Oracle Database Server vulnerabilities
502 known vulnerabilities affecting oracle/database_server.
Total CVEs
502
CISA KEV
0
Public exploits
25
Exploited in wild
0
Severity breakdown
CRITICAL112HIGH71MEDIUM250LOW69
Vulnerabilities
Page 5 of 26
CVE-2018-3110CRITICALCVSS 9.9v11.2.0.4v12.1.0.2+2 more2018-08-10
CVE-2018-3110 [CRITICAL] CVE-2018-3110: A vulnerability was discovered in the Java VM component of Oracle Database Server. Supported version
A vulnerability was discovered in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Java VM. While the vulnerability is in Java VM, attac
nvd
CVE-2018-2939HIGHCVSS 8.4v11.2.0.4v12.1.0.2+3 more2018-07-18
CVE-2018-2939 [HIGH] CVE-2018-2939: Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are aff
Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18.1 and 18.2. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Core RDBMS executes to compromise Core RDBMS. While the vulnerability is in
nvd
CVE-2018-3004MEDIUMCVSS 5.3v11.2.0.4v12.1.0.2+2 more2018-07-18
CVE-2018-3004 [MEDIUM] CVE-2018-3004: Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affect
Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2,12.2.0.1 and 18.2. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via multiple protocols to compromise Java VM. Successful attacks of this vulnera
nvd
CVE-2018-10237MEDIUMCVSS 5.9v12.2.0.1v18c+1 more2018-04-26
CVE-2018-10237 [MEDIUM] CWE-770 CVE-2018-10237: Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers
Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with
nvd
CVE-2018-2841HIGHCVSS 8.5v11.2.0.4v12.1.0.2+2 more2018-04-19
CVE-2018-2841 [HIGH] CVE-2018-2841: Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affect
Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via multiple protocols to compromise Java VM. While the vulnerability is in Java VM, at
nvd
CVE-2017-15095CRITICALCVSS 9.8v12.2.0.1v18.12018-02-06
CVE-2017-15095 [CRITICAL] CWE-184 CVE-2017-15095: A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, w
A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be us
nvd
CVE-2017-10282CRITICALCVSS 9.1v12.1.0.2v12.2.0.12018-01-18
CVE-2017-10282 [CRITICAL] CVE-2017-10282: Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are aff
Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2 and 12.2.0.1. Easily exploitable vulnerability allows high privileged attacker having Create Session, Execute Catalog Role privilege with network access via Oracle Net to compromise Core RDBMS. While the vulnerability is in Core RDBMS, at
nvd
CVE-2018-2680HIGHCVSS 8.3v11.2.0.4v12.1.0.2+1 more2018-01-18
CVE-2018-2680 [HIGH] CVE-2018-2680: Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affect
Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java VM. Successful attacks require human interaction from a person other than the attacker and whi
nvd
CVE-2018-2575LOWCVSS 2.0v11.2.0.4v12.2.0.12018-01-18
CVE-2018-2575 [LOW] CVE-2018-2575: Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are aff
Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, and 12.2.0.1. Difficult to exploit vulnerability allows high privileged attacker having Local Logon privilege with network access via multiple protocols to compromise Core RDBMS. Successful attacks require human interaction from a per
nvd
CVE-2017-10120LOWCVSS 1.9v12.1.0.22017-08-08
CVE-2017-10120 [LOW] CVE-2017-10120: Vulnerability in the RDBMS Security component of Oracle Database Server. The supported version that
Vulnerability in the RDBMS Security component of Oracle Database Server. The supported version that is affected is 12.1.0.2. Difficult to exploit vulnerability allows high privileged attacker having Create Session, Select Any Dictionary privilege with logon to the infrastructure where RDBMS Security executes to compromise RDBMS Security. Successful attacks of t
nvd
CVE-2016-9841CRITICALCVSS 9.8v18c2017-05-23
CVE-2016-9841 [CRITICAL] CVE-2016-9841: inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by levera
inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
nvd
CVE-2016-9843CRITICALCVSS 9.8v18c2017-05-23
CVE-2016-9843 [CRITICAL] CVE-2016-9843: The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unsp
The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.
nvd
CVE-2016-9842HIGHCVSS 8.8v18c2017-05-23
CVE-2016-9842 [HIGH] CWE-1335 CVE-2016-9842: The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have
The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.
nvd
CVE-2016-9840HIGHCVSS 8.8v18c2017-05-23
CVE-2016-9840 [HIGH] CVE-2016-9840: inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by lever
inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
nvd
CVE-2017-3240LOWCVSS 3.3v12.1.0.22017-01-27
CVE-2017-3240 [LOW] CWE-200 CVE-2017-3240: Vulnerability in the RDBMS Security component of Oracle Database Server. The supported version that
Vulnerability in the RDBMS Security component of Oracle Database Server. The supported version that is affected is 12.1.0.2. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where RDBMS Security executes to compromise RDBMS Security. Successful attacks of this vulnerability can r
nvd
CVE-2016-5555CRITICALCVSS 9.1v11.2.0.4v12.1.0.22016-10-25
CVE-2016-5555 [CRITICAL] CVE-2016-5555: Unspecified vulnerability in the OJVM component in Oracle Database Server 11.2.0.4 and 12.1.0.2 allo
Unspecified vulnerability in the OJVM component in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows remote administrators to affect confidentiality, integrity, and availability via unknown vectors.
nvd
CVE-2016-5516MEDIUMCVSS 6.0v12.1.0.22016-10-25
CVE-2016-5516 [MEDIUM] CVE-2016-5516: Unspecified vulnerability in the Kernel PDB component in Oracle Database Server 12.1.0.2 allows loca
Unspecified vulnerability in the Kernel PDB component in Oracle Database Server 12.1.0.2 allows local users to affect availability via unknown vectors.
nvd
CVE-2016-5505MEDIUMCVSS 5.5v11.2.0.4v12.1.0.22016-10-25
CVE-2016-5505 [MEDIUM] CWE-200 CVE-2016-5505: Unspecified vulnerability in the RDBMS Programmable Interface component in Oracle Database Server 11
Unspecified vulnerability in the RDBMS Programmable Interface component in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows local users to affect confidentiality via unknown vectors.
nvd
CVE-2016-5498LOWCVSS 3.3v11.2.0.4v12.1.0.22016-10-25
CVE-2016-5498 [LOW] CWE-200 CVE-2016-5498: Unspecified vulnerability in the RDBMS Security component in Oracle Database Server 11.2.0.4 and 12.
Unspecified vulnerability in the RDBMS Security component in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows local users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2016-5499.
nvd
CVE-2016-5499LOWCVSS 3.3v11.2.0.4v12.1.0.22016-10-25
CVE-2016-5499 [LOW] CVE-2016-5499: Unspecified vulnerability in the RDBMS Security component in Oracle Database Server 11.2.0.4 and 12.
Unspecified vulnerability in the RDBMS Security component in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows local users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2016-5498.
nvd