U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. VulnerabilitiesSearch And Statistics

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:oracle:database_server:11.2.0.4:*:*:*:*:*:*:*
There are 102 matching records.
Displaying matches 61 through 80.
Vuln ID Summary CVSS Severity
CVE-2014-6577

Unspecified vulnerability in the XML Developer's Kit for C component in Oracle Database Server 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors. NOTE: the previous information is from the January 2015 CPU. Oracle has not commented on the original researcher's claim that this is an XML external entity (XXE) vulnerability in the XML parser, which allows attackers to conduct internal port scanning, perform SSRF attacks, or cause a denial of service via a crafted (1) http: or (2) ftp: URI.

Published: January 21, 2015; 10:28:16 AM -0500 		V4.0:(not available)
 V3.x:(not available)
 V2.0: 6.8 MEDIUM
CVE-2014-6567

Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information is from the January 2015 CPU. Oracle has not commented on the researcher's claim that this is a stack-based buffer overflow in DBMS_AW.EXECUTE, which allows code execution via a long Current Directory Alias (CDA) command.

Published: January 21, 2015; 10:28:06 AM -0500 		V4.0:(not available)
 V3.x:(not available)
 V2.0: 9.0 HIGH
CVE-2014-6541

Unspecified vulnerability in the Recovery component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2, when running on Windows, allows remote authenticated users to affect confidentiality via vectors related to DBMS_IR.

Published: January 21, 2015; 10:28:00 AM -0500 		V4.0:(not available)
 V3.x:(not available)
 V2.0: 6.3 MEDIUM
CVE-2014-6514

Unspecified vulnerability in the PL/SQL component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect confidentiality via unknown vectors.

Published: January 21, 2015; 9:59:07 AM -0500 		V4.0:(not available)
 V3.x:(not available)
 V2.0: 4.0 MEDIUM
CVE-2014-6477

Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4290, CVE-2014-4291, CVE-2014-4292, CVE-2014-4293, CVE-2014-4296, CVE-2014-4297, CVE-2014-4310, and CVE-2014-6547. NOTE: this issue was originally mapped to CVE-2014-4301, but CVE-2014-4301 is for an unrelated vulnerability.

Published: November 23, 2014; 2:59:00 PM -0500 		V4.0:(not available)
 V3.x:(not available)
 V2.0: 6.8 MEDIUM
CVE-2014-6563

Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4294, CVE-2014-4295, and CVE-2014-6538.

Published: October 15, 2014; 6:55:08 PM -0400 		V4.0:(not available)
 V3.x:(not available)
 V2.0: 4.0 MEDIUM
CVE-2014-6560

Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2014-6453, CVE-2014-6467, and CVE-2014-6545.

Published: October 15, 2014; 6:55:08 PM -0400 		V4.0:(not available)
 V3.x:(not available)
 V2.0: 9.0 HIGH
CVE-2014-6547

Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4290, CVE-2014-4291, CVE-2014-4292, CVE-2014-4293, CVE-2014-4296, CVE-2014-4297, CVE-2014-4310, and CVE-2014-6477.

Published: October 15, 2014; 6:55:07 PM -0400 		V4.0:(not available)
 V3.x:(not available)
 V2.0: 4.0 MEDIUM
CVE-2014-6546

Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.

Published: October 15, 2014; 6:55:07 PM -0400 		V4.0:(not available)
 V3.x:(not available)
 V2.0: 9.0 HIGH
CVE-2014-6545

Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2014-6453, CVE-2014-6467, and CVE-2014-6560.

Published: October 15, 2014; 6:55:07 PM -0400 		V4.0:(not available)
 V3.x:(not available)
 V2.0: 9.0 HIGH
CVE-2014-6544

Unspecified vulnerability in the JDBC component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2014-4289.

Published: October 15, 2014; 6:55:07 PM -0400 		V4.0:(not available)
 V3.x:(not available)
 V2.0: 3.6 LOW
CVE-2014-6542

Unspecified vulnerability in the SQLJ component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4298, CVE-2014-4299, CVE-2014-4300, CVE-2014-6452, and CVE-2014-6454.

Published: October 15, 2014; 6:55:07 PM -0400 		V4.0:(not available)
 V3.x:(not available)
 V2.0: 4.0 MEDIUM
CVE-2014-6538

Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4294, CVE-2014-4295, and CVE-2014-6563.

Published: October 15, 2014; 6:55:07 PM -0400 		V4.0:(not available)
 V3.x:(not available)
 V2.0: 4.0 MEDIUM
CVE-2014-6537

Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.

Published: October 15, 2014; 6:55:07 PM -0400 		V4.0:(not available)
 V3.x:(not available)
 V2.0: 6.5 MEDIUM
CVE-2014-6467

Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2014-6453, CVE-2014-6545, and CVE-2014-6560.

Published: October 15, 2014; 11:55:08 AM -0400 		V4.0:(not available)
 V3.x:(not available)
 V2.0: 9.0 HIGH
CVE-2014-6455

Unspecified vulnerability in the SQLJ component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.

Published: October 15, 2014; 11:55:07 AM -0400 		V4.0:(not available)
 V3.x:(not available)
 V2.0: 9.0 HIGH
CVE-2014-6454

Unspecified vulnerability in the SQLJ component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4298, CVE-2014-4299, CVE-2014-4300, CVE-2014-6452, and CVE-2014-6542.

Published: October 15, 2014; 11:55:07 AM -0400 		V4.0:(not available)
 V3.x:(not available)
 V2.0: 4.0 MEDIUM
CVE-2014-6453

Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2014-6467, CVE-2014-6545, and CVE-2014-6560.

Published: October 15, 2014; 11:55:07 AM -0400 		V4.0:(not available)
 V3.x:(not available)
 V2.0: 9.0 HIGH
CVE-2014-6452

Unspecified vulnerability in the SQLJ component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4298, CVE-2014-4299, CVE-2014-4300, CVE-2014-6454, and CVE-2014-6542.

Published: October 15, 2014; 11:55:07 AM -0400 		V4.0:(not available)
 V3.x:(not available)
 V2.0: 4.0 MEDIUM
CVE-2014-4310

Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4290, CVE-2014-4291, CVE-2014-4292, CVE-2014-4293, CVE-2014-4296, CVE-2014-4297, CVE-2014-6547, and CVE-2014-6477.

Published: October 15, 2014; 11:55:07 AM -0400 		V4.0:(not available)
 V3.x:(not available)
 V2.0: 4.0 MEDIUM