2885 matches found
Security feature bypass
Vulnerability in the RDBMS Security component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Easily exploitable vulnerability allows high privileged attacker having Create User privilege with logon to the infrastructure where RDBMS Security...
[SECURITY] [DSA 4002-1] mysql-5.5 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4002-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 19, 2017 https://www.debian.org/security/faq -...
CVE-2017-10292
Vulnerability in the RDBMS Security component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Easily exploitable vulnerability allows high privileged attacker having Create User privilege with logon to the infrastructure where RDBMS Security...
CVE-2017-10292
CVE-2017-10292 affects Oracle Database Server in its RDBMS Security component. Affected versions include 11.2.0.4, 12.1.0.2, and 12.2.0.1. A high-privilege attacker with Create User privilege and local logon could compromise RDBMS Security, potentially causing unauthorized updates to some data. T...
CVE-2017-10321
Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Easily exploitable vulnerability allows low privileged attacker having Create session privilege with logon to the infrastructure where Core RDBMS executes...
Unspecified Vulnerability in Oracle Database Server (CNVD-2017-30893)
Oracle Database Server is an object-a relational database management system that provides an open, comprehensive, and integrated approach to information management. An unspecified vulnerability exists in the Java VM component of Oracle Database Server, which could be exploited by an attacker to...
Unspecified Vulnerability in Oracle Database Server (CNVD-2017-30894)
Oracle Database Server is an object-a relational database management system that provides an open, comprehensive, and integrated approach to information management. An unspecified vulnerability exists in the Core RDBMS component of Oracle Database Server, which could be exploited by an attacker t...
Unspecified Vulnerability in Oracle Database Server (CNVD-2017-30892)
Oracle Database Server is an object-a relational database management system that provides an open, comprehensive, and integrated approach to information management. An unspecified vulnerability exists in the XML Database component of Oracle Database Server, which could be exploited by an attacker...
Unspecified Vulnerability in Oracle Database Server (CNVD-2017-30891)
Oracle Database Server is an object-a relational database management system that provides an open, comprehensive, and integrated approach to information management. An unspecified vulnerability exists in the RDBMS Security component of Oracle Database Server, which could be exploited by an attack...
Oracle JDeveloper ADF Faces Unspecified Remote Code Execution (October 2017 CPU)
The version of Oracle JDeveloper installed on the remote host is missing a security patch. It is, therefore, affected by vulnerability in the Spatial Apache Groovy component of Oracle Database Server. Please see the vendor advisory for additional information. %NASLMINLEVEL 70300 C Tenable Network...
Oracle Database Server 'WLM' And 'Spatial' Components Multiple Unspecified Vulnerabilities
Oracle Database Server is prone to multiple unspecified security vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Oracle Patches 250 Bugs in Quarterly Critical Patch Update
Oracle patched 250 vulnerabilities across hundreds of different products as part of its quarterly Critical Patch Update released today. Rounding out the list of products with the most patches is Oracle Fusion Middleware with 38, Oracle Hospitality Applications with 37 and Oracle MySQL with 25. Of...
Aerospike Database Server Index Name Code Execution Vulnerability(CVE-2016-9052)
Summary An exploitable stack-based buffer overflow vulnerability exists in the querying functionality of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause a stack-based buffer overflow in the function assindexsimatchbyiname resulting in remote code execution. An attacker ca...
Aerospike Database Server Client Message Memory Disclosure Vulnerability(CVE-2016-9050)
Summary An exploitable out-of-bounds read vulnerability exists in the client message-parsing functionality of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause an out-of-bounds read resulting in disclosure of memory within the process, the same vulnerability can also be use...
Aerospike Database Server Fabric-Worker Socket-Loop Denial-of-Service Vulnerability(CVE-2016-9049)
Summary An exploitable denial-of-service vulnerability exists in the fabric-worker component of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause the server process to dereference a null pointer. An attacker can simply connect to a TCP port in order to trigger this...
Aerospike Database Server Client Batch Request Code Execution Vulnerability(CVE-2016-9051)
Summary An exploitable out-of-bounds write vulnerability exists in the batch transaction field parsing functionality of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause an out-of-bounds write resulting in memory corruption which can lead to remote code execution. An attack...
Aerospike Database Server RW Fabric Message Particle Type Code Execution Vulnerability(CVE-2016-9053)
Summary An exploitable out-of-bounds indexing vulnerability exists within the RW fabric message particle type of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause the server to fetch a function table outside the bounds of an array resulting in remote code execution. An...
mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2017)
Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Security: Privileges. Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows high privileged attacker with network access vi...
mysql: integer underflow in get_56_lenc_string() leading to DoS (CPU Apr 2017)
An integer overflow flaw leading to a buffer overflow was found in the way MySQL parsed connection handshake packets. An unauthenticated remote attacker with access to the MySQL port could use this flaw to crash the mysqld daemon...
[SECURITY] Fedora 25 Update: sqlite-3.14.2-3.fc25
SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL databas...