Summary
| Detail | |||
|---|---|---|---|
| Vendor | Oracle | First view | 1999-08-16 |
| Product | Database Server | Last view | 2023-10-17 |
| Version | Type | ||
| Update | |||
| Edition | |||
| Language | |||
| Sofware Edition | |||
| Target Software | |||
| Target Hardware | |||
| Other | |||
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 4.3 | 2023-10-17 | CVE-2023-22096 | Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.20 and 21.3-21.11. Easily exploitable vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java VM accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). |
| 4.9 | 2023-10-17 | CVE-2023-22077 | Vulnerability in the Oracle Database Recovery Manager component of Oracle Database Server. Supported versions that are affected are 19.3-19.20 and 21.3-21.11. Easily exploitable vulnerability allows high privileged attacker having DBA account privilege with network access via Oracle Net to compromise Oracle Database Recovery Manager. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Database Recovery Manager. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
| 2.4 | 2023-10-17 | CVE-2023-22075 | Vulnerability in the Oracle Database Sharding component of Oracle Database Server. Supported versions that are affected are 19.3-19.20 and 21.3-21.11. Easily exploitable vulnerability allows high privileged attacker having Create Session, Create Any View, Select Any Table privilege with network access via Oracle Net to compromise Oracle Database Sharding. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Database Sharding. CVSS 3.1 Base Score 2.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:L). |
| 2.4 | 2023-10-17 | CVE-2023-22074 | Vulnerability in the Oracle Database Sharding component of Oracle Database Server. Supported versions that are affected are 19.3-19.20 and 21.3-21.11. Easily exploitable vulnerability allows high privileged attacker having Create Session, Select Any Dictionary privilege with network access via Oracle Net to compromise Oracle Database Sharding. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Database Sharding. CVSS 3.1 Base Score 2.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:L). |
| 4.3 | 2023-10-17 | CVE-2023-22073 | Vulnerability in the Oracle Notification Server component of Oracle Database Server. Supported versions that are affected are 19.3-19.20 and 21.3-21.11. Easily exploitable vulnerability allows unauthenticated attacker with access to the physical communication segment attached to the hardware where the Oracle Notification Server executes to compromise Oracle Notification Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Notification Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). |
| 5.9 | 2023-10-17 | CVE-2023-22071 | Vulnerability in the PL/SQL component of Oracle Database Server. Supported versions that are affected are 19.3-19.20 and 21.3-21.11. Easily exploitable vulnerability allows high privileged attacker having Create Session, Execute on sys.utl_http privilege with network access via Oracle Net to compromise PL/SQL. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PL/SQL, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PL/SQL accessible data as well as unauthorized read access to a subset of PL/SQL accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of PL/SQL. CVSS 3.1 Base Score 5.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L). |
| 3.1 | 2023-07-18 | CVE-2023-22052 | Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.19 and 21.3-21.10. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via multiple protocols to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java VM accessible data. CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N). |
| 4.9 | 2023-07-18 | CVE-2023-22034 | Vulnerability in the Unified Audit component of Oracle Database Server. Supported versions that are affected are 19.3-19.19 and 21.3-21.10. Easily exploitable vulnerability allows high privileged attacker having SYSDBA privilege with network access via Oracle Net to compromise Unified Audit. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Unified Audit accessible data. CVSS 3.1 Base Score 4.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N). |
