Lucene search
K
OracleDatabase Server18c

50 matches found

cve
cve
added 2017/05/23 3:56 a.m.1147 views

CVE-2016-9843

CVE-2016-9843 concerns zlib 1.2.8 and its crc32_big implementation (big-endian CRC calculation). Connected docs show affected packages: FLTK builds for zlib before 1.3.8-1 in CBLMariner, and Cloud Foundry/ALAS advisories link multiple zlib-related CVEs with remediation guidance. The FLTK note sta...

9.8CVSS9.9AI score0.0595EPSS
cve
cve
added 2018/04/26 9:0 p.m.655 views

CVE-2018-10237

CVE-2018-10237 affects Google Guava 11.0–24.x before 24.1.1. Unbounded memory allocation occurs during Java serialization of AtomicDoubleArray and GWT serialization of CompoundOrdering, enabling potential denial-of-service via memory exhaustion. Root cause is eager allocation without checks on cl...

5.9CVSS5.9AI score0.05119EPSS
cve
cve
added 2017/05/23 3:56 a.m.609 views

CVE-2016-9841

CVE-2016-9841 is a vulnerability in zlib 1.2.8 related to improper pointer arithmetic in inffast.c that could have context-dependent impact. Connected advisories confirm public details and show remediation by upgrading zlib to a newer version (e.g., 1.2.11) across affected products and distributi...

9.8CVSS9.9AI score0.07489EPSS
cve
cve
added 2017/05/23 3:56 a.m.539 views

CVE-2016-9840

CVE-2016-9840 affects zlib 1.2.8 in inftrees.c where improper pointer arithmetic can lead to out-of-bounds memory handling. Connected advisories show related issues in the same zlib code path (CVE-2016-9841, CVE-2016-9842, CVE-2016-9843) and describe potential crash or arbitrary-code outcomes in ...

8.8CVSS9.6AI score0.04793EPSS
cve
cve
added 2017/05/23 3:56 a.m.516 views

CVE-2016-9842

CVE-2016-9842 concerns zlib 1.2.8 where the inflateMark function in inflate.c can trigger context-dependent behavior via left shifts of negative integers. Connected documents confirm the issue is embedded in zlib and was addressed by updates in downstream packages. Debian LTS (DLA-2085-1) fixes t...

8.8CVSS9.5AI score0.05161EPSS
cve
cve
added 2019/06/26 5:7 p.m.350 views

CVE-2019-12973

Context: CVE-2019-12973 affects OpenJPEG 2.3.1. Vulnerability: In opj_t1_encode_cblks (openjp2/t1.c), excessive iteration can be exploited by a crafted BMP file to cause a denial of service. This is consistent with related issues in OpenJPEG’s t1.c handling. Impact (as stated): Remote denial of s...

5.5CVSS6.4AI score0.02596EPSS
cve
cve
added 2019/10/01 4:4 p.m.323 views

CVE-2019-16942

CVE-2019-16942 affects FasterXML jackson-databind 2.0.0–2.9.10. When Default Typing is enabled for an externally exposed JSON endpoint and the service includes the commons-dbcp 1.4 jar on the classpath, with an accessible RMI endpoint, the vulnerability can allow execution of a malicious payload ...

9.8CVSS9.4AI score0.05681EPSS
cve
cve
added 2018/12/20 5:0 p.m.252 views

CVE-2018-1000873

CVE-2018-1000873 : A CWE-20 DoS vulnerability in Fasterxml Jackson, specifically in jackson-modules-java8 prior to 2.9.8, allows an attacker to trigger denial of service by deserializing malicious input (notably very large values in the nanoseconds field of a time value). The issue is fixed in 2....

6.5CVSS7.7AI score0.04758EPSS
cve
cve
added 2020/03/13 2:58 p.m.228 views

CVE-2020-1953

CVE-2020-1953 affects Apache Commons Configuration, where the YAML parser’s default behavior can instantiate arbitrary classes, enabling remote code execution if a crafted YAML file is loaded from an untrusted source. The vulnerability has been described across multiple sources, including IBM adv...

10CVSS9.3AI score0.06684EPSS
cve
cve
added 2019/01/02 6:0 p.m.223 views

CVE-2018-14719

CVE-2018-14719 involves FasterXML Jackson Databind 2.x up to but before 2.9.7. The root cause is failure to block polymorphic deserialization of certain gadgets (blaze-ds-opt/blaze-ds-core), enabling remote code execution if the gadget classes can be reached. The IBM bulletin references Jackson D...

