The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Oracle DB

vulnerability bulletin CVE-2018-7489

jackson-databind: code execution via Deserializing

Synthesis of the vulnerability

An attacker can use a vulnerability via Deserializing of jackson-databind, in order to run code.
Impacted products: Debian, Avamar, NetWorker, Unisphere EMC, Oracle Communications, Oracle DB, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Oracle Internet Directory, Tuxedo, Oracle Virtual Directory, WebLogic, Puppet, JBoss EAP by Red Hat.
Severity: 2/4.
Consequences: user access/rights.
Provenance: document.
Creation date: 04/05/2018.
Identifiers: 5048, 521680, 521682, 527583, cpuapr2019, cpujan2019, cpujul2018, cpuoct2018, CVE-2018-7489, DSA-2018-096, DSA-2018-102, DSA-2018-207, DSA-4190-1, RHSA-2018:1447-01, RHSA-2018:1448-01, RHSA-2018:1449-01, RHSA-2018:1450-01, RHSA-2018:1451-01, RHSA-2018:2088-01, RHSA-2018:2089-01, RHSA-2018:2090-01, VIGILANCE-VUL-26043.

Description of the vulnerability

An attacker can use a vulnerability via Deserializing of jackson-databind, in order to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2018-2832 CVE-2018-2841

Oracle Database: vulnerabilities of April 2018

Synthesis of the vulnerability

Several vulnerabilities were announced in Oracle products.
Impacted products: Oracle DB.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights, data reading, data creation/edition, data deletion, denial of service on service.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 18/04/2018.
Identifiers: CERTFR-2018-AVI-187, cpuapr2018, CVE-2018-2832, CVE-2018-2841, VIGILANCE-VUL-25895.

Description of the vulnerability

Several vulnerabilities were announced in Oracle products.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2017-10282 CVE-2018-2575 CVE-2018-2680

Oracle Database: vulnerabilities of January 2018

Synthesis of the vulnerability

Several vulnerabilities were announced in Oracle products.
Impacted products: Oracle DB.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights, data reading, data creation/edition, data deletion, denial of service on service.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 4.
Creation date: 17/01/2018.
Identifiers: CERTFR-2018-AVI-035, cpujan2018, CVE-2017-10282, CVE-2018-2575, CVE-2018-2680, CVE-2018-2699, VIGILANCE-VUL-25079.

Description of the vulnerability

Several vulnerabilities were announced in Oracle products.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2017-15095 CVE-2017-17485

Jackson: code execution via Black List

Synthesis of the vulnerability

An attacker can use a vulnerability via Black List of Jackson, in order to run code.
Impacted products: Debian, Avamar, Fedora, Oracle Communications, Oracle DB, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Tuxedo, Oracle Virtual Directory, WebLogic, JBoss EAP by Red Hat.
Severity: 2/4.
Consequences: user access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 16/11/2017.
Identifiers: 5048, 519493, cpuapr2018, cpujan2019, cpujul2018, cpuoct2018, CVE-2017-15095, CVE-2017-17485, DSA-2018-048, DSA-4037-1, DSA-4114-1, FEDORA-2017-4a071ecbc7, FEDORA-2017-e16ed3f7a1, FEDORA-2018-bbf8c38b51, FEDORA-2018-e4b025841e, ibm10715641, ibm10738249, RHSA-2018:0478-01, RHSA-2018:0479-01, RHSA-2018:0480-01, RHSA-2018:0481-01, RHSA-2018:0576-01, RHSA-2018:0577-01, RHSA-2018:1447-01, RHSA-2018:1448-01, RHSA-2018:1449-01, RHSA-2018:1450-01, RHSA-2018:1451-01, RHSA-2018:2930-01, VIGILANCE-VUL-24456.

Description of the vulnerability

An attacker can use a vulnerability via Black List of Jackson, in order to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2017-10190 CVE-2017-10261 CVE-2017-10292

Oracle Database: vulnerabilities of October 2017

Synthesis of the vulnerability

Several vulnerabilities were announced in Oracle Database.
Impacted products: Oracle DB.
Severity: 2/4.
Consequences: user access/rights, data reading, data creation/edition.
Provenance: user account.
Number of vulnerabilities in this bulletin: 4.
Creation date: 18/10/2017.
Identifiers: CERTFR-2017-AVI-370, cpuoct2017, CVE-2017-10190, CVE-2017-10261, CVE-2017-10292, CVE-2017-10321, VIGILANCE-VUL-24162.

