The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Oracle DB

computer vulnerability alert CVE-2017-15095 CVE-2017-17485

Jackson: code execution via Black List

Synthesis of the vulnerability

An attacker can use a vulnerability via Black List of Jackson, in order to run code.
Impacted products: Debian, Avamar, Fedora, Oracle Communications, Oracle DB, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Tuxedo, Oracle Virtual Directory, WebLogic, JBoss EAP by Red Hat.
Severity: 2/4.
Consequences: user access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 16/11/2017.
Identifiers: 519493, cpuapr2018, cpujan2019, cpujul2018, cpuoct2018, CVE-2017-15095, CVE-2017-17485, DSA-2018-048, DSA-4037-1, DSA-4114-1, FEDORA-2017-4a071ecbc7, FEDORA-2017-e16ed3f7a1, FEDORA-2018-bbf8c38b51, FEDORA-2018-e4b025841e, ibm10715641, ibm10738249, RHSA-2018:0478-01, RHSA-2018:0479-01, RHSA-2018:0480-01, RHSA-2018:0481-01, RHSA-2018:0576-01, RHSA-2018:0577-01, RHSA-2018:1447-01, RHSA-2018:1448-01, RHSA-2018:1449-01, RHSA-2018:1450-01, RHSA-2018:1451-01, RHSA-2018:2930-01, VIGILANCE-VUL-24456.

Description of the vulnerability

An attacker can use a vulnerability via Black List of Jackson, in order to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2017-10190 CVE-2017-10261 CVE-2017-10292

Oracle Database: vulnerabilities of October 2017

Synthesis of the vulnerability

Several vulnerabilities were announced in Oracle Database.
Impacted products: Oracle DB.
Severity: 2/4.
Consequences: user access/rights, data reading, data creation/edition.
Provenance: user account.
Number of vulnerabilities in this bulletin: 4.
Creation date: 18/10/2017.
Identifiers: CERTFR-2017-AVI-370, cpuoct2017, CVE-2017-10190, CVE-2017-10261, CVE-2017-10292, CVE-2017-10321, VIGILANCE-VUL-24162.

Description of the vulnerability

Several vulnerabilities were announced in Oracle Database.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2017-12617

Apache Tomcat: code execution via Read-write Default/WebDAV Servlet

Synthesis of the vulnerability

An attacker can use a vulnerability via Read-write Default/WebDAV Servlet of Apache Tomcat, in order to run code.
Impacted products: Tomcat, Debian, NetWorker, Fedora, MariaDB ~ precise, ePO, MySQL Community, MySQL Enterprise, openSUSE Leap, Oracle Communications, Oracle DB, Oracle Directory Server, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle Identity Management, Oracle Internet Directory, Oracle iPlanet Web Server, Tuxedo, WebLogic, Oracle Web Tier, Percona Server, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Consequences: user access/rights.
Provenance: internet client.
Creation date: 20/09/2017.
Identifiers: 504539, 61542, CERTFR-2017-AVI-332, cpuapr2018, cpuapr2019, cpujan2018, cpujul2018, CVE-2017-12617, DLA-1166-1, DLA-1166-2, ESA-2017-097, FEDORA-2017-ef7c118dbc, FEDORA-2017-f499ee7b12, openSUSE-SU-2017:3069-1, RHSA-2017:3080-01, RHSA-2017:3081-01, RHSA-2017:3113-01, RHSA-2017:3114-01, RHSA-2018:0465-01, RHSA-2018:0466-01, SB10218, SUSE-SU-2017:3039-1, SUSE-SU-2017:3059-1, SUSE-SU-2017:3279-1, USN-3665-1, VIGILANCE-VUL-23883.

Description of the vulnerability

An attacker can use a vulnerability via Read-write Default/WebDAV Servlet of Apache Tomcat, in order to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2017-10120 CVE-2017-10202

Oracle Database: vulnerabilities of July 2017

Synthesis of the vulnerability

Several vulnerabilities were announced in Oracle Database.
Impacted products: Oracle DB.
Severity: 2/4.
Consequences: user access/rights, data reading, data creation/edition.
Provenance: user account.
Number of vulnerabilities in this bulletin: 2.
Creation date: 19/07/2017.
Identifiers: CERTFR-2017-AVI-226, cpujul2017, CVE-2017-10120, CVE-2017-10202, VIGILANCE-VUL-23286.

Description of the vulnerability

Several vulnerabilities were announced in Oracle Database.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2017-3486 CVE-2017-3567

Oracle Database: vulnerabilities of April 2017

Synthesis of the vulnerability

Several vulnerabilities were announced in Oracle Database.
Impacted products: Oracle DB.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights, data reading, data creation/edition, data deletion, denial of service on service.
Provenance: user account.
Number of vulnerabilities in this bulletin: 2.
Creation date: 19/04/2017.
Identifiers: CERTFR-2017-AVI-118, cpuapr2017, CVE-2017-3486, CVE-2017-3567, VIGILANCE-VUL-22489.

Description of the vulnerability

Several vulnerabilities were announced in Oracle Database.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2016-6814

Apache Groovy: code execution

Synthesis of the vulnerability

An attacker can use a vulnerability of Apache Groovy, in order to run code.
Impacted products: Debian, Fedora, Oracle Communications, Oracle DB, Oracle Directory Server, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Oracle iPlanet Web Server, Oracle OIT, Tuxedo, Oracle Virtual Directory, WebLogic, Oracle Web Tier, RHEL, SAS Add-in for Microsoft Office, SAS Analytics Pro, Base SAS Software, SAS Enterprise BI Server, SAS Enterprise Guide, SAS Grid Computing, SAS Management Console, SAS OLAP Server, SAS SAS/ACCESS, SAS SAS/AF, SAS SAS/CONNECT, SAS SAS/EIS, SAS SAS/ETS, SAS SAS/FSP, SAS SAS/GRAPH, SAS SAS/IML, SAS SAS/INSIGHT, SAS SAS/OR, SAS SAS/STAT, SAS SAS/Web Report Studio.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights.
Provenance: document.
Creation date: 23/01/2017.
Identifiers: cpuapr2018, cpujan2018, cpujan2019, cpuoct2017, CVE-2016-6814, DLA-794-1, FEDORA-2017-1ce2a05ff1, FEDORA-2017-33c8085c5d, FEDORA-2017-661dddc462, FEDORA-2017-cc0e0daf0f, RHSA-2017:0272-01, RHSA-2017:0868-01, RHSA-2017:2486-01, RHSA-2017:2596-01, VIGILANCE-VUL-21640.

Description of the vulnerability

An attacker can use a vulnerability of Apache Groovy, in order to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2017-3240 CVE-2017-3310

Oracle Database: vulnerabilities of January 2017

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Oracle Database.
Impacted products: Oracle DB.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights, data reading, data creation/edition, data deletion, denial of service on service.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 18/01/2017.
Identifiers: CERTFR-2017-AVI-020, cpujan2017, CVE-2017-3240, CVE-2017-3310, VIGILANCE-VUL-21600.

Description of the vulnerability

Several vulnerabilities were announced in Oracle Database.

An attacker can use a vulnerability of OJVM, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2017-3310]

An attacker can use a vulnerability via RDBMS Security, in order to obtain information. [severity:2/4; CVE-2017-3240]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2016-8745

Apache Tomcat: information disclosure via sendfile

Synthesis of the vulnerability

An attacker can use a vulnerability via sendfile() of Apache Tomcat, in order to obtain sensitive information or to hijack a session.
Impacted products: Tomcat, Debian, Fedora, Snap Creator Framework, openSUSE Leap, Oracle DB, Oracle Fusion Middleware, Solaris, Tuxedo, WebLogic, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Consequences: client access/rights, data reading.
Provenance: internet client.
Creation date: 12/12/2016.
Revision date: 05/01/2017.
Identifiers: bulletinjan2017, cpuapr2018, cpuoct2017, CVE-2016-8745, DLA-779-1, DSA-3754-1, DSA-3755-1, FEDORA-2017-19c5440abe, FEDORA-2017-376ae2b92c, NTAP-20180605-0001, NTAP-20180607-0001, NTAP-20180607-0002, NTAP-20180614-0001, openSUSE-SU-2017:1292-1, RHSA-2017:0455-01, RHSA-2017:0456-01, RHSA-2017:0457-01, RHSA-2017:0527-01, RHSA-2017:0935-01, SUSE-SU-2017:1229-1, SUSE-SU-2017:1382-1, SUSE-SU-2017:1632-1, SUSE-SU-2017:1660-1, USN-3177-1, USN-3177-2, VIGILANCE-VUL-21355.

