Oracle Timesten In-Memory Database vulnerabilities

27 known vulnerabilities affecting oracle/timesten_in-memory_database.

Total CVEs

27

CISA KEV

0

Public exploits

1

Exploited in wild

0

Severity breakdown

CRITICAL5HIGH10MEDIUM12

Vulnerabilities

Page 2 of 2

CVE-2018-1288MEDIUMCVSS 5.4fixed in 18.1.2.1.02018-07-26

CVE-2018-1288 [MEDIUM] CVE-2018-1288: In Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.0 to 0.11.0.2, and 1.0.0, authentic In Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.0 to 0.11.0.2, and 1.0.0, authenticated Kafka users may perform action reserved for the Broker via a manually created fetch request interfering with data replication, resulting in data loss.

CVE-2016-8610HIGHCVSS 7.5fixed in 18.1.4.1.02017-11-13

CVE-2016-8610 [HIGH] CWE-400 CVE-2016-8610: A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the w A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.

CVE-2017-5645CRITICALCVSS 9.8PoCv11.2.2.8.492017-04-17

CVE-2017-5645 [CRITICAL] CWE-502 CVE-2017-5645: In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive s In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.

CVE-2016-2381HIGHCVSS 7.5fixed in 18.1.2.1.02016-04-08

CVE-2016-2381 [HIGH] CWE-20 CVE-2016-2381: Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child pro Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.

CVE-2010-0873CRITICALCVSS 10.0v7.0.6.02010-07-13

CVE-2010-0873 [CRITICAL] CVE-2010-0873: Unspecified vulnerability in the Data Server component in Oracle TimesTen In-Memory Database 7.0.6.0 Unspecified vulnerability in the Data Server component in Oracle TimesTen In-Memory Database 7.0.6.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

CVE-2010-0910MEDIUMCVSS 5.0v7.0.6.0v11.2.1.4.12010-07-13

CVE-2010-0910 [MEDIUM] CVE-2010-0910: Unspecified vulnerability in the Data Server component in Oracle TimesTen In-Memory Database 7.0.6.0 Unspecified vulnerability in the Data Server component in Oracle TimesTen In-Memory Database 7.0.6.0 and 11.2.1.4.1 allows remote attackers to affect availability via unknown vectors.

CVE-2008-5440HIGHCVSS 7.5v7.0.5.0.02009-01-14

CVE-2008-5440 [HIGH] CVE-2008-5440: Unspecified vulnerability in the TimesTen Data Server component in Oracle Database 7.0.5.0.0 allows Unspecified vulnerability in the TimesTen Data Server component in Oracle Database 7.0.5.0.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2009 CPU. Oracle has not commented on reliable researcher claims that this is a format string vulnerability vi

← Previous2 / 2