Oracle Database Server vulnerabilities

CVE-2020-2735 [HIGH] CVE-2020-2735: Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affect Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Java VM. Successful attacks require human interaction from a perso

CVE-2020-2737 [MEDIUM] CVE-2020-2737: Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are aff Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows high privileged attacker having Create Session, Execute Catalog Role privilege with network access via Oracle Net to compromise Core RDBMS. Successful attacks require

CVE-2020-2734 [LOW] CVE-2020-2734: Vulnerability in the RDBMS/Optimizer component of Oracle Database Server. Supported versions that ar Vulnerability in the RDBMS/Optimizer component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having Execute on DBMS_SQLTUNE privilege with network access via Oracle Net to compromise RDBMS/Optimizer. Successful attacks require human interaction

CVE-2020-1953 [CRITICAL] CVE-2020-1953: Apache Commons Configuration uses a third-party library to parse YAML files which by default allows Apache Commons Configuration uses a third-party library to parse YAML files which by default allows the instantiation of classes if the YAML includes special statements. Apache Commons Configuration versions 2.2, 2.3, 2.4, 2.5, 2.6 did not change the default settings of this library. So if a YAML file was loaded from an untrusted source, it could therefore l

CVE-2020-2510 [HIGH] CVE-2020-2510: Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are aff Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via OracleNet to compromise Core RDBMS. Successful attacks require human interaction from a person other than the attacker.

CVE-2020-2511 [HIGH] CVE-2020-2511: Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are aff Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via OracleNet to compromise Core RDBMS. While the vulnerability is in Core RDBMS, attacks may significan

CVE-2020-2518 [HIGH] CVE-2020-2518: Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affect Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows low privileged attacker having Create Session privilege with network access via multiple protocols to compromise Java VM. Successful attacks of this vulnerability can resu

CVE-2020-2527 [MEDIUM] CVE-2020-2527: Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are aff Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Index, Create Table privilege with network access via OracleNet to compromise Core RDBMS. While the vulnerability is in Core RDBMS, attacks

CVE-2020-2515 [MEDIUM] CVE-2020-2515: Vulnerability in the Database Gateway for ODBC component of Oracle Database Server. Supported versio Vulnerability in the Database Gateway for ODBC component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows low privileged attacker having Create Session privilege with network access via OracleNet to compromise Database Gateway for ODBC. Successful attacks o

CVE-2020-2512 [MEDIUM] CVE-2020-2512: Vulnerability in the Database Gateway for ODBC component of Oracle Database Server. Supported versio Vulnerability in the Database Gateway for ODBC component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via OracleNet to compromise Database Gateway for ODBC. Successful attacks of this vulnerability can result

CVE-2020-2731 [LOW] CVE-2020-2731: Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are aff Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Core RDBMS executes to compromise Core RDBMS. Successful attacks require human interactio

CVE-2020-2517 [LOW] CVE-2020-2517: Vulnerability in the Database Gateway for ODBC component of Oracle Database Server. Supported versio Vulnerability in the Database Gateway for ODBC component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, and 19c. Difficult to exploit vulnerability allows high privileged attacker having Create Procedure, Create Database Link privilege with network access via OracleNet to compromise Database Gateway for ODB

CVE-2020-2516 [LOW] CVE-2020-2516: Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are aff Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Materialized View, Create Table privilege with network access via OracleNet to compromise Core RDBMS. Successful attacks require human interac

CVE-2019-10219 [MEDIUM] CWE-79 CVE-2019-10219: A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properl A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.

CVE-2019-2913 [MEDIUM] CVE-2019-2913: Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are aff Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via OracleNet to compromise Core RDBMS. While the vulnerability is in Core RDBMS, attacks may significantly impa

CVE-2019-2939 [MEDIUM] CVE-2019-2939: Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are aff Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via OracleNet to compromise Core RDBMS. While the vulnerability is in Core RDBMS, attacks may significantly impa

CVE-2019-2909 [MEDIUM] CVE-2019-2909: Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affect Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java VM. While the vulnerability is in Java VM, attacks may significantly impact additi

CVE-2018-2875 [MEDIUM] CVE-2018-2875: Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are aff Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via OracleNet to compromise Core RDBMS. While the vulnerability is in Core RDBMS, attacks may significantly impa

CVE-2019-2734 [MEDIUM] CVE-2019-2734: Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are aff Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Create Session, Execute on DBMS_ADVISOR privilege with network access via OracleNet to compromise Core RDBMS. Successful attacks of this vulnerability can re

CVE-2019-2956 [MEDIUM] CVE-2019-2956: Vulnerability in the Core RDBMS (jackson-databind) component of Oracle Database Server. Supported ve Vulnerability in the Core RDBMS (jackson-databind) component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via multiple protocols to compromise Core RDBMS (jackson-databind). Successful atta