50 matches found
CVE-2016-9843
CVE-2016-9843 concerns zlib 1.2.8 and its crc32_big implementation (big-endian CRC calculation). Connected docs show affected packages: FLTK builds for zlib before 1.3.8-1 in CBLMariner, and Cloud Foundry/ALAS advisories link multiple zlib-related CVEs with remediation guidance. The FLTK note sta...
CVE-2018-10237
CVE-2018-10237 affects Google Guava 11.0–24.x before 24.1.1. Unbounded memory allocation occurs during Java serialization of AtomicDoubleArray and GWT serialization of CompoundOrdering, enabling potential denial-of-service via memory exhaustion. Root cause is eager allocation without checks on cl...
CVE-2016-9841
CVE-2016-9841 is a vulnerability in zlib 1.2.8 related to improper pointer arithmetic in inffast.c that could have context-dependent impact. Connected advisories confirm public details and show remediation by upgrading zlib to a newer version (e.g., 1.2.11) across affected products and distributi...
CVE-2016-9840
CVE-2016-9840 affects zlib 1.2.8 in inftrees.c where improper pointer arithmetic can lead to out-of-bounds memory handling. Connected advisories show related issues in the same zlib code path (CVE-2016-9841, CVE-2016-9842, CVE-2016-9843) and describe potential crash or arbitrary-code outcomes in ...
CVE-2016-9842
CVE-2016-9842 concerns zlib 1.2.8 where the inflateMark function in inflate.c can trigger context-dependent behavior via left shifts of negative integers. Connected documents confirm the issue is embedded in zlib and was addressed by updates in downstream packages. Debian LTS (DLA-2085-1) fixes t...
CVE-2019-12973
Context: CVE-2019-12973 affects OpenJPEG 2.3.1. Vulnerability: In opj_t1_encode_cblks (openjp2/t1.c), excessive iteration can be exploited by a crafted BMP file to cause a denial of service. This is consistent with related issues in OpenJPEG’s t1.c handling. Impact (as stated): Remote denial of s...
CVE-2019-16942
CVE-2019-16942 affects FasterXML jackson-databind 2.0.0–2.9.10. When Default Typing is enabled for an externally exposed JSON endpoint and the service includes the commons-dbcp 1.4 jar on the classpath, with an accessible RMI endpoint, the vulnerability can allow execution of a malicious payload ...
CVE-2018-1000873
CVE-2018-1000873 : A CWE-20 DoS vulnerability in Fasterxml Jackson, specifically in jackson-modules-java8 prior to 2.9.8, allows an attacker to trigger denial of service by deserializing malicious input (notably very large values in the nanoseconds field of a time value). The issue is fixed in 2....
CVE-2020-1953
CVE-2020-1953 affects Apache Commons Configuration, where the YAML parser’s default behavior can instantiate arbitrary classes, enabling remote code execution if a crafted YAML file is loaded from an untrusted source. The vulnerability has been described across multiple sources, including IBM adv...
CVE-2018-14719
CVE-2018-14719 involves FasterXML Jackson Databind 2.x up to but before 2.9.7. The root cause is failure to block polymorphic deserialization of certain gadgets (blaze-ds-opt/blaze-ds-core), enabling remote code execution if the gadget classes can be reached. The IBM bulletin references Jackson D...
CVE-2016-2381
CVE-2016-2381 describes a Perl taint protection bypass in child processes caused by duplicate environment variables in envp. This context-dependent issue could allow an attacker to bypass taint checks, potentially enabling unintended behavior or exposure in vulnerable Perl workflows. Public refer...
CVE-2018-3259
CVE-2018-3259 affects the Java VM component of Oracle Database Server. Affected supported versions are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c. The vulnerability allows an unauthenticated attacker with network access via multiple protocols to compromise the Java VM, potentially taking over the VM an...
CVE-2020-2511
CVE-2020-2511 affects the Core RDBMS of Oracle Database Server. Affected versions: 12.1.0.2, 12.2.0.1, 18c, 19c. The vulnerability is exploitable by a low-privileged attacker with Create Session privilege and network access via OracleNet, potentially allowing a hang or crash (complete DOS) of Cor...
CVE-2021-1993
CVE-2021-1993 affects Oracle Database Server’s Java VM component. Affected versions: 12.1.0.2, 12.2.0.1, 18c, 19c. An attacker with Create Session via Oracle Net and low privileges, requiring user interaction, can impact data integrity by compromising Java VM. CVSSv3.1 base score 4.8 (I), vector ...
CVE-2019-2518
The CVE-2019-2518 entry concerns Oracle Database Server’s Java VM component. Affected are Oracle versions 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, and 19c. The vulnerability is described as difficult to exploit and allows a low-privileged attacker with Create Session and Create Procedure privileges, ov...
CVE-2020-2510
CVE-2020-2510 affects the Oracle Database Server Core RDBMS component. Affected versions are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, and 19c. The vulnerability allows an unauthenticated attacker with network access via OracleNet to compromise the Core RDBMS and potentially take over the system. Exploi...
