Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2015-0468 (GCVE-0-2015-0468)
Vulnerability from cvelistv5 – Published: 2015-07-16 10:00 – Updated: 2024-08-06 04:10
VLAI
EPSS
Summary
Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, and 12.1.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.oracle.com/technetwork/topics/security… | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1032903 | vdb-entryx_refsource_SECTRACK |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
Date Public
2015-07-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:10:11.035Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"name": "1032903",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032903"
},
{
"name": "SUSE-SU-2015:1353",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, and 12.1.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-21T09:57:01.000Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"name": "1032903",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032903"
},
{
"name": "SUSE-SU-2015:1353",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00003.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2015-0468",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, and 12.1.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"name": "1032903",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032903"
},
{
"name": "SUSE-SU-2015:1353",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00003.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2015-0468",
"datePublished": "2015-07-16T10:00:00.000Z",
"dateReserved": "2014-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-06T04:10:11.035Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2015-0468",
"date": "2026-07-02",
"epss": "0.01686",
"percentile": "0.7422"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2015-0468\",\"sourceIdentifier\":\"secalert_us@oracle.com\",\"published\":\"2015-07-16T10:59:05.390\",\"lastModified\":\"2026-05-06T22:30:45.220\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, and 12.1.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad no especificada en el componente Core RDBMS de Oracle Database Server 11.1.0.7, 11.2.0.3 y 12.1.0.1, permite a usuarios remotos autenticados afectar la confidencialidad, integridad y disponibilidad a trav\u00e9s de vectores desconocidos.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:S/C:P/I:P/A:P\",\"baseScore\":6.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":6.8,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:database_server:11.1.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EDEDE937-C3D7-421C-9F70-F546AB823E1D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:database_server:11.2.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"165A1F85-076B-4216-8EF8-D67E6EC63A6B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:database_server:12.1.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A7D10EB-D98F-4B80-AB9F-D8A9FC813E1C\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00003.html\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securitytracker.com/id/1032903\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00003.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securitytracker.com/id/1032903\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
Title
Уязвимость системы управления базами данных Oracle Database, позволяющая нарушителю нарушить безопасность информации
Description
Уязвимость компонента Core RDBMS системы управления базами данных Oracle Database связана с ошибками в коде. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, нарушить безопасность информации
Severity
Vendor
Oracle Corp.
Software Name
Database
Software Version
11.1.0.7 (Database), 11.2.0.3 (Database), 12.1.0.1 (Database)
Possible Mitigations
Использование рекомендаций производителя, доступных по адресу:
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
Reference
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
CWE
CWE-17
{
"CVSS 2.0": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"CVSS 3.0": null,
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Oracle Corp.",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "11.1.0.7 (Database), 11.2.0.3 (Database), 12.1.0.1 (Database)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f, \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0445 \u043f\u043e \u0430\u0434\u0440\u0435\u0441\u0443:\nhttp://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "16.07.2015",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "23.03.2021",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "15.12.2015",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2015-12131",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2015-0468",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Database",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux . 64-bit, \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux . 32-bit, Microsoft Corp Windows - 64-bit, Microsoft Corp Windows - 32-bit, Oracle Corp. Solaris . 64-bit, Oracle Corp. Solaris . 32-bit",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0430\u0437\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 Oracle Database, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u044c \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041a\u043e\u0434 (CWE-17)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 Core RDBMS \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0430\u0437\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 Oracle Database \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u0432 \u043a\u043e\u0434\u0435. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u044c \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": "-",
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html\n",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u0421\u0423\u0411\u0414",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-17",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6)"
}
CERTFR-2015-AVI-303
Vulnerability from certfr_avis - Published: 2015-07-15 - Updated: 2015-07-15
De multiples vulnérabilités ont été corrigées dans Oracle Database Server. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Contournement provisoire
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | Database Server | Oracle Database Server versions 11.2.0.4 et antérieures | ||
| Oracle | Database Server | Oracle Database Server versions 11.1.0.7 et antérieures | ||
| Oracle | Database Server | Oracle Database Server versions 12.1.0.2 et antérieures |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle Database Server versions 11.2.0.4 et ant\u00e9rieures",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database Server versions 11.1.0.7 et ant\u00e9rieures",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database Server versions 12.1.0.2 et ant\u00e9rieures",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Contournement provisoire\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2015-2586",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2586"
},
{
"name": "CVE-2015-0468",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0468"
},
{
"name": "CVE-2015-4740",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4740"
},
{
"name": "CVE-2015-4755",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4755"
},
{
"name": "CVE-2015-2585",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2585"
},
{
"name": "CVE-2015-2599",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2599"
},
{
"name": "CVE-2015-2595",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2595"
},
{
"name": "CVE-2015-2629",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2629"
},
{
"name": "CVE-2015-2655",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2655"
},
{
"name": "CVE-2015-4753",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4753"
}
],
"initial_release_date": "2015-07-15T00:00:00",
"last_revision_date": "2015-07-15T00:00:00",
"links": [],
"reference": "CERTFR-2015-AVI-303",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2015-07-15T00:00:00.000000"
}
],
"risks": [
{
"description": ""
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans Oracle Database\nServer. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de\ns\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Database Server",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle du 14 juillet 2015",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
}
]
}
Title
Oracle Database Core RDBMS组件存在未明漏洞(CNVD-2015-04811)
Description
Oracle Database是一款商业性质的大型数据库。
Oracle Database Core RDBMS组件存在安全漏洞,允许通过验证的用户影响系统完整性,可用性和保密性。
Severity
中
Patch Name
Oracle Database Core RDBMS组件存在未明漏洞(CNVD-2015-04811)的补丁
Patch Description
Oracle Database是一款商业性质的大型数据库。Oracle Database Core RDBMS组件存在安全漏洞,允许通过验证的用户影响系统完整性,可用性和保密性。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
用户可参考如下厂商提供的安全公告获取补丁以修复该漏洞: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
Reference
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
Impacted products
| Name | ['Oracle database server 11.1.0.7', 'Oracle Database Server 11.2.0.3', 'Oracle Database Server 12.1.0.1'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2015-0468"
}
},
"description": "Oracle Database\u662f\u4e00\u6b3e\u5546\u4e1a\u6027\u8d28\u7684\u5927\u578b\u6570\u636e\u5e93\u3002 \r\n\r\nOracle Database Core RDBMS\u7ec4\u4ef6\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u901a\u8fc7\u9a8c\u8bc1\u7684\u7528\u6237\u5f71\u54cd\u7cfb\u7edf\u5b8c\u6574\u6027\uff0c\u53ef\u7528\u6027\u548c\u4fdd\u5bc6\u6027\u3002",
"discovererName": "Oracle",
"formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u53d6\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttp://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2015-04811",
"openTime": "2015-07-24",
"patchDescription": "Oracle Database\u662f\u4e00\u6b3e\u5546\u4e1a\u6027\u8d28\u7684\u5927\u578b\u6570\u636e\u5e93\u3002Oracle Database Core RDBMS\u7ec4\u4ef6\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u901a\u8fc7\u9a8c\u8bc1\u7684\u7528\u6237\u5f71\u54cd\u7cfb\u7edf\u5b8c\u6574\u6027\uff0c\u53ef\u7528\u6027\u548c\u4fdd\u5bc6\u6027\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Oracle Database Core RDBMS\u7ec4\u4ef6\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\uff08CNVD-2015-04811\uff09\u7684\u8865\u4e01",
"products": {
"product": [
"Oracle database server 11.1.0.7",
"Oracle Database Server 11.2.0.3",
"Oracle Database Server 12.1.0.1"
]
},
"referenceLink": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
"serverity": "\u4e2d",
"submitTime": "2015-07-20",
"title": "Oracle Database Core RDBMS\u7ec4\u4ef6\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\uff08CNVD-2015-04811\uff09"
}
FKIE_CVE-2015-0468
Vulnerability from fkie_nvd - Published: 2015-07-16 10:59 - Updated: 2026-06-17 00:20
Severity
Summary
Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, and 12.1.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | database_server | 11.1.0.7 | |
| oracle | database_server | 11.2.0.3 | |
| oracle | database_server | 12.1.0.1 |
{
"affected": [
{
"affectedData": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"source": "secalert_us@oracle.com"
}
],
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:database_server:11.1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "EDEDE937-C3D7-421C-9F70-F546AB823E1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:11.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "165A1F85-076B-4216-8EF8-D67E6EC63A6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:12.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5A7D10EB-D98F-4B80-AB9F-D8A9FC813E1C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, and 12.1.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en el componente Core RDBMS de Oracle Database Server 11.1.0.7, 11.2.0.3 y 12.1.0.1, permite a usuarios remotos autenticados afectar la confidencialidad, integridad y disponibilidad a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2015-0468",
"lastModified": "2026-06-17T00:20:21.353",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-07-16T10:59:05.390",
"references": [
{
"source": "secalert_us@oracle.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00003.html"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"source": "secalert_us@oracle.com",
"url": "http://www.securitytracker.com/id/1032903"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1032903"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-H6H9-QFX5-G45F
Vulnerability from github – Published: 2022-05-17 00:50 – Updated: 2022-05-17 00:50
VLAI
Details
Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, and 12.1.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.
{
"affected": [],
"aliases": [
"CVE-2015-0468"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2015-07-16T10:59:00Z",
"severity": "MODERATE"
},
"details": "Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, and 12.1.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.",
"id": "GHSA-h6h9-qfx5-g45f",
"modified": "2022-05-17T00:50:09Z",
"published": "2022-05-17T00:50:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0468"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00003.html"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1032903"
}
],
"schema_version": "1.4.0",
"severity": []
}
GSD-2015-0468
Vulnerability from gsd - Updated: 2023-12-13 01:19Details
Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, and 12.1.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2015-0468",
"description": "Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, and 12.1.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.",
"id": "GSD-2015-0468",
"references": [
"https://www.suse.com/security/cve/CVE-2015-0468.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2015-0468"
],
"details": "Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, and 12.1.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.",
"id": "GSD-2015-0468",
"modified": "2023-12-13T01:19:58.286513Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2015-0468",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, and 12.1.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"name": "1032903",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032903"
},
{
"name": "SUSE-SU-2015:1353",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00003.html"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:database_server:11.2.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database_server:12.1.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:database_server:11.1.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2015-0468"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, and 12.1.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"name": "SUSE-SU-2015:1353",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00003.html"
},
{
"name": "1032903",
"refsource": "SECTRACK",
"tags": [],
"url": "http://www.securitytracker.com/id/1032903"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2017-09-22T01:29Z",
"publishedDate": "2015-07-16T10:59Z"
}
}
}
SUSE-SU-2015:1353-1
Vulnerability from csaf_suse - Published: 2015-07-16 15:50 - Updated: 2015-07-16 15:50Summary
Security update for oracle-update
Severity
Important
Notes
Title of the patch: Security update for oracle-update
Description of the patch: oracle-update was updated to fix eight security issues.
These security issues were fixed:
- CVE-2015-2629: Vulnerability in the Java VM component of Oracle Database Server. This vulnerability requires Create Session privileges for a successful attack. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution (bsc#938160).
- CVE-2015-2599: Vulnerability in the RDBMS Scheduler component of Oracle Database Server. This vulnerability requires Alter Session privileges for a successful attack. Successful attack of this vulnerability can result in unauthorized read access to all RDBMS Scheduler accessible data (bsc#938160).
- CVE-2015-4735: Vulnerability in the Enterprise Manager for Oracle Database component of Oracle Enterprise Manager Grid Control (subcomponent: RAC Management). Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Enterprise Manager for Oracle Database accessible data (bsc#938160).
- CVE-2015-4740: Vulnerability in the RDBMS Partitioning component of Oracle Database Server. This vulnerability requires Create Session, Create Any Index, Index object privilege on a Table privileges for a successful attack. Difficult to exploit vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized takeover of RDBMS Partitioning possibly including arbitrary code execution within the RDBMS Partitioning (bsc#938160).
