66 matches found
CVE-2016-2183
The CVE-2016-2183 (Sweet32) issue stems from the DES/3DES ciphers used in TLS/SSL, allowing a birthday attack to recover plaintext from long, encrypted sessions. Public advisories and vendor notes show OpenSSL-based stacks (and products relying on it) were affected, with mitigations including de-...
CVE-2020-9484
CVE-2020-9484 is a deserialization flaw in Apache Tomcat that, under a specific FileStore PersistenceManager configuration and a crafted request, can trigger remote code execution. Affected are Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61, and 7.0.0 to 7.0.107 when the...
CVE-2014-3566
CVE-2014-3566 (POODLE) affects SSLv3 in AIX and related IBM components. IBM’s advisory (nettcp) states SSLv3 padding oracle vulnerability could allow MITM decryption of SSL sessions. Affected: AIX 6.1/7.1 and VIOS 2.2.x with vulnerable bos.net.tcp.client/server file sets (various lower/upper leve...
CVE-2021-25329
The CVE-2021-25329 entry is tied to an incomplete fix for CVE-2020-9484 in Apache Tomcat. In affected releases (Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61, and 7.0.0 to 7.0.107) a configuration edge case that was deemed highly unlikely could leave the Tomcat instance vulnerab...
CVE-2021-25122
CVE-2021-25122 affects Apache Tomcat across multiple lines: 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, and 8.5.0 to 8.5.61. The issue allows duplicating request headers and a limited amount of request body from one request to another, enabling cross-user visibility of results (information disclosur...
CVE-2019-3740
CVE-2019-3740 concerns RSA BSAFE Crypto-J used by Oracle GoldenGate Install (Dell BSAFE Crypto-J). The root cause is a timing-discrepancy vulnerability during DSA key generation that could allow a remote attacker to recover DSA private keys. Affected product/component: Oracle GoldenGate (Install ...
CVE-2019-3739
CVE-2019-3739 concerns RSA BSAFE Crypto-J versions prior to 6.2.5, where information exposure can occur via timing discrepancy during ECDSA key generation. The vulnerability could allow a remote attacker to recover ECDSA keys. The provided documents identify the affected component as Dell/Certico...
CVE-2019-3738
Missing Required Cryptographic Step vulnerability (CVE-2019-3738) affects Dell RSA BSAFE Crypto-J versions prior to 6.2.5; a remote attacker could coerce two parties into computing the same predictable shared key. The CNVD entry confirms the affected component and impact; the Oracle/Nessus refere...
CVE-2020-35169
CVE-2020-35169 is tied to Dell BSAFE Crypto-C Micro Edition (pre-4.1.5) and Dell BSAFE Micro Edition Suite (pre-4.5.2) with an Improper Input Validation vulnerability. Public sources in the connected documents confirm high-severity impact (CVSS v3.1: 9.8, network access, no authentication, high c...
CVE-2022-21511
The CVE-2022-21511 issue affects the Oracle Database Server, specifically the Enterprise Edition Recovery component. The vulnerability arises in this Recovery module and can be exploited by a high-privilege attacker who has EXECUTE ON DBMS_IR.EXECUTESQLSCRIPT privileges and has network access via...
CVE-2022-21565
CVE-2022-21565 affects the Oracle Database Server Java VM component. Affected: 12.1.0.2, 19c, 21c. Vulnerability allows a low-privilege user with Create Procedure privilege and network access via Oracle Net to compromise the Java VM, potentially leading to unauthorized creation, deletion, or modi...
CVE-2023-21934
The CVE-2023-21934 issue affects Oracle Database Server (Java VM component) in 19c and 21c. The root cause is described in connected sources as insufficient input validation in the Java VM, enabling a low-privileged user with network access via TLS to compromise the Java VM and potentially read, ...
CVE-2022-21411
CVE-2022-21411 : Oracle Database Server’s RDBMS Gateway / Generic ODBC Connectivity component is affected. Affected versions are 12.1.0.2, 19c, and 21c . The vulnerability allows a low-privilege attacker with Create Session privilege and network access via Oracle Net to compromise the RDBMS Gatew...
CVE-2022-21498
CVE-2022-21498 affects the Java VM component of Oracle Database Server. Affected: Oracle Database Server versions 12.1.0.2, 19c, and 21c. Root cause: a vulnerability in the Java VM that allows a low-privileged user with Create Procedure privilege and network access via multiple protocols to compr...
CVE-2008-1814
Technical details about CVE-2008-1814 are not provided in the supplied documents. No explicit affected products, root cause, or remediation are included here. Monitor for updates.
CVE-2023-21829
CVE-2023-21829 affects Oracle Database Server, specifically the RDBMS Security component. Connected sources confirm affected versions are 19c and 21c. A low-privileged attacker with Create Session privilege and network access via Oracle Net can compromise RDBMS Security, with human interaction re...
CVE-2018-1288
CVE-2018-1288 affects Apache Kafka across multiple 0.9.x–1.0.0 release lines; authenticated users can issue a fetch request that performs a broker-reserved action, potentially causing data loss during replication. Public documentation here documents the issue and confirms fixes in later Kafka bui...
CVE-2022-21410
CVE-2022-21410 affects Oracle Database Server, specifically the Enterprise Edition Sharding component in 19c. The vulnerability allows a high-privileged attacker (requiring Create Any Procedure privilege) with network access via Oracle Net to compromise Sharding, potentially leading to takeover o...
CVE-2021-35558
CVE-2021-35558 affects Oracle Database Server Core RDBMS. Oracle warns that versions 12.1.0.2, 12.2.0.1, 19c and 21c are affected and an attacker with Create Table privilege and network access could cause partial DOS. Connected IBM EMPTORIS bulletins show affected IBM products and remediations: E...
CVE-2020-2978
CVE-2020-2978 affects Oracle Database - Enterprise Edition; vulnerable in versions 12.1.0.2, 12.2.0.1, 18c, 19c. The connected material indicates the issue relates to RMAN auditing: Oracle RMAN Missing Auditing for Point‑In‑Time Recovery, enabling limited visibility of certain RMAN operations. Th...
CVE-2020-26185
Dell BSAFE Micro Edition Suite (Dell) is affected by a Buffer Over-Read Vulnerability in versions prior to 4.5.1. Public docs consistently cite a remote-exploitable issue that can crash an application and cause denial of service. The CVSS data in the sources show a high impact (availability impac...
CVE-2022-21432
CVE-2022-21432 affects Oracle Database Server - Enterprise Edition RDBMS Security. Affected are 12.1.0.2, 19c and 21c; exploitation requires a high-privilege DBA and network access via Oracle Net, enabling partial denial of service. Severity in the CVSS 3.1 base is 2.7 (LOW) with AV:N/AC:L/PR:H/U...
CVE-2022-21510
CVE-2022-21510 is a vulnerability in the Oracle Database - Enterprise Edition Sharding component of Oracle Database Server. Affected behavior is that a low-privileged attacker with Local Logon can log in to the infrastructure where Sharding runs and compromise the component, with potential scope ...
CVE-2020-35166
CVE-2020-35166 affects Dell BSAFE Crypto-C Micro Edition (pre-4.1.5) and Dell BSAFE Micro Edition Suite (pre-4.6) with an Observable Timing Discrepancy Vulnerability. The Initial Description specifies the affected products/versions and that the vulnerability is timing-related, implying potential ...
CVE-2017-10202
CVE-2017-10202 affects Oracle Database Server OJVM in affected releases (11.2.0.4, 12.1.0.2, 12.2.0.1). The flaw allows a low-privileged user with Create Session/Create Procedure privileges and network access (multiple protocols) to compromise OJVM, potentially taking over the component and impac...
CVE-2017-10190
CVE-2017-10190 affects Oracle Database Server’s Java VM component in affected versions 11.2.0.4, 12.1.0.2, and 12.2.0.1. The vulnerability allows a high-privileged, authenticated attacker with Create Session and Create Procedure privileges (local access) to compromise the Java VM, with potential ...
CVE-2021-2337
CVE-2021-2337 affects Oracle Database Server’s XML DB component . Affected are Oracle 12.1.0.2, 12.2.0.1, and 19c. The issue allows a high-privilege attacker with privileges such as Create Any Procedure and Create Public Synonym and network access via Oracle Net to compromise Oracle XML DB, poten...
CVE-2021-35557
CVE-2021-35557 affects the Oracle Database Server Core RDBMS. Affected versions are 12.1.0.2, 12.2.0.1, 19c and 21c. The flaw allows a low-privileged attacker with Create Table privilege and network access via Oracle Net to compromise the Core RDBMS, yielding a partial denial of service (availabi...
CVE-2020-35163
Technical details about CVE-2020-35163 are not publicly available in the provided connected documents. Monitor for updates.
CVE-2016-0677
CVE-2016-0677 affects Oracle Database Server 12.1.0.1 and 12.1.0.2 in the RDBMS Security component. The connected documents corroborate an unspecified vulnerability that can impact availability (initial description) and further indicate related fixes in the Oracle April 2016 CPU advisory (CPUAPR2...
CVE-2020-35164
Summary (CVE-2020-35164) Dell BSAFE Crypto-C Micro Edition (versions before 4.1.5) and Dell BSAFE Micro Edition Suite (versions before 4.6) have an observable timing discrepancy vulnerability. Connected sources (PT-2022-8918) corroborate affected versions and advise upgrading to 4.1.5+ and 4.6+ r...
CVE-2020-35168
CVE-2020-35168 affects Dell BSAFE Crypto-C Micro Edition (versions before 4.1.5) and Dell BSAFE Micro Edition Suite (versions before 4.6) with an Observable Timing Discrepancy vulnerability. The initial document provides CVSS metrics indicating high impact (network attack, no user interaction) wi...
CVE-2022-21596
CVE-2022-21596 affects Oracle Database Server, specifically the Advanced Queuing component in Oracle Database 19c. The vulnerability allows a high-privilege attacker with DBA privileges and network access via Oracle Net to compromise Advanced Queuing, potentially leading to takeover of the compon...
CVE-2021-2334
CVE-2021-2334 affects Oracle Database Server, specifically the Enterprise Edition Data Redaction component. Affected are Oracle DB versions 12.1.0.2, 12.2.0.1, and 19c. The vulnerability allows a low-privilege, network-accessible attacker with Create Session via Oracle Net to potentially perform ...
CVE-2021-2335
CVE-2021-2335: Oracle Database Server’s Enterprise Edition Data Redaction component is affected for Oracle DB versions 12.1.0.2, 12.2.0.1, and 19c. The vulnerability permits a low-privileged user with Create Session and Oracle Net access to access data, with human interaction required; impact is ...
CVE-2016-3609
CVE-2016-3609 affects Oracle Database Server OJVM in versions 11.2.0.4, 12.1.0.1, and 12.1.0.2. The vulnerability is described as unspecified with remote authenticated access, impacting confidentiality, integrity, and availability via unknown vectors. Affected component: OJVM. Root cause/attack v...
CVE-2019-2444
CVE-2019-2444 affects Oracle Database Server Core RDBMS. Affected versions are 12.2.0.1 and 18c. The vulnerability allows a low-privileged, local attacker with logon to the infrastructure where Core RDBMS runs to take over the Core RDBMS, with exploitation requiring user interaction. CVSSv3 base ...
CVE-2016-3489
CVE-2016-3489 refers to an unspecified vulnerability in the Data Pump Import component of Oracle Database Server versions 11.2.0.4, 12.1.0.1, and 12.1.0.2. The issue is described as affecting confidentiality, integrity, and availability via unknown vectors, exploitable by local users. The connect...
CVE-2020-29508
CVE-2020-29508 affects Dell BSAFE Crypto-C Micro Edition (versions prior to 4.1.5) and Dell BSAFE Micro Edition Suite (versions prior to 4.6). The root cause is an Improper Input Validation vulnerability. Public references (CNVD/NVD/CVE records and Nessus-related entries) confirm the affected pro...
CVE-2021-2245
CVE-2021-2245 is described as a vulnerability in the Oracle Database - Enterprise Edition Unified Audit component. Public sources in the provided documents tie this CVE to IBM Emptoris products, listing affected modules and versions: IBM Emptoris Supplier Lifecycle Management, Contract Management...
CVE-2021-2207
CVE-2021-2207 affects Oracle Database Server - Enterprise Edition components (Oracle DB 12.1.0.2, 12.2.0.1, 18c, 19c). The vulnerability is exploitable by an attacker with RMAN executable privilege who can log on to the infrastructure, potentially resulting in unauthorized updates, inserts, or de...
CVE-2019-2619
CVE-2019-2619 affects Oracle Database Server Portable Clusterware. Affected versions: 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c. Root cause: vulnerability in Portable Clusterware that can be exploited by a Grid Infrastructure User with local logon to compromise Portable Clusterware and potentially imp...
CVE-2017-10292
CVE-2017-10292 affects Oracle Database Server in its RDBMS Security component. Affected versions include 11.2.0.4, 12.1.0.2, and 12.2.0.1. A high-privilege attacker with Create User privilege and local logon could compromise RDBMS Security, potentially causing unauthorized updates to some data. T...
CVE-2017-3567
CVE-2017-3567 affects Oracle Database Server OJVM component (versions 11.2.0.4 and 12.1.0.2). A low-privilege attacker with Create Session and Create Procedure privileges and network access via multiple protocols can cause OJVM to hang or crash (DOs). CVSS v3.0 base score 5.3 (Availability). No r...
CVE-2021-2336
The CVE-2021-2336 entry discusses a vulnerability in Oracle Database Server, specifically the Enterprise Edition Data Redaction component, affecting 12.1.0.2, 12.2.0.1, and 19c. The issue allows a low-privileged attacker with Create Session privilege and network access via Oracle Net to compromis...
CVE-2021-35551
CVE-2021-35551 affects Oracle Database Server in the RDBMS Security component for 12.2.0.1, 19c, and 21c. The flaw lets a high-privilege DBA with network access via Oracle Net cause a denial of service (hang/crash) and unauthorized data updates/inserts/deletes in RDBMS Security. The issue’s root ...
CVE-2017-3310
CVE-2017-3310 affects Oracle Database Server’s OJVM component in versions 11.2.0.4 and 12.1.0.2. The vulnerability allows a low-privileged attacker with Create Session and Create Procedure privileges, with network access via multiple protocols, to compromise OJVM. The exploitation requires user i...
CVE-2020-29506
Dell BSAFE Crypto-C Micro Edition (versions before 4.1.5) and Dell BSAFE Micro Edition Suite (versions before 4.5.2) contain an Observable Timing Discrepancy Vulnerability. The issue is documented with concrete vulnerable components and affected versions; upgrading to 4.1.5 and 4.5.2 respectively...
CVE-2020-35167
Technical details for CVE-2020-35167 are not publicly available in the provided documents. Monitor for updates and additional sources.
CVE-2017-10261
CVE-2017-10261 concerns a vulnerability in the XML Database component of Oracle Database Server. Affected versions include 11.2.0.4 and 12.1.0.2 . The issue allows a low-privileged attacker with Create Session privilege to log into the infrastructure where XML Database runs and compromise the XML...