43 matches found
CVE-2018-10237
CVE-2018-10237 affects Google Guava 11.0–24.x before 24.1.1. Unbounded memory allocation occurs during Java serialization of AtomicDoubleArray and GWT serialization of CompoundOrdering, enabling potential denial-of-service via memory exhaustion. Root cause is eager allocation without checks on cl...
CVE-2019-16942
CVE-2019-16942 affects FasterXML jackson-databind 2.0.0–2.9.10. When Default Typing is enabled for an externally exposed JSON endpoint and the service includes the commons-dbcp 1.4 jar on the classpath, with an accessible RMI endpoint, the vulnerability can allow execution of a malicious payload ...
CVE-2019-10219
The CVE-2019-10219 entry affects Hibernate Validator: SafeHtml validator annotation fails to sanitize HTML comments/instructions, enabling XSS in affected code paths. Affected CP4S versions are 1.7.2.0, 1.8.0.0, and 1.8.1.0. Remediation is to upgrade to Cloud Pak for Security 1.9.0.0 per IBM guid...
CVE-2018-1000873
CVE-2018-1000873 : A CWE-20 DoS vulnerability in Fasterxml Jackson, specifically in jackson-modules-java8 prior to 2.9.8, allows an attacker to trigger denial of service by deserializing malicious input (notably very large values in the nanoseconds field of a time value). The issue is fixed in 2....
CVE-2020-1953
CVE-2020-1953 affects Apache Commons Configuration, where the YAML parser’s default behavior can instantiate arbitrary classes, enabling remote code execution if a crafted YAML file is loaded from an untrusted source. The vulnerability has been described across multiple sources, including IBM adv...
CVE-2018-14719
CVE-2018-14719 involves FasterXML Jackson Databind 2.x up to but before 2.9.7. The root cause is failure to block polymorphic deserialization of certain gadgets (blaze-ds-opt/blaze-ds-core), enabling remote code execution if the gadget classes can be reached. The IBM bulletin references Jackson D...
CVE-2023-21893
CVE-2023-21893 affects the Oracle Data Provider for .NET component of Oracle Database Server (19c and 21c). Root cause: vulnerability in the DP.NET component enabling takeover with network access via TCPS; exploitation requires user interaction (UI:R) and can lead to complete compromise. Remediat...
CVE-2016-2381
CVE-2016-2381 describes a Perl taint protection bypass in child processes caused by duplicate environment variables in envp. This context-dependent issue could allow an attacker to bypass taint checks, potentially enabling unintended behavior or exposure in vulnerable Perl workflows. Public refer...
CVE-2020-2511
CVE-2020-2511 affects the Core RDBMS of Oracle Database Server. Affected versions: 12.1.0.2, 12.2.0.1, 18c, 19c. The vulnerability is exploitable by a low-privileged attacker with Create Session privilege and network access via OracleNet, potentially allowing a hang or crash (complete DOS) of Cor...
CVE-2022-21247
CVE-2022-21247 affects Oracle Database Server’s Core RDBMS. Affected are Oracle Database Server versions 12.2.0.1 and 19c. The vulnerability allows a high-privilege attacker with Create Session and Execute Catalog Role privileges, and network access via Oracle Net, to read a subset of Core RDBMS ...
CVE-2022-21393
CVE-2022-21393 affects Oracle Database Server Java VM component. Affects 12.1.0.2, 12.2.0.1, 19c, and 21c. A low-privileged attacker with Create Procedure privilege and network access via Oracle Net can compromise the Java VM, enabling a partial denial of service. Root cause per sources is an inp...
CVE-2021-1993
CVE-2021-1993 affects Oracle Database Server’s Java VM component. Affected versions: 12.1.0.2, 12.2.0.1, 18c, 19c. An attacker with Create Session via Oracle Net and low privileges, requiring user interaction, can impact data integrity by compromising Java VM. CVSSv3.1 base score 4.8 (I), vector ...
CVE-2021-35576
CVE-2021-35576 is a vulnerability in Oracle Database Server's Unified Audit component affecting 12.1.0.2, 12.2.0.1 and 19c. It allows a high-privileged attacker with Local Logon and network access via Oracle Net to compromise the Unified Audit data, potentially enabling unauthorized update/insert...
CVE-2019-2518
The CVE-2019-2518 entry concerns Oracle Database Server’s Java VM component. Affected are Oracle versions 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, and 19c. The vulnerability is described as difficult to exploit and allows a low-privileged attacker with Create Session and Create Procedure privileges, ov...
