Vulnerabilities > Oracle > Database > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-20 | CVE-2020-9484 | Deserialization of Untrusted Data vulnerability in multiple products When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter="null" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. | 7.0 |
| 2019-04-23 | CVE-2019-2619 | Unspecified vulnerability in Oracle Database Vulnerability in the Portable Clusterware component of Oracle Database Server. | 8.2 |
| 2019-01-16 | CVE-2019-2444 | Unspecified vulnerability in Oracle Database 12.1.0.2/12.2.0.1/18C Vulnerability in the Core RDBMS component of Oracle Database Server. | 8.2 |
| 2019-01-16 | CVE-2019-2406 | Unspecified vulnerability in Oracle Database 12.1.0.2/12.2.0.1/18C Vulnerability in the Core RDBMS component of Oracle Database Server. | 7.2 |
| 2017-10-19 | CVE-2017-10321 | Unspecified vulnerability in Oracle Database 11.2.0.4/12.1.0.2/12.2.0.1 Vulnerability in the Core RDBMS component of Oracle Database Server. | 8.8 |
| 2017-10-19 | CVE-2017-10190 | Unspecified vulnerability in Oracle Database 11.2.0.4/12.1.0.2/12.2.0.1 Vulnerability in the Java VM component of Oracle Database Server. | 8.2 |
| 2016-09-01 | CVE-2016-2183 | Information Exposure vulnerability in multiple products The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack. | 7.5 |
| 2016-07-21 | CVE-2016-3479 | Unspecified vulnerability in Oracle Database 11.2.0.4/12.1.0.2 Unspecified vulnerability in the Portable Clusterware component in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows remote attackers to affect availability via unknown vectors. | 7.5 |