| Name |
Description |
| CVE-2020-2731 |
Vulnerability in the Core RDBMS component of Oracle Database Server.
Impacted versions: 12.1.0.2, 12.2.0.1, 18c, 19c.
Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where the Core RDBMS executes to compromise the Core RDBMS.
Successful attacks require human interaction from a person other than the attacker.
Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some Core RDBMS accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of the Core RDBMS.
See January 2020 CPU Advisory |
| CVE-2020-2569 |
Vulnerability in the Oracle Applications DBA component of Oracle Database Server.
Impacted versions: 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, 19c.
Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Oracle Applications DBA executes to compromise Oracle Applications DBA.
Successful attacks require human interaction from a person other than the attacker.
Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Applications DBA accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Applications DBA.
See January 2020 CPU Advisory |
| CVE-2020-2568 |
Vulnerability in the Oracle Applications DBA component of Oracle Database Server.
Impacted versions:
12.1.0.2, 12.2.0.1, 18c, 19c.
Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Oracle Applications DBA executes to compromise Oracle Applications DBA.
Successful attacks require human interaction from a person other than the attacker.
Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Applications DBA accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Applications DBA.
See January 2020 CPU Advisory |
| CVE-2020-2527 |
Vulnerability in the Core RDBMS component of Oracle Database Server.
Impacted versions: 12.1.0.2, 12.2.0.1, 18c, 19c.
Easily exploitable vulnerability allows high privileged attacker having Create Index, Create Table privilege with network access via Database Net Services to compromise the Core RDBMS.
While the vulnerability is in the Core RDBMS, attacks may significantly impact additional products.
Successful attacks of this vulnerability can result in unauthorized read access to a subset of Core RDBMS accessible data.
See January 2020 CPU Advisory |
| CVE-2020-2518 |
Vulnerability in the Java VM component of Oracle Database Server.
Impacted versions: 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, 19c.
Difficult to exploit vulnerability allows low privileged attacker having Create Session privilege with network access via multiple protocols to compromise Java VM.
Successful attacks of this vulnerability can result in takeover of Java VM.
See January 2020 CPU Advisory |
| CVE-2020-2517 |
Vulnerability in the Database Gateway for ODBC component of Oracle Database Server.
Impacted versions: 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, 19c.
Difficult to exploit vulnerability allows high privileged attacker having Create Procedure, Create Database Link privilege with network access via Database Net Services to compromise Database Gateway for ODBC.
Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some Database Gateway for ODBC accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Database Gateway for ODBC.
See January 2020 CPU Advisory |
| CVE-2020-2516 |
Vulnerability in the Core RDBMS component of Oracle Database Server.
Impacted versions: 12.1.0.2, 12.2.0.1, 18c, 19c.
Easily exploitable vulnerability allows high privileged attacker having Create Materialized View, Create Table privilege with network access via Database Net Services to compromise the Core RDBMS.
Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some Core RDBMS accessible data.
See January 2020 CPU Advisory |
| CVE-2020-2515 |
Vulnerability in the Database Gateway for ODBC component of Oracle Database Server.
Impacted versions: 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, 19c.
Difficult to exploit vulnerability allows low privileged attacker having Create Session privilege with network access via Database Net Services to compromise Database Gateway for ODBC.
Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some Database Gateway for ODBC accessible data as well as unauthorized read access to a subset of Database Gateway for ODBC accessible data and unauthorized
ability to cause a partial denial of service (partial DOS) of Database Gateway for ODBC.
See January 2020 CPU Advisory |
| CVE-2020-2512 |
Vulnerability in the Database Gateway for ODBC component of Oracle Database Server.
Impacted versions: 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, 19c.
Difficult to exploit vulnerability allows unauthenticated attacker with network access via Database Net Services to compromise Database Gateway for ODBC.
Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Database Gateway for ODBC.
See January 2020 CPU Advisory |
| CVE-2020-2511 |
Vulnerability in the Core RDBMS component of Oracle Database Server.
Impacted versions: 12.1.0.2, 12.2.0.1, 18c, 19c.
Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Database Net Services to compromise the Core RDBMS.
While the vulnerability is in the Core RDBMS, attacks may significantly impact additional products.
Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of the Core RDBMS.
See January 2020 CPU Advisory |
| CVE-2020-2510 |
Vulnerability in the Core RDBMS component of Oracle Database Server.