CVE-2020-2510
CVE-2020-2510 affects the Oracle Database Server Core RDBMS component. Affected versions are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, and 19c. The vulnerability allows an unauthenticated attacker with network access via OracleNet to compromise the Core RDBMS and potentially take over the system. Exploi...
CVE-2020-2735
CVE-2020-2735 is a vulnerability in the Java VM component of Oracle Database Server. Affected Oracle versions are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, and 19c. The issue is difficult to exploit but can be triggered by a low-privileged attacker with Create Session privilege and network access via Or...
CVE-2020-2515
CVE-2020-2515 affects Oracle Database Server’s Database Gateway for ODBC. Affected Oracle versions include 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. The vulnerability enables a low-privilege attacker with Create Session permission and OracleNet network access to read, modify, or delete data expo...
CVE-2021-2173
CVE-2021-2173 affects Oracle Database Server Recovery component and is documented with affected Oracle versions (12.1.0.2, 12.2.0.1, 18c, 19c). The issue allows a high-privileged attacker with a DBA-level account and network access via Oracle Net to obtain unauthorized read access to Recovery dat...
CVE-2020-2518
CVE-2020-2518 is a vulnerability in the Oracle Database Server Java VM component affecting versions 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, and 19c. The issue allows a low-privileged attacker with Create Session privilege and network access via various protocols to take over the Java VM. The initial d...
CVE-2021-2175
The CVE-2021-2175 vulnerability affects Oracle Database Server’s Database Vault component. Affected are Oracle versions 12.1.0.2, 12.2.0.1, 18c, and 19c. An attacker with Create Any View or Select Any View privileges and network access via Oracle Net can obtain unauthorized read access to a subse...
CVE-2019-2749
CVE-2019-2749 affects Oracle Database Server’s Java VM component. Affected releases include 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, and 19c. The vulnerability arises in the Java VM and can allow a low-privilege attacker with Create Session and Create Procedure privileges and network access (via multip...
CVE-2020-2512
CVE-2020-2512 is a vulnerability in the Database Gateway for ODBC component of Oracle Database Server . Affected versions are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. An unauthenticated attacker with network access via OracleNet can trigger a hang or frequently repeatable crash (complete DoS) o...
CVE-2021-2234
CVE-2021-2234 affects Oracle Database Server (Java VM component). Affected: 12.1.0.2, 12.2.0.1, 18c, 19c. Vulnerability allows a low-privilege user with Create Session and network access via Oracle Net to compromise the Java VM, with potential for unauthorized creation/deletion/modification of da...
CVE-2020-2517
CVE-2020-2517 affects Oracle Database Server (Database Gateway for ODBC). A high-privilege attacker with Create Procedure and Create Database Link privileges over OracleNet can compromise the gateway, enabling unauthorized updates/inserts/deletes and a partial denial of service. Affected versions...
CVE-2022-21606
CVE-2022-21606 affects Oracle Database Server 19c, specifically the Oracle Services for Microsoft Transaction Server component on Windows. The vulnerability allows an unauthenticated attacker with network access via HTTP to compromise the Transaction Server component; exploitation requires human ...
CVE-2021-2332
CVE-2021-2332 affects Oracle Database Server’s LogMiner component (affected 12.1.0.2, 12.2.0.1, 19c). An authenticated, high-privilege DBA attacker with Oracle Net access can compromise data integrity, confidentiality and availability, including unauthorized data modification/deletion, read acces...
CVE-2020-2737
CVE-2020-2737 affects Oracle Database Server, Core RDBMS component. Affected versions include 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, and 19c. The vulnerability can be exploited by a high-privilege user with Create Session and Execute Catalog Role privileges, with network access via Oracle Net, and re...
CVE-2020-2968
CVE-2020-2968 affects Oracle Database Server’s Java VM component. Public docs identify affected versions as 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, and 19c. The vulnerability allows a low-privileged attacker with Create Session and Create Procedure privileges, with network access via multiple protocol...
CVE-2019-2909
CVE-2019-2909 affects Oracle Database Server in the Java VM component. Affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. It can be exploited with network access via multiple protocols by an unauthenticated attacker to compromise Java VM, potentially leading to unauthorized creation, deletio...
CVE-2019-2954
Oracle CVE-2019-2954 affects the Core RDBMS component of Oracle Database Server. Affected versions are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. The vulnerability can be exploited by a low-privilege user with Create Session and Create Procedure privileges who can log on to the infrastructure whe...
CVE-2021-2000
CVE-2021-2000 affects Oracle Database Server’s Unified Audit component. Affected: 12.1.0.2, 12.2.0.1, 18c, 19c. Root cause described as a vulnerability in the Unified Audit data handling that a high-privilege SYS user with network access via Oracle Net could exploit to perform unauthorized update...
CVE-2019-2734
CVE-2019-2734 affects Oracle Database Server Core RDBMS in 12.2.0.1, 18c and 19c. A low-privileged user with Create Session and DBMS_ADVISOR Execute privileges, over OracleNet, can compromise Core RDBMS data resulting in possible unauthorized updates/inserts/deletes (I by CVSSv3 4.3). Public docu...
CVE-2019-2776
CVE-2019-2776 affects Oracle Database Server Core RDBMS. Affected: 12.1.0.2, 12.2.0.1, 18c, 19c. The vulnerability enables a high-privilege attacker with Create Any Index privilege and network access via OracleNet to compromise Core RDBMS, potentially granting unauthorized access to data and unau...
CVE-2020-2731
CVE-2020-2731 affects Oracle Database Server, specifically the Core RDBMS component. Affects versions 12.1.0.2, 12.2.0.1, 18c, and 19c. The vulnerability allows a low-privileged attacker with Local Logon and user interaction to potentially perform unauthorized updates/inserts/deletes on Core RDBM...
CVE-2020-2734
CVE-2020-2734 affects Oracle Database Server, specifically the RDBMS/Optimizer component. Affected versions are 12.1.0.2, 12.2.0.1, 18c, and 19c. The vulnerability can be exploited by a highly privileged attacker who has Execute on the DBMS_SQLTUNE privilege and network access via Oracle Net. Exp...
CVE-2020-2969
CVE-2020-2969 affects Oracle Database Server’s Data Pump component. Affected versions: 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, and 19c. The issue is exploitable by a high-privilege DBA account with network access via Oracle Net, potentially allowing takeover of Data Pump. CVSSv3.1 base score is 6.6 (C...
CVE-2019-2913
CVE-2019-2913 affects Oracle Database Server (Core RDBMS). Affected: 12.2.0.1, 18c, 19c. Attacker with Create Session privilege and network access via OracleNet can read a subset of Core RDBMS data due to a Core RDBMS component flaw (CVSS 3.0 base 5.0; Confidentiality impact LOW). Root cause deta...
CVE-2019-2955
CVE-2019-2955 affects Oracle Database Server — Core RDBMS component. Vulnerable are Oracle DB versions 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, and 19c. The flaw allows a low-privilege attacker with Local Logon and user interaction to update, insert, or delete Core RDBMS data and potentially cause a pa...
CVE-2020-2527
CVE-2020-2527 — Oracle Database Core RDBMS affects Oracle Database Server core RDBMS on 12.1.0.2, 12.2.0.1, 18c, 19c. Exploitation requires a high-privilege user (Create Index/Create Table) with OracleNet network access and can lead to unauthorized read access of a subset of Core RDBMS data. CVSS...
CVE-2018-2875
Oracle Database Server CVE-2018-2875 affects the Core RDBMS component in Oracle Database Server and targets 12.2.0.1, 18c, and 19c. A low-privilege attacker with Create Session and network access via OracleNet can read a subset of Core RDBMS data. The vulnerability’s CVSS v3.0 base score is 5.0 (...
CVE-2019-2956
CVE-2019-2956 affects Oracle Database Server: Core RDBMS (jackson-databind). Affected versions: 12.1.0.2, 12.2.0.1, 18c, 19c. Vulnerability allows a low-privileged attacker with Create Session and network access via multiple protocols to cause a hang or crash (DOS) of Core RDBMS (jackson-databind...
CVE-2020-2516
CVE-2020-2516 references a vulnerability in Oracle Database Server’s Core RDBMS component affecting Oracle versions 12.1.0.2, 12.2.0.1, 18c, and 19c. An attacker with Create Materialized View or Create Table privileges and network access via OracleNet could compromise Core RDBMS; exploitation req...
CVE-2019-2939
CVE-2019-2939 affects Oracle Database Server’s Core RDBMS component. Affected versions include 12.2.0.1, 18c, and 19c. The vulnerability allows a low-privileged attacker with Create Session privilege and network access via OracleNet to compromise Core RDBMS, potentially leading to unauthorized re...