Filtered by vendor Oracle
Subscribe
Total
10081 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-2519 | 1 Oracle | 1 Weblogic Server | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebLogic Server. CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L). | |||||
| CVE-2020-2518 | 1 Oracle | 1 Database Server | 2024-11-21 | 6.0 MEDIUM | 7.5 HIGH |
| Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows low privileged attacker having Create Session privilege with network access via multiple protocols to compromise Java VM. Successful attacks of this vulnerability can result in takeover of Java VM. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H). | |||||
| CVE-2020-2517 | 1 Oracle | 1 Database Server | 2024-11-21 | 4.9 MEDIUM | 3.3 LOW |
| Vulnerability in the Database Gateway for ODBC component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, and 19c. Difficult to exploit vulnerability allows high privileged attacker having Create Procedure, Create Database Link privilege with network access via OracleNet to compromise Database Gateway for ODBC. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Database Gateway for ODBC accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Database Gateway for ODBC. CVSS 3.0 Base Score 3.3 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:L). | |||||
| CVE-2020-2516 | 1 Oracle | 1 Database Server | 2024-11-21 | 3.5 LOW | 2.4 LOW |
| Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Materialized View, Create Table privilege with network access via OracleNet to compromise Core RDBMS. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Core RDBMS accessible data. CVSS 3.0 Base Score 2.4 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N). | |||||
| CVE-2020-2515 | 1 Oracle | 1 Database Server | 2024-11-21 | 6.0 MEDIUM | 5.0 MEDIUM |
| Vulnerability in the Database Gateway for ODBC component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows low privileged attacker having Create Session privilege with network access via OracleNet to compromise Database Gateway for ODBC. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Database Gateway for ODBC accessible data as well as unauthorized read access to a subset of Database Gateway for ODBC accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Database Gateway for ODBC. CVSS 3.0 Base Score 5.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L). | |||||
| CVE-2020-2514 | 1 Oracle | 1 Application Express | 2024-11-21 | 4.9 MEDIUM | 4.6 MEDIUM |
| Vulnerability in the Oracle Application Express component of Oracle Database Server. The supported version that is affected is Prior to 19.2. Easily exploitable vulnerability allows low privileged attacker having End User Role privilege with network access via HTTPS to compromise Oracle Application Express. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Application Express. CVSS 3.0 Base Score 4.6 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L). | |||||
| CVE-2020-2513 | 1 Oracle | 1 Application Express | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Vulnerability in the Oracle Application Express component of Oracle Database Server. Supported versions that are affected are 5.1-19.2. Easily exploitable vulnerability allows low privileged attacker having SQL Workshop privilege with network access via HTTP to compromise Oracle Application Express. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express accessible data as well as unauthorized read access to a subset of Oracle Application Express accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). | |||||
| CVE-2020-2512 | 1 Oracle | 1 Database Server | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| Vulnerability in the Database Gateway for ODBC component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via OracleNet to compromise Database Gateway for ODBC. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Database Gateway for ODBC. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2020-2511 | 1 Oracle | 1 Database Server | 2024-11-21 | 4.0 MEDIUM | 7.7 HIGH |
| Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via OracleNet to compromise Core RDBMS. While the vulnerability is in Core RDBMS, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Core RDBMS. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H). | |||||
| CVE-2020-2510 | 1 Oracle | 1 Database Server | 2024-11-21 | 5.1 MEDIUM | 7.5 HIGH |
| Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via OracleNet to compromise Core RDBMS. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Core RDBMS. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H). | |||||
| CVE-2020-29661 | 6 Broadcom, Debian, Fedoraproject and 3 more | 18 Fabric Operating System, Debian Linux, Fedora and 15 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b. | |||||
| CVE-2020-29651 | 3 Fedoraproject, Oracle, Pytest | 3 Fedora, Zfs Storage Appliance Kit, Py | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame functionality. | |||||
| CVE-2020-29582 | 2 Jetbrains, Oracle | 4 Kotlin, Communications Cloud Native Core Network Slice Selection Function, Communications Cloud Native Core Policy and 1 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains Kotlin before 1.4.21, a vulnerable Java API was used for temporary file and folder creation. An attacker was able to read data from such files and list directories due to insecure permissions. | |||||
| CVE-2020-29508 | 2 Dell, Oracle | 6 Bsafe Crypto-c-micro-edition, Bsafe Micro-edition-suite, Database and 3 more | 2024-11-21 | 7.5 HIGH | 5.3 MEDIUM |
| Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Improper Input Validation Vulnerability. | |||||
| CVE-2020-29507 | 2 Dell, Oracle | 6 Bsafe Crypto-c-micro-edition, Bsafe Micro-edition-suite, Database and 3 more | 2024-11-21 | 7.5 HIGH | 5.3 MEDIUM |
| Dell BSAFE Crypto-C Micro Edition, versions before 4.1.4, and Dell BSAFE Micro Edition Suite, versions before 4.4, contain an Improper Input Validation Vulnerability. | |||||
| CVE-2020-29506 | 2 Dell, Oracle | 6 Bsafe Crypto-c-micro-edition, Bsafe Micro-edition-suite, Database and 3 more | 2024-11-21 | 7.5 HIGH | 6.8 MEDIUM |
| Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Observable Timing Discrepancy Vulnerability. | |||||
| CVE-2020-29505 | 2 Dell, Oracle | 3 Bsafe Crypto-c-micro-edition, Bsafe Micro-edition-suite, Retail Customer Insights | 2024-11-21 | 5.0 MEDIUM | 7.1 HIGH |
| Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain a Key Management Error Vulnerability. | |||||
| CVE-2020-29363 | 3 Debian, Oracle, P11-kit Project | 3 Debian Linux, Communications Cloud Native Core Policy, P11-kit | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in p11-kit 0.23.6 through 0.23.21. A heap-based buffer overflow has been discovered in the RPC protocol used by p11-kit server/remote commands and the client library. When the remote entity supplies a serialized byte array in a CK_ATTRIBUTE, the receiving entity may not allocate sufficient length for the buffer to store the deserialized value. | |||||
| CVE-2020-28928 | 4 Debian, Fedoraproject, Musl-libc and 1 more | 4 Debian Linux, Fedora, Musl and 1 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| In musl libc through 1.2.1, wcsnrtombs mishandles particular combinations of destination buffer size and source character limit, as demonstrated by an invalid write access (buffer overflow). | |||||
| CVE-2020-28895 | 2 Oracle, Windriver | 2 Communications Eagle, Vxworks | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
| In Wind River VxWorks, memory allocator has a possible overflow in calculating the memory block's size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption. | |||||