Lucene search
K
OracleDatabase Server19c

43 matches found

CVE
CVE
added 2018/04/26 9:0 p.m.655 views

CVE-2018-10237

CVE-2018-10237 affects Google Guava 11.0–24.x before 24.1.1. Unbounded memory allocation occurs during Java serialization of AtomicDoubleArray and GWT serialization of CompoundOrdering, enabling potential denial-of-service via memory exhaustion. Root cause is eager allocation without checks on cl...

5.9CVSS5.9AI score0.05119EPSS
CVE
CVE
added 2019/10/01 4:4 p.m.323 views

CVE-2019-16942

CVE-2019-16942 affects FasterXML jackson-databind 2.0.0–2.9.10. When Default Typing is enabled for an externally exposed JSON endpoint and the service includes the commons-dbcp 1.4 jar on the classpath, with an accessible RMI endpoint, the vulnerability can allow execution of a malicious payload ...

9.8CVSS9.4AI score0.05681EPSS
CVE
CVE
added 2019/11/08 2:46 p.m.296 views

CVE-2019-10219

The CVE-2019-10219 entry affects Hibernate Validator: SafeHtml validator annotation fails to sanitize HTML comments/instructions, enabling XSS in affected code paths. Affected CP4S versions are 1.7.2.0, 1.8.0.0, and 1.8.1.0. Remediation is to upgrade to Cloud Pak for Security 1.9.0.0 per IBM guid...

6.5CVSS6AI score0.02167EPSS
CVE
CVE
added 2018/12/20 5:0 p.m.252 views

CVE-2018-1000873

CVE-2018-1000873 : A CWE-20 DoS vulnerability in Fasterxml Jackson, specifically in jackson-modules-java8 prior to 2.9.8, allows an attacker to trigger denial of service by deserializing malicious input (notably very large values in the nanoseconds field of a time value). The issue is fixed in 2....

6.5CVSS7.7AI score0.04758EPSS
CVE
CVE
added 2020/03/13 2:58 p.m.228 views

CVE-2020-1953

CVE-2020-1953 affects Apache Commons Configuration, where the YAML parser’s default behavior can instantiate arbitrary classes, enabling remote code execution if a crafted YAML file is loaded from an untrusted source. The vulnerability has been described across multiple sources, including IBM adv...

10CVSS9.3AI score0.06684EPSS
CVE
CVE
added 2019/01/02 6:0 p.m.223 views

CVE-2018-14719

CVE-2018-14719 involves FasterXML Jackson Databind 2.x up to but before 2.9.7. The root cause is failure to block polymorphic deserialization of certain gadgets (blaze-ds-opt/blaze-ds-core), enabling remote code execution if the gadget classes can be reached. The IBM bulletin references Jackson D...

9.8CVSS9.8AI score0.09682EPSS
CVE
CVE
added 2023/01/17 11:35 p.m.175 views

CVE-2023-21893

CVE-2023-21893 affects the Oracle Data Provider for .NET component of Oracle Database Server (19c and 21c). Root cause: vulnerability in the DP.NET component enabling takeover with network access via TCPS; exploitation requires user interaction (UI:R) and can lead to complete compromise. Remediat...

7.5CVSS7.5AI score0.00594EPSS
CVE
CVE
added 2016/04/08 3:0 p.m.161 views

CVE-2016-2381

CVE-2016-2381 describes a Perl taint protection bypass in child processes caused by duplicate environment variables in envp. This context-dependent issue could allow an attacker to bypass taint checks, potentially enabling unintended behavior or exposure in vulnerable Perl workflows. Public refer...

7.5CVSS7.3AI score0.09007EPSS
CVE
CVE
added 2020/01/15 4:33 p.m.129 views

CVE-2020-2511

CVE-2020-2511 affects the Core RDBMS of Oracle Database Server. Affected versions: 12.1.0.2, 12.2.0.1, 18c, 19c. The vulnerability is exploitable by a low-privileged attacker with Create Session privilege and network access via OracleNet, potentially allowing a hang or crash (complete DOS) of Cor...

7.7CVSS6.9AI score0.01318EPSS
CVE
CVE
added 2022/01/19 11:21 a.m.127 views

CVE-2022-21247

CVE-2022-21247 affects Oracle Database Server’s Core RDBMS. Affected are Oracle Database Server versions 12.2.0.1 and 19c. The vulnerability allows a high-privilege attacker with Create Session and Execute Catalog Role privileges, and network access via Oracle Net, to read a subset of Core RDBMS ...

4CVSS3AI score0.00685EPSS
CVE
CVE
added 2022/01/19 11:26 a.m.118 views

CVE-2022-21393

CVE-2022-21393 affects Oracle Database Server Java VM component. Affects 12.1.0.2, 12.2.0.1, 19c, and 21c. A low-privileged attacker with Create Procedure privilege and network access via Oracle Net can compromise the Java VM, enabling a partial denial of service. Root cause per sources is an inp...

4.3CVSS4AI score0.00804EPSS
CVE
CVE
added 2021/01/20 2:49 p.m.112 views

CVE-2021-1993

CVE-2021-1993 affects Oracle Database Server’s Java VM component. Affected versions: 12.1.0.2, 12.2.0.1, 18c, 19c. An attacker with Create Session via Oracle Net and low privileges, requiring user interaction, can impact data integrity by compromising Java VM. CVSSv3.1 base score 4.8 (I), vector ...

4.8CVSS5.1AI score0.00806EPSS
CVE
CVE
added 2021/10/20 12:0 a.m.108 views

CVE-2021-35576

CVE-2021-35576 is a vulnerability in Oracle Database Server's Unified Audit component affecting 12.1.0.2, 12.2.0.1 and 19c. It allows a high-privileged attacker with Local Logon and network access via Oracle Net to compromise the Unified Audit data, potentially enabling unauthorized update/insert...

4CVSS2.4AI score0.01381EPSS
CVE
CVE
added 2019/04/23 6:16 p.m.105 views

CVE-2019-2518

The CVE-2019-2518 entry concerns Oracle Database Server’s Java VM component. Affected are Oracle versions 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, and 19c. The vulnerability is described as difficult to exploit and allows a low-privileged attacker with Create Session and Create Procedure privileges, ov...

7.5CVSS7.6AI score0.0123EPSS
CVE
CVE
added 2020/01/15 4:33 p.m.104 views

CVE-2020-2510

CVE-2020-2510 affects the Oracle Database Server Core RDBMS component. Affected versions are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, and 19c. The vulnerability allows an unauthenticated attacker with network access via OracleNet to compromise the Core RDBMS and potentially take over the system. Exploi...

7.5CVSS7.2AI score0.02121EPSS
CVE
CVE
added 2020/04/15 1:29 p.m.102 views

CVE-2020-2735

CVE-2020-2735 is a vulnerability in the Java VM component of Oracle Database Server. Affected Oracle versions are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, and 19c. The issue is difficult to exploit but can be triggered by a low-privileged attacker with Create Session privilege and network access via Or...

8CVSS7.4AI score0.01125EPSS
CVE
CVE
added 2020/01/15 4:33 p.m.98 views

CVE-2020-2515

CVE-2020-2515 affects Oracle Database Server’s Database Gateway for ODBC. Affected Oracle versions include 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. The vulnerability enables a low-privilege attacker with Create Session permission and OracleNet network access to read, modify, or delete data expo...

6CVSS4.7AI score0.00792EPSS
CVE
CVE
added 2021/04/22 12:0 a.m.96 views

CVE-2021-2173

CVE-2021-2173 affects Oracle Database Server Recovery component and is documented with affected Oracle versions (12.1.0.2, 12.2.0.1, 18c, 19c). The issue allows a high-privileged attacker with a DBA-level account and network access via Oracle Net to obtain unauthorized read access to Recovery dat...

4.1CVSS3.4AI score0.01372EPSS
CVE
CVE
added 2020/01/15 4:33 p.m.95 views

CVE-2020-2518

CVE-2020-2518 is a vulnerability in the Oracle Database Server Java VM component affecting versions 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, and 19c. The issue allows a low-privileged attacker with Create Session privilege and network access via various protocols to take over the Java VM. The initial d...

7.5CVSS7AI score0.01256EPSS
CVE
CVE
added 2021/04/22 12:0 a.m.94 views

CVE-2021-2175

The CVE-2021-2175 vulnerability affects Oracle Database Server’s Database Vault component. Affected are Oracle versions 12.1.0.2, 12.2.0.1, 18c, and 19c. An attacker with Create Any View or Select Any View privileges and network access via Oracle Net can obtain unauthorized read access to a subse...

4CVSS2.9AI score0.01654EPSS
CVE
CVE
added 2019/07/23 10:31 p.m.92 views

CVE-2019-2749

CVE-2019-2749 affects Oracle Database Server’s Java VM component. Affected releases include 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, and 19c. The vulnerability arises in the Java VM and can allow a low-privilege attacker with Create Session and Create Procedure privileges and network access (via multip...

6.8CVSS6.8AI score0.01089EPSS
CVE
CVE
added 2020/01/15 4:33 p.m.91 views

CVE-2020-2512

CVE-2020-2512 is a vulnerability in the Database Gateway for ODBC component of Oracle Database Server . Affected versions are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. An unauthenticated attacker with network access via OracleNet can trigger a hang or frequently repeatable crash (complete DoS) o...

