198 matches found
CVE-2020-1967
CVE-2020-1967 describes a NULL pointer dereference in OpenSSL’s SSL_check_chain() during or after a TLS 1.3 handshake, caused by incorrect handling of the signature_algorithms_cert extension. A malicious peer sending an invalid/unrecognized signature algorithm can crash the server/client, enablin...
CVE-2018-5407
CVE-2018-5407 is a PortSmash timing-side channel vulnerability in SMT/Hyper-Threading affecting OpenSSL. Local attackers could exploit a timing leakage during cryptographic operations to gain information. Documented in multiple advisories (e.g., ALAS/ALAS2 for OpenSSL) with remediation stating to...
CVE-2018-0735
CVE-2018-0735 corresponds to a timing side-channel vulnerability in OpenSSL’s ECDSA signature generation. An attacker could exploit variations in signing to recover the private key. Affected: OpenSSL 1.1.0 (1.1.0-1.1.0i) and OpenSSL 1.1.1 (1.1.1) prior to the fixes. Fixes were released in OpenSSL...
CVE-2001-1371
The CVE-2001-1371 entry concerns Oracle 9iAS (Oracle Application Server 9iAS) where SOAP is enabled by default (version 1.0.2.2), allowing anonymous remote deployment of SOAP services via urn:soap-service-manager and urn:soap-provider-manager. The connected OpenVAS/Nessus/NVD references corrobora...
CVE-2002-0656
OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, are affected by buffer overflow vulnerabilities that allow remote code execution via two vectors: (1) oversized client master key in SSL2 and (2) oversized session ID in SSL3. The CVE entry CVE-2002-0656 is the primary issue. Affected produ...
CVE-2009-0217
CVE-2009-0217 arises from the XML Digital Signature processing where a parameter (HMACOutputLength) does not enforce a minimum length, enabling signature spoofing and authentication bypass across multiple products (e.g., XML-DSig implementations in Oracle, BEA WebLogic, Mono, XML Security Library...
CVE-2002-0562
CVE-2002-0562 affects Oracle 9i Application Server 1.0.2.x when running Oracle JSP or SQLJSP. The default configuration stores globals.jsa under the web root, enabling a remote attacker to obtain sensitive data (e.g., usernames and passwords) by directly requesting globals.jsa via HTTP. The vulne...
CVE-2002-0840
CVE-2002-0840 is a cross-site scripting (XSS) vulnerability in the default error page of Apache. It affects Apache 2.0 before 2.0.43 and 1.3.x up to 1.3.26, when UseCanonicalName is set to off and wildcard DNS is supported. An attacker can inject script via the Host header to execute in other vis...
CVE-2002-0563
CVE-2002-0563 describes a vulnerability in Oracle 9i Application Server 1.0.2.x where the default configuration allows remote anonymous access to sensitive services without authentication. Affected components include Dynamic Monitoring Services (dms0, dms/DMSDump, servlet/DMSDump, servlet/Spy, so...
CVE-2001-1372
CVE-2001-1372 affects Oracle 9i Application Server (AS) 1.0.2. It enables an attacker to disclose the server’s physical webroot path by requesting a non-existent .JSP file, because the default error message leaks the pathname. The vulnerability is a information disclosure issue, with CVSS-like co...
CVE-2002-0561
CVE-2002-0561 affects Oracle 9i Application Server's PL/SQL Gateway web administration interface. The default configuration uses null authentication, allowing remote attackers to bypass access controls and modify DAD/settings via the PL/SQL gateway administration pages. Details in connected advis...
CVE-2002-0560
Oracle 9i Application Server 1.0.2.x with PL/SQL module 3.0.9.8.2 exposes OWA_UTIL procedures (signature, listprint, show_query_columns) to remote attackers, enabling information disclosure. Affected component is the PL/SQL gateway (modplsql) in Oracle 9iAS; exploitation involves unauthenticated ...
CVE-2008-1814
Technical details about CVE-2008-1814 are not provided in the supplied documents. No explicit affected products, root cause, or remediation are included here. Monitor for updates.
CVE-2002-0843
CVE-2002-0843 affects Apache httpd’s ApacheBench benchmark tool (ab.c). The description specifies buffer overflows in ab.c that occur in Apache before 1.3.27 and in Apache 2.x before 2.0.43. A malicious web server can trigger a long response to cause a denial of service and potentially execute ar...
CVE-2006-1884
Technical details for CVE-2006-1884 are not publicly available in the provided documents. No affected product/version, impact, or remediation is described here. Monitor for updates from official advisories and vulnerability databases.
CVE-2002-0655
OpenSSL CVE-2002-0655 affects 0.9.6d and earlier and 0.9.7-beta2 and earlier; on 64-bit platforms it mishandles ASCII representations of integers, enabling denial of service and potentially arbitrary code execution. Public sources in the connected docs corroborate multiple related CVEs (0655, 065...
CVE-2004-1371
CVE-2004-1371 describes a stack-based buffer overflow in Oracle 9i/10g that allows remote attackers to execute arbitrary code by sending a long token in the text of a wrapped procedure. The vulnerability affects Oracle’s database/server components and can enable remote code execution with the att...
CVE-2002-0659
CVE-2002-0659 affects the OpenSSL ASN.1 parser in: OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier. The vulnerability allows remote denial of service via invalid ASN.1 encodings. The OpenSSL family also contains related issues (e.g., CVE-2002-0655 and CVE-2002-0656) that have been exploit...
CVE-2007-0275
CVE-2007-0275 is a documented cross-site scripting (XSS) vulnerability in the Oracle Reports Web Cartridge (RWCGI60) within the Workflow Cartridge component. The issue allows remote authenticated users to inject arbitrary HTML or web script by supplying a crafted value to the genuser parameter of...
CVE-2008-0349
Technical details for CVE-2008-0349 are not publicly provided in the supplied documents; information about affected versions, root cause, impact, and remediation is not disclosed here. Monitor for updates.
CVE-2004-1363
CVE-2004-1363 : The provided data confirms a buffer overflow in the extproc component of Oracle 10g. An attacker can trigger remote code execution by manipulating environment variables in the library name, which are expanded after the length check. The vulnerability is described as enabling remot...
CVE-2006-0586
CVE-2006-0586 involves multiple SQL injection vulnerabilities in Oracle 10g Release 1 before the January 2006 CPU. The issues arise in the database server’s server-side packages SYS.KUPV$FT and SYS.KUPV$FT_INT, where insufficient sanitization of user-provided data allows remote attackers to execu...
CVE-2008-1812
CVE-2008-1812 affects the Oracle Enterprise Manager component in Oracle Database 9.0.1.5 FIPS+, Application Server 1.0.2.2, and Enterprise Manager for AS 1.0.2.2 and Database 9.0.1.5. The vulnerability is described as unspecified with unknown impact and local attack vectors (EM01). The connected ...
CVE-2002-0568
CVE-2002-0568 concerns Oracle 9i Application Server where XSQLConfig.xml and soapConfig.xml configuration files are stored insecurely and may be retrieved via a virtual directory. This allows local users to obtain sensitive information, including usernames and passwords, as described in the OpenV...
CVE-2008-0345
CVE-2008-0345 : The Connected documents confirm an unspecified vulnerability in the Core RDBMS component of Oracle Database 11.1.0.6. The description provides no detail on the exact affected sub-component, root cause, impact, or exploitation method, only stating “unknown impact” and “remote attac...
CVE-2000-0169
CVE-2000-0169 is an Oracle Web Listener (ows-bin CGI) vulnerability in Oracle Application Server (Web Listener component) affecting the 4.0.x series according to OpenVAS/NVD entries. The issue allows remote command execution via a crafted URL containing a malformed sequence “?&” in batch files wi...
CVE-2006-0288
Technical details for CVE-2006-0288 are not publicly available in the provided documents. The material only notes multiple unspecified vulnerabilities in Oracle Reports Developer without affected versions, vectors, impacts, or remediation.
CVE-2008-0346
Technical details about CVE-2008-0346 are not publicly provided in the supplied connected documents. The entries reference Oracle Application Server Jinitiator but do not specify vulnerable components, versions, impact, or fixes. Monitor for updates.
CVE-2007-3854
CVE-2007-3854 affects Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.5. The entry documents multiple unspecified vulnerabilities allowing remote authenticated users to impact system via two components: the Advanced Queuing component (DB02) and the Spatial component (DB12). The description notes th...
CVE-2008-0347
CVE-2008-0347 concerns an unspecified vulnerability in the Oracle Ultra Search component of Oracle Collaboration Suite 10.1.2, and in related Database 9.2.0.8, 10.1.0.5, 10.2.0.3, and Application Server 9.0.4.3 and 10.1.2.0.2. The issue is described as having unknown impact and local attack vecto...
CVE-2008-4014
The CVE-2008-4014 issue affects Oracle Application Server’s BPEL (Business Process Execution Language) component, specifically the BPEL Console/Activities.jsp page, where a Linked XSS vulnerability was identified in the DSecRG advisory (DSecRG-09-001). Exploitation was demonstrated via crafted UR...
CVE-2008-0343
CVE-2008-0343 concerns an unspecified vulnerability in the Oracle Spatial component affecting Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, and 10.1.0.5. The description notes unknown impact and remote attack vectors (DB06). Public references list multiple advisories; the NVD entry assigns a...
CVE-2004-1364
CVE-2004-1364 is an Oracle extproc directory traversal vulnerability affecting Oracle 9i and 10g. The flaw allows remote attackers to access arbitrary libraries outside the $ORACLE_HOME/bin directory by leveraging the extproc mechanism, potentially executing OS commands with the privileges of the...
