) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Keyword (text search): cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:enterprise:*:*:*
- CPE Name Search: true
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2016-2183 |
The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack. Published: August 31, 2016; 8:59:00 PM -0400 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
| CVE-2016-3609 |
Unspecified vulnerability in the OJVM component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. Published: July 21, 2016; 6:14:42 AM -0400 |
V3.0: 9.0 CRITICAL V2.0: 8.5 HIGH |
| CVE-2016-3489 |
Unspecified vulnerability in the Data Pump Import component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors. Published: July 21, 2016; 6:12:43 AM -0400 |
V3.0: 6.7 MEDIUM V2.0: 7.2 HIGH |
| CVE-2016-3488 |
Unspecified vulnerability in the DB Sharding component in Oracle Database Server 12.1.0.2 allows local users to affect integrity via unknown vectors. Published: July 21, 2016; 6:12:42 AM -0400 |
V3.0: 4.4 MEDIUM V2.0: 4.9 MEDIUM |
| CVE-2016-3484 |
Unspecified vulnerability in the Database Vault component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows local users to affect confidentiality and integrity via unknown vectors. Published: July 21, 2016; 6:12:38 AM -0400 |
V3.0: 3.4 LOW V2.0: 3.2 LOW |
| CVE-2016-3479 |
Unspecified vulnerability in the Portable Clusterware component in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows remote attackers to affect availability via unknown vectors. Published: July 21, 2016; 6:12:32 AM -0400 |
V3.0: 7.5 HIGH V2.0: 7.8 HIGH |
| CVE-2016-3454 |
Unspecified vulnerability in the Java VM component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. Published: April 21, 2016; 7:00:35 AM -0400 |
V3.0: 9.0 CRITICAL V2.0: 7.6 HIGH |
| CVE-2016-0691 |
Unspecified vulnerability in the RDBMS Security component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows local users to affect integrity via unknown vectors, a different vulnerability than CVE-2016-0690. Published: April 21, 2016; 6:59:51 AM -0400 |
V3.0: 3.3 LOW V2.0: 4.0 MEDIUM |
| CVE-2016-0690 |
Unspecified vulnerability in the RDBMS Security component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows local users to affect integrity via unknown vectors, a different vulnerability than CVE-2016-0691. Published: April 21, 2016; 6:59:50 AM -0400 |
V3.0: 3.3 LOW V2.0: 4.0 MEDIUM |
| CVE-2016-0677 |
Unspecified vulnerability in the RDBMS Security component in Oracle Database Server 12.1.0.1 and 12.1.0.2 allows remote attackers to affect availability via unknown vectors. Published: April 21, 2016; 6:59:39 AM -0400 |
V3.0: 5.9 MEDIUM V2.0: 5.0 MEDIUM |
| CVE-2014-3566 |
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. Published: October 14, 2014; 8:55:02 PM -0400 |
V3.1: 3.4 LOW V2.0: 4.3 MEDIUM |