CVE-2016-9843

CVE-2016-9843 concerns zlib 1.2.8 and its crc32_big implementation (big-endian CRC calculation). Connected docs show affected packages: FLTK builds for zlib before 1.3.8-1 in CBLMariner, and Cloud Foundry/ALAS advisories link multiple zlib-related CVEs with remediation guidance. The FLTK note sta...

CVE-2024-20903

CVE-2024-20903 affects Oracle Database Server Java VM component. Affected versions are 19.3–19.21 and 21.3–21.12. The vulnerability allows a low-privileged attacker with Create Session and Create Procedure privileges and network access via Oracle Net to compromise the Java VM, potentially leading...

CVE-2016-9841

CVE-2016-9841 is a vulnerability in zlib 1.2.8 related to improper pointer arithmetic in inffast.c that could have context-dependent impact. Connected advisories confirm public details and show remediation by upgrading zlib to a newer version (e.g., 1.2.11) across affected products and distributi...

CVE-2018-10237

CVE-2018-10237 affects Google Guava 11.0–24.x before 24.1.1. Unbounded memory allocation occurs during Java serialization of AtomicDoubleArray and GWT serialization of CompoundOrdering, enabling potential denial-of-service via memory exhaustion. Root cause is eager allocation without checks on cl...

CVE-2016-9840

CVE-2016-9840 affects zlib 1.2.8 in inftrees.c where improper pointer arithmetic can lead to out-of-bounds memory handling. Connected advisories show related issues in the same zlib code path (CVE-2016-9841, CVE-2016-9842, CVE-2016-9843) and describe potential crash or arbitrary-code outcomes in ...

CVE-2016-9842

CVE-2016-9842 concerns zlib 1.2.8 where the inflateMark function in inflate.c can trigger context-dependent behavior via left shifts of negative integers. Connected documents confirm the issue is embedded in zlib and was addressed by updates in downstream packages. Debian LTS (DLA-2085-1) fixes t...

CVE-2023-22074

CVE-2023-22074 affects Oracle Database Server, specifically the Database Sharding component. Affected versions are 19.3–19.20 and 21.3–21.11. The root issue allows a highly privileged attacker (needs Create Session and Select Any Dictionary) with network access via Oracle Net, plus user interacti...

CVE-2023-22075

CVE-2023-22075 affects Oracle Database Server, specifically the Database Sharding component. Affected versions are 19.3–19.20 and 21.3–21.11. The issue arises from insufficient input validation in Oracle Database Sharding, enabling a high-privilege user with network access via Oracle Net to cause...

CVE-2023-22077

CVE-2023-22077 affects Oracle Database Server’s Recovery Manager. Affected: Oracle Database versions 19.3–19.20 and 21.3–21.11. The flaw allows a high-privilege attacker with a DBA role and network access via Oracle Net to cause a hang or frequent crash of Recovery Manager (denial of service). CV...

CVE-2023-22071

CVE-2023-22071 affects Oracle Database Server, specifically the PL/SQL component. Affected versions are 19.3–19.20 and 21.3–21.11. The vulnerability allows a high-privileged attacker with Create Session and Execute on sys.utl_http and network access via Oracle Net to compromise PL/SQL. Exploitati...

CVE-2012-1675

CVE-2012-1675 refers to a TNS Listener poisoning vulnerability in Oracle Database components (notably 10g/11g) where remote registration of an existing instance or service name followed by a MITM can hijack connections and allow arbitrary commands. Affected are Oracle Database 11g R1/R2 and 10g d...

CVE-2023-22073

CVE-2023-22073 affects Oracle Database Server’s Oracle Notification Server component. Affected versions are 19.3–19.20 and 21.3–21.11. The vulnerability allows an unauthenticated attacker with access to the physical network segment to compromise Oracle Notification Server and read a subset of dat...

