3, A9.3.1, A9.4
MySQL Enterprise Monitor, versions 4.0.9 and prior, 8.0.14 and prior
MySQL Server, versions 5.6.44 and prior, 5.7.26 and prior, 8.0.16 and prior
MySQL Workbench, versions 8.0.16 and prior
PeopleSoft Enterprise FIN Project Costing, version 9.2
PeopleSoft Enterprise PeopleTools, versions 8.55, 8.56, 8.57
PeopleSoft Enterprise PT PeopleTools, versions 8.55, 8.56, 8.57
MICROS Retail XBRi Loss Prevention, versions 10.8.0 – 10.8.3
MICROS Retail-J, versions 12.1.0, 12.1.1, 12.1.2, 13.1
Oracle Retail Advanced Inventory Planning, version 15.0
Oracle Retail Customer Engagement, versions 11.4, 16.0, 17.0, 18.0
Oracle Retail Customer Management and Segmentation Foundation, versions 16.0, 17.0, 18.0
Oracle Retail Financial Integration, versions 14.0, 14.1, 15.0, 16.0
Oracle Retail Integration Bus, versions 15.0, 16.0
Oracle Retail Order Broker, versions 5.2, 15.0
Oracle Retail Order Management System, version 5.0
Oracle Retail Predictive Application Server, versions 14.0.3.26, 14.1.3.37, 15.0.3.100, 16.0
Oracle Retail Service Backbone, version 16.0.1
Oracle Retail Xstore Office, versions 7.0, 7.1
Oracle Retail Xstore Point of Service, versions 7.0, 7.1, 15.0, 16.0, 17.0, 18.0
Siebel Applications, versions 19.0 and prior
Oracle Solaris, versions 10, 11.3, 11.4
StorageTek Tape Analytics SW Tool, version 2.3.0
Sun ZFS Storage Appliance Kit (AK), versions 8.8.3, 8.8.6
Tape Virtual Storage Manager GUI, version 6.2
Oracle Agile Engineering Data Management, versions 6.2.0, 6.2.1
Oracle Agile PLM, versions 9.3.3, 9.3.4, 9.3.5, 9.3.6
Oracle Demantra Demand Management, version 7.3.1.5.2
Oracle Transportation Management, version 6.3.7
Diagnostic Assistant, versions prior to 2.12.36
Oracle Clusterware, version 12.1.0.2.0
Services Tools Bundle, version 19.2
Oracle Utilities Advanced Spatial and Operational Analytics, version 2.7.0.1
Oracle Utilities Framework, versions 4.3.0.2.0 – 4.3.0.6.0, 4.4.0.0.0
Oracle VM VirtualBox, versions prior to 5.2.32, prior to 6.1
Exploiting the most severe of these vulnerabilities may potentially compromise the database server or the host operating system.

Information

Bugtraq ID: 109125

Class: Unknown

CVE:

