In addition to the Java vulnerabilities that I covered earlier, there is at least one more vulnerability that warrants attention. CVE-2013-3751, a problem in the XML parser of Oracle Database. Reading the description, I had a bit of a déjà-vu, also because of the CVE number from last year. And digging into past alerts, I found that, yes, this has indeed been patched before:
For other untrustworthy computing features brought to you by this month's CPU patch bundle, see https://blogs.oracle.com/security/ and http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
|
Daniel 385 Posts ISC Handler Jul 15th 2014 |
Thread locked Subscribe |
Jul 15th 2014 7 years ago |
Hello Dani,
Nice finding! We were irritated too because of the collision we've observed in our vulnerability database: * http://www.scip.ch/en/?vuldb.67053 I wonder sometimes how "big companies" handle things that feel like even smaller companies should be able to address them with some level of accuracy/reliability. Bye, Marc |
Anonymous |
Quote |
Jul 16th 2014 7 years ago |
Sign Up for Free or Log In to start participating in the conversation!