CVE-2020-2735
CVE-2020-2735 is a vulnerability in the Java VM component of Oracle Database Server. Affected Oracle versions are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, and 19c. The issue is difficult to exploit but can be triggered by a low-privileged attacker with Create Session privilege and network access via Or...
CVE-2020-2515
CVE-2020-2515 affects Oracle Database Server’s Database Gateway for ODBC. Affected Oracle versions include 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. The vulnerability enables a low-privilege attacker with Create Session permission and OracleNet network access to read, modify, or delete data expo...
CVE-2021-2173
CVE-2021-2173 affects Oracle Database Server Recovery component and is documented with affected Oracle versions (12.1.0.2, 12.2.0.1, 18c, 19c). The issue allows a high-privileged attacker with a DBA-level account and network access via Oracle Net to obtain unauthorized read access to Recovery dat...
CVE-2020-2518
CVE-2020-2518 is a vulnerability in the Oracle Database Server Java VM component affecting versions 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, and 19c. The issue allows a low-privileged attacker with Create Session privilege and network access via various protocols to take over the Java VM. The initial d...
CVE-2021-2175
The CVE-2021-2175 vulnerability affects Oracle Database Server’s Database Vault component. Affected are Oracle versions 12.1.0.2, 12.2.0.1, 18c, and 19c. An attacker with Create Any View or Select Any View privileges and network access via Oracle Net can obtain unauthorized read access to a subse...
CVE-2019-2582
CVE-2019-2582 affects Oracle Database Server Core RDBMS. The Red Hat and NVD records describe an unauthenticated, network-accessible vulnerability via Oracle Net that can lead to read access to a subset of Core RDBMS data in affected versions 12.2.0.1 and 18c. The underlying cause and impact are ...
CVE-2019-2547
CVE-2019-2547 affects Oracle Database Server’s Java VM component. Affected versions are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c. The vulnerability can be exploited by a low-privileged attacker with Create Session and Create Procedure privileges over network protocols; exploitation requires user inte...
CVE-2019-2749
CVE-2019-2749 affects Oracle Database Server’s Java VM component. Affected releases include 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, and 19c. The vulnerability arises in the Java VM and can allow a low-privilege attacker with Create Session and Create Procedure privileges and network access (via multip...
CVE-2019-2517
CVE-2019-2517 affects Oracle Database Server’s Core RDBMS component (versions 12.2.0.1 and 18c). The vulnerability can be exploited remotely via Oracle Net by a high-privileged attacker with DBFS_ROLE to compromise the Core RDBMS, potentially taking over the component and impacting related produc...
CVE-2020-2512
CVE-2020-2512 is a vulnerability in the Database Gateway for ODBC component of Oracle Database Server . Affected versions are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. An unauthenticated attacker with network access via OracleNet can trigger a hang or frequently repeatable crash (complete DoS) o...
CVE-2021-2234
CVE-2021-2234 affects Oracle Database Server (Java VM component). Affected: 12.1.0.2, 12.2.0.1, 18c, 19c. Vulnerability allows a low-privilege user with Create Session and network access via Oracle Net to compromise the Java VM, with potential for unauthorized creation/deletion/modification of da...
CVE-2020-2517
CVE-2020-2517 affects Oracle Database Server (Database Gateway for ODBC). A high-privilege attacker with Create Procedure and Create Database Link privileges over OracleNet can compromise the gateway, enabling unauthorized updates/inserts/deletes and a partial denial of service. Affected versions...
CVE-2019-2571
CVE-2019-2571 affects Oracle Database Server’s RDBMS DataPump component. Affected versions are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c. The issue, described as a high-privilege DBA-authenticated vulnerability exploitable over Oracle Net, can lead to takeover of the DataPump component. Root cause det...
CVE-2019-2516
The CVE-2019-2516 issue affects Oracle Database Server’s Portable Clusterware. Affected: 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c. Root cause: vulnerability in Portable Clusterware that enables a high-privilege Grid Infrastructure User with local logon to compromise Portable Clusterware, potentially tak...
CVE-2019-2799
CVE-2019-2799 describes a heap-based buffer overflow in the Oracle Database Server’s ODBC Driver on Windows. The ZDI advisory (ZDI-19-662) notes remote code execution via parsing certain attributes in the ODBC driver; exploitation requires user interaction (visiting a malicious page or opening a ...
CVE-2020-2737
CVE-2020-2737 affects Oracle Database Server, Core RDBMS component. Affected versions include 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, and 19c. The vulnerability can be exploited by a high-privilege user with Create Session and Execute Catalog Role privileges, with network access via Oracle Net, and re...
CVE-2020-2968
CVE-2020-2968 affects Oracle Database Server’s Java VM component. Public docs identify affected versions as 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, and 19c. The vulnerability allows a low-privileged attacker with Create Session and Create Procedure privileges, with network access via multiple protocol...
CVE-2019-2909
CVE-2019-2909 affects Oracle Database Server in the Java VM component. Affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. It can be exploited with network access via multiple protocols by an unauthenticated attacker to compromise Java VM, potentially leading to unauthorized creation, deletio...