CVE-2023-22096

CVE-2023-22096 affects Oracle Database Server, Java VM component. Affected: Oracle Database Server versions 19.3–19.20 and 21.3–21.11. Description states that a low-privileged attacker with Create Session and Create Procedure privileges and network access via Oracle Net can compromise the Java VM...

CVE-2019-12973

Context: CVE-2019-12973 affects OpenJPEG 2.3.1. Vulnerability: In opj_t1_encode_cblks (openjp2/t1.c), excessive iteration can be exploited by a crafted BMP file to cause a denial of service. This is consistent with related issues in OpenJPEG’s t1.c handling. Impact (as stated): Remote denial of s...

CVE-2019-16942

CVE-2019-16942 affects FasterXML jackson-databind 2.0.0–2.9.10. When Default Typing is enabled for an externally exposed JSON endpoint and the service includes the commons-dbcp 1.4 jar on the classpath, with an accessible RMI endpoint, the vulnerability can allow execution of a malicious payload ...

CVE-2017-15095

Summary of CVE-2017-15095 and related sightings : The material consistently reports a deserialization flaw in jackson-databind, affecting versions prior to 2.8.10 and 2.9.1. An unauthenticated user could trigger code execution via ObjectMapper.readValue with malicious input. The issue is describe...

CVE-2019-10219

The CVE-2019-10219 entry affects Hibernate Validator: SafeHtml validator annotation fails to sanitize HTML comments/instructions, enabling XSS in affected code paths. Affected CP4S versions are 1.7.2.0, 1.8.0.0, and 1.8.1.0. Remediation is to upgrade to Cloud Pak for Security 1.9.0.0 per IBM guid...

CVE-2018-1000873

CVE-2018-1000873 : A CWE-20 DoS vulnerability in Fasterxml Jackson, specifically in jackson-modules-java8 prior to 2.9.8, allows an attacker to trigger denial of service by deserializing malicious input (notably very large values in the nanoseconds field of a time value). The issue is fixed in 2....

CVE-2020-1953

CVE-2020-1953 affects Apache Commons Configuration, where the YAML parser’s default behavior can instantiate arbitrary classes, enabling remote code execution if a crafted YAML file is loaded from an untrusted source. The vulnerability has been described across multiple sources, including IBM adv...

CVE-2018-14719

CVE-2018-14719 involves FasterXML Jackson Databind 2.x up to but before 2.9.7. The root cause is failure to block polymorphic deserialization of certain gadgets (blaze-ds-opt/blaze-ds-core), enabling remote code execution if the gadget classes can be reached. The IBM bulletin references Jackson D...

CVE-2011-0799

CVE-2011-0799 affects Oracle Warehouse Builder (OWB), a component of Oracle Database Server, in versions 10.2.0.5, 11.1.0.7, 11.2.0.1 and prior. The vulnerability is an SQL injection flaw caused by improper input validation in a stored procedure, exploitable by an authenticated user with CONNECT ...

CVE-2010-1321

CVE-2010-1321 affects MIT Kerberos 5’s GSS-API library (krb5) in kg_accept_krb5/accept_sec_context.c. The flaw permits remote authenticated users to cause a denial of service via an AP-REQ with a missing authenticator checksum, triggering a NULL pointer dereference and daemon crash. Affected are ...

CVE-2009-1979

CVE-2009-1979 concerns a buffer overflow in Oracle Database Server Network Authentication (AUTH_SESSKEY) on Oracle 10.1.0.5 and 10.2.0.4. The vulnerability arises from insufficient validation of the AUTH_SESSKEY length, allowing a remote attacker to send crafted packets that may lead to arbitrary...

CVE-2023-21893

CVE-2023-21893 affects the Oracle Data Provider for .NET component of Oracle Database Server (19c and 21c). Root cause: vulnerability in the DP.NET component enabling takeover with network access via TCPS; exploitation requires user interaction (UI:R) and can lead to complete compromise. Remediat...

CVE-2016-2381

CVE-2016-2381 describes a Perl taint protection bypass in child processes caused by duplicate environment variables in envp. This context-dependent issue could allow an attacker to bypass taint checks, potentially enabling unintended behavior or exposure in vulnerable Perl workflows. Public refer...