Description of the vulnerability

The Apache Tomcat product includes an HTTP server.

It may use the sendfile() function from the operating system to send the content of a file without reading it itself. However, an attacker can trigger an error in the response processing, in such a a way that the client receive the respond of another client, including response headers and notably the session identifier.

An attacker can therefore use a vulnerability via sendfile() of Apache Tomcat, in order to obtain sensitive information or to hijack a session.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2016-8735

Apache Tomcat: code execution via JmxRemoteLifecycleListener Deserialization

Synthesis of the vulnerability

An attacker can use a vulnerability via JmxRemoteLifecycleListener Deserialization of Apache Tomcat, in order to run code.
Impacted products: Tomcat, Debian, Fedora, Snap Creator Framework, openSUSE Leap, Oracle Communications, Oracle DB, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights.
Provenance: intranet client.
Creation date: 22/11/2016.
Identifiers: 1999671, cpuapr2019, cpuoct2017, CVE-2016-8735, DLA-728-1, DLA-729-1, DSA-3738-1, DSA-3739-1, FEDORA-2016-98cca07999, FEDORA-2016-9c33466fbb, FEDORA-2016-a98c560116, NTAP-20180605-0001, NTAP-20180607-0001, NTAP-20180607-0002, NTAP-20180614-0001, openSUSE-SU-2016:3129-1, openSUSE-SU-2016:3144-1, RHSA-2017:0455-01, RHSA-2017:0456-01, RHSA-2017:0457-01, SUSE-SU-2016:3079-1, SUSE-SU-2016:3081-1, SUSE-SU-2017:1632-1, SUSE-SU-2017:1660-1, USN-3177-1, USN-3177-2, VIGILANCE-VUL-21175.

Description of the vulnerability

An attacker can use a vulnerability via JmxRemoteLifecycleListener Deserialization of Apache Tomcat, in order to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2016-6816

Apache Tomcat: information disclosure via HTTP Request Line

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via HTTP Request Line of Apache Tomcat, in order to obtain sensitive information.
Impacted products: Tomcat, Debian, BIG-IP Hardware, TMOS, Fedora, HPE NNMi, QRadar SIEM, Snap Creator Framework, openSUSE Leap, Oracle DB, RHEL, JBoss EAP by Red Hat, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 22/11/2016.
Identifiers: 1999395, 1999474, 1999478, 1999479, 1999488, 1999532, 1999671, cpuoct2017, CVE-2016-6816, DLA-728-1, DLA-729-1, DSA-3738-1, DSA-3739-1, FEDORA-2016-98cca07999, FEDORA-2016-9c33466fbb, FEDORA-2016-a98c560116, K50116122, KM03302206, NTAP-20180605-0001, NTAP-20180607-0001, NTAP-20180607-0002, NTAP-20180614-0001, openSUSE-SU-2016:3129-1, openSUSE-SU-2016:3144-1, RHSA-2017:0244-01, RHSA-2017:0245-01, RHSA-2017:0246-01, RHSA-2017:0247-01, RHSA-2017:0250-01, RHSA-2017:0455-01, RHSA-2017:0456-01, RHSA-2017:0457-01, RHSA-2017:0527-01, RHSA-2017:0935-01, SOL50116122, SUSE-SU-2016:3079-1, SUSE-SU-2016:3081-1, SUSE-SU-2017:1632-1, SUSE-SU-2017:1660-1, USN-3177-1, USN-3177-2, VIGILANCE-VUL-21173.

Description of the vulnerability

An attacker can bypass access restrictions to data via HTTP Request Line of Apache Tomcat, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Oracle DB: