Database Server@12.2.0.1 Security Vulnerabilities and Issues — Database Server@12.2.0.1 CVE List

Lucene search

OracleDatabase Server12.2.0.1

57 matches found

CVE•added 2018/04/26 9:29 p.m.•519 views

CVE-2018-10237

Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) ...

5.9CVSS5.9AI score0.03259EPSS

CVE•added 2019/10/01 5:15 p.m.•277 views

CVE-2019-16942

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find...

9.8CVSS9.4AI score0.00438EPSS

CVE•added 2018/02/06 3:29 p.m.•244 views

CVE-2017-15095

A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-...

9.8CVSS9.2AI score0.77336EPSS

CVE•added 2018/12/20 5:29 p.m.•206 views

CVE-2018-1000873

Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Modules-Java8 that can result in Causes a denial-of-service (DoS). This attack appear to be exploitable via The victim deserializes malicious input, specifically very large values in the nan...

6.5CVSS7.7AI score0.026EPSS

CVE•added 2019/01/02 6:29 p.m.•180 views

CVE-2018-14719

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization.

9.8CVSS9.8AI score0.03526EPSS

CVE•added 2020/03/13 3:15 p.m.•174 views

CVE-2020-1953

Apache Commons Configuration uses a third-party library to parse YAML files which by default allows the instantiation of classes if the YAML includes special statements. Apache Commons Configuration versions 2.2, 2.3, 2.4, 2.5, 2.6 did not change the default settings of this library. So if a YAML f...

10CVSS9.3AI score0.02732EPSS

CVE•added 2016/04/08 3:59 p.m.•129 views

CVE-2016-2381

Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.

7.5CVSS7.3AI score0.18017EPSS

CVE•added 2018/10/17 1:31 a.m.•125 views

CVE-2018-3259

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java VM. Successful attacks of t...

9.8CVSS8.9AI score0.01811EPSS

CVE•added 2020/01/15 5:15 p.m.•116 views

CVE-2020-2511

Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via OracleNet to compromise Core RDBMS. ...

7.7CVSS6.9AI score0.0045EPSS

CVE•added 2019/07/23 11:15 p.m.•108 views

CVE-2019-2569

Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Difficult to exploit vulnerability allows high privileged attacker having Local Logon privilege with logon to the infrastructure where Core RDBMS executes t...

4CVSS4.2AI score0.00254EPSS

CVE•added 2022/01/19 12:15 p.m.•108 views

CVE-2022-21247

Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.2.0.1 and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Session, Execute Catalog Role privilege with network access via Oracle Net to compromise Cor...

4CVSS3AI score0.00202EPSS

CVE•added 2022/01/19 12:15 p.m.•97 views

CVE-2022-21393

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Procedure privilege with network access via Oracle Net to compromise Java VM. Suc...

4.3CVSS4AI score0.00435EPSS

CVE•added 2021/01/20 3:15 p.m.•96 views

CVE-2021-1993

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Java VM. Suc...

4.8CVSS5.1AI score0.00232EPSS

CVE•added 2019/04/23 7:32 p.m.•90 views

CVE-2019-2518

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via multiple ...

7.5CVSS7.6AI score0.01045EPSS

CVE•added 2020/04/15 2:15 p.m.•87 views

CVE-2020-2735

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Ja...

8CVSS7.4AI score0.01229EPSS

CVE•added 2020/01/15 5:15 p.m.•86 views

CVE-2020-2510

Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via OracleNet to compromise Core RDBMS. Successful attacks ...

7.5CVSS7.2AI score0.02446EPSS

CVE•added 2018/08/10 10:29 p.m.•84 views

CVE-2018-3110

A vulnerability was discovered in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to comp...

9.9CVSS8.7AI score0.00804EPSS

CVE•added 2018/04/19 2:29 a.m.•78 views

CVE-2018-2841

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via multiple protocols ...

8.5CVSS8.2AI score0.01093EPSS

CVE•added 2019/04/23 7:32 p.m.•78 views

CVE-2019-2517

Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.2.0.1 and 18c. Easily exploitable vulnerability allows high privileged attacker having DBFS_ROLE privilege with network access via Oracle Net to compromise Core RDBMS. While the vulnerab...

9.1CVSS8.2AI score0.00638EPSS

CVE•added 2019/07/23 11:15 p.m.•78 views

CVE-2019-2749

6.8CVSS6.8AI score0.00342EPSS

CVE•added 2021/04/22 10:15 p.m.•78 views

CVE-2021-2173

Vulnerability in the Recovery component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having DBA Level Account privilege with network access via Oracle Net to compromise Recovery....

4.1CVSS3.4AI score0.00437EPSS

CVE•added 2019/04/23 7:32 p.m.•77 views

CVE-2019-2582

Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.2.0.1 and 18c. Easily exploitable vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Core RDBMS. Successful attacks of this vulnerability can ...

5.3CVSS4.9AI score0.00771EPSS

CVE•added 2020/01/15 5:15 p.m.•77 views

CVE-2020-2515

Vulnerability in the Database Gateway for ODBC component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows low privileged attacker having Create Session privilege with network access via OracleNet...

6CVSS4.7AI score0.00421EPSS

CVE•added 2020/01/15 5:15 p.m.•77 views

CVE-2020-2518

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows low privileged attacker having Create Session privilege with network access via multiple protocols to compr...

7.5CVSS7AI score0.00724EPSS

CVE•added 2021/10/20 11:16 a.m.•77 views

CVE-2021-35576

Vulnerability in the Oracle Database Enterprise Edition Unified Audit component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows high privileged attacker having Local Logon privilege with network access via Oracl...

4CVSS2.4AI score0.0021EPSS

CVE•added 2019/01/16 7:30 p.m.•75 views

CVE-2019-2547

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c. Easily exploitable vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via multiple protoco...

3.5CVSS3.3AI score0.00283EPSS

CVE•added 2020/01/15 5:15 p.m.•74 views

CVE-2020-2512

Vulnerability in the Database Gateway for ODBC component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via OracleNet to compromise Database Gateway...

5.9CVSS5.7AI score0.01571EPSS

CVE•added 2021/04/22 10:15 p.m.•74 views

CVE-2021-2175

Vulnerability in the Database Vault component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Any View, Select Any View privilege with network access via Oracle Net to...

4CVSS2.9AI score0.00359EPSS

CVE•added 2021/04/22 10:15 p.m.•70 views

CVE-2021-2234

5.3CVSS4.7AI score0.00655EPSS

CVE•added 2018/01/18 2:29 a.m.•69 views

CVE-2018-2680

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java VM. Successful attacks require...

8.3CVSS8.1AI score0.01383EPSS

CVE•added 2020/01/15 5:15 p.m.•69 views

CVE-2020-2517

Vulnerability in the Database Gateway for ODBC component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, and 19c. Difficult to exploit vulnerability allows high privileged attacker having Create Procedure, Create Database Link privilege with ne...

4.9CVSS3.5AI score0.00317EPSS

CVE•added 2019/04/23 7:32 p.m.•66 views

CVE-2019-2571

Vulnerability in the RDBMS DataPump component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c. Difficult to exploit vulnerability allows high privileged attacker having DBA role privilege with network access via Oracle Net to compromise RDBMS...

6.6CVSS6.7AI score0.00829EPSS

CVE•added 2020/04/15 2:15 p.m.•64 views

CVE-2020-2737

Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows high privileged attacker having Create Session, Execute Catalog Role privilege with network access via O...

6.4CVSS5.9AI score0.01309EPSS

CVE•added 2021/01/20 3:15 p.m.•64 views

CVE-2021-2000

Vulnerability in the Unified Audit component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having SYS Account privilege with network access via Oracle Net to compromise Unified Au...