CVE-2007-5530

CVE-2007-5530 maps to a denial-of-service flaw in the Oracle Database Core RDBMS/Database Control stack. The connected CPAI advisory notes a DoS in the Oracle Database Server caused by an error in the Core RDBMS component when it processes an invalid TNS data packet. The vulnerability is remotely...

CVE-2002-0840

CVE-2002-0840 is a cross-site scripting (XSS) vulnerability in the default error page of Apache. It affects Apache 2.0 before 2.0.43 and 1.3.x up to 1.3.26, when UseCanonicalName is set to off and wildcard DNS is supported. An attacker can inject script via the Host header to execute in other vis...

CVE-2011-2301

CVE-2011-2301 affects Oracle Database Server (10gR1/R2, 11gR1) via CTXSYS.DRVDISP.TABLEFUNC_ASOWN in Oracle Text. The root cause is a buffer overflow when TABLEFUNC_ASOWN is called with long input, allowing remote authenticated users to compromise confidentiality, integrity and availability. Docu...

CVE-2018-3259

CVE-2018-3259 affects the Java VM component of Oracle Database Server. Affected supported versions are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c. The vulnerability allows an unauthenticated attacker with network access via multiple protocols to compromise the Java VM, potentially taking over the VM an...

CVE-2015-4863

CVE-2015-4863 is an unspecified vulnerability in the Portable Clusterware component of Oracle Database Server versions 11.2.0.4, 12.1.0.1, and 12.1.0.2. The available connected documents state that it allows remote attackers to affect confidentiality, integrity, and availability via unknown vecto...

CVE-2010-0903

CVE-2010-0903 is a confirmed Oracle Database Server vulnerability affecting the Net Foundation Layer on Windows, with versions 9.2.0.8, 10.1.0.5, 10.2.0.4, 11.1.0.7, and 11.2.0.1. The issue is remotely exploitable over a network and contributes to availability impact (CVSSv2 base score 7.8). Orac...

CVE-2010-3600

CVE-2010-3600 describes an arbitrary file upload/code execution vulnerability in Oracle Database Client System Analyzer (CSA) used by Oracle Database Server 11.1.0.7/11.2.0.1 and Enterprise Manager Grid Control 10.2.0.5. Public details indicate a vulnerable JSP that accepts XML uploads with NULL ...

CVE-2013-3751

CVE-2013-3751 is an unspecified vulnerability in the XML Parser component of Oracle Database Server affecting 11.2.0.2, 11.2.0.3, and 12.1.0.1. It allows remote authenticated users to impact confidentiality, integrity, and availability via unknown vectors (CVSS v2 Base Score 9.0). The root cause ...

CVE-2020-2511

CVE-2020-2511 affects the Core RDBMS of Oracle Database Server. Affected versions: 12.1.0.2, 12.2.0.1, 18c, 19c. The vulnerability is exploitable by a low-privileged attacker with Create Session privilege and network access via OracleNet, potentially allowing a hang or crash (complete DOS) of Cor...

CVE-2009-1968

CVE-2009-1968 affects Oracle Secure Enterprise Search (SES) 10g; the vulnerability is a localizable XSS in SES’s search_p_groups parameter within the /search/query/search path. The flaw arises because SES does not sanitize input fed into search_p_groups, allowing a remote attacker to craft a URL ...

CVE-2019-2569

CVE-2019-2569 is described across multiple sources as a vulnerability in the Oracle Database Server Core RDBMS component . Affected versions are 11.2.0.4, 12.1.0.2, and 12.2.0.1 . The underlying issue permits a high-privileged attacker with Local Logon to compromise the Core RDBMS, with attacks r...

CVE-2022-21247

CVE-2022-21247 affects Oracle Database Server’s Core RDBMS. Affected are Oracle Database Server versions 12.2.0.1 and 19c. The vulnerability allows a high-privilege attacker with Create Session and Execute Catalog Role privileges, and network access via Oracle Net, to read a subset of Core RDBMS ...

