38 matches found
CVE-2020-9484
CVE-2020-9484 is a deserialization flaw in Apache Tomcat that, under a specific FileStore PersistenceManager configuration and a crafted request, can trigger remote code execution. Affected are Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61, and 7.0.0 to 7.0.107 when the...
CVE-2021-25329
The CVE-2021-25329 entry is tied to an incomplete fix for CVE-2020-9484 in Apache Tomcat. In affected releases (Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61, and 7.0.0 to 7.0.107) a configuration edge case that was deemed highly unlikely could leave the Tomcat instance vulnerab...
CVE-2021-25122
CVE-2021-25122 affects Apache Tomcat across multiple lines: 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, and 8.5.0 to 8.5.61. The issue allows duplicating request headers and a limited amount of request body from one request to another, enabling cross-user visibility of results (information disclosur...
CVE-2019-3740
CVE-2019-3740 concerns RSA BSAFE Crypto-J used by Oracle GoldenGate Install (Dell BSAFE Crypto-J). The root cause is a timing-discrepancy vulnerability during DSA key generation that could allow a remote attacker to recover DSA private keys. Affected product/component: Oracle GoldenGate (Install ...
CVE-2019-3739
CVE-2019-3739 concerns RSA BSAFE Crypto-J versions prior to 6.2.5, where information exposure can occur via timing discrepancy during ECDSA key generation. The vulnerability could allow a remote attacker to recover ECDSA keys. The provided documents identify the affected component as Dell/Certico...
CVE-2019-3738
Missing Required Cryptographic Step vulnerability (CVE-2019-3738) affects Dell RSA BSAFE Crypto-J versions prior to 6.2.5; a remote attacker could coerce two parties into computing the same predictable shared key. The CNVD entry confirms the affected component and impact; the Oracle/Nessus refere...
CVE-2020-35169
CVE-2020-35169 is tied to Dell BSAFE Crypto-C Micro Edition (pre-4.1.5) and Dell BSAFE Micro Edition Suite (pre-4.5.2) with an Improper Input Validation vulnerability. Public sources in the connected documents confirm high-severity impact (CVSS v3.1: 9.8, network access, no authentication, high c...
CVE-2022-21565
CVE-2022-21565 affects the Oracle Database Server Java VM component. Affected: 12.1.0.2, 19c, 21c. Vulnerability allows a low-privilege user with Create Procedure privilege and network access via Oracle Net to compromise the Java VM, potentially leading to unauthorized creation, deletion, or modi...
CVE-2023-21934
The CVE-2023-21934 issue affects Oracle Database Server (Java VM component) in 19c and 21c. The root cause is described in connected sources as insufficient input validation in the Java VM, enabling a low-privileged user with network access via TLS to compromise the Java VM and potentially read, ...
CVE-2022-21498
CVE-2022-21498 affects the Java VM component of Oracle Database Server. Affected: Oracle Database Server versions 12.1.0.2, 19c, and 21c. Root cause: a vulnerability in the Java VM that allows a low-privileged user with Create Procedure privilege and network access via multiple protocols to compr...
CVE-2022-21411
CVE-2022-21411 : Oracle Database Server’s RDBMS Gateway / Generic ODBC Connectivity component is affected. Affected versions are 12.1.0.2, 19c, and 21c . The vulnerability allows a low-privilege attacker with Create Session privilege and network access via Oracle Net to compromise the RDBMS Gatew...
CVE-2023-21829
CVE-2023-21829 affects Oracle Database Server, specifically the RDBMS Security component. Connected sources confirm affected versions are 19c and 21c. A low-privileged attacker with Create Session privilege and network access via Oracle Net can compromise RDBMS Security, with human interaction re...
CVE-2018-1288
CVE-2018-1288 affects Apache Kafka across multiple 0.9.x–1.0.0 release lines; authenticated users can issue a fetch request that performs a broker-reserved action, potentially causing data loss during replication. Public documentation here documents the issue and confirms fixes in later Kafka bui...
CVE-2022-21410
CVE-2022-21410 affects Oracle Database Server, specifically the Enterprise Edition Sharding component in 19c. The vulnerability allows a high-privileged attacker (requiring Create Any Procedure privilege) with network access via Oracle Net to compromise Sharding, potentially leading to takeover o...
CVE-2021-35558
CVE-2021-35558 affects Oracle Database Server Core RDBMS. Oracle warns that versions 12.1.0.2, 12.2.0.1, 19c and 21c are affected and an attacker with Create Table privilege and network access could cause partial DOS. Connected IBM EMPTORIS bulletins show affected IBM products and remediations: E...
CVE-2020-26185
Dell BSAFE Micro Edition Suite (Dell) is affected by a Buffer Over-Read Vulnerability in versions prior to 4.5.1. Public docs consistently cite a remote-exploitable issue that can crash an application and cause denial of service. The CVSS data in the sources show a high impact (availability impac...
CVE-2022-21432
CVE-2022-21432 affects Oracle Database Server - Enterprise Edition RDBMS Security. Affected are 12.1.0.2, 19c and 21c; exploitation requires a high-privilege DBA and network access via Oracle Net, enabling partial denial of service. Severity in the CVSS 3.1 base is 2.7 (LOW) with AV:N/AC:L/PR:H/U...
CVE-2020-35166
CVE-2020-35166 affects Dell BSAFE Crypto-C Micro Edition (pre-4.1.5) and Dell BSAFE Micro Edition Suite (pre-4.6) with an Observable Timing Discrepancy Vulnerability. The Initial Description specifies the affected products/versions and that the vulnerability is timing-related, implying potential ...
CVE-2021-2337
CVE-2021-2337 affects Oracle Database Server’s XML DB component . Affected are Oracle 12.1.0.2, 12.2.0.1, and 19c. The issue allows a high-privilege attacker with privileges such as Create Any Procedure and Create Public Synonym and network access via Oracle Net to compromise Oracle XML DB, poten...
CVE-2021-35557
CVE-2021-35557 affects the Oracle Database Server Core RDBMS. Affected versions are 12.1.0.2, 12.2.0.1, 19c and 21c. The flaw allows a low-privileged attacker with Create Table privilege and network access via Oracle Net to compromise the Core RDBMS, yielding a partial denial of service (availabi...
CVE-2020-35163
Technical details about CVE-2020-35163 are not publicly available in the provided connected documents. Monitor for updates.
CVE-2020-35164
Summary (CVE-2020-35164) Dell BSAFE Crypto-C Micro Edition (versions before 4.1.5) and Dell BSAFE Micro Edition Suite (versions before 4.6) have an observable timing discrepancy vulnerability. Connected sources (PT-2022-8918) corroborate affected versions and advise upgrading to 4.1.5+ and 4.6+ r...
CVE-2021-35551
CVE-2021-35551 affects Oracle Database Server in the RDBMS Security component for 12.2.0.1, 19c, and 21c. The flaw lets a high-privilege DBA with network access via Oracle Net cause a denial of service (hang/crash) and unauthorized data updates/inserts/deletes in RDBMS Security. The issue’s root ...
CVE-2021-2334
CVE-2021-2334 affects Oracle Database Server, specifically the Enterprise Edition Data Redaction component. Affected are Oracle DB versions 12.1.0.2, 12.2.0.1, and 19c. The vulnerability allows a low-privilege, network-accessible attacker with Create Session via Oracle Net to potentially perform ...
CVE-2022-21596
CVE-2022-21596 affects Oracle Database Server, specifically the Advanced Queuing component in Oracle Database 19c. The vulnerability allows a high-privilege attacker with DBA privileges and network access via Oracle Net to compromise Advanced Queuing, potentially leading to takeover of the compon...
CVE-2020-35168
CVE-2020-35168 affects Dell BSAFE Crypto-C Micro Edition (versions before 4.1.5) and Dell BSAFE Micro Edition Suite (versions before 4.6) with an Observable Timing Discrepancy vulnerability. The initial document provides CVSS metrics indicating high impact (network attack, no user interaction) wi...
CVE-2021-2335
CVE-2021-2335: Oracle Database Server’s Enterprise Edition Data Redaction component is affected for Oracle DB versions 12.1.0.2, 12.2.0.1, and 19c. The vulnerability permits a low-privileged user with Create Session and Oracle Net access to access data, with human interaction required; impact is ...
CVE-2020-29508
CVE-2020-29508 affects Dell BSAFE Crypto-C Micro Edition (versions prior to 4.1.5) and Dell BSAFE Micro Edition Suite (versions prior to 4.6). The root cause is an Improper Input Validation vulnerability. Public references (CNVD/NVD/CVE records and Nessus-related entries) confirm the affected pro...
CVE-2021-2245
CVE-2021-2245 is described as a vulnerability in the Oracle Database - Enterprise Edition Unified Audit component. Public sources in the provided documents tie this CVE to IBM Emptoris products, listing affected modules and versions: IBM Emptoris Supplier Lifecycle Management, Contract Management...
CVE-2021-2207
CVE-2021-2207 affects Oracle Database Server - Enterprise Edition components (Oracle DB 12.1.0.2, 12.2.0.1, 18c, 19c). The vulnerability is exploitable by an attacker with RMAN executable privilege who can log on to the infrastructure, potentially resulting in unauthorized updates, inserts, or de...
CVE-2021-2336
The CVE-2021-2336 entry discusses a vulnerability in Oracle Database Server, specifically the Enterprise Edition Data Redaction component, affecting 12.1.0.2, 12.2.0.1, and 19c. The issue allows a low-privileged attacker with Create Session privilege and network access via Oracle Net to compromis...
CVE-2020-35167
Technical details for CVE-2020-35167 are not publicly available in the provided documents. Monitor for updates and additional sources.
CVE-2020-29506
Dell BSAFE Crypto-C Micro Edition (versions before 4.1.5) and Dell BSAFE Micro Edition Suite (versions before 4.5.2) contain an Observable Timing Discrepancy Vulnerability. The issue is documented with concrete vulnerable components and affected versions; upgrading to 4.1.5 and 4.5.2 respectively...
CVE-2020-5360
CVE-2020-5360 refers to a buffer under-read vulnerability in Dell BSAFE Micro Edition Suite, before version 4.5. The NVD entry notes unauthenticated remote exploitation with network access potentially causing undefined behavior or a crash (availability impact). Corporate context in connected docu...
CVE-2020-29507
CVE-2020-29507 affects Dell BSAFE Crypto-C Micro Edition (before 4.1.4) and Dell BSAFE Micro Edition Suite (before 4.4). The vulnerability is described as an Improper Input Validation issue. Public references in the connected documents confirm affected versions and provide remediation guidance: u...
CVE-2020-5359
CVE-2020-5359 affects Dell BSAFE Micro Edition Suite, versions prior to 4.5. The vulnerability is an unchecked return value vulnerability allowing an unauthenticated remote attacker to modify and corrupt encrypted data. No explicit fix/version remediation is provided in the connected documents; m...
CVE-2023-21827
The CVE-2023-21827 entry describes a vulnerability in the Oracle Database Data Redaction component affecting Oracle Database Server 19c and 21c. The flaw allows a low-privileged attacker with Create Session privilege and network access via Oracle Net to read a subset of Data Redaction data. The a...
CVE-2020-14901
CVE-2020-14901 affects Oracle Database Server, specifically the RDBMS Security component in the 19c release. The vulnerability can be exploited remotely over Oracle Net by a high-privilege attacker with Analyze Any privilege, leading to unauthorized access to or exposure of data within RDBMS Secu...