3.5CVSS3.5AI score0.00218EPSS

CVE•added 2019/10/16 6:15 p.m.•63 views

CVE-2019-2734

Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Create Session, Execute on DBMS_ADVISOR privilege with network access via OracleNet to compromi...

4.3CVSS3.7AI score0.00292EPSS

CVE•added 2019/10/16 6:15 p.m.•63 views

CVE-2019-2954

Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with logon to the infrastructure...

3.9CVSS3.6AI score0.00192EPSS

CVE•added 2019/04/23 7:32 p.m.•60 views

CVE-2019-2516

Vulnerability in the Portable Clusterware component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c. Easily exploitable vulnerability allows high privileged attacker having Grid Infrastructure User privilege with logon to the infrastructure w...

8.2CVSS8.2AI score0.00056EPSS

CVE•added 2019/10/16 6:15 p.m.•60 views

CVE-2019-2909

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java VM. While the vulner...

6.8CVSS6AI score0.0101EPSS

CVE•added 2020/07/15 6:15 p.m.•60 views

CVE-2020-2968

8CVSS7.4AI score0.01706EPSS

CVE•added 2018/01/18 2:29 a.m.•59 views

CVE-2017-10282

Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2 and 12.2.0.1. Easily exploitable vulnerability allows high privileged attacker having Create Session, Execute Catalog Role privilege with network access via Oracle Net to compromis...

9.1CVSS8.3AI score0.01898EPSS

CVE•added 2018/07/18 1:29 p.m.•59 views

CVE-2018-2939

Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18.1 and 18.2. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Core RDBMS e...

8.4CVSS8.2AI score0.0012EPSS

CVE•added 2019/07/23 11:15 p.m.•59 views

CVE-2019-2799

Vulnerability in the Oracle ODBC Driver component of Oracle Database Server<span><b> PRIVILEGE CANNOT BE NONE FOR AUTHENTICATED ATTACKS </b></span>. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c. Difficult to exploit vulnerability allows low privileged attacker havin...

7.5CVSS7.3AI score0.01198EPSS

CVE•added 2019/07/23 11:15 p.m.•57 views

CVE-2019-2753

Vulnerability in the Oracle Text component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via OracleNet to compromise Oracle...

4.9CVSS4.3AI score0.00243EPSS

CVE•added 2021/10/20 11:16 a.m.•57 views

CVE-2021-2332

Vulnerability in the Oracle LogMiner component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows high privileged attacker having DBA privilege with network access via Oracle Net to compromise Oracle LogMiner. Succ...

6.7CVSS6.3AI score0.00288EPSS

CVE•added 2019/07/23 11:15 p.m.•55 views

CVE-2019-2776

Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Any Index privilege with network access via OracleNet to compromise Core RDBM...

7.6CVSS7.2AI score0.00392EPSS

CVE•added 2019/10/16 6:15 p.m.•54 views

CVE-2019-2940

Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 18c. Easily exploitable vulnerability allows high privileged attacker having Create Session privilege with logon to the infrastructure where Core RDBMS executes to co...

2.3CVSS3.1AI score0.00133EPSS

CVE•added 2018/01/18 2:29 a.m.•53 views

CVE-2018-2575

Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, and 12.2.0.1. Difficult to exploit vulnerability allows high privileged attacker having Local Logon privilege with network access via multiple protocols to compromise Co...

2.1CVSS2.8AI score0.00229EPSS

CVE•added 2018/07/18 1:29 p.m.•53 views

CVE-2018-3004

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2,12.2.0.1 and 18.2. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via multiple proto...

5.3CVSS4.9AI score0.00395EPSS

CVE•added 2019/10/16 6:15 p.m.•53 views

CVE-2019-2913

Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via OracleNet to compromise Core RDBMS. While the ...

5CVSS4.2AI score0.00302EPSS

CVE•added 2019/10/16 6:15 p.m.•53 views

CVE-2019-2955

Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Core RDBMS exe...

3.9CVSS3.6AI score0.00192EPSS

Total number of security vulnerabilities57