Description of the vulnerability

Several vulnerabilities were announced in Oracle Database.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2017-12617

Apache Tomcat: code execution via Read-write Default/WebDAV Servlet

Synthesis of the vulnerability

An attacker can use a vulnerability via Read-write Default/WebDAV Servlet of Apache Tomcat, in order to run code.
Impacted products: Tomcat, Debian, NetWorker, Fedora, MariaDB ~ precise, ePO, MySQL Community, MySQL Enterprise, openSUSE Leap, Oracle Communications, Oracle DB, Oracle Directory Server, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle Identity Management, Oracle Internet Directory, Oracle iPlanet Web Server, Tuxedo, WebLogic, Oracle Web Tier, Percona Server, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Consequences: user access/rights.
Provenance: internet client.
Creation date: 20/09/2017.
Identifiers: 504539, 61542, CERTFR-2017-AVI-332, cpuapr2018, cpuapr2019, cpujan2018, cpujul2018, CVE-2017-12617, DLA-1166-1, DLA-1166-2, ESA-2017-097, FEDORA-2017-ef7c118dbc, FEDORA-2017-f499ee7b12, openSUSE-SU-2017:3069-1, RHSA-2017:3080-01, RHSA-2017:3081-01, RHSA-2017:3113-01, RHSA-2017:3114-01, RHSA-2018:0465-01, RHSA-2018:0466-01, SB10218, SUSE-SU-2017:3039-1, SUSE-SU-2017:3059-1, SUSE-SU-2017:3279-1, USN-3665-1, VIGILANCE-VUL-23883.

Description of the vulnerability

An attacker can use a vulnerability via Read-write Default/WebDAV Servlet of Apache Tomcat, in order to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2017-10120 CVE-2017-10202

Oracle Database: vulnerabilities of July 2017

Synthesis of the vulnerability

Several vulnerabilities were announced in Oracle Database.
Impacted products: Oracle DB.
Severity: 2/4.
Consequences: user access/rights, data reading, data creation/edition.
Provenance: user account.
Number of vulnerabilities in this bulletin: 2.
Creation date: 19/07/2017.
Identifiers: CERTFR-2017-AVI-226, cpujul2017, CVE-2017-10120, CVE-2017-10202, VIGILANCE-VUL-23286.

Description of the vulnerability

Several vulnerabilities were announced in Oracle Database.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2017-3486 CVE-2017-3567

Oracle Database: vulnerabilities of April 2017

Synthesis of the vulnerability

Several vulnerabilities were announced in Oracle Database.
Impacted products: Oracle DB.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights, data reading, data creation/edition, data deletion, denial of service on service.
Provenance: user account.
Number of vulnerabilities in this bulletin: 2.
Creation date: 19/04/2017.
Identifiers: CERTFR-2017-AVI-118, cpuapr2017, CVE-2017-3486, CVE-2017-3567, VIGILANCE-VUL-22489.

Description of the vulnerability

Several vulnerabilities were announced in Oracle Database.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2016-6814

Apache Groovy: code execution

Synthesis of the vulnerability

An attacker can use a vulnerability of Apache Groovy, in order to run code.
Impacted products: Debian, Fedora, Oracle Communications, Oracle DB, Oracle Directory Server, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Oracle iPlanet Web Server, Oracle OIT, Tuxedo, Oracle Virtual Directory, WebLogic, Oracle Web Tier, RHEL, SAS Add-in for Microsoft Office, SAS Analytics Pro, Base SAS Software, SAS Enterprise BI Server, SAS Enterprise Guide, SAS Grid Computing, SAS Management Console, SAS OLAP Server, SAS SAS/ACCESS, SAS SAS/AF, SAS SAS/CONNECT, SAS SAS/EIS, SAS SAS/ETS, SAS SAS/FSP, SAS SAS/GRAPH, SAS SAS/IML, SAS SAS/INSIGHT, SAS SAS/OR, SAS SAS/STAT, SAS SAS/Web Report Studio.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights.
Provenance: document.
Creation date: 23/01/2017.
Identifiers: cpuapr2018, cpujan2018, cpujan2019, cpujul2019, cpuoct2017, CVE-2016-6814, DLA-794-1, FEDORA-2017-1ce2a05ff1, FEDORA-2017-33c8085c5d, FEDORA-2017-661dddc462, FEDORA-2017-cc0e0daf0f, RHSA-2017:0272-01, RHSA-2017:0868-01, RHSA-2017:2486-01, RHSA-2017:2596-01, VIGILANCE-VUL-21640.

Description of the vulnerability

An attacker can use a vulnerability of Apache Groovy, in order to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2017-3240 CVE-2017-3310

Oracle Database: vulnerabilities of January 2017

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Oracle Database.
Impacted products: Oracle DB.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights, data reading, data creation/edition, data deletion, denial of service on service.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 18/01/2017.
Identifiers: CERTFR-2017-AVI-020, cpujan2017, CVE-2017-3240, CVE-2017-3310, VIGILANCE-VUL-21600.

Description of the vulnerability

Several vulnerabilities were announced in Oracle Database.

An attacker can use a vulnerability of OJVM, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2017-3310]

An attacker can use a vulnerability via RDBMS Security, in order to obtain information. [severity:2/4; CVE-2017-3240]
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Oracle DB: