Page 20 of 183 results (0.008 seconds)

CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0

CVE-2017-3567

https://notcve.org/view.php?id=CVE-2017-3567

Vulnerability in the OJVM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4 and 12.1.0.2. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via multiple protocols to compromise OJVM. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of OJVM. CVSS 3.0 Base Score 5.3 (Availability impacts). • http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html http://www.securityfocus.com/bid/97873 http://www.securitytracker.com/id/1038284 •

CVSS: 7.5EPSS: 52%CPEs: 87EXPL: 1

CVE-2016-8610 – SSL/TLS: Malformed plain-text ALERT packets could cause remote DoS

https://notcve.org/view.php?id=CVE-2016-8610

A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients. Se ha encontrado un fallo de denegación de servicio en OpenSSL en las versiones 0.9.8, 1.0.1, 1.0.2 hasta la 1.0.2h y la 1.1.0 en la forma en la que el protocolo TLS/SSL definió el procesamiento de paquetes ALERT durante una negociación de conexión. Un atacante remoto podría emplear este fallo para hacer que un servidor TLS/SSL consuma una cantidad excesiva de recursos de CPU y fracase a la hora de aceptar conexiones de otros clientes. A denial of service flaw was found in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. • https://github.com/cujanovic/CVE-2016-8610-PoC http://rhn.redhat.com/errata/RHSA-2017-0286.html http://rhn.redhat.com/errata/RHSA-2017-0574.html http://rhn.redhat.com/errata/RHSA-2017-1415.html http://rhn.redhat.com/errata/RHSA-2017-1659.html http://seclists.org/oss-sec/2016/q4/224 http://www.securityfocus.com/bid/93841 http://www.securitytracker.com/id/1037084 https://access.redhat.com/errata/RHSA-2017:1413 https://access.redhat.com/errata/RHSA-2017:1414 • CWE-400: Uncontrolled Resource Consumption •

CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0

CVE-2017-3310

https://notcve.org/view.php?id=CVE-2017-3310

Vulnerability in the OJVM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4 and 12.1.0.2. Easily exploitable vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via multiple protocols to compromise OJVM. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in OJVM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of OJVM. • http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html http://www.securityfocus.com/bid/95481 http://www.securitytracker.com/id/1037630 •

CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-3240

https://notcve.org/view.php?id=CVE-2017-3240

Vulnerability in the RDBMS Security component of Oracle Database Server. The supported version that is affected is 12.1.0.2. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where RDBMS Security executes to compromise RDBMS Security. Successful attacks of this vulnerability can result in unauthorized read access to a subset of RDBMS Security accessible data. CVSS v3.0 Base Score 3.3 (Confidentiality impacts). • http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html http://www.securityfocus.com/bid/95477 http://www.securitytracker.com/id/1037630 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0

CVE-2016-3562

https://notcve.org/view.php?id=CVE-2016-3562

Unspecified vulnerability in the RDBMS Security and SQL*Plus components in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows remote administrators to affect confidentiality via vectors related to DBA. Vulnerabilidad no especificada en los componentes RDBMS Security y SQL*Plus en Oracle Database Server 11.2.0.4 y 12.1.0.2 permite a administradores remotos afectar la confidencialidad a través de vectores relacionados con DBA. • http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html http://www.securityfocus.com/bid/93640 http://www.securitytracker.com/id/1037035 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •