MariaDB 10.0.0 < 10.0.37 Multiple Vulnerabilities

The version of MariaDB installed on the remote host is prior to 10.0.37. It is, therefore, affected by multiple vulnerabilities as referenced in the 10.0.37 advisory. - The crc32big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors...

The vulnerability of the Microsoft SQL Server Management Studio database management system, related to errors in XML references to external objects (XXE), allows for the disclosure of sensitive information.

The vulnerability of the Microsoft SQL Server Management Studio database management system is related to errors in XML references to external objects XXE. Exploiting this vulnerability can allow an attacker, operating remotely, to disclose sensitive information using a specially crafted file...

mysql: InnoDB unspecified vulnerability (CPU Apr 2018)

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: InnoDB. Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

mysql: InnoDB unspecified vulnerability (CPU Apr 2018)

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: InnoDB. Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server...

The vulnerability of the Java VM component of the Oracle Database Server management system allows a hacker to execute arbitrary code.

The vulnerability of the Java VM component of the Oracle Database Server management system is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

Oracle Database Server Multiple Vulnerabilities (October 2018 CPU)

The remote Oracle Database Server is missing the October 2018 Critical Patch Update CPU. It is, therefore, affected by multiple vulnerabilities, including remote code execution, as noted in the October 2018 Critical Patch Update advisory. Please consult the CVRF details for the applicable CVEs fo...

CVE-2018-3299

Vulnerability in the Oracle Text component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Text. Successful attacks...

CVE-2018-3299

Vulnerability in the Oracle Text component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Text. Successful attacks...

CVE-2018-3259

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java VM. Successful attacks of...

Design/Logic Flaw

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java VM. Successful attacks of...

Buffer overflow

Vulnerability in the Oracle Text component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Text. Successful attacks...

CVE-2018-3259

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java VM. Successful attacks of...

CVE-2018-3299

CVE-2018-3299 is a vulnerability in the Oracle Text component of Oracle Database Server. Affected versions include 11.2.0.4, 12.1.0.2, and 12.2.0.1. The issue allows an unauthenticated, networked attacker to cause a hang or crash (DOS) and may permit updates/deletes to Oracle Text data, with CVSS...

Unspecified Vulnerability in Oracle MySQL Server (CNVD-2019-26719)

Oracle MySQL is an open source relational database management system from Oracle Corporation, of which MySQL Server is a database server component. A security vulnerability exists in the Server: DDL subcomponent of the MySQL Server component in Oracle MySQL, version 8.0.12 and earlier. An attacke...

Oracle Database Server 'Oracle Text' Component Unspecified Vulnerability

Oracle Database Server is prone to an unspecified vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Oracle Database Server 'Rapid Home Provisioning' Component Unspecified Vulnerability

Oracle Database Server is prone to an unspecified vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Unspecified Vulnerability in Oracle Database Server (CNVD-2018-24127)

Oracle Database Server is a set of relational database management system of Oracle Oracle. The database management system provides data management, distributed processing and other functions.Java VM is one of the Java virtual machine components. A security vulnerability exists in the Java VM...

CVE-2018-18389

Due to incorrect access control in Neo4j Enterprise Database Server 3.4.x before 3.4.9, the setting of LDAP for authentication with STARTTLS, and System Account for authorization, allows an attacker to log into the server by sending any valid username with an arbitrary password...

CVE-2018-18389

CVE-2018-18389 affects Neo4j Enterprise Database Server 3.4.x prior to 3.4.9. The issue is due to incorrect access control around LDAP authentication (STARTTLS) and the System Account, allowing an attacker to log in with any valid username and an arbitrary password. Impact in sources is unauthori...

Code injection

SAP HANA versions 1.0 and 2.0 Extended Application Services classic model OData parser does not sufficiently validate XML. By exploiting, an unauthorized hacker can cause the database server to crash...