Database@19c Security Vulnerabilities and Issues — Database@19c CVE List

Lucene search

OracleDatabase19c

38 matches found

CVE•added 2020/05/20 7:15 p.m.•1317 views

CVE-2020-9484

When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the Persisten...

7CVSS7.5AI score0.93416EPSS

CVE•added 2021/03/01 12:15 p.m.•849 views

CVE-2021-25329

The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the previous...

7CVSS7.3AI score0.93416EPSS

CVE•added 2021/03/01 12:15 p.m.•816 views

CVE-2021-25122

When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results of user A's reques...

7.5CVSS6.9AI score0.02775EPSS

CVE•added 2019/09/18 11:15 p.m.•230 views

CVE-2019-3740

RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover DSA keys.

6.5CVSS7.9AI score0.01239EPSS

CVE•added 2019/09/18 11:15 p.m.•221 views

CVE-2019-3738

RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to a Missing Required Cryptographic Step vulnerability. A malicious remote attacker could potentially exploit this vulnerability to coerce two parties into computing the same predictable shared key.

6.5CVSS7.5AI score0.00714EPSS

CVE•added 2019/09/18 11:15 p.m.•219 views

CVE-2019-3739

RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to Information Exposure Through Timing Discrepancy vulnerabilities during ECDSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover ECDSA keys.

6.5CVSS7.9AI score0.01239EPSS

CVE•added 2022/07/11 8:15 p.m.•154 views

CVE-2020-35169

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Improper Input Validation Vulnerability.

9.8CVSS9.4AI score0.00159EPSS

CVE•added 2022/07/19 10:15 p.m.•120 views

CVE-2022-21565

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Procedure privilege with network access via Oracle Net to compromise Java VM. Successful at...

6.5CVSS6.6AI score0.00462EPSS

CVE•added 2022/04/19 9:15 p.m.•104 views

CVE-2022-21411

Vulnerability in the RDBMS Gateway / Generic ODBC Connectivity component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to c...

5.5CVSS4.8AI score0.00175EPSS

CVE•added 2023/04/18 8:15 p.m.•99 views

CVE-2023-21934

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Difficult to exploit vulnerability allows low privileged attacker having User Account privilege with network access via TLS to compromise Java VM. Successful attacks of this vulne...

6.8CVSS6.3AI score0.00381EPSS

CVE•added 2022/04/19 9:15 p.m.•98 views

CVE-2022-21498

6.5CVSS6AI score0.00179EPSS

CVE•added 2023/01/18 12:15 a.m.•93 views

CVE-2023-21829

Vulnerability in the Oracle Database RDBMS Security component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Oracle Data...

6.3CVSS5.6AI score0.00285EPSS

CVE•added 2022/04/19 9:15 p.m.•92 views

CVE-2022-21410

Vulnerability in the Oracle Database - Enterprise Edition Sharding component of Oracle Database Server. The supported version that is affected is 19c. Easily exploitable vulnerability allows high privileged attacker having Create Any Procedure privilege with network access via Oracle Net to comprom...

7.2CVSS7.1AI score0.01406EPSS

CVE•added 2018/07/26 2:29 p.m.•87 views

CVE-2018-1288

In Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.0 to 0.11.0.2, and 1.0.0, authenticated Kafka users may perform action reserved for the Broker via a manually created fetch request interfering with data replication, resulting in data loss.

5.5CVSS5.5AI score0.00932EPSS

CVE•added 2022/07/19 10:15 p.m.•86 views

CVE-2022-21432

Vulnerability in the Oracle Database - Enterprise Edition RDBMS Security component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 19c and 21c. Easily exploitable vulnerability allows high privileged attacker having DBA role privilege with network access via Oracle Net...

2.7CVSS4.1AI score0.00069EPSS

CVE•added 2021/10/20 11:16 a.m.•85 views

CVE-2021-35558

Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Table privilege with network access via Oracle Net to compromise Core RDBMS. S...

4.3CVSS3.5AI score0.00314EPSS

CVE•added 2022/07/11 8:15 p.m.•80 views

CVE-2020-35166

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.

9.8CVSS7.2AI score0.00366EPSS

CVE•added 2022/07/11 8:15 p.m.•70 views

CVE-2020-35168

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.

9.8CVSS9.3AI score0.0011EPSS

CVE•added 2022/07/11 8:15 p.m.•69 views

CVE-2020-35164

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.

8.1CVSS8.8AI score0.00497EPSS

CVE•added 2022/07/11 8:15 p.m.•67 views

CVE-2020-35163

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain a Use of Insufficiently Random Values Vulnerability.

9.8CVSS9.3AI score0.00638EPSS

CVE•added 2021/07/21 3:15 p.m.•66 views

CVE-2021-2334

Vulnerability in the Oracle Database - Enterprise Edition Data Redaction component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via ...

3.5CVSS2.5AI score0.00212EPSS

CVE•added 2021/07/21 3:15 p.m.•66 views

CVE-2021-2335

3.5CVSS2.5AI score0.00212EPSS

CVE•added 2021/07/21 3:15 p.m.•66 views

CVE-2021-2337

Vulnerability in the Oracle XML DB component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Any Procedure, Create Public Synonym privilege with network access via Oracle N...

7.2CVSS7AI score0.01647EPSS

CVE•added 2022/07/11 8:15 p.m.•63 views

CVE-2020-29508

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Improper Input Validation Vulnerability.

9.8CVSS9.3AI score0.00202EPSS

CVE•added 2021/04/22 10:15 p.m.•61 views

CVE-2021-2207

Vulnerability in the Oracle Database - Enterprise Edition component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having RMAN executable privilege with logon to the infrastructure...

2.3CVSS2.4AI score0.00116EPSS

CVE•added 2021/04/22 10:15 p.m.•59 views

CVE-2021-2245

Vulnerability in the Oracle Database - Enterprise Edition Unified Audit component of Oracle Database Server. Supported versions that are affected are 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Audit Policy privilege with network access via Oracle Net...

4CVSS3.1AI score0.00469EPSS

CVE•added 2021/10/20 11:16 a.m.•58 views

CVE-2021-35557

4.3CVSS3.5AI score0.00314EPSS

CVE•added 2021/07/21 3:15 p.m.•57 views

CVE-2021-2336

3.5CVSS2.5AI score0.00212EPSS

CVE•added 2022/07/11 8:15 p.m.•55 views

CVE-2020-35167

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.

9.8CVSS9.3AI score0.00558EPSS

CVE•added 2022/07/11 8:15 p.m.•54 views

CVE-2020-29506

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Observable Timing Discrepancy Vulnerability.

9.8CVSS9.4AI score0.01329EPSS

CVE•added 2020/12/16 4:15 p.m.•54 views

CVE-2020-5360

Dell BSAFE Micro Edition Suite, versions prior to 4.5, are vulnerable to a Buffer Under-Read Vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability resulting in undefined behaviour, or a crash of the affected systems.

7.5CVSS8AI score0.01804EPSS

CVE•added 2022/10/18 9:15 p.m.•54 views

CVE-2022-21596

Vulnerability in the Oracle Database - Advanced Queuing component of Oracle Database Server. The supported version that is affected is 19c. Easily exploitable vulnerability allows high privileged attacker having DBA user privilege with network access via Oracle Net to compromise Oracle Database - A...

7.2CVSS7.1AI score0.00481EPSS

CVE•added 2022/06/01 3:15 p.m.•48 views

CVE-2020-26185

Dell BSAFE Micro Edition Suite, versions prior to 4.5.1, contain a Buffer Over-Read Vulnerability.

7.5CVSS7.5AI score0.00463EPSS

CVE•added 2022/07/11 8:15 p.m.•48 views

CVE-2020-29507

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.4, and Dell BSAFE Micro Edition Suite, versions before 4.4, contain an Improper Input Validation Vulnerability.

9.8CVSS9.4AI score0.0085EPSS

CVE•added 2021/10/20 11:16 a.m.•48 views

CVE-2021-35551

Vulnerability in the RDBMS Security component of Oracle Database Server. Supported versions that are affected are 12.2.0.1, 19c and 21c. Easily exploitable vulnerability allows high privileged attacker having DBA privilege with network access via Oracle Net to compromise RDBMS Security. Successful ...

5.5CVSS5.4AI score0.00293EPSS

CVE•added 2020/12/16 4:15 p.m.•45 views

CVE-2020-5359

Dell BSAFE Micro Edition Suite, versions prior to 4.5, are vulnerable to an Unchecked Return Value Vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability to modify and corrupt the encrypted data.

5.8CVSS6.5AI score0.0042EPSS

CVE•added 2020/10/21 3:15 p.m.•44 views

CVE-2020-14901

Vulnerability in the RDBMS Security component of Oracle Database Server. The supported version that is affected is 19c. Easily exploitable vulnerability allows high privileged attacker having Analyze Any privilege with network access via Oracle Net to compromise RDBMS Security. Successful attacks o...

6.8CVSS5AI score0.00411EPSS

CVE•added 2023/01/18 12:15 a.m.•43 views

CVE-2023-21827

Vulnerability in the Oracle Database Data Redaction component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Oracle Data...

4.3CVSS3.1AI score0.00271EPSS