9.8CVSS9.8AI score0.09682EPSS
cve
cve
added 2016/04/08 3:0 p.m.161 views

CVE-2016-2381

CVE-2016-2381 describes a Perl taint protection bypass in child processes caused by duplicate environment variables in envp. This context-dependent issue could allow an attacker to bypass taint checks, potentially enabling unintended behavior or exposure in vulnerable Perl workflows. Public refer...

7.5CVSS7.3AI score0.09007EPSS
cve
cve
added 2018/10/17 1:0 a.m.145 views

CVE-2018-3259

CVE-2018-3259 affects the Java VM component of Oracle Database Server. Affected supported versions are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c. The vulnerability allows an unauthenticated attacker with network access via multiple protocols to compromise the Java VM, potentially taking over the VM an...

9.8CVSS8.9AI score0.03426EPSS
cve
cve
added 2020/01/15 4:33 p.m.129 views

CVE-2020-2511

CVE-2020-2511 affects the Core RDBMS of Oracle Database Server. Affected versions: 12.1.0.2, 12.2.0.1, 18c, 19c. The vulnerability is exploitable by a low-privileged attacker with Create Session privilege and network access via OracleNet, potentially allowing a hang or crash (complete DOS) of Cor...

7.7CVSS6.9AI score0.01318EPSS
cve
cve
added 2021/01/20 2:49 p.m.112 views

CVE-2021-1993

CVE-2021-1993 affects Oracle Database Server’s Java VM component. Affected versions: 12.1.0.2, 12.2.0.1, 18c, 19c. An attacker with Create Session via Oracle Net and low privileges, requiring user interaction, can impact data integrity by compromising Java VM. CVSSv3.1 base score 4.8 (I), vector ...

4.8CVSS5.1AI score0.00806EPSS
cve
cve
added 2019/04/23 6:16 p.m.105 views

CVE-2019-2518

The CVE-2019-2518 entry concerns Oracle Database Server’s Java VM component. Affected are Oracle versions 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, and 19c. The vulnerability is described as difficult to exploit and allows a low-privileged attacker with Create Session and Create Procedure privileges, ov...

7.5CVSS7.6AI score0.0123EPSS
cve
cve
added 2020/01/15 4:33 p.m.104 views

CVE-2020-2510

CVE-2020-2510 affects the Oracle Database Server Core RDBMS component. Affected versions are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, and 19c. The vulnerability allows an unauthenticated attacker with network access via OracleNet to compromise the Core RDBMS and potentially take over the system. Exploi...

7.5CVSS7.2AI score0.02121EPSS
cve
cve
added 2020/04/15 1:29 p.m.102 views

CVE-2020-2735

CVE-2020-2735 is a vulnerability in the Java VM component of Oracle Database Server. Affected Oracle versions are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, and 19c. The issue is difficult to exploit but can be triggered by a low-privileged attacker with Create Session privilege and network access via Or...

8CVSS7.4AI score0.01125EPSS
cve
cve
added 2020/01/15 4:33 p.m.98 views

CVE-2020-2515

CVE-2020-2515 affects Oracle Database Server’s Database Gateway for ODBC. Affected Oracle versions include 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. The vulnerability enables a low-privilege attacker with Create Session permission and OracleNet network access to read, modify, or delete data expo...

6CVSS4.7AI score0.00792EPSS
cve
cve
added 2021/04/22 12:0 a.m.96 views

CVE-2021-2173

CVE-2021-2173 affects Oracle Database Server Recovery component and is documented with affected Oracle versions (12.1.0.2, 12.2.0.1, 18c, 19c). The issue allows a high-privileged attacker with a DBA-level account and network access via Oracle Net to obtain unauthorized read access to Recovery dat...

4.1CVSS3.4AI score0.01372EPSS
cve
cve
added 2020/01/15 4:33 p.m.95 views

CVE-2020-2518

CVE-2020-2518 is a vulnerability in the Oracle Database Server Java VM component affecting versions 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, and 19c. The issue allows a low-privileged attacker with Create Session privilege and network access via various protocols to take over the Java VM. The initial d...

7.5CVSS7AI score0.01256EPSS
cve
cve
added 2021/04/22 12:0 a.m.94 views

CVE-2021-2175

The CVE-2021-2175 vulnerability affects Oracle Database Server’s Database Vault component. Affected are Oracle versions 12.1.0.2, 12.2.0.1, 18c, and 19c. An attacker with Create Any View or Select Any View privileges and network access via Oracle Net can obtain unauthorized read access to a subse...

4CVSS2.9AI score0.01654EPSS
cve
cve
added 2019/04/23 6:16 p.m.93 views

CVE-2019-2582

CVE-2019-2582 affects Oracle Database Server Core RDBMS. The Red Hat and NVD records describe an unauthenticated, network-accessible vulnerability via Oracle Net that can lead to read access to a subset of Core RDBMS data in affected versions 12.2.0.1 and 18c. The underlying cause and impact are ...

5.3CVSS4.9AI score0.01227EPSS
cve
cve
added 2019/01/16 7:0 p.m.92 views

CVE-2019-2547

CVE-2019-2547 affects Oracle Database Server’s Java VM component. Affected versions are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c. The vulnerability can be exploited by a low-privileged attacker with Create Session and Create Procedure privileges over network protocols; exploitation requires user inte...

3.5CVSS3.3AI score0.01033EPSS
cve
cve
added 2019/07/23 10:31 p.m.92 views

CVE-2019-2749

CVE-2019-2749 affects Oracle Database Server’s Java VM component. Affected releases include 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, and 19c. The vulnerability arises in the Java VM and can allow a low-privilege attacker with Create Session and Create Procedure privileges and network access (via multip...

6.8CVSS6.8AI score0.01089EPSS
cve
cve
added 2019/04/23 6:16 p.m.91 views

CVE-2019-2517

CVE-2019-2517 affects Oracle Database Server’s Core RDBMS component (versions 12.2.0.1 and 18c). The vulnerability can be exploited remotely via Oracle Net by a high-privileged attacker with DBFS_ROLE to compromise the Core RDBMS, potentially taking over the component and impacting related produc...

9.1CVSS8.2AI score0.01713EPSS
cve
cve
added 2020/01/15 4:33 p.m.91 views

CVE-2020-2512

CVE-2020-2512 is a vulnerability in the Database Gateway for ODBC component of Oracle Database Server . Affected versions are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. An unauthenticated attacker with network access via OracleNet can trigger a hang or frequently repeatable crash (complete DoS) o...

5.9CVSS5.7AI score0.01466EPSS
cve
cve
added 2021/04/22 9:53 p.m.90 views

CVE-2021-2234

CVE-2021-2234 affects Oracle Database Server (Java VM component). Affected: 12.1.0.2, 12.2.0.1, 18c, 19c. Vulnerability allows a low-privilege user with Create Session and network access via Oracle Net to compromise the Java VM, with potential for unauthorized creation/deletion/modification of da...

5.3CVSS4.7AI score0.00789EPSS
cve
cve
added 2020/01/15 4:33 p.m.88 views

CVE-2020-2517

CVE-2020-2517 affects Oracle Database Server (Database Gateway for ODBC). A high-privilege attacker with Create Procedure and Create Database Link privileges over OracleNet can compromise the gateway, enabling unauthorized updates/inserts/deletes and a partial denial of service. Affected versions...

4.9CVSS3.5AI score0.0077EPSS
cve
cve
added 2019/04/23 6:16 p.m.82 views

CVE-2019-2571

CVE-2019-2571 affects Oracle Database Server’s RDBMS DataPump component. Affected versions are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c. The issue, described as a high-privilege DBA-authenticated vulnerability exploitable over Oracle Net, can lead to takeover of the DataPump component. Root cause det...

6.6CVSS6.7AI score0.0115EPSS
cve
cve
added 2019/04/23 6:16 p.m.79 views

CVE-2019-2516

The CVE-2019-2516 issue affects Oracle Database Server’s Portable Clusterware. Affected: 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c. Root cause: vulnerability in Portable Clusterware that enables a high-privilege Grid Infrastructure User with local logon to compromise Portable Clusterware, potentially tak...