CVE-2007-5526
Technical details about CVE-2007-5526 are not publicly provided in the supplied documents; no affected product/version or impact specifics are stated. Monitor for updates.
CVE-2004-1369
CVE-2004-1369 concerns the TNS Listener in Oracle 10g. The vulnerability allows remote attackers to cause a denial of service (listener crash) by sending a malformed service_register_NSGR request, where a value is used as an invalid offset for a pointer that references incorrect memory. The prima...
CVE-2008-2609
CVE-2008-2609 affects Oracle Portal in Oracle Application Server (9.0.4.3, 10.1.2.3, 10.1.4.2). The CPU July 2008 advisory indicates this vulnerability is exploitable remotely over HTTP without authentication, with a CVSS v2 base score of 6.4 (Network, Low complexity, No authentication; Confident...
CVE-2004-1774
CVE-2004-1774: Buffer overflow in the MD2 package’s SDO_CODE_SIZE function (MDSYS.MD2.SDO_CODE_SIZE) on Oracle Database 10g before 10.1.0.2 Patch 2. The overflow is triggered by a long LAYER parameter, enabling arbitrary code execution. Public documentation indicates vulnerable Oracle 10g configu...
CVE-2004-1366
CVE-2004-1366 affects Oracle 10g Database Server, where the password for the SYSMAN account is stored in cleartext in the world-readable emoms.properties file. This local-access weakness could allow unprivileged or local users to gain DBA privileges. No explicit remediation version or patch is pr...
CVE-2006-0289
CVE-2006-0289 concerns Oracle Application Server 6.0.8.26 (PS17) and related E-Business Suite/Applications 11.5.10 with multiple vulnerabilities in Oracle Reports Developer (REP05/REP06). Connected sources link REP05 to CVE-2005-2378 (directory traversal for read access) and REP06 to CVE-2005-237...
CVE-2007-2123
Technical details about CVE-2007-2123 are not publicly available in the provided documents. The entries describe an unspecified vulnerability in Oracle Portal across multiple versions; no root cause, impact, or remediation is disclosed here. Monitor for updates.
CVE-2001-1216
CVE-2001-1216 affects Oracle 9i Application Server’s PL/SQL Apache module (mod_plsql). A buffer overflow in the mod_plsql/PLSQL path can be triggered by a long request for a help page, allowing remote attackers to execute arbitrary code or cause a crash. The vulnerability is tied to Oracle 9iAS’s...
CVE-2004-1367
CVE-2004-1367 affects Oracle 10g Database Server. When installed with a password containing an exclamation point for the DBSNMP or SYSMAN user, an error is logged to the world‑readable postDBCreation.log, potentially exposing the password to local users who could use it against SYS or SYSTEM acco...
CVE-2004-1365
CVE-2004-1365 affects Oracle 9i/10g extproc. The vulnerability allows local users to load a library or execute a function without authentication, enabling arbitrary commands to run as the Oracle user. This is documented in the NVD entry and reflected in related Nessus/NVD references.
CVE-2007-2130
CVE-2007-2130 describes an unspecified vulnerability in Oracle’s Workflow Cartridge affecting Oracle Database Server (9.2.0.1, 10.1.0.2, 10.2.0.1), Application Server (9.0.4.3, 10.1.2.0.2), Collaboration Suite (10.1.2), and E-Business Suite. The description indicates unknown impact and remote aut...
CVE-2008-0340
CVE-2008-0340 concerns Oracle Database with multiple unspecified vulnerabilities affecting the Advanced Queuing (DB02) and Oracle Spatial (DB04) components across several versions (e.g., 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3). The description notes unknown impact and remote attack...
CVE-2008-0344
Technical details about CVE-2008-0344 are not publicly available in the provided documents. The records note an unspecified vulnerability in the Oracle Spatial component with unknown impact; monitor for updates.
CVE-2004-1370
CVE-2004-1370 is a set of confirmed SQL injection vulnerabilities in Oracle 9i/10g that affect PL/SQL procedures running with definer rights. The flaws allow remote attackers to execute arbitrary SQL commands and potentially gain privileges via the following procedures: DBMS_EXPORT_EXTENSION, WK_...
CVE-2006-0552
Technical details about CVE-2006-0552 (affected Oracle Net Listener, impact, exploitability, and fix) are not publicly provided in the supplied documents; monitor for official advisories for concrete information.
CVE-2006-5361
Technical details for CVE-2006-5361 are not publicly provided in the supplied documents; monitor for updates.
CVE-2006-0282
Technical details for CVE-2006-0282 are not publicly provided in the supplied documents. Monitor for updates from official advisories; the OpenVAS/Nessus entries reference the CVE but do not list affected versions, vectors, or fixes.