CVE-2009-1970

Technical details for CVE-2009-1970 are not publicly provided in the supplied documents. Monitor for updates on affected products, versions, impact, and fixes.

CVE-2008-1813

CVE-2008-1813 covers multiple unspecified vulnerabilities in Oracle Database versions 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3. The description notes remote unauthenticated or authenticated attack vectors affecting several components: SYS.DBMS_AQ (Advanced Queuing), Core RDBMS, S...

CVE-2010-0911

CVE-2010-0911 : The Oracle Database Server Listener component is affected by an unspecified vulnerability that allows remote attackers to impact availability via unknown vectors. The CVE is documented with a base CVSS v2 score of 7.8 (HIGH), attack vector Network, no authentication required, and ...

CVE-2015-2586

Affected software: Oracle Database Server (Application Express component). Vulnerability summary (from sources): Unspecified vulnerability in the Application Express component allows remote attackers to affect availability via unknown vectors. Affected versions include Oracle Database Server prio...

CVE-2024-21184

CVE-2024-21184 relates to the Oracle Database Server, specifically the RDBMS Security component. Connected sources confirm affected software: Oracle Database Server versions 19.3–19.23 with a privilege-management flaw that can be exploited by a high-privilege attacker who has Execute on SYS.XS_DI...

CVE-2009-1019

CVE-2009-1019 is an Oracle Database vulnerability affecting the Network Authentication component (Oracle Net) on 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7. The issue is described as an unspecified remote vulnerability that may affect confidentiality, integrity, and availability via unk...

CVE-2008-2607

CVE-2008-2607 concerns Oracle Database Advanced Queuing (SYS.DBMS_AQELM). The CVE entry notes an unspecified vulnerability in Oracle Database versions 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.6 with remote authenticated attack vectors related to SYS.DBMS_AQELM. The public material refer...

CVE-2008-2587

CVE-2008-2587 affects Oracle Database Advanced Replication in 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3. The vulnerability allows local access to read trace files (local attack vector) with a low impact (read access, Partial confidentiality). CVSS 2.0 base score is 1.5 (LOW). The ...

CVE-2014-6567

CVE-2014-6567 affects Oracle Database Server in multiple 11.x/12.x versions (11.1.0.7, 11.2.0.3/4, 12.1.0.1/2) and is described as an unspecified core RDBMS vulnerability. The note references a researcher’s claim of a stack-based buffer overflow in DBMS_AW.EXECUTE that could enable code execution...

CVE-2011-0822

CVE-2011-0822 affects Oracle Database Server’s Streams, AQ & Replication Mgmt Component (Oracle Database Server 10.1.0.5 and 10.2.0.3) and Oracle Enterprise Manager Grid Control 10.1.0.6. The vulnerability is described as unspecified, with impact to confidentiality, integrity, and availability (p...

CVE-2022-21393

CVE-2022-21393 affects Oracle Database Server Java VM component. Affects 12.1.0.2, 12.2.0.1, 19c, and 21c. A low-privileged attacker with Create Procedure privilege and network access via Oracle Net can compromise the Java VM, enabling a partial denial of service. Root cause per sources is an inp...

CVE-2011-0811

CVE-2011-0811 affects Oracle Database Server (10.1.0.5, 10.2.0.3, 10.2.0.4) and Oracle Enterprise Manager Grid Control (10.1.0.6, 10.2.0.5) via the Enterprise Config Management component. The vulnerability allegedly allows local users to affect confidentiality through unknown vectors. Connected s...

CVE-2009-1963

CVE-2009-1963 affects Oracle Database 11.1.0.6 in the Network Foundation (Oracle Net). The vulnerability is described as an unspecified issue that allows remote authenticated users to impact integrity and availability via unknown vectors. The CVSS v2 base score is 7.5 (HIGH) with network access, ...