8.2CVSS8.2AI score0.00421EPSS
cve
cve
added 2019/07/23 10:31 p.m.79 views

CVE-2019-2799

CVE-2019-2799 describes a heap-based buffer overflow in the Oracle Database Server’s ODBC Driver on Windows. The ZDI advisory (ZDI-19-662) notes remote code execution via parsing certain attributes in the ODBC driver; exploitation requires user interaction (visiting a malicious page or opening a ...

7.5CVSS7.3AI score0.0123EPSS
cve
cve
added 2020/04/15 1:29 p.m.79 views

CVE-2020-2737

CVE-2020-2737 affects Oracle Database Server, Core RDBMS component. Affected versions include 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, and 19c. The vulnerability can be exploited by a high-privilege user with Create Session and Execute Catalog Role privileges, with network access via Oracle Net, and re...

6.4CVSS5.9AI score0.01031EPSS
cve
cve
added 2020/07/15 5:34 p.m.78 views

CVE-2020-2968

CVE-2020-2968 affects Oracle Database Server’s Java VM component. Public docs identify affected versions as 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, and 19c. The vulnerability allows a low-privileged attacker with Create Session and Create Procedure privileges, with network access via multiple protocol...

8CVSS7.4AI score0.01111EPSS
cve
cve
added 2019/10/16 5:40 p.m.77 views

CVE-2019-2909

CVE-2019-2909 affects Oracle Database Server in the Java VM component. Affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. It can be exploited with network access via multiple protocols by an unauthenticated attacker to compromise Java VM, potentially leading to unauthorized creation, deletio...

6.8CVSS6AI score0.01349EPSS
cve
cve
added 2019/10/16 5:40 p.m.77 views

CVE-2019-2954

Oracle CVE-2019-2954 affects the Core RDBMS component of Oracle Database Server. Affected versions are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. The vulnerability can be exploited by a low-privilege user with Create Session and Create Procedure privileges who can log on to the infrastructure whe...

3.9CVSS3.6AI score0.00396EPSS
cve
cve
added 2021/01/20 2:50 p.m.77 views

CVE-2021-2000

CVE-2021-2000 affects Oracle Database Server’s Unified Audit component. Affected: 12.1.0.2, 12.2.0.1, 18c, 19c. Root cause described as a vulnerability in the Unified Audit data handling that a high-privilege SYS user with network access via Oracle Net could exploit to perform unauthorized update...

3.5CVSS3.5AI score0.00764EPSS
cve
cve
added 2019/10/16 5:40 p.m.75 views

CVE-2019-2734

CVE-2019-2734 affects Oracle Database Server Core RDBMS in 12.2.0.1, 18c and 19c. A low-privileged user with Create Session and DBMS_ADVISOR Execute privileges, over OracleNet, can compromise Core RDBMS data resulting in possible unauthorized updates/inserts/deletes (I by CVSSv3 4.3). Public docu...

4.3CVSS3.7AI score0.00844EPSS
cve
cve
added 2019/07/23 10:31 p.m.75 views

CVE-2019-2753

CVE-2019-2753 affects Oracle Text in Oracle Database Server for 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c. The vulnerability allows a low-privileged user with Create Session and network access via OracleNet to read a subset of Oracle Text data and potentially cause partial denial of service. Exploitat...

4.9CVSS4.3AI score0.00887EPSS
cve
cve
added 2019/07/23 10:31 p.m.71 views

CVE-2019-2776

CVE-2019-2776 affects Oracle Database Server Core RDBMS. Affected: 12.1.0.2, 12.2.0.1, 18c, 19c. The vulnerability enables a high-privilege attacker with Create Any Index privilege and network access via OracleNet to compromise Core RDBMS, potentially granting unauthorized access to data and unau...

7.6CVSS7.2AI score0.01111EPSS
cve
cve
added 2020/01/15 4:34 p.m.71 views

CVE-2020-2731

CVE-2020-2731 affects Oracle Database Server, specifically the Core RDBMS component. Affects versions 12.1.0.2, 12.2.0.1, 18c, and 19c. The vulnerability allows a low-privileged attacker with Local Logon and user interaction to potentially perform unauthorized updates/inserts/deletes on Core RDBM...

3.9CVSS3.8AI score0.00396EPSS
cve
cve
added 2020/04/15 1:29 p.m.71 views

CVE-2020-2734

CVE-2020-2734 affects Oracle Database Server, specifically the RDBMS/Optimizer component. Affected versions are 12.1.0.2, 12.2.0.1, 18c, and 19c. The vulnerability can be exploited by a highly privileged attacker who has Execute on the DBMS_SQLTUNE privilege and network access via Oracle Net. Exp...