| 3.7 | 2023-07-18 | CVE-2023-21949 | Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 19.3-19.19 and 21.3-21.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Advanced Networking Option accessible data. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). |
| 7.5 | 2023-01-18 | CVE-2023-21893 | Vulnerability in the Oracle Data Provider for .NET component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TCPS to compromise Oracle Data Provider for .NET. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Data Provider for .NET. Note: Applies also to Database client-only on Windows platform. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H). |
| 6.1 | 2022-10-18 | CVE-2022-21606 | Vulnerability in the Oracle Services for Microsoft Transaction Server component of Oracle Database Server. The supported version that is affected is 19c. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Services for Microsoft Transaction Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Services for Microsoft Transaction Server, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Services for Microsoft Transaction Server accessible data as well as unauthorized read access to a subset of Oracle Services for Microsoft Transaction Server accessible data. Note: This vulnerability applies to Windows systems only. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). |
| 4.3 | 2022-01-19 | CVE-2022-21393 | Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Procedure privilege with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java VM. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L). |
| 2.7 | 2022-01-19 | CVE-2022-21247 | Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.2.0.1 and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Session, Execute Catalog Role privilege with network access via Oracle Net to compromise Core RDBMS. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Core RDBMS accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N). |
| 2.7 | 2021-10-20 | CVE-2021-35576 | Vulnerability in the Oracle Database Enterprise Edition Unified Audit component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows high privileged attacker having Local Logon privilege with network access via Oracle Net to compromise Oracle Database Enterprise Edition Unified Audit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database Enterprise Edition Unified Audit accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N). |
| 6.7 | 2021-10-20 | CVE-2021-2332 | Vulnerability in the Oracle LogMiner component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows high privileged attacker having DBA privilege with network access via Oracle Net to compromise Oracle LogMiner. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle LogMiner accessible data as well as unauthorized read access to a subset of Oracle LogMiner accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle LogMiner. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H). |
| 5.3 | 2021-04-22 | CVE-2021-2234 | Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java VM accessible data. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N). |
| 2.7 | 2021-04-22 | CVE-2021-2175 | Vulnerability in the Database Vault component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Any View, Select Any View privilege with network access via Oracle Net to compromise Database Vault. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Database Vault accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N). |
| 4.1 | 2021-04-22 | CVE-2021-2173 | Vulnerability in the Recovery component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having DBA Level Account privilege with network access via Oracle Net to compromise Recovery. While the vulnerability is in Recovery, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Recovery accessible data. CVSS 3.1 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N). |
| 2.4 | 2021-01-20 | CVE-2021-2000 | Vulnerability in the Unified Audit component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having SYS Account privilege with network access via Oracle Net to compromise Unified Audit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Unified Audit accessible data. CVSS 3.1 Base Score 2.4 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N). |
| 4.8 | 2021-01-20 | CVE-2021-1993 | Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Java VM. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java VM accessible data. CVSS 3.1 Base Score 4.8 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N). |
| 6.6 | 2020-07-15 | CVE-2020-2969 | Vulnerability in the Data Pump component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows high privileged attacker having DBA role account privilege with network access via Oracle Net to compromise Data Pump. Successful attacks of this vulnerability can result in takeover of Data Pump. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H). |
| 8 | 2020-07-15 | CVE-2020-2968 | Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via multiple protocols to compromise Java VM. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java VM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java VM. CVSS 3.1 Base Score 8.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H). |
| 6.4 | 2020-04-15 | CVE-2020-2737 | Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows high privileged attacker having Create Session, Execute Catalog Role privilege with network access via Oracle Net to compromise Core RDBMS. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Core RDBMS. CVSS 3.0 Base Score 6.4 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H). |
| 8 | 2020-04-15 | CVE-2020-2735 | Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Java VM. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java VM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java VM. CVSS 3.0 Base Score 8.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H). |
| 2.4 | 2020-04-15 | CVE-2020-2734 | Vulnerability in the RDBMS/Optimizer component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having Execute on DBMS_SQLTUNE privilege with network access via Oracle Net to compromise RDBMS/Optimizer. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of RDBMS/Optimizer accessible data. CVSS 3.0 Base Score 2.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N). |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 22% (10) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 15% (7) | CWE-89 | Improper Sanitization of Special Elements used in an SQL Command ('... |
| 13% (6) | CWE-200 | Information Exposure |
| 11% (5) | CWE-264 | Permissions, Privileges, and Access Controls |
| 8% (4) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
| 6% (3) | CWE-502 | Deserialization of Untrusted Data |
| 6% (3) | CWE-20 | Improper Input Validation |
| 2% (1) | CWE-770 | Allocation of Resources Without Limits or Throttling |
| 2% (1) | CWE-476 | NULL Pointer Dereference |
| 2% (1) | CWE-399 | Resource Management Errors |
| 2% (1) | CWE-310 | Cryptographic Issues |
| 2% (1) | CWE-287 | Improper Authentication |
| 2% (1) | CWE-255 | Credentials Management |
| 2% (1) | CWE-131 | Incorrect Calculation of Buffer Size |
CAPEC : Common Attack Pattern Enumeration & Classification
| id | Name |
|---|---|
| CAPEC-38 | Leveraging/Manipulating Configuration File Search Paths |
| CAPEC-47 | Buffer Overflow via Parameter Expansion |
| CAPEC-100 | Overflow Buffers |
| CAPEC-123 | Buffer Attacks |
| CAPEC-198 | Cross-Site Scripting in Error Pages |
Oval Markup Language : Definitions
| OvalID | Name |
|---|---|
| oval:org.mitre.oval:def:7450 | HP-UX Running Kerberos, Remote Denial of Service (DoS), Execution of Arbitrar... |
| oval:org.mitre.oval:def:7198 | VMware ESX,Service Console update for krb5. |
| oval:org.mitre.oval:def:21548 | RHSA-2010:0423: krb5 security update (Important) |
| oval:org.mitre.oval:def:20380 | VMware third party component updates for VMware vCenter Server, vCenter Updat... |