Remote: Yes

Local: Yes

Published: Jul 12 2019 12:00AM

Updated: Jul 12 2019 12:00AM

Credit: Oracle

Vulnerable: Oracle Weblogic Server 12.2.1.3.0
Oracle Weblogic Server 12.1.3.0.0
Oracle Weblogic Server 10.3.6.0.0
Oracle WebCenter Sites 12.2.1.3.0
Oracle VM VirtualBox 6.0.6
Oracle VM VirtualBox 6.0.4
Oracle VM VirtualBox 6.0.2
Oracle VM VirtualBox 6.0
Oracle VM VirtualBox 5.2.28
Oracle VM VirtualBox 5.2.26
Oracle VM VirtualBox 5.2.25
Oracle VM VirtualBox 5.2.24
Oracle VM VirtualBox 5.2.22
Oracle VM VirtualBox 5.2.20
Oracle Utilities Framework 4.4.0.0.0
Oracle Utilities Framework 4.3.0.6.0
Oracle Utilities Framework 4.3.0.5.0
Oracle Utilities Framework 4.3.0.2.0
Oracle Utilities Advanced Spatial and Operational Analytics 2.7.0.1
Oracle Transportation Management 6.3.7
Oracle Tape Virtual Storage Manager GUI 6.2
Oracle Sun ZFS Storage Appliance Kit (AK) 8.8.6
Oracle Sun ZFS Storage Appliance Kit (AK) 8.8.3
Oracle Solaris 11.4
Oracle Solaris 11.3
Oracle Solaris 10
Oracle SOA Suite 12.2.1.3.0
Oracle Siebel Applications 19.0
Oracle Services Tools Bundle 19.2
Oracle Security Service 12.2.1.3.0
Oracle Security Service 12.1.3.0.0
Oracle Security Service 11.1.1.9.0
Oracle Retail Xstore Point of Service 7.1
Oracle Retail Xstore Point of Service 7.0
Oracle Retail Xstore Point of Service 18.0
Oracle Retail Xstore Point of Service 17.0
Oracle Retail Xstore Point of Service 16.0
Oracle Retail Xstore Point of Service 15.0
Oracle Retail Xstore Office 7.1
Oracle Retail Xstore Office 7.0
Oracle Retail Service Backbone 16.0.1
Oracle Retail Predictive Application Server 16.0
Oracle Retail Predictive Application Server 15.0.3.100
Oracle Retail Predictive Application Server 14.1.3.37
Oracle Retail Predictive Application Server 14.0.3.26
Oracle Retail Order Management System 5.0
Oracle Retail Order Broker 5.2
Oracle Retail Order Broker 15.0
Oracle Retail Integration Bus 16.0
Oracle Retail Integration Bus 15.0
Oracle Retail Financial Integration 16.0
Oracle Retail Financial Integration 15.0
Oracle Retail Financial Integration 14.1
Oracle Retail Financial Integration 14.0
Oracle Retail Customer Management and Segmentation Foundation 18.0
Oracle Retail Customer Management and Segmentation Foundation 17.0
Oracle Retail Customer Management and Segmentation Foundation 16.0
Oracle Retail Customer Engagement 18.0
Oracle Retail Customer Engagement 17.0
Oracle Retail Customer Engagement 16.0
Oracle Retail Customer Engagement 11.4
Oracle Retail Advanced Inventory Planning 15.0
Oracle Primavera Unifier 18.8
Oracle Primavera Unifier 17.7
Oracle Primavera Unifier 17.12
Oracle Primavera Unifier 16.2
Oracle Primavera Unifier 16.1
Oracle Primavera Gateway 18.8
Oracle Primavera Gateway 17.12
Oracle Primavera Gateway 16.2
Oracle Primavera Gateway 15.2
Oracle Primavera Analytics 18.8
Oracle PeopleSoft Enterprise PT PeopleTools 8.57
Oracle PeopleSoft Enterprise PT PeopleTools 8.56
Oracle PeopleSoft Enterprise PT PeopleTools 8.55
Oracle PeopleSoft Enterprise PeopleTools 8.57
Oracle PeopleSoft Enterprise PeopleTools 8.56
Oracle PeopleSoft Enterprise PeopleTools 8.55
Oracle PeopleSoft Enterprise FIN Project Costing 9.2
Oracle Outside In Technology 8.5.4
Oracle OFS REG REP US FED 8.0.7
Oracle OFS REG REP US FED 8.0.4
Oracle OFS REG REP RBI 8.0.7
Oracle OFS REG REP EBA 8.0.7
Oracle OFS REG REP EBA 8.0.6
Oracle MICROS Retail-J 12.1.2
Oracle MICROS Retail-J 12.1.1
Oracle MICROS Retail-J 13.1
Oracle MICROS Retail-J 12.1
Oracle MICROS Retail XBRi Loss Prevention 10.8.3
Oracle MICROS Retail XBRi Loss Prevention 10.8.1
Oracle MICROS Retail XBRi Loss Prevention 10.8
Oracle JRE(Windows Production Release) 12.0.1
Oracle JRE(Windows Production Release) 11.0.3
Oracle JRE(Windows Production Release) 1.8 Update 212
Oracle JRE(Windows Production Release) 1.7 Update 221
Oracle JRE(Solaris Production Release) 12.0.1
Oracle JRE(Solaris Production Release) 11.0.3
Oracle JRE(Solaris Production Release) 1.8 Update 212
Oracle JRE(Solaris Production Release) 1.7 Update 221
Oracle JRE(macOS Production Release) 12.0.1
Oracle JRE(macOS Production Release) 11.0.3
Oracle JRE(macOS Production Release) 1.8 Update 212
Oracle JRE(macOS Production Release) 1.7 Update 221
Oracle JRE(Linux Production Release) 12.0.1
Oracle JRE(Linux Production Release) 11.0.3
Oracle JRE(Linux Production Release) 1.8 Update 212
Oracle JRE(Linux Production Release) 1.7 Update 221
Oracle JDK(Windows Production Release) 12.0.1
Oracle JDK(Windows Production Release) 11.0.3
Oracle JDK(Windows Production Release) 1.8 Update 212
Oracle JDK(Windows Production Release) 1.7 Update 221
Oracle JDK(Solaris Production Release) 12.0.1
Oracle JDK(Solaris Production Release) 11.0.3
Oracle JDK(Solaris Production Release) 1.8 Update 212
Oracle JDK(Solaris Production Release) 1.7 Update 221
Oracle JDK(macOS Production Release) 12.0.1
Oracle JDK(macOS Production Release) 11.0.3
Oracle JDK(macOS Production Release) 1.8 Update 212
Oracle JDK(macOS Production Release) 1.7 Update 221
Oracle JDK(Linux Production Release) 12.0.1
Oracle JDK(Linux Production Release) 11.0.3
Oracle JDK(Linux Production Release) 1.8 Update 212
Oracle JDK(Linux Production Release) 1.7 Update 221
Oracle Java SE Embedded 8u211
Oracle Insurance Performance Insight 8.0.7
Oracle Insurance IFRS 17 Analyzer 8.0.7
Oracle Insurance IFRS 17 Analyzer 8.0.6
Oracle Insurance Data Foundation 8.0.7
Oracle Insurance Data Foundation 8.0.5
Oracle Insurance Data Foundation 8.0.4
Oracle Insurance Allocation Manager for Enterprise Profitability 8.0.8
Oracle Instantis EnterpriseTrack 17.3
Oracle Instantis EnterpriseTrack 17.2
Oracle Instantis EnterpriseTrack 17.1
Oracle Identity Manager 12.2.1.3.0
Oracle Identity Manager 11.1.2.3.0
Oracle Identity Manager 11.1.2.2.0
Oracle Hyperion Workspace 11.1.2.4
Oracle Hyperion Planning 11.1.2.4
Oracle HTTP Server 12.2.1.3.0
Oracle HTTP Server 12.1.3.0.0
Oracle HTTP Server 11.1.1.9.0
Oracle Hospitality Suite8 8.9.6
Oracle Hospitality Suite8 8.14
Oracle Hospitality Suite8 8.11
Oracle Hospitality Suite8 8.10.2
Oracle Hospitality Simphony 18.2.1
Oracle Hospitality Guest Access 4.2.1
Oracle Hospitality Guest Access 4.2
Oracle Hospitality Gift and Loyalty 9.1
Oracle Hospitality Gift and Loyalty 9.0
Oracle Global Lifecycle Management OPatchAuto 12.2.0.1.0
Oracle FLEXCUBE Universal Banking 14.2
Oracle FLEXCUBE Universal Banking 14.0
Oracle FLEXCUBE Universal Banking 12.4
Oracle FLEXCUBE Universal Banking 12.3
Oracle FLEXCUBE Universal Banking 12.2
Oracle FLEXCUBE Universal Banking 12.1
Oracle FLEXCUBE Universal Banking 12.0.3
Oracle FLEXCUBE Universal Banking 12.0.2
Oracle FLEXCUBE Universal Banking 12.0.1
Oracle FLEXCUBE Universal Banking 14.1.0
Oracle FLEXCUBE Private Banking 12.1
Oracle FLEXCUBE Private Banking 12.0.3
Oracle FLEXCUBE Private Banking 12.0.1
Oracle FLEXCUBE Investor Servicing 14.1
Oracle FLEXCUBE Investor Servicing 14.0
Oracle FLEXCUBE Investor Servicing 12.4
Oracle FLEXCUBE Investor Servicing 12.3
Oracle FLEXCUBE Investor Servicing 12.1
Oracle FLEXCUBE Investor Servicing 12.0.4
Oracle FLEXCUBE Investor Servicing 12.0.3
Oracle FLEXCUBE Investor Servicing 12.0.1
Oracle FLEXCUBE Enterprise Limits and Collateral Management 12.0
Oracle FLEXCUBE Enterprise Limits and Collateral Management 12.1
Oracle FLEXCUBE Core Banking 11.8
Oracle FLEXCUBE Core Banking 11.7
Oracle FLEXCUBE Core Banking 11.6
Oracle FLEXCUBE Core Banking 5.2
Oracle Financial Services Revenue Management and Billing 2.4.0.1
