CVSS: 9.1EPSS: 1%CPEs: 2EXPL: 0CVE-2017-10282
https://notcve.org/view.php?id=CVE-2017-10282
18 Jan 2018 — Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2 and 12.2.0.1. Easily exploitable vulnerability allows high privileged attacker having Create Session, Execute Catalog Role privilege with network access via Oracle Net to compromise Core RDBMS. While the vulnerability is in Core RDBMS, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Core RDBMS. • http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html •
CVSS: 1.9EPSS: 0%CPEs: 1EXPL: 0CVE-2017-10120
https://notcve.org/view.php?id=CVE-2017-10120
08 Aug 2017 — Vulnerability in the RDBMS Security component of Oracle Database Server. The supported version that is affected is 12.1.0.2. Difficult to exploit vulnerability allows high privileged attacker having Create Session, Select Any Dictionary privilege with logon to the infrastructure where RDBMS Security executes to compromise RDBMS Security. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of RDBMS Security accessible data. CVSS 3.0 Base Score 1.9 (Inte... • http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html •
CVSS: 7.5EPSS: 70%CPEs: 87EXPL: 1CVE-2016-8610 – SSL/TLS: Malformed plain-text ALERT packets could cause remote DoS
https://notcve.org/view.php?id=CVE-2016-8610
30 Jan 2017 — A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients. Se ha encontrado un fallo de denegación de servicio en OpenSSL en las versiones 0.9.8, 1.0.1, 1.0.2 hasta la 1.0.2h y la 1.1.0 en la forma en la que el protocolo TLS/SSL de... • https://github.com/cujanovic/CVE-2016-8610-PoC • CWE-400: Uncontrolled Resource Consumption •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-3240
https://notcve.org/view.php?id=CVE-2017-3240
27 Jan 2017 — Vulnerability in the RDBMS Security component of Oracle Database Server. The supported version that is affected is 12.1.0.2. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where RDBMS Security executes to compromise RDBMS Security. Successful attacks of this vulnerability can result in unauthorized read access to a subset of RDBMS Security accessible data. CVSS v3.0 Base Score 3.3 (Confidentiality impacts). • http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2016-3562
https://notcve.org/view.php?id=CVE-2016-3562
25 Oct 2016 — Unspecified vulnerability in the RDBMS Security and SQL*Plus components in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows remote administrators to affect confidentiality via vectors related to DBA. Vulnerabilidad no especificada en los componentes RDBMS Security y SQL*Plus en Oracle Database Server 11.2.0.4 y 12.1.0.2 permite a administradores remotos afectar la confidencialidad a través de vectores relacionados con DBA. • http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0CVE-2016-5499
https://notcve.org/view.php?id=CVE-2016-5499
25 Oct 2016 — Unspecified vulnerability in the RDBMS Security component in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows local users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2016-5498. Vulnerabilidad no especificada en el componente RDBMS Security en Oracle Database Server 11.2.0.4 y 12.1.0.2 permite a usuarios locales afectar la confidencialidad a través de vectores desconocidos, una vulnerabilidad diferente a CVE-2016-5498. • http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0CVE-2016-5498
https://notcve.org/view.php?id=CVE-2016-5498
25 Oct 2016 — Unspecified vulnerability in the RDBMS Security component in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows local users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2016-5499. Vulnerabilidad no especificada en el componente RDBMS Security en Oracle Database Server 11.2.0.4 y 12.1.0.2 permite a usuarios locales afectar la confidencialidad a través de vectores desconocidos, una vulnerabilidad diferente a CVE-2016-5499. • http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2016-5555
https://notcve.org/view.php?id=CVE-2016-5555
25 Oct 2016 — Unspecified vulnerability in the OJVM component in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows remote administrators to affect confidentiality, integrity, and availability via unknown vectors. Vulnerabilidad no especificada en el componente OJVM en Oracle Database Server 11.2.0.4 y 12.1.0.2 permite a administradores remotos afectar la confidencialidad, la integridad y la disponibilidad a través de vectores desconocidos. • http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html •
CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5516
https://notcve.org/view.php?id=CVE-2016-5516
25 Oct 2016 — Unspecified vulnerability in the Kernel PDB component in Oracle Database Server 12.1.0.2 allows local users to affect availability via unknown vectors. Vulnerabilidad no especificada en el componente Kernel PDB en Oracle Database Server 12.1.0.2 permite a usuarios locales afectar la disponibilidad a través de vectores desconocidos. • http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2016-5505
https://notcve.org/view.php?id=CVE-2016-5505
25 Oct 2016 — Unspecified vulnerability in the RDBMS Programmable Interface component in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows local users to affect confidentiality via unknown vectors. Vulnerabilidad no especificada en el componente RDBMS Programmable Interface en Oracle Database Server 11.2.0.4 y 12.1.0.2 permite a usuarios locales afectar la confidencialidad a través de vectores desconocidos. • http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •