Vulnerabilities > Oracle > Database

DATE CVE VULNERABILITY TITLE RISK
2021-10-20 CVE-2021-35551 Unspecified vulnerability in Oracle Database 12.2.0.1/19C/21C
Vulnerability in the RDBMS Security component of Oracle Database Server.
network
low complexity
oracle
5.5
2021-10-20 CVE-2021-35557 Unspecified vulnerability in Oracle Database
Vulnerability in the Core RDBMS component of Oracle Database Server.
network
low complexity
oracle
4.3
2021-10-20 CVE-2021-35558 Unspecified vulnerability in Oracle Database
Vulnerability in the Core RDBMS component of Oracle Database Server.
network
low complexity
oracle
4.3
2021-03-01 CVE-2021-25329 The fix for CVE-2020-9484 was incomplete.
local
high complexity
apache debian oracle
7.0
2021-03-01 CVE-2021-25122 Information Exposure vulnerability in multiple products
When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results of user A's request.
network
low complexity
apache debian oracle CWE-200
7.5
2020-12-16 CVE-2020-5360 Out-of-bounds Read vulnerability in multiple products
Dell BSAFE Micro Edition Suite, versions prior to 4.5, are vulnerable to a Buffer Under-Read Vulnerability.
network
low complexity
dell oracle CWE-125
7.5
2020-12-16 CVE-2020-5359 Unchecked Return Value vulnerability in multiple products
Dell BSAFE Micro Edition Suite, versions prior to 4.5, are vulnerable to an Unchecked Return Value Vulnerability.
network
low complexity
dell oracle CWE-252
5.8
2020-05-20 CVE-2020-9484 Deserialization of Untrusted Data vulnerability in multiple products
When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter="null" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control.
7.0
2019-09-18 CVE-2019-3740 Information Exposure Through Discrepancy vulnerability in multiple products
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA key generation.
network
low complexity
dell oracle CWE-203
6.5
2019-09-18 CVE-2019-3739 RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to Information Exposure Through Timing Discrepancy vulnerabilities during ECDSA key generation.
network
low complexity
dell oracle
6.5