Oracle Secure Backup vulnerabilities

CVE-2025-21578 [MEDIUM] CWE-732 CVE-2025-21578: Vulnerability in Oracle Secure Backup (component: General). Supported versions that are affected ar Vulnerability in Oracle Secure Backup (component: General). Supported versions that are affected are 12.1.0.1, 12.1.0.2, 12.1.0.3, 18.1.0.0, 18.1.0.1 and 18.1.0.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Secure Backup executes to compromise Oracle Secure Backup. Successful attack

CVE-2021-42013 [CRITICAL] CVE-2021-42013: It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attac It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succe

CVE-2021-3712 [HIGH] CWE-125 CVE-2021-3712: ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that

CVE-2021-33193 [HIGH] CVE-2021-33193: A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48.

CVE-2021-26691 [CRITICAL] CWE-122 CVE-2021-26691: In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin s In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow

CVE-2021-3450 [HIGH] CWE-295 CVE-2021-3450: The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation

CVE-2021-3449 [MEDIUM] CWE-476 CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a cr

CVE-2019-10219 [MEDIUM] CWE-79 CVE-2019-10219: A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properl A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.

CVE-2015-1351 [HIGH] CWE-416 CVE-2015-1351: Use-after-free vulnerability in the _zend_shared_memdup function in zend_shared_alloc.c in the OPcac Use-after-free vulnerability in the _zend_shared_memdup function in zend_shared_alloc.c in the OPcache extension in PHP through 5.6.7 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

CVE-2011-2261 [CRITICAL] CVE-2011-2261: Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.3.0.3 all Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.3.0.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2011-2252.

CVE-2011-2252 [MEDIUM] CVE-2011-2252: Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.3.0.3 all Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.3.0.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2011-2261.

CVE-2011-2251 [MEDIUM] CVE-2011-2251: Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.3.0.3 all Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.3.0.3 allows remote attackers to affect integrity via unknown vectors.

CVE-2010-3596 [MEDIUM] CVE-2010-3596: Unspecified vulnerability in the mod_ssl component in Oracle Secure Backup 10.3.0.2 allows remote at Unspecified vulnerability in the mod_ssl component in Oracle Secure Backup 10.3.0.2 allows remote attackers to affect integrity and availability via unknown vectors.

CVE-2010-0899 [CRITICAL] CVE-2010-0899: Unspecified vulnerability in Oracle Secure Backup 10.3.0.1 allows remote authenticated users to affe Unspecified vulnerability in Oracle Secure Backup 10.3.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0898, CVE-2010-0907, and CVE-2010-0906.

CVE-2010-0898 [CRITICAL] CVE-2010-0898: Unspecified vulnerability in Oracle Secure Backup 10.3.0.1 allows remote attackers to affect confide Unspecified vulnerability in Oracle Secure Backup 10.3.0.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

CVE-2010-0907 [CRITICAL] CVE-2010-0907: Unspecified vulnerability in Oracle Secure Backup 10.3.0.1 allows remote attackers to affect confide Unspecified vulnerability in Oracle Secure Backup 10.3.0.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0898, CVE-2010-0899, CVE-2010-0904, and CVE-2010-0906.

CVE-2010-0906 [CRITICAL] CVE-2010-0906: Unspecified vulnerability in Oracle Secure Backup 10.3.0.1 allows remote authenticated users to affe Unspecified vulnerability in Oracle Secure Backup 10.3.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.

CVE-2010-0904 [MEDIUM] CVE-2010-0904: Unspecified vulnerability in Oracle Secure Backup 10.3.0.1 allows remote attackers to affect integri Unspecified vulnerability in Oracle Secure Backup 10.3.0.1 allows remote attackers to affect integrity via unknown vectors.

CVE-2010-0072 [CRITICAL] CVE-2010-0072: Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.3 all Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a buffer overflo

CVE-2009-1977 [CRITICAL] CVE-2009-1977: Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.3 all Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the July 2009 Oracle CPU. Oracle has not commented on claims from an independent researcher that this vulnerabili