| oval:org.mitre.oval:def:13432 | USN-940-1 -- krb5 vulnerabilities |
| oval:org.mitre.oval:def:13416 | USN-940-2 -- krb5 vulnerability |
| oval:org.mitre.oval:def:13225 | DSA-2052-1 krb5 -- null pointer dereference |
| oval:org.mitre.oval:def:11908 | DSA-2052 krb5 -- null pointer dereference |
| oval:org.mitre.oval:def:11604 | The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API libra... |
| oval:org.mitre.oval:def:23034 | ELSA-2010:0423: krb5 security update (Important) |
| oval:org.mitre.oval:def:22047 | The authentication protocol in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.... |
| oval:org.mitre.oval:def:17022 | Unspecified vulnerability in the Spatial component in Oracle Database Server ... |
| oval:org.mitre.oval:def:22615 | Unspecified vulnerability in the Workload Manager component in Oracle Databas... |
| oval:org.mitre.oval:def:22649 | Unspecified vulnerability in the Network Layer component in Oracle Database S... |
| oval:org.mitre.oval:def:22627 | Unspecified vulnerability in the Network Layer component in Oracle Database S... |
| oval:org.mitre.oval:def:22411 | Unspecified vulnerability in the XML Parser component in Oracle Database Serv... |
| oval:org.mitre.oval:def:22537 | Unspecified vulnerability in the Oracle executable component in Oracle Databa... |
| oval:org.mitre.oval:def:22621 | Unspecified vulnerability in the Oracle executable component in Oracle Databa... |
| oval:org.mitre.oval:def:22180 | Unspecified vulnerability in the Network Layer component in Oracle Database S... |
| oval:org.mitre.oval:def:22491 | Unspecified vulnerability in the Core RDBMS component in Oracle Database Serv... |
| oval:org.mitre.oval:def:22303 | Unspecified vulnerability in the Core RDBMS component in Oracle Database Serv... |
| oval:org.mitre.oval:def:18671 | Unspecified vulnerability in the Core RDBMS component in Oracle Database Serv... |
| oval:org.mitre.oval:def:19209 | Unspecified vulnerability in the XML Parser component in Oracle Database Serv... |
| oval:org.mitre.oval:def:22646 | Unspecified vulnerability in the Core RDBMS component in Oracle Database Serv... |
| oval:org.mitre.oval:def:22427 | Unspecified vulnerability in the Core RDBMS component in Oracle Database Serv... |
SAINT Exploits
| Description | Link |
|---|---|
| Oracle Warehouse Builder SQL Injection | More info here |
| Oracle XDB component PITRIG_TRUNCATE buffer overflow | More info here |
| Oracle 9i Release 2 XDB FTP Pass Overflow | More info here |
| Oracle 9i Release 2 XDB HTTP Pass Overflow | More info here |
| Oracle XDB component PITRIG_DROPMETADATA buffer overflow | More info here |
| Oracle Security Component sys.pbsde buffer overflow | More info here |
| Oracle Spatial component SDO_CS.TRANSFORM_LAYER buffer overflow | More info here |
| Oracle Database Advanced Replication component DBMS_SNAP_INTERNAL overflow | More info here |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 78419 | Oracle Database Listener Component Unspecified Remote DoS |
| 78418 | Oracle Database Core RDBMS Component SCN Value Handling Remote Memory Corruption |
| 76520 | Oracle Database Oracle Text Component TABLEFUNC_ASOWN Function Remote Overflow |
| 76519 | Oracle Database Vault SYSDBA CIPasswordChange API Password Manipulation |
| 76518 | Oracle Database Vault DV_ACCTMGR CIPasswordChange API Password Manipulation |
| 76517 | Oracle Database Core RDBMS Spacial Indexes SQL Injection |
| 76516 | Oracle Database Application Express Component Unspecified Remote Code Execution |
| 75692 | Oracle Multiple Products Application Service Level Management /em/console/tar... |
| 73954 | Oracle Database Core RDBMS Unspecified Local Information Disclosure |
| 73953 | Oracle Database Oracle Universal Installer Unspecified Local Information Disc... |
| 73952 | Oracle Database Core RDBMS Unspecified Remote Issue (2011-2243) |
| 73951 | Oracle Database Vault Unspecified Remote Issue |
| 73950 | Oracle Database XML Developer Kit Unspecified Remote DoS |