Oracle Financial Services Revenue Management and Billing 2.4.0.0.0
Oracle Financial Services Retail Customer Analytics 8.0.6
Oracle Financial Services Retail Customer Analytics 8.0.5
Oracle Financial Services Retail Customer Analytics 8.0.4
Oracle Financial Services Regulatory Reporting for US Federal Reserve 8.0.7
Oracle Financial Services Regulatory Reporting for US Federal Reserve 8.0.4
Oracle Financial Services Regulatory Reporting for European Banking Aut 8.0.7
Oracle Financial Services Regulatory Reporting for European Banking Aut 8.0.6
Oracle Financial Services Profitability Management 8.0.7
Oracle Financial Services Profitability Management 8.0.6
Oracle Financial Services Profitability Management 8.0.5
Oracle Financial Services Profitability Management 8.0.4
Oracle Financial Services Price Creation and Discovery 8.0.7
Oracle Financial Services Price Creation and Discovery 8.0.5
Oracle Financial Services Price Creation and Discovery 8.0.4
Oracle Financial Services Market Risk Measurement and Management 8.0.8
Oracle Financial Services Market Risk Measurement and Management 8.0.6
Oracle Financial Services Market Risk Measurement and Management 8.0.5
Oracle Financial Services Loan Loss Forecasting and Provisioning 8.0.7
Oracle Financial Services Loan Loss Forecasting and Provisioning 8.0.5
Oracle Financial Services Loan Loss Forecasting and Provisioning 8.0.4
Oracle Financial Services Loan Loss Forecasting and Provisioning 8.0.3
Oracle Financial Services Loan Loss Forecasting and Provisioning 8.0.2
Oracle Financial Services Liquidity Risk Measurement and Management 8.0.8
Oracle Financial Services Liquidity Risk Measurement and Management 8.0.7
Oracle Financial Services Liquidity Risk Management 8.0.6
Oracle Financial Services Liquidity Risk Management 8.0.5
Oracle Financial Services Liquidity Risk Management 8.0.4
Oracle Financial Services Liquidity Risk Management 8.0.2
Oracle Financial Services Liquidity Risk Management 8.0.1
Oracle Financial Services Institutional Performance Analytics 8.0.7
Oracle Financial Services Institutional Performance Analytics 8.0.5
Oracle Financial Services Institutional Performance Analytics 8.0.4
Oracle Financial Services Hedge Management and IFRS Valuations 8.0.7
Oracle Financial Services Hedge Management and IFRS Valuations 8.0.5
Oracle Financial Services Hedge Management and IFRS Valuations 8.0.4
Oracle Financial Services Funds Transfer Pricing 8.0.7
Oracle Financial Services Funds Transfer Pricing 8.0.5
Oracle Financial Services Funds Transfer Pricing 8.0.4
Oracle Financial Services Data Integration Hub 8.0.7
Oracle Financial Services Data Integration Hub 8.0.5
Oracle Financial Services Data Foundation 8.0.8
Oracle Financial Services Data Foundation 8.0.5
Oracle Financial Services Data Foundation 8.0.4
Oracle Financial Services Basel Regulatory Capital Internal Ratings Bas 8.0.7
Oracle Financial Services Basel Regulatory Capital Internal Ratings Bas 8.0.4
Oracle Financial Services Basel Regulatory Capital Basic 8.0.7
Oracle Financial Services Basel Regulatory Capital Basic 8.0.4
Oracle Financial Services Asset Liability Management 8.0.7
Oracle Financial Services Asset Liability Management 8.0.5
Oracle Financial Services Asset Liability Management 8.0.4
Oracle Financial Services Analytical Applications Reconciliation Framew 8.0.7
Oracle Financial Services Analytical Applications Reconciliation Framew 8.0.4
Oracle Financial Services Analytical Applications Infrastructure 8.0.8
Oracle Financial Services Analytical Applications Infrastructure 8.0.7
Oracle Financial Services Analytical Applications Infrastructure 8.0.6
Oracle Financial Services Analytical Applications Infrastructure 8.0.5
Oracle Financial Services Analytical Applications Infrastructure 8.0.4
Oracle Financial Services Analytical Applications Infrastructure 8.0.3
Oracle Financial Services Analytical Applications Infrastructure 8.0.2
Oracle Financial Services Analytical Applications Infrastructure 7.3.5
Oracle Financial Services Analytical Applications Infrastructure 7.3.4
Oracle Financial Services Analytical Applications Infrastructure 7.3.3
Oracle Enterprise Repository 12.1.3.0.0
Oracle Enterprise Manager Ops Center 12.4
Oracle Enterprise Manager Ops Center 12.3.3
Oracle Enterprise Manager for Virtualization 13.3
Oracle Enterprise Manager for Virtualization 13.2
Oracle Enterprise Manager for Virtualization 13.1
Oracle Enterprise Manager for Fusion Middleware 13.3
Oracle Enterprise Manager for Fusion Middleware 13.2
Oracle Enterprise Manager Base Platform 13.3.0.0.0
Oracle Enterprise Manager Base Platform 13.2.0.0.0
Oracle Enterprise Manager Base Platform 12.1.0.5.0
Oracle Endeca Server 7.7.0
Oracle Endeca Information Discovery Integrator 3.2
Oracle E-Business Suite 12.2.8
Oracle E-Business Suite 12.2.7
Oracle E-Business Suite 12.2.6
Oracle E-Business Suite 12.2.3
Oracle E-Business Suite 12.1.2
Oracle E-Business Suite 12.1.1
Oracle E-Business Suite 12.2.5
Oracle E-Business Suite 12.2.4
Oracle E-Business Suite 12.1.3
Oracle Diagnostic Assistant 2.12
Oracle Demantra Demand Management 7.3.1.5.2
Oracle Database Server 19c
Oracle Database Server 18c
Oracle Database Server 12.2.0.1
Oracle Database Server 12.1.0.2
Oracle Database Server 11.2.0.4.0
Oracle Data Integrator 12.2.1.3.0
Oracle Communications Unified 8.0.0.2.0
Oracle Communications Online Mediation Controller 6.1
Oracle Communications Messaging Server 8.0.2
Oracle Communications Messaging Server 8.1
Oracle Communications Interactive Session Recorder 6.2
Oracle Communications Interactive Session Recorder 6.1
Oracle Communications Interactive Session Recorder 6.0
Oracle Communications Instant Messaging Server 10.0.1.2.0
Oracle Communications EAGLE 46.7
Oracle Communications EAGLE 46.6
Oracle Communications EAGLE 46.5
Oracle Communications Diameter Signaling Router 8.3
Oracle Communications Diameter Signaling Router 8.2
Oracle Communications Diameter Signaling Router 8.1
Oracle Communications Diameter Signaling Router 8.0
Oracle Communications Convergence 3.0.2
Oracle Communications Converged Application Server – Service Controller 6.1
Oracle Communications Converged Application Server – Service Controller 6.0
Oracle Communications Converged Application Server 7.1
Oracle Communications Converged Application Server 7.0
Oracle Communications Converged Application Server 5.1
Oracle Communications Billing and Revenue Management 7.5
Oracle Communications Billing and Revenue Management 12.0
Oracle Communications Application Session Controller 3.8
Oracle Communications Application Session Controller 3.7.1
Oracle Clusterware 12.1.0.2.0
Oracle Business Intelligence Enterprise Edition 12.2.1.4.0
Oracle Business Intelligence Enterprise Edition 12.2.1.3.0
Oracle Business Intelligence Enterprise Edition 11.1.1.9.0
Oracle BI Publisher 12.2.1.3.0
Oracle BI Publisher 11.1.1.9.0
Oracle Berkeley DB 12.1.6.2.32
Oracle Berkeley DB 12.1.6.2.23
Oracle Berkeley DB 12.1.6.1.36
Oracle Berkeley DB 12.1.6.1.29
Oracle Berkeley DB 12.1.6.1.26
Oracle Berkeley DB 12.1.6.1.23
Oracle Banking Platform 2.7.1
Oracle Banking Platform 2.4.0
Oracle Application Testing Suite 13.3
Oracle Application Testing Suite 13.2
Oracle Application Testing Suite 13.1
Oracle Application Express 5.1
Oracle Application Express 18.2
Oracle Agile PLM 9.3.5
Oracle Agile PLM 9.3.3
Oracle Agile PLM 9.3.6
Oracle Agile PLM 9.3.4
Oracle Agile Engineering Data Management 6.2.1
Oracle Agile Engineering Data Management 6.2