5.9CVSS5.7AI score0.01466EPSS
CVE
CVE
added 2021/04/22 9:53 p.m.90 views

CVE-2021-2234

CVE-2021-2234 affects Oracle Database Server (Java VM component). Affected: 12.1.0.2, 12.2.0.1, 18c, 19c. Vulnerability allows a low-privilege user with Create Session and network access via Oracle Net to compromise the Java VM, with potential for unauthorized creation/deletion/modification of da...

5.3CVSS4.7AI score0.00789EPSS
CVE
CVE
added 2020/01/15 4:33 p.m.88 views

CVE-2020-2517

CVE-2020-2517 affects Oracle Database Server (Database Gateway for ODBC). A high-privilege attacker with Create Procedure and Create Database Link privileges over OracleNet can compromise the gateway, enabling unauthorized updates/inserts/deletes and a partial denial of service. Affected versions...

4.9CVSS3.5AI score0.0077EPSS
CVE
CVE
added 2022/10/18 12:0 a.m.84 views

CVE-2022-21606

CVE-2022-21606 affects Oracle Database Server 19c, specifically the Oracle Services for Microsoft Transaction Server component on Windows. The vulnerability allows an unauthenticated attacker with network access via HTTP to compromise the Transaction Server component; exploitation requires human ...

6.1CVSS5.9AI score0.00456EPSS
CVE
CVE
added 2021/10/20 10:49 a.m.80 views

CVE-2021-2332

CVE-2021-2332 affects Oracle Database Server’s LogMiner component (affected 12.1.0.2, 12.2.0.1, 19c). An authenticated, high-privilege DBA attacker with Oracle Net access can compromise data integrity, confidentiality and availability, including unauthorized data modification/deletion, read acces...

6.7CVSS6.3AI score0.00856EPSS
CVE
CVE
added 2020/04/15 1:29 p.m.79 views

CVE-2020-2737

CVE-2020-2737 affects Oracle Database Server, Core RDBMS component. Affected versions include 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, and 19c. The vulnerability can be exploited by a high-privilege user with Create Session and Execute Catalog Role privileges, with network access via Oracle Net, and re...

6.4CVSS5.9AI score0.01031EPSS
CVE
CVE
added 2020/07/15 5:34 p.m.78 views

CVE-2020-2968

CVE-2020-2968 affects Oracle Database Server’s Java VM component. Public docs identify affected versions as 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, and 19c. The vulnerability allows a low-privileged attacker with Create Session and Create Procedure privileges, with network access via multiple protocol...

8CVSS7.4AI score0.01111EPSS
CVE
CVE
added 2019/10/16 5:40 p.m.77 views

CVE-2019-2909

CVE-2019-2909 affects Oracle Database Server in the Java VM component. Affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. It can be exploited with network access via multiple protocols by an unauthenticated attacker to compromise Java VM, potentially leading to unauthorized creation, deletio...

6.8CVSS6AI score0.01349EPSS
CVE
CVE
added 2019/10/16 5:40 p.m.77 views

CVE-2019-2954

Oracle CVE-2019-2954 affects the Core RDBMS component of Oracle Database Server. Affected versions are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. The vulnerability can be exploited by a low-privilege user with Create Session and Create Procedure privileges who can log on to the infrastructure whe...

3.9CVSS3.6AI score0.00396EPSS
CVE
CVE
added 2021/01/20 2:50 p.m.77 views

CVE-2021-2000

CVE-2021-2000 affects Oracle Database Server’s Unified Audit component. Affected: 12.1.0.2, 12.2.0.1, 18c, 19c. Root cause described as a vulnerability in the Unified Audit data handling that a high-privilege SYS user with network access via Oracle Net could exploit to perform unauthorized update...

3.5CVSS3.5AI score0.00764EPSS
CVE
CVE
added 2019/10/16 5:40 p.m.75 views

CVE-2019-2734

CVE-2019-2734 affects Oracle Database Server Core RDBMS in 12.2.0.1, 18c and 19c. A low-privileged user with Create Session and DBMS_ADVISOR Execute privileges, over OracleNet, can compromise Core RDBMS data resulting in possible unauthorized updates/inserts/deletes (I by CVSSv3 4.3). Public docu...

4.3CVSS3.7AI score0.00844EPSS
CVE
CVE
added 2019/07/23 10:31 p.m.71 views

CVE-2019-2776

CVE-2019-2776 affects Oracle Database Server Core RDBMS. Affected: 12.1.0.2, 12.2.0.1, 18c, 19c. The vulnerability enables a high-privilege attacker with Create Any Index privilege and network access via OracleNet to compromise Core RDBMS, potentially granting unauthorized access to data and unau...

7.6CVSS7.2AI score0.01111EPSS
CVE
CVE
added 2020/01/15 4:34 p.m.71 views

CVE-2020-2731

CVE-2020-2731 affects Oracle Database Server, specifically the Core RDBMS component. Affects versions 12.1.0.2, 12.2.0.1, 18c, and 19c. The vulnerability allows a low-privileged attacker with Local Logon and user interaction to potentially perform unauthorized updates/inserts/deletes on Core RDBM...

3.9CVSS3.8AI score0.00396EPSS
CVE
CVE
added 2020/04/15 1:29 p.m.71 views

CVE-2020-2734

CVE-2020-2734 affects Oracle Database Server, specifically the RDBMS/Optimizer component. Affected versions are 12.1.0.2, 12.2.0.1, 18c, and 19c. The vulnerability can be exploited by a highly privileged attacker who has Execute on the DBMS_SQLTUNE privilege and network access via Oracle Net. Exp...

3.5CVSS2.8AI score0.00892EPSS
CVE
CVE
added 2020/07/15 5:34 p.m.71 views

CVE-2020-2969

CVE-2020-2969 affects Oracle Database Server’s Data Pump component. Affected versions: 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, and 19c. The issue is exploitable by a high-privilege DBA account with network access via Oracle Net, potentially allowing takeover of Data Pump. CVSSv3.1 base score is 6.6 (C...

6.6CVSS6.3AI score0.02031EPSS
CVE
CVE
added 2019/10/16 5:40 p.m.68 views

CVE-2019-2913

CVE-2019-2913 affects Oracle Database Server (Core RDBMS). Affected: 12.2.0.1, 18c, 19c. Attacker with Create Session privilege and network access via OracleNet can read a subset of Core RDBMS data due to a Core RDBMS component flaw (CVSS 3.0 base 5.0; Confidentiality impact LOW). Root cause deta...

5CVSS4.2AI score0.01129EPSS
CVE
CVE
added 2019/10/16 5:40 p.m.68 views

CVE-2019-2955

CVE-2019-2955 affects Oracle Database Server — Core RDBMS component. Vulnerable are Oracle DB versions 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, and 19c. The flaw allows a low-privilege attacker with Local Logon and user interaction to update, insert, or delete Core RDBMS data and potentially cause a pa...

3.9CVSS3.6AI score0.00396EPSS
CVE
CVE
added 2020/01/15 4:33 p.m.68 views

CVE-2020-2527

CVE-2020-2527 — Oracle Database Core RDBMS affects Oracle Database Server core RDBMS on 12.1.0.2, 12.2.0.1, 18c, 19c. Exploitation requires a high-privilege user (Create Index/Create Table) with OracleNet network access and can lead to unauthorized read access of a subset of Core RDBMS data. CVSS...

4.1CVSS3.6AI score0.00982EPSS
CVE
CVE
added 2019/10/16 5:40 p.m.66 views

CVE-2018-2875

Oracle Database Server CVE-2018-2875 affects the Core RDBMS component in Oracle Database Server and targets 12.2.0.1, 18c, and 19c. A low-privilege attacker with Create Session and network access via OracleNet can read a subset of Core RDBMS data. The vulnerability’s CVSS v3.0 base score is 5.0 (...

5CVSS4.2AI score0.0098EPSS
CVE
CVE
added 2019/10/16 5:40 p.m.66 views

CVE-2019-2956

CVE-2019-2956 affects Oracle Database Server: Core RDBMS (jackson-databind). Affected versions: 12.1.0.2, 12.2.0.1, 18c, 19c. Vulnerability allows a low-privileged attacker with Create Session and network access via multiple protocols to cause a hang or crash (DOS) of Core RDBMS (jackson-databind...

5.7CVSS4.9AI score0.01117EPSS
CVE
CVE
added 2020/01/15 4:33 p.m.65 views

CVE-2020-2516

CVE-2020-2516 references a vulnerability in Oracle Database Server’s Core RDBMS component affecting Oracle versions 12.1.0.2, 12.2.0.1, 18c, and 19c. An attacker with Create Materialized View or Create Table privileges and network access via OracleNet could compromise Core RDBMS; exploitation req...

3.5CVSS2.9AI score0.00784EPSS
CVE
CVE
added 2019/10/16 5:40 p.m.60 views

CVE-2019-2939

CVE-2019-2939 affects Oracle Database Server’s Core RDBMS component. Affected versions include 12.2.0.1, 18c, and 19c. The vulnerability allows a low-privileged attacker with Create Session privilege and network access via OracleNet to compromise Core RDBMS, potentially leading to unauthorized re...

5CVSS4.2AI score0.01129EPSS