#oracle

By Deeba Ahmed A group of hackers going by the online handle of "CH01" has taken responsibility for defacing at least 32 Russian websites to mark a protest over the one-year anniversary of the Russian invasion of Ukraine. This is a post from HackRead.com Read the original post: Hackers Deface Russian Websites on Ukraine Invasion Anniversary

In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device.

### Impact GeoTools includes support for OGC Filter expression language parsing, encoding and execution against a range of datastore. SQL Injection Vulnerabilities have been found when executing OGC Filters with JDBCDataStore implementations: 1. ``PropertyIsLike`` filter * Requires PostGIS DataStore with "encode functions" enabled * Or any JDBCDataStore (all relational databases) with String field (no mitigation) 3. ``strEndsWith`` function * Requires PostGIS DataStore with "encode functions" enabled 5. ``strStartsWith`` function * Requires PostGIS DataStore with "encode functions" enabled 6. ``FeatureId`` filter * Requires JDBCDataStore (all relational databases) with prepared statements disabled and table with String primary key (Oracle not affected, SQL Server and MySQL have no settings to enabled prepared statements, PostGIS does) 7. ``jsonArrayContains`` function * Requires PostGIS and Oracle DataStore with String or JSON field 8. ``DWithin`` filter * Happe...

### Impact GeoServer includes support for the OGC Filter expression language and the OGC Common Query Language (CQL) as part of the Web Feature Service (WFS) and Web Map Service (WMS) protocols. CQL is also supported through the Web Coverage Service (WCS) protocol for ImageMosaic coverages. SQL Injection Vulnerabilities have been found with: * ``PropertyIsLike`` filter, when used with a String field and any database DataStore, or with a PostGIS DataStore with encode functions enabled * ``strEndsWith`` function, when used with a PostGIS DataStore with encode functions enabled * ``strStartsWith`` function, when used with a PostGIS DataStore with encode functions enabled * ``FeatureId`` filter, when used with any database table having a String primary key column and when prepared statements are disabled * ``jsonArrayContains`` function, when used with a String or JSON field and with a PostGIS or Oracle DataStore (GeoServer 2.22.0+ only) * ``DWithin`` filter, when used with an Oracle D...

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. GeoServer includes support for the OGC Filter expression language and the OGC Common Query Language (CQL) as part of the Web Feature Service (WFS) and Web Map Service (WMS) protocols. CQL is also supported through the Web Coverage Service (WCS) protocol for ImageMosaic coverages. Users are advised to upgrade to either version 2.21.4, or version 2.22.2 to resolve this issue. Users unable to upgrade should disable the PostGIS Datastore *encode functions* setting to mitigate ``strEndsWith``, ``strStartsWith`` and ``PropertyIsLike `` misuse and enable the PostGIS DataStore *preparedStatements* setting to mitigate the ``FeatureId`` misuse.

HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107 and prior, a malicious guest can trigger a vulnerability in the host by abusing the disk driver that may lead to the disclosure of the host memory into the virtualized guest. This issue is fixed in commit cf60095a4d8c3cb2e182a14415467afd356e982f.

New research shows that 57 vulnerabilities that threat actors are currently using in ransomware attacks enable everything from initial access to data theft.

Buffer Overflow vulnerability in Saltstack v.3003 and before allows attacker to execute arbitrary code via the func variable in salt/salt/modules/status.py file.

The Raccoon attack is a timing attack on DHE ciphersuites inherit in the TLS specification. To mitigate this vulnerability, Firefox disabled support for DHE ciphersuites.

An improper verification of cryptographic signature vulnerability [CWE-347] in FortiWeb 6.4 all versions, 6.3.16 and below, 6.2 all versions, 6.1 all versions, 6.0 all versions; FortiOS 7.0.3 and below, 6.4.8 and below, 6.2 all versions, 6.0 all versions; FortiSwitch 7.0.3 and below, 6.4.10 and below, 6.2 all versions, 6.0 all versions; FortiProxy 7.0.1 and below, 2.0.7 and below, 1.2 all versions, 1.1 all versions, 1.0 all versions may allow an attacker to decrypt portions of the administrative session management cookie if able to intercept the latter.