Not Vulnerable: Oracle VM VirtualBox 5.2.32
Oracle VM VirtualBox 6.1
Oracle Global Lifecycle Management OPatchAuto 12.2.0.1.14
Oracle Diagnostic Assistant 2.12.36

Exploit

Some of these issues may not require specific exploit code and may be trivial to exploit.

GitLab is prone to an security vulnerability.

Attackers can exploit this issue to make comments on a locked issue. This may aid in further attacks.

Information

Bugtraq ID: 109121

Class: Access Validation Error

CVE: CVE-2018-19575

Remote: Yes

Local: No

Published: Jul 10 2019 12:00AM

Updated: Jul 10 2019 12:00AM

Credit: James Ritchey

Vulnerable: Gitlab GitLab Enterprise Edition 11.5
Gitlab GitLab Enterprise Edition 11.4
Gitlab GitLab Enterprise Edition 11.3
Gitlab GitLab Enterprise Edition 10.1
Gitlab GitLab Community Edition 11.5
Gitlab GitLab Community Edition 11.4
Gitlab GitLab Community Edition 11.3
Gitlab GitLab Community Edition 10.1

Not Vulnerable: Gitlab GitLab Enterprise Edition 11.5.1
Gitlab GitLab Enterprise Edition 11.4.8
Gitlab GitLab Enterprise Edition 11.3.11
Gitlab GitLab Community Edition 11.5.1
Gitlab GitLab Community Edition 11.4.8
Gitlab GitLab Community Edition 11.3.11

Exploit

The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.

GitLab is prone to an HTML injection vulnerability.

Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.

Information

Bugtraq ID: 109122

Class: Input Validation Error

CVE: CVE-2018-19493

Remote: Yes

Local: No

Published: Jul 10 2019 12:00AM

Updated: Jul 10 2019 12:00AM

Credit: James Ritchey

Vulnerable: Gitlab GitLab Enterprise Edition 11.5
Gitlab GitLab Enterprise Edition 11.4
Gitlab GitLab Enterprise Edition 11.3
Gitlab GitLab Community Edition 11.5
Gitlab GitLab Community Edition 11.4
Gitlab GitLab Community Edition 11.3

Not Vulnerable: Gitlab GitLab Enterprise Edition 11.5.1
Gitlab GitLab Enterprise Edition 11.4.8
Gitlab GitLab Enterprise Edition 11.3.11
Gitlab GitLab Community Edition 11.5.1
Gitlab GitLab Community Edition 11.4.8
Gitlab GitLab Community Edition 11.3.11

Exploit

The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.

Nagios XI is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

Versions prior to Nagios XI 5.5.4 are vulnerable.

Information

Bugtraq ID: 109116

Class: Input Validation Error

CVE: CVE-2018-17147

Remote: Yes

Local: No

Published: Jul 10 2019 12:00AM

Updated: Jul 10 2019 12:00AM

Credit: Nathan Jones

Vulnerable: Nagios Nagios XI 5.5.3
Nagios Nagios XI 5.5.2
Nagios Nagios XI 5.5.1
Nagios Nagios XI 5.5
Nagios Nagios XI 5.4
Nagios Nagios XI 5.3
Nagios Nagios XI 5.2
Nagios Nagios XI 2012R2.7
Nagios Nagios XI 2012R2.6
Nagios Nagios XI 2012R2.5
Nagios Nagios XI 2012R2.4 B
Nagios Nagios XI 2012R2.4
Nagios Nagios XI 2012R2.3
Nagios Nagios XI 2012R2.2
Nagios Nagios XI 2012R2.1
Nagios Nagios XI 2012R2.0
Nagios Nagios XI 2012R1.9
Nagios Nagios XI 2012R1.8
Nagios Nagios XI 2012R1.7
Nagios Nagios XI 2012R1.6
Nagios Nagios XI 2012R1.5b
Nagios Nagios XI 2012R1.5
Nagios Nagios XI 2012R1.4
Nagios Nagios XI 2012R1.3
Nagios Nagios XI 2012R1.2
Nagios Nagios XI 2012R1.1
Nagios Nagios XI 2012R1.0
Nagios Nagios XI 2012 Rc4
Nagios Nagios XI 2012 Rc3
Nagios Nagios XI 2012 Rc2
Nagios Nagios XI 2011R3.0
Nagios Nagios XI 2011R2.4
Nagios Nagios XI 2011R1.9
Nagios Nagios XI 2011R1.2
Nagios Nagios XI 2009RC3
Nagios Nagios XI 2009R1.3C
Nagios Nagios XI 2009R1.3B
Nagios Nagios XI 2009R1.3
Nagios Nagios XI 2009R1.2D
Nagios Nagios XI 2009R1.2C
Nagios Nagios XI 2009R1.2B
Nagios Nagios XI 2009R1.2
Nagios Nagios XI 2009R1.1H
Nagios Nagios XI 2009R1.1G
Nagios Nagios XI 2009R1.1C
Nagios Nagios XI 2009R1.1A
Nagios Nagios XI 2009R1

Not Vulnerable: Nagios Nagios XI 5.5.4

Exploit

Attackers can exploit these issues by enticing an unsuspecting user to follow a malicious URI.

References:

Exiv2 is prone to a remote denial-of-service vulnerability.

An attacker can exploit this issue to cause a denial-of-service condition, denying service to legitimate users.

Exiv2 0.27.2 and prior are vulnerable; other versions may also be affected.

Information

Bugtraq ID: 109117

Class: Boundary Condition Error

CVE: CVE-2019-13504

Remote: Yes

Local: No

Published: Jul 10 2019 12:00AM

Updated: Jul 10 2019 12:00AM

Credit: Yevgeny

Vulnerable: Exiv2 Exiv2 0.27.2
Exiv2 Exiv2 0.27
Exiv2 Exiv2 0.26
Exiv2 Exiv2 0.24

Not Vulnerable:

Exploit

The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.

Microsoft DirectWrite / AFDKO suffers from a heap-based buffer overflow vulnerability in OpenType font handling in readEncoding.

MD5 | 7893bbd664f437470b182e7954cb25b0