- CVE-2015-4753: Vulnerability in the RDBMS Support Tools component of Oracle Database Server. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized read access to all RDBMS Support Tools accessible data (bsc#938160).
- CVE-2015-0468: Vulnerability in the Core RDBMS component of Oracle Database Server. This vulnerability requires Analyze Any or Create Materialized View privileges for a successful attack. Difficult to exploit vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized takeover of Core RDBMS possibly including arbitrary code execution within the Core RDBMS (bsc#938160).
- CVE-2015-2647: Vulnerability in the Enterprise Manager for Oracle Database component of Oracle Enterprise Manager Grid Control (subcomponent: Content Management). Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Enterprise Manager for Oracle Database accessible data as well as read access to all Enterprise Manager for Oracle Database accessible data (bsc#938160).
- CVE-2015-2646: Vulnerability in the Enterprise Manager for Oracle Database component of Oracle Enterprise Manager Grid Control (subcomponent: Content Management). Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Enterprise Manager for Oracle Database accessible data (bsc#938160).
For more details please see
http://www.oracle.com/technetwork/topics/security/cpujul2015verbose-2367947.html
Patchnames: sleman21-oracle-update-12017
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager 2.1:oracle-update-1.7-0.34.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager 2.1:oracle-update-1.7-0.34.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager 2.1:oracle-update-1.7-0.34.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager 2.1:oracle-update-1.7-0.34.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager 2.1:oracle-update-1.7-0.34.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager 2.1:oracle-update-1.7-0.34.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager 2.1:oracle-update-1.7-0.34.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager 2.1:oracle-update-1.7-0.34.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
References
29 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for oracle-update",
"title": "Title of the patch"
},
{
"category": "description",
"text": "oracle-update was updated to fix eight security issues.\n\nThese security issues were fixed:\n- CVE-2015-2629: Vulnerability in the Java VM component of Oracle Database Server. This vulnerability requires Create Session privileges for a successful attack. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution (bsc#938160).\n- CVE-2015-2599: Vulnerability in the RDBMS Scheduler component of Oracle Database Server. This vulnerability requires Alter Session privileges for a successful attack. Successful attack of this vulnerability can result in unauthorized read access to all RDBMS Scheduler accessible data (bsc#938160).\n- CVE-2015-4735: Vulnerability in the Enterprise Manager for Oracle Database component of Oracle Enterprise Manager Grid Control (subcomponent: RAC Management). Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Enterprise Manager for Oracle Database accessible data (bsc#938160).\n- CVE-2015-4740: Vulnerability in the RDBMS Partitioning component of Oracle Database Server. This vulnerability requires Create Session, Create Any Index, Index object privilege on a Table privileges for a successful attack. Difficult to exploit vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized takeover of RDBMS Partitioning possibly including arbitrary code execution within the RDBMS Partitioning (bsc#938160).\n- CVE-2015-4753: Vulnerability in the RDBMS Support Tools component of Oracle Database Server. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized read access to all RDBMS Support Tools accessible data (bsc#938160).\n- CVE-2015-0468: Vulnerability in the Core RDBMS component of Oracle Database Server. This vulnerability requires Analyze Any or Create Materialized View privileges for a successful attack. Difficult to exploit vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized takeover of Core RDBMS possibly including arbitrary code execution within the Core RDBMS (bsc#938160).\n- CVE-2015-2647: Vulnerability in the Enterprise Manager for Oracle Database component of Oracle Enterprise Manager Grid Control (subcomponent: Content Management). Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Enterprise Manager for Oracle Database accessible data as well as read access to all Enterprise Manager for Oracle Database accessible data (bsc#938160).\n- CVE-2015-2646: Vulnerability in the Enterprise Manager for Oracle Database component of Oracle Enterprise Manager Grid Control (subcomponent: Content Management). Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Enterprise Manager for Oracle Database accessible data (bsc#938160).\n\nFor more details please see\nhttp://www.oracle.com/technetwork/topics/security/cpujul2015verbose-2367947.html\n ",
"title": "Description of the patch"
},
{
"category": "details",
"text": "sleman21-oracle-update-12017",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2015_1353-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2015:1353-1",
"url": "https://www.suse.com/support/update/announcement/2015/suse-su-20151353-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2015:1353-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2015-August/001527.html"
},
{
"category": "self",
"summary": "SUSE Bug 938160",
"url": "https://bugzilla.suse.com/938160"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-0468 page",
"url": "https://www.suse.com/security/cve/CVE-2015-0468/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-2599 page",
"url": "https://www.suse.com/security/cve/CVE-2015-2599/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-2629 page",
"url": "https://www.suse.com/security/cve/CVE-2015-2629/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-2646 page",
"url": "https://www.suse.com/security/cve/CVE-2015-2646/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-2647 page",
"url": "https://www.suse.com/security/cve/CVE-2015-2647/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-4735 page",
"url": "https://www.suse.com/security/cve/CVE-2015-4735/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-4740 page",
"url": "https://www.suse.com/security/cve/CVE-2015-4740/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-4753 page",
"url": "https://www.suse.com/security/cve/CVE-2015-4753/"
}
],
"title": "Security update for oracle-update",
"tracking": {
"current_release_date": "2015-07-16T15:50:27Z",
"generator": {
"date": "2015-07-16T15:50:27Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2015:1353-1",
"initial_release_date": "2015-07-16T15:50:27Z",
"revision_history": [
{
"date": "2015-07-16T15:50:27Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "oracle-update-1.7-0.34.1.x86_64",
"product": {
"name": "oracle-update-1.7-0.34.1.x86_64",
"product_id": "oracle-update-1.7-0.34.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Manager 2.1",
"product": {
"name": "SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-server:2.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "oracle-update-1.7-0.34.1.x86_64 as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:oracle-update-1.7-0.34.1.x86_64"
},
"product_reference": "oracle-update-1.7-0.34.1.x86_64",
"relates_to_product_reference": "SUSE Manager 2.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-0468",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-0468"
}
],
"notes": [
{
"category": "general",
"text": "Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, and 12.1.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager 2.1:oracle-update-1.7-0.34.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-0468",
"url": "https://www.suse.com/security/cve/CVE-2015-0468"
},
{
"category": "external",
"summary": "SUSE Bug 938160 for CVE-2015-0468",
"url": "https://bugzilla.suse.com/938160"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager 2.1:oracle-update-1.7-0.34.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2015-07-16T15:50:27Z",
"details": "moderate"
}
],
"title": "CVE-2015-0468"
},
{
"cve": "CVE-2015-2599",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-2599"
}
],
"notes": [
{
"category": "general",
"text": "Unspecified vulnerability in the RDBMS Scheduler component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager 2.1:oracle-update-1.7-0.34.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-2599",
"url": "https://www.suse.com/security/cve/CVE-2015-2599"
},
{
"category": "external",
"summary": "SUSE Bug 938160 for CVE-2015-2599",
"url": "https://bugzilla.suse.com/938160"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager 2.1:oracle-update-1.7-0.34.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2015-07-16T15:50:27Z",
"details": "low"
}
],
"title": "CVE-2015-2599"
},
{
"cve": "CVE-2015-2629",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-2629"
}
],
"notes": [
{
"category": "general",
"text": "Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-0457.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager 2.1:oracle-update-1.7-0.34.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-2629",
"url": "https://www.suse.com/security/cve/CVE-2015-2629"
},
{
"category": "external",
"summary": "SUSE Bug 938160 for CVE-2015-2629",
"url": "https://bugzilla.suse.com/938160"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager 2.1:oracle-update-1.7-0.34.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2015-07-16T15:50:27Z",
"details": "important"
}
],
"title": "CVE-2015-2629"
},
{
"cve": "CVE-2015-2646",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-2646"
}
],
"notes": [
{
"category": "general",
"text": "Unspecified vulnerability in the Enterprise Manager for Oracle Database component in Oracle Enterprise Manager Grid Control EM Base Platform: 11.1.0.1; EM Plugin for DB: 12.1.0.5, 12.1.0.6, 12.1.0.7; EM DB Control: 11.1.0.7, 11.2.0.3, and 11.2.0.4 allows remote attackers to affect integrity via unknown vectors related to Content Management.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager 2.1:oracle-update-1.7-0.34.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-2646",
"url": "https://www.suse.com/security/cve/CVE-2015-2646"
},
{
"category": "external",
"summary": "SUSE Bug 938160 for CVE-2015-2646",
"url": "https://bugzilla.suse.com/938160"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager 2.1:oracle-update-1.7-0.34.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2015-07-16T15:50:27Z",
"details": "moderate"
}
],
"title": "CVE-2015-2646"
},
{
"cve": "CVE-2015-2647",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-2647"
}
],
"notes": [
{
"category": "general",
"text": "Unspecified vulnerability in the Enterprise Manager for Oracle Database component in Oracle Enterprise Manager Grid Control EM Base Platform 11.1.0.1; EM Plugin for DB 12.1.0.5, 12.1.0.6, 12.1.0.7; and EM DB Control 11.1.0.7, 11.2.0.3, and 11.2.0.4 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Content Management.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager 2.1:oracle-update-1.7-0.34.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-2647",
"url": "https://www.suse.com/security/cve/CVE-2015-2647"
},
{
"category": "external",
"summary": "SUSE Bug 938160 for CVE-2015-2647",
"url": "https://bugzilla.suse.com/938160"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager 2.1:oracle-update-1.7-0.34.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2015-07-16T15:50:27Z",
"details": "moderate"
}
],
"title": "CVE-2015-2647"
},
{
"cve": "CVE-2015-4735",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-4735"
}
],
"notes": [
{
"category": "general",
"text": "Unspecified vulnerability in the Enterprise Manager for Oracle Database component in Oracle Enterprise Manager Grid Control EM Base Platform 11.1.0.1, and EM DB Control 11.2.0.3 and 11.2.0.4, allows remote attackers to affect confidentiality via vectors related to RAC Management.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager 2.1:oracle-update-1.7-0.34.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-4735",
"url": "https://www.suse.com/security/cve/CVE-2015-4735"
},
{
"category": "external",
"summary": "SUSE Bug 938160 for CVE-2015-4735",
"url": "https://bugzilla.suse.com/938160"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager 2.1:oracle-update-1.7-0.34.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2015-07-16T15:50:27Z",
"details": "moderate"
}
],
"title": "CVE-2015-4735"
},
{
"cve": "CVE-2015-4740",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-4740"
}
],
"notes": [
{
"category": "general",
"text": "Unspecified vulnerability in the RDBMS Partitioning component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager 2.1:oracle-update-1.7-0.34.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-4740",
"url": "https://www.suse.com/security/cve/CVE-2015-4740"
},
{
"category": "external",
"summary": "SUSE Bug 938160 for CVE-2015-4740",
"url": "https://bugzilla.suse.com/938160"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager 2.1:oracle-update-1.7-0.34.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2015-07-16T15:50:27Z",
"details": "moderate"
}
],
"title": "CVE-2015-4740"
},
{
"cve": "CVE-2015-4753",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-4753"
}
],
"notes": [
{
"category": "general",
"text": "Unspecified vulnerability in the RDBMS Support Tools component in Oracle Database Server 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows local users to affect confidentiality via unknown vectors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager 2.1:oracle-update-1.7-0.34.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-4753",
"url": "https://www.suse.com/security/cve/CVE-2015-4753"
},
{
"category": "external",
"summary": "SUSE Bug 938160 for CVE-2015-4753",
"url": "https://bugzilla.suse.com/938160"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager 2.1:oracle-update-1.7-0.34.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2015-07-16T15:50:27Z",
"details": "low"
}
],
"title": "CVE-2015-4753"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…