Impacted versions: 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, 19c.
Difficult to exploit vulnerability allows unauthenticated attacker with network access via Database Net Services to compromise the Core RDBMS.
Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of the Core RDBMS.
See January 2020 CPU Advisory |
| CVE-2019-2956 |
Vulnerability in the Core RDBMS (jackson-databind) component of Oracle Database Server.
Impacted versions: 12.1.0.2, 12.2.0.1, 18c, 19c.
Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via multiple protocols to compromise the Core RDBMS (jackson-databind).
Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of the Core RDBMS (jackson-databind).
See October 2019 CPU Advisory |
| CVE-2019-2955 |
Vulnerability in the Core RDBMS component of Oracle Database Server.
Impacted versions: 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, 19c.
Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where the Core RDBMS executes to compromise the Core RDBMS.
Successful attacks require human interaction from a person other than the attacker.
Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some Core RDBMS accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of the Core RDBMS.
See October 2019 CPU Advisory |
| CVE-2019-2954 |
Vulnerability in the Core RDBMS component of Oracle Database Server.
Impacted versions: 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, 19c.
Easily exploitable vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with logon to the infrastructure where the Core RDBMS executes to compromise the Core RDBMS.
Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update,
insert or delete access to some Core RDBMS accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of the Core RDBMS.
See October 2019 CPU Advisory |
| CVE-2019-2939 |
Vulnerability in the Core RDBMS component of Oracle Database Server.
Impacted versions: 12.2.0.1, 18c, 19c.
Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Database Net Services to compromise the Core RDBMS.
While the vulnerability is in the Core RDBMS, attacks may significantly impact additional products.
Successful attacks of this vulnerability can result in unauthorized read access to a subset of Core RDBMS accessible data.
See October 2019 CPU Advisory |
| CVE-2019-2913 |
Vulnerability in the Core RDBMS component of Oracle Database Server.
Impacted versions: 12.2.0.1, 18c, 19c.
Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Database Net Services to compromise the Core RDBMS.
While the vulnerability is in the Core RDBMS, attacks may significantly impact additional products.
Successful attacks of this vulnerability can result in unauthorized read access to a subset of Core RDBMS accessible data.
See October 2019 CPU Advisory |
| CVE-2019-2909 |
Vulnerability in the Java VM component of Oracle Database Server.
Impacted versions: 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c.
Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java VM. While the vulnerability is in Java VM, attacks may significantly impact additional products.
Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java VM accessible data.
See October 2019 CPU Advisory |
| CVE-2019-2776 |
Vulnerability in the Core RDBMS component of Oracle Database Server.
Impacted versions: 12.1.0.2, 12.2.0.1, 18c, 19c.
Easily exploitable vulnerability allows high privileged attacker having Create Any Index privilege with network access via Database Net Services to compromise the Core RDBMS. While the vulnerability is in the Core RDBMS,
attacks may significantly impact additional products.
Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Core RDBMS accessible data as well as unauthorized update, insert or delete access to some Core RDBMS accessible data.
See July 2019 CPU Advisory |
| CVE-2019-2749 |
Vulnerability in the Java VM component of Oracle Database Server.
Impacted versions: 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, 19c.
Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via multiple protocols to compromise Java VM.
Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java VM accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Java VM |
| CVE-2019-2734 |
Vulnerability in the Core RDBMS component of Oracle Database Server.
Impacted versions: 12.2.0.1, 18c, 19c.
Easily exploitable vulnerability allows low privileged attacker having Create Session, Execute on DBMS_ADVISOR privilege with network access via Database Net Services to compromise the Core RDBMS.
Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some Core RDBMS accessible data. |
| CVE-2019-2518 |
Vulnerability in the Java VM component of Oracle Database Server.
Impacted versions: 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, 19c.
Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via multiple protocols to compromise Java VM.
Successful attacks of this vulnerability can result in takeover of Java VM. |
| CVE-2018-2875 |
Vulnerability in the Core RDBMS component of Oracle Database Server.
Impacted versions: 12.2.0.1, 18c, 19c.
Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Database Net Services to compromise the Core RDBMS.
While the vulnerability is in the Core RDBMS, attacks may significantly impact additional products.
Successful attacks of this vulnerability can result in unauthorized read access to a subset of Core RDBMS accessible data. |