Vulnerabilities > Oracle > Database > High

DATE CVE VULNERABILITY TITLE RISK
2022-07-11 CVE-2020-35164 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.
network
high complexity
dell oracle
8.1
2022-06-01 CVE-2020-26185 Out-of-bounds Read vulnerability in multiple products
Dell BSAFE Micro Edition Suite, versions prior to 4.5.1, contain a Buffer Over-Read Vulnerability.
network
low complexity
dell oracle CWE-125
7.5
2021-03-01 CVE-2021-25329 The fix for CVE-2020-9484 was incomplete.
local
high complexity
apache debian oracle
7.0
2021-03-01 CVE-2021-25122 Information Exposure vulnerability in multiple products
When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results of user A's request.
network
low complexity
apache debian oracle CWE-200
7.5
2020-12-16 CVE-2020-5360 Out-of-bounds Read vulnerability in multiple products
Dell BSAFE Micro Edition Suite, versions prior to 4.5, are vulnerable to a Buffer Under-Read Vulnerability.
network
low complexity
dell oracle CWE-125
7.5
2020-05-20 CVE-2020-9484 Deserialization of Untrusted Data vulnerability in multiple products
When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter="null" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control.
7.0
2019-04-23 CVE-2019-2619 Unspecified vulnerability in Oracle Database
Vulnerability in the Portable Clusterware component of Oracle Database Server.
local
low complexity
oracle
8.2
2019-01-16 CVE-2019-2444 Unspecified vulnerability in Oracle Database 12.1.0.2/12.2.0.1/18C
Vulnerability in the Core RDBMS component of Oracle Database Server.
local
low complexity
oracle
8.2
2019-01-16 CVE-2019-2406 Unspecified vulnerability in Oracle Database 12.1.0.2/12.2.0.1/18C
Vulnerability in the Core RDBMS component of Oracle Database Server.
network
low complexity
oracle
7.2
2017-10-19 CVE-2017-10321 Unspecified vulnerability in Oracle Database 11.2.0.4/12.1.0.2/12.2.0.1
Vulnerability in the Core RDBMS component of Oracle Database Server.
local
low complexity
oracle
8.8