CVE-2019-2954
Oracle CVE-2019-2954 affects the Core RDBMS component of Oracle Database Server. Affected versions are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. The vulnerability can be exploited by a low-privilege user with Create Session and Create Procedure privileges who can log on to the infrastructure whe...
CVE-2021-2000
CVE-2021-2000 affects Oracle Database Server’s Unified Audit component. Affected: 12.1.0.2, 12.2.0.1, 18c, 19c. Root cause described as a vulnerability in the Unified Audit data handling that a high-privilege SYS user with network access via Oracle Net could exploit to perform unauthorized update...
CVE-2019-2734
CVE-2019-2734 affects Oracle Database Server Core RDBMS in 12.2.0.1, 18c and 19c. A low-privileged user with Create Session and DBMS_ADVISOR Execute privileges, over OracleNet, can compromise Core RDBMS data resulting in possible unauthorized updates/inserts/deletes (I by CVSSv3 4.3). Public docu...
CVE-2019-2753
CVE-2019-2753 affects Oracle Text in Oracle Database Server for 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c. The vulnerability allows a low-privileged user with Create Session and network access via OracleNet to read a subset of Oracle Text data and potentially cause partial denial of service. Exploitat...
CVE-2019-2776
CVE-2019-2776 affects Oracle Database Server Core RDBMS. Affected: 12.1.0.2, 12.2.0.1, 18c, 19c. The vulnerability enables a high-privilege attacker with Create Any Index privilege and network access via OracleNet to compromise Core RDBMS, potentially granting unauthorized access to data and unau...
CVE-2020-2731
CVE-2020-2731 affects Oracle Database Server, specifically the Core RDBMS component. Affects versions 12.1.0.2, 12.2.0.1, 18c, and 19c. The vulnerability allows a low-privileged attacker with Local Logon and user interaction to potentially perform unauthorized updates/inserts/deletes on Core RDBM...
CVE-2020-2734
CVE-2020-2734 affects Oracle Database Server, specifically the RDBMS/Optimizer component. Affected versions are 12.1.0.2, 12.2.0.1, 18c, and 19c. The vulnerability can be exploited by a highly privileged attacker who has Execute on the DBMS_SQLTUNE privilege and network access via Oracle Net. Exp...
CVE-2020-2969
CVE-2020-2969 affects Oracle Database Server’s Data Pump component. Affected versions: 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, and 19c. The issue is exploitable by a high-privilege DBA account with network access via Oracle Net, potentially allowing takeover of Data Pump. CVSSv3.1 base score is 6.6 (C...
CVE-2019-2913
CVE-2019-2913 affects Oracle Database Server (Core RDBMS). Affected: 12.2.0.1, 18c, 19c. Attacker with Create Session privilege and network access via OracleNet can read a subset of Core RDBMS data due to a Core RDBMS component flaw (CVSS 3.0 base 5.0; Confidentiality impact LOW). Root cause deta...
CVE-2019-2955
CVE-2019-2955 affects Oracle Database Server — Core RDBMS component. Vulnerable are Oracle DB versions 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, and 19c. The flaw allows a low-privilege attacker with Local Logon and user interaction to update, insert, or delete Core RDBMS data and potentially cause a pa...
CVE-2020-2527
CVE-2020-2527 — Oracle Database Core RDBMS affects Oracle Database Server core RDBMS on 12.1.0.2, 12.2.0.1, 18c, 19c. Exploitation requires a high-privilege user (Create Index/Create Table) with OracleNet network access and can lead to unauthorized read access of a subset of Core RDBMS data. CVSS...
CVE-2018-2875
Oracle Database Server CVE-2018-2875 affects the Core RDBMS component in Oracle Database Server and targets 12.2.0.1, 18c, and 19c. A low-privilege attacker with Create Session and network access via OracleNet can read a subset of Core RDBMS data. The vulnerability’s CVSS v3.0 base score is 5.0 (...
CVE-2019-2956
CVE-2019-2956 affects Oracle Database Server: Core RDBMS (jackson-databind). Affected versions: 12.1.0.2, 12.2.0.1, 18c, 19c. Vulnerability allows a low-privileged attacker with Create Session and network access via multiple protocols to cause a hang or crash (DOS) of Core RDBMS (jackson-databind...
CVE-2019-2940
Oracle Database Server Core RDBMS vulnerability CVE-2019-2940 affects Oracle Database Server Core RDBMS for versions 12.1.0.2, 12.2.0.1, and 18c. An attacker with Create Session privilege and local logon can compromise the Core RDBMS, potentially enabling unauthorized updates, inserts, or deletes...
CVE-2020-2516
CVE-2020-2516 references a vulnerability in Oracle Database Server’s Core RDBMS component affecting Oracle versions 12.1.0.2, 12.2.0.1, 18c, and 19c. An attacker with Create Materialized View or Create Table privileges and network access via OracleNet could compromise Core RDBMS; exploitation req...
CVE-2019-2939
CVE-2019-2939 affects Oracle Database Server’s Core RDBMS component. Affected versions include 12.2.0.1, 18c, and 19c. The vulnerability allows a low-privileged attacker with Create Session privilege and network access via OracleNet to compromise Core RDBMS, potentially leading to unauthorized re...