3.5CVSS2.8AI score0.00892EPSS
cve
cve
added 2020/07/15 5:34 p.m.71 views

CVE-2020-2969

CVE-2020-2969 affects Oracle Database Server’s Data Pump component. Affected versions: 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, and 19c. The issue is exploitable by a high-privilege DBA account with network access via Oracle Net, potentially allowing takeover of Data Pump. CVSSv3.1 base score is 6.6 (C...

6.6CVSS6.3AI score0.02031EPSS
cve
cve
added 2019/10/16 5:40 p.m.68 views

CVE-2019-2913

CVE-2019-2913 affects Oracle Database Server (Core RDBMS). Affected: 12.2.0.1, 18c, 19c. Attacker with Create Session privilege and network access via OracleNet can read a subset of Core RDBMS data due to a Core RDBMS component flaw (CVSS 3.0 base 5.0; Confidentiality impact LOW). Root cause deta...

5CVSS4.2AI score0.01129EPSS
cve
cve
added 2019/10/16 5:40 p.m.68 views

CVE-2019-2955

CVE-2019-2955 affects Oracle Database Server — Core RDBMS component. Vulnerable are Oracle DB versions 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, and 19c. The flaw allows a low-privilege attacker with Local Logon and user interaction to update, insert, or delete Core RDBMS data and potentially cause a pa...

3.9CVSS3.6AI score0.00396EPSS
cve
cve
added 2020/01/15 4:33 p.m.68 views

CVE-2020-2527

CVE-2020-2527 — Oracle Database Core RDBMS affects Oracle Database Server core RDBMS on 12.1.0.2, 12.2.0.1, 18c, 19c. Exploitation requires a high-privilege user (Create Index/Create Table) with OracleNet network access and can lead to unauthorized read access of a subset of Core RDBMS data. CVSS...

4.1CVSS3.6AI score0.00982EPSS
cve
cve
added 2019/10/16 5:40 p.m.66 views

CVE-2018-2875

Oracle Database Server CVE-2018-2875 affects the Core RDBMS component in Oracle Database Server and targets 12.2.0.1, 18c, and 19c. A low-privilege attacker with Create Session and network access via OracleNet can read a subset of Core RDBMS data. The vulnerability’s CVSS v3.0 base score is 5.0 (...

5CVSS4.2AI score0.0098EPSS
cve
cve
added 2019/10/16 5:40 p.m.66 views

CVE-2019-2956

CVE-2019-2956 affects Oracle Database Server: Core RDBMS (jackson-databind). Affected versions: 12.1.0.2, 12.2.0.1, 18c, 19c. Vulnerability allows a low-privileged attacker with Create Session and network access via multiple protocols to cause a hang or crash (DOS) of Core RDBMS (jackson-databind...

5.7CVSS4.9AI score0.01117EPSS
cve
cve
added 2019/10/16 5:40 p.m.65 views

CVE-2019-2940

Oracle Database Server Core RDBMS vulnerability CVE-2019-2940 affects Oracle Database Server Core RDBMS for versions 12.1.0.2, 12.2.0.1, and 18c. An attacker with Create Session privilege and local logon can compromise the Core RDBMS, potentially enabling unauthorized updates, inserts, or deletes...

2.3CVSS3.1AI score0.00387EPSS
cve
cve
added 2020/01/15 4:33 p.m.65 views

CVE-2020-2516

CVE-2020-2516 references a vulnerability in Oracle Database Server’s Core RDBMS component affecting Oracle versions 12.1.0.2, 12.2.0.1, 18c, and 19c. An attacker with Create Materialized View or Create Table privileges and network access via OracleNet could compromise Core RDBMS; exploitation req...

3.5CVSS2.9AI score0.00784EPSS
cve
cve
added 2019/10/16 5:40 p.m.60 views

CVE-2019-2939

CVE-2019-2939 affects Oracle Database Server’s Core RDBMS component. Affected versions include 12.2.0.1, 18c, and 19c. The vulnerability allows a low-privileged attacker with Create Session privilege and network access via OracleNet to compromise Core RDBMS, potentially leading to unauthorized re...

5CVSS4.2AI score0.01129EPSS