| 73949 | Oracle Database Core RDBMS Unspecified Remote DoS |
| 73948 | Oracle Database XML Developer Kit Unspecified Remote Issue |
| 73947 | Oracle Database Core RDBMS Unspecified Remote Issue (2011-0832) |
| 73946 | Oracle Database Core RDBMS Unspecified Remote Issue (2011-0838) |
| 73945 | Oracle Database Core RDBMS Unspecified Remote Issue (2011-0880) |
| 73944 | Oracle Database Core RDBMS Unspecified Remote Issue (2011-0835) |
| 73943 | Oracle Database Core RDBMS Unspecified Remote Issue (2011-2253) |
| 73942 | Oracle Database Core RDBMS Unspecified Remote Issue (2011-2239) |
| 73941 | Oracle Enterprise Manager Grid Control Instance Management Unspecified Remote... |
| 73940 | Oracle Enterprise Manager Grid Control Instance Management Unspecified Remote... |
| 73939 | Oracle Enterprise Manager Grid Control Event Management Unspecified Remote Issue |
| 73938 | Oracle Enterprise Manager Grid Control Enterprise Manager Console Unspecified... |
ExploitDB Exploits
| id | Description |
|---|---|
| 33506 | Oracle Database CVE-2010-0071 Remote Listener Memory Corruption Vulnerability |
| 33081 | Oracle 9i/10g Database CVE-2009-1019 Remote Network Authentication Vulnerability |
| 30295 | Oracle Database SQL Compiler Views Unauthorized Manipulation |
| 18093 | Oracle XDB.XDB_PITRIG_PKG.PITRIG_DROPMETADATA Procedure Exploit |
| 17393 | Oracle HTTP Server XSS Header Injection |
| 10080 | Oracle Network Authentication CVE-2009-1979 Remote Buffer Overflow Vulnerability |
| 9905 | Oracle Database 10.1.0.5 - 10.2.0.4 AUTH_SESSKEY length validation exploit |
| 4203 | Oracle 9i/10g Evil Views - Change Passwords Exploit |
OpenVAS Exploits
| id | Description |
|---|---|
| 2012-06-19 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2012-9541 File : nvt/gb_fedora_2012_9541_java-1.6.0-openjdk_fc15.nasl |
| 2012-03-16 | Name : VMSA-2011-0003.2 Third party component updates for VMware vCenter Server, vCe... File : nvt/gb_VMSA-2011-0003.nasl |
| 2012-03-15 | Name : VMSA-2011-0013.2 VMware third party component updates for VMware vCenter Serv... File : nvt/gb_VMSA-2011-0013.nasl |
| 2012-03-15 | Name : VMSA-2010-0016 VMware ESXi and ESX third party updates for Service Console an... File : nvt/gb_VMSA-2010-0016.nasl |
| 2012-03-09 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2012-1721 File : nvt/gb_fedora_2012_1721_java-1.6.0-openjdk_fc15.nasl |
| 2012-02-12 | Name : Gentoo Security Advisory GLSA 201201-13 (mit-krb5) File : nvt/glsa_201201_13.nasl |
| 2011-12-08 | Name : Oracle Database Server Multiple Unspecified Vulnerabilities - April 06 File : nvt/gb_oracle_database_server_mult_vuln_apr06.nasl |
| 2011-12-08 | Name : Oracle Database Server 'RDBMS' component Denial of Service Vulnerability File : nvt/gb_oracle_database_server_rdbms_dos_vuln.nasl |
| 2011-12-07 | Name : Oracle Database Server MDSYS.MD Buffer Overflows and Denial of Service Vulner... File : nvt/gb_oracle_database_server_mdsys_md_bof_n_dos_vuln.nasl |
| 2011-12-07 | Name : Oracle Database Server and Application Server Ultra Search Component Unspecif... File : nvt/gb_oracle_database_n_appln_server_ultra_serach_comp_unspecified_vuln.nasl |
| 2011-12-07 | Name : Oracle Database Server Multiple Components Multiple Vulnerabilities File : nvt/gb_oracle_database_server_mult_comp_mult_vuln.nasl |
| 2011-12-07 | Name : Oracle Database Server Multiple Vulnerabilities - July 06 File : nvt/gb_oracle_database_server_mult_vuln_july06.nasl |
| 2011-12-07 | Name : Oracle Database Server and Application Server Multiple Unspecified Vulnerabil... File : nvt/gb_oracle_database_n_appln_server_mult_unspecified_vuln.nasl |
| 2011-12-07 | Name : Oracle Database Server Multiple Unspecified Vulnerabilities - Jan 08 File : nvt/gb_oracle_database_mult_unspecified_vuln_jan08.nasl |
| 2011-12-07 | Name : Oracle Database Server Multiple Unspecified Vulnerabilities File : nvt/gb_oracle_database_mult_unspecified_vuln.nasl |
| 2011-12-07 | Name : Oracle Application Server Unspecified Vulnerability File : nvt/gb_oracle_appln_server_unspecified_vuln.nasl |
| 2011-12-07 | Name : Oracle Database Server Multiple Vulnerabilities - Oct 06 File : nvt/gb_oracle_database_server_mult_vuln_oct06.nasl |
| 2011-12-01 | Name : Oracle Database Server Upgrade and Downgrade Component Multiple Vulnerabilities File : nvt/gb_oracle_database_server_upgrade_n_downgrade_comp_mult_vuln.nasl |
| 2011-10-21 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-14638 File : nvt/gb_fedora_2011_14638_java-1.6.0-openjdk_fc14.nasl |
| 2011-10-21 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-14648 File : nvt/gb_fedora_2011_14648_java-1.6.0-openjdk_fc15.nasl |
| 2011-08-12 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-9523 File : nvt/gb_fedora_2011_9523_java-1.6.0-openjdk_fc14.nasl |
| 2011-07-12 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-8028 File : nvt/gb_fedora_2011_8028_java-1.6.0-openjdk_fc15.nasl |
| 2011-06-24 | Name : Ubuntu Update for openjdk-6 USN-1154-1 File : nvt/gb_ubuntu_USN_1154_1.nasl |
| 2011-06-20 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-8003 File : nvt/gb_fedora_2011_8003_java-1.6.0-openjdk_fc14.nasl |
| 2011-06-20 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-8020 File : nvt/gb_fedora_2011_8020_java-1.6.0-openjdk_fc13.nasl |
Information Assurance Vulnerability Management (IAVM)
| id | Description |
|---|---|
| 2015-A-0153 | Multiple Vulnerabilities in Oracle Database Severity: Category I - VMSKEY: V0061079 |
| 2014-A-0102 | Multiple Vulnerabilities in Oracle Database Severity: Category I - VMSKEY: V0053197 |
| 2014-A-0054 | Multiple Vulnerabilities in Oracle Database Severity: Category I - VMSKEY: V0049587 |
| 2014-A-0007 | Multiple Vulnerabilities in Oracle Database Severity: Category I - VMSKEY: V0043400 |
| 2013-A-0196 | Multiple Vulnerabilities in Oracle Database Severity: Category I - VMSKEY: V0040787 |
| 2011-A-0160 | Multiple Vulnerabilities in VMware vCenter Server 4.0 and vCenter Update Mana... Severity: Category I - VMSKEY: V0030769 |
| 2011-A-0066 | Multiple Vulnerabilities in VMware Products Severity: Category I - VMSKEY: V0027158 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | sdo_cs.transform_layer buffer overflow attempt RuleID : 8541 - Type : SERVER-ORACLE - Revision : 9 |
| 2014-01-10 | SYS.KUPW-WORKER sql injection attempt RuleID : 8059 - Type : SERVER-ORACLE - Revision : 9 |
| 2014-01-10 | DBMS_EXPORT_EXTENSION.GET_V2_DOMAIN_INDEX_TABLES access attempt RuleID : 7421 - Type : SERVER-ORACLE - Revision : 4 |
| 2014-01-10 | DBMS_EXPORT_EXTENSION.GET_DOMAIN_INDEX_METADATA access attempt RuleID : 7208 - Type : SERVER-ORACLE - Revision : 4 |
| 2014-01-10 | DBMS_EXPORT_EXTENSION SQL injection attempt RuleID : 7207 - Type : SERVER-ORACLE - Revision : 4 |
| 2014-01-10 | sys.pbsde.init buffer overflow attempt RuleID : 4642 - Type : SERVER-ORACLE - Revision : 8 |
| 2018-02-03 | Apache SSI error page cross-site scripting attempt RuleID : 45307 - Type : SERVER-APACHE - Revision : 2 |
| 2017-12-29 | Jackson databind deserialization remote code execution attempt RuleID : 45016 - Type : FILE-OTHER - Revision : 3 |
| 2017-12-29 | Jackson databind deserialization remote code execution attempt RuleID : 45015 - Type : FILE-OTHER - Revision : 3 |
| 2017-12-29 | Jackson databind deserialization remote code execution attempt RuleID : 45014 - Type : FILE-OTHER - Revision : 3 |
| 2017-12-29 | Jackson databind deserialization remote code execution attempt RuleID : 45013 - Type : FILE-OTHER - Revision : 3 |
| 2017-12-29 | Jackson databind deserialization remote code execution attempt RuleID : 45012 - Type : FILE-OTHER - Revision : 4 |
| 2017-12-29 | Jackson databind deserialization remote code execution attempt RuleID : 45011 - Type : FILE-OTHER - Revision : 3 |
| 2017-12-29 | Jackson databind deserialization remote code execution attempt RuleID : 45010 - Type : FILE-OTHER - Revision : 3 |
| 2017-12-29 | Jackson databind deserialization remote code execution attempt RuleID : 45009 - Type : FILE-OTHER - Revision : 3 |
| 2017-12-29 | Jackson databind deserialization remote code execution attempt RuleID : 45008 - Type : FILE-OTHER - Revision : 3 |
| 2017-12-29 | Jackson databind deserialization remote code execution attempt RuleID : 45007 - Type : FILE-OTHER - Revision : 3 |
| 2017-12-29 | Jackson databind deserialization remote code execution attempt RuleID : 45006 - Type : FILE-OTHER - Revision : 4 |
| 2017-12-29 | Jackson databind deserialization remote code execution attempt RuleID : 45005 - Type : FILE-OTHER - Revision : 4 |
| 2017-12-29 | Jackson databind deserialization remote code execution attempt RuleID : 45004 - Type : FILE-OTHER - Revision : 3 |
| 2017-12-29 | Jackson databind deserialization remote code execution attempt RuleID : 45003 - Type : FILE-OTHER - Revision : 3 |
| 2017-12-29 | Jackson databind deserialization remote code execution attempt RuleID : 45002 - Type : FILE-OTHER - Revision : 3 |
| 2017-08-15 | Oracle DBMS AUTH_ALTER_SESSION SQL injection attempt RuleID : 43581 - Type : SERVER-OTHER - Revision : 4 |
| 2014-01-10 | ftp user name buffer overflow attempt RuleID : 3631 - Type : SERVER-ORACLE - Revision : 10 |
| 2014-01-10 | ftp TEST command buffer overflow attempt RuleID : 3630 - Type : SERVER-ORACLE - Revision : 9 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2019-01-16 | Name: The remote database server is affected by multiple vulnerabilities File: mariadb_10_0_37.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-242f6c1a41.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-54a5bcc7e4.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-55b875c1ac.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-bf292e6cdf.nasl - Type: ACT_GATHER_INFO |
| 2018-12-07 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2018-1114.nasl - Type: ACT_GATHER_INFO |
| 2018-12-07 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2018-1115.nasl - Type: ACT_GATHER_INFO |
| 2018-12-07 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2018-1116.nasl - Type: ACT_GATHER_INFO |
| 2018-11-27 | Name: The remote Fedora host is missing a security update. File: fedora_2018-192148f4ff.nasl - Type: ACT_GATHER_INFO |
| 2018-11-06 | Name: The remote Slackware host is missing a security update. File: Slackware_SSA_2018-309-01.nasl - Type: ACT_GATHER_INFO |
| 2018-10-22 | Name: The remote FreeBSD host is missing one or more security-related updates. File: freebsd_pkg_ec5072b0d43a11e8a6d2b499baebfeaf.nasl - Type: ACT_GATHER_INFO |
| 2018-10-19 | Name: The remote database server is affected by multiple vulnerabilities. File: mysql_5_5_62.nasl - Type: ACT_GATHER_INFO |
| 2018-10-19 | Name: The remote database server is affected by multiple vulnerabilities. File: mysql_5_6_42.nasl - Type: ACT_GATHER_INFO |
| 2018-10-19 | Name: The remote database server is affected by multiple vulnerabilities. File: mysql_5_7_24.nasl - Type: ACT_GATHER_INFO |
| 2018-10-19 | Name: The remote database server is affected by multiple vulnerabilities. File: mysql_8_0_13.nasl - Type: ACT_GATHER_INFO |
| 2018-08-17 | Name: The remote PhotonOS host is missing multiple security updates. File: PhotonOS_PHSA-2017-0021.nasl - Type: ACT_GATHER_INFO |
| 2018-05-21 | Name: The remote Fedora host is missing a security update. File: fedora_2018-e4c2507720.nasl - Type: ACT_GATHER_INFO |
| 2018-05-15 | Name: The remote Fedora host is missing a security update. File: fedora_2018-db8f322bb0.nasl - Type: ACT_GATHER_INFO |
| 2018-01-15 | Name: The remote Fedora host is missing a security update. File: fedora_2017-4a071ecbc7.nasl - Type: ACT_GATHER_INFO |
| 2017-12-15 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2017-3453.nasl - Type: ACT_GATHER_INFO |
| 2017-11-17 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-4037.nasl - Type: ACT_GATHER_INFO |
| 2017-11-16 | Name: The remote Fedora host is missing a security update. File: fedora_2017-e16ed3f7a1.nasl - Type: ACT_GATHER_INFO |
| 2017-11-14 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2017-3189.nasl - Type: ACT_GATHER_INFO |
| 2017-11-13 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2017-1269.nasl - Type: ACT_GATHER_INFO |
| 2017-11-13 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2017-2989-1.nasl - Type: ACT_GATHER_INFO |
