SB2019071638 - Multiple vulnerabilities in Oracle Database Server 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2019071638

SB2019071638 - Multiple vulnerabilities in Oracle Database Server

Published: July 16, 2019

Security Bulletin ID SB2019071638
Severity
Medium
Patch available
YES
Number of vulnerabilities 8
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Medium 88% Low 13%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 8 secuirty vulnerabilities.


1) NULL pointer dereference (CVE-ID: CVE-2016-9572)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the way openjpeg 2.1.2 decoded certain input images. Due to a logic error in the code responsible for decoding the input image, an application using openjpeg to process image data could crash when processing a crafted image. A remote attacker can perform a denial of service (DoS) attack.


2) Improper input validation (CVE-ID: CVE-2019-2569)

The vulnerability allows a local privileged user to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Core RDBMS in Oracle Database Server. A local privileged user can exploit this vulnerability to gain access to sensitive information.


3) Improper input validation (CVE-ID: CVE-2019-2753)

The vulnerability allows a remote authenticated user to read memory contents or crash the application.

The vulnerability exists due to improper input validation within the Oracle Text in Oracle Database Server. A remote authenticated user can exploit this vulnerability to read memory contents or crash the application.


4) Improper input validation (CVE-ID: CVE-2019-2484)

The vulnerability allows a remote authenticated user to read and manipulate data.

The vulnerability exists due to improper input validation within the Application Express in Oracle Database Server. A remote authenticated user can exploit this vulnerability to read and manipulate data.


5) Improper input validation (CVE-ID: CVE-2019-2749)

The vulnerability allows a remote authenticated user to damange or delete data.

The vulnerability exists due to improper input validation within the Java VM in Oracle Database Server. A remote authenticated user can exploit this vulnerability to damange or delete data.


6) Improper input validation (CVE-ID: CVE-2019-2799)

The vulnerability allows a remote authenticated user to execute arbitrary code.

The vulnerability exists due to improper input validation within the Oracle ODBC Driver in Oracle Database Server. A remote authenticated user can exploit this vulnerability to execute arbitrary code.


7) Improper input validation (CVE-ID: CVE-2019-2776)

The vulnerability allows a remote privileged user to read and manipulate data.

The vulnerability exists due to improper input validation within the Core RDBMS in Oracle Database Server. A remote privileged user can exploit this vulnerability to read and manipulate data.


8) Out-of-bounds read (CVE-ID: CVE-2018-11058)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when parsing ASN.1 data. A remote attacker can use a specially constructed ASN.1 data, trigger out-of-bounds read error and read contents of memory on the system.

This vulnerability affects the following versions of RSA BSAFE Crypto-C Micro Edition:

  • version prior to 4.0.5.3 (in 4.0.x)


Remediation

Install update from vendor's website.

References