Lucene search
K
OracleApplication Server

198 matches found

CVE
CVE
added 2020/04/21 1:45 p.m.796 views

CVE-2020-1967

CVE-2020-1967 describes a NULL pointer dereference in OpenSSL’s SSL_check_chain() during or after a TLS 1.3 handshake, caused by incorrect handling of the signature_algorithms_cert extension. A malicious peer sending an invalid/unrecognized signature algorithm can crash the server/client, enablin...

7.5CVSS7.5AI score0.53336EPSS
CVE
CVE
added 2018/11/15 9:0 p.m.670 views

CVE-2018-5407

CVE-2018-5407 is a PortSmash timing-side channel vulnerability in SMT/Hyper-Threading affecting OpenSSL. Local attackers could exploit a timing leakage during cryptographic operations to gain information. Documented in multiple advisories (e.g., ALAS/ALAS2 for OpenSSL) with remediation stating to...

4.7CVSS5.6AI score0.03418EPSS
CVE
CVE
added 2018/10/29 1:0 p.m.565 views

CVE-2018-0735

CVE-2018-0735 corresponds to a timing side-channel vulnerability in OpenSSL’s ECDSA signature generation. An attacker could exploit variations in signing to recover the private key. Affected: OpenSSL 1.1.0 (1.1.0-1.1.0i) and OpenSSL 1.1.1 (1.1.1) prior to the fixes. Fixes were released in OpenSSL...

5.9CVSS5.7AI score0.04763EPSS
CVE
CVE
added 2003/04/02 5:0 a.m.309 views

CVE-2001-1371

The CVE-2001-1371 entry concerns Oracle 9iAS (Oracle Application Server 9iAS) where SOAP is enabled by default (version 1.0.2.2), allowing anonymous remote deployment of SOAP services via urn:soap-service-manager and urn:soap-provider-manager. The connected OpenVAS/Nessus/NVD references corrobora...

7.5CVSS9AI score0.12299EPSS
CVE
CVE
added 2002/07/31 4:0 a.m.225 views

CVE-2002-0656

OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, are affected by buffer overflow vulnerabilities that allow remote code execution via two vectors: (1) oversized client master key in SSL2 and (2) oversized session ID in SSL3. The CVE entry CVE-2002-0656 is the primary issue. Affected produ...

7.5CVSS9.6AI score0.8982EPSS
CVE
CVE
added 2009/07/14 11:0 p.m.203 views

CVE-2009-0217

CVE-2009-0217 arises from the XML Digital Signature processing where a parameter (HMACOutputLength) does not enforce a minimum length, enabling signature spoofing and authentication bypass across multiple products (e.g., XML-DSig implementations in Oracle, BEA WebLogic, Mono, XML Security Library...

5CVSS7.1AI score0.06348EPSS
CVE
CVE
added 2002/06/11 4:0 a.m.166 views

CVE-2002-0562

CVE-2002-0562 affects Oracle 9i Application Server 1.0.2.x when running Oracle JSP or SQLJSP. The default configuration stores globals.jsa under the web root, enabling a remote attacker to obtain sensitive data (e.g., usernames and passwords) by directly requesting globals.jsa via HTTP. The vulne...

5CVSS9.1AI score0.07035EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.149 views

CVE-2002-0840

CVE-2002-0840 is a cross-site scripting (XSS) vulnerability in the default error page of Apache. It affects Apache 2.0 before 2.0.43 and 1.3.x up to 1.3.26, when UseCanonicalName is set to off and wildcard DNS is supported. An attacker can inject script via the Host header to execute in other vis...

6.8CVSS8.4AI score0.94006EPSS
CVE
CVE
added 2002/06/11 4:0 a.m.143 views

CVE-2002-0563

CVE-2002-0563 describes a vulnerability in Oracle 9i Application Server 1.0.2.x where the default configuration allows remote anonymous access to sensitive services without authentication. Affected components include Dynamic Monitoring Services (dms0, dms/DMSDump, servlet/DMSDump, servlet/Spy, so...

5CVSS9AI score0.51129EPSS
CVE
CVE
added 2003/04/02 5:0 a.m.139 views

CVE-2001-1372

CVE-2001-1372 affects Oracle 9i Application Server (AS) 1.0.2. It enables an attacker to disclose the server’s physical webroot path by requesting a non-existent .JSP file, because the default error message leaks the pathname. The vulnerability is a information disclosure issue, with CVSS-like co...

5CVSS8.8AI score0.06483EPSS
CVE
CVE
added 2002/06/11 4:0 a.m.136 views

CVE-2002-0561

CVE-2002-0561 affects Oracle 9i Application Server's PL/SQL Gateway web administration interface. The default configuration uses null authentication, allowing remote attackers to bypass access controls and modify DAD/settings via the PL/SQL gateway administration pages. Details in connected advis...

7.5CVSS9.1AI score0.09666EPSS
CVE
CVE
added 2002/06/11 4:0 a.m.133 views

CVE-2002-0560

Oracle 9i Application Server 1.0.2.x with PL/SQL module 3.0.9.8.2 exposes OWA_UTIL procedures (signature, listprint, show_query_columns) to remote attackers, enabling information disclosure. Affected component is the PL/SQL gateway (modplsql) in Oracle 9iAS; exploitation involves unauthenticated ...

5CVSS8.6AI score0.03651EPSS
CVE
CVE
added 2008/04/16 10:0 a.m.119 views

CVE-2008-1814

Technical details about CVE-2008-1814 are not provided in the supplied documents. No explicit affected products, root cause, or remediation are included here. Monitor for updates.

9CVSS8.9AI score0.02595EPSS
CVE
CVE
added 2002/10/05 4:0 a.m.111 views

CVE-2002-0843

CVE-2002-0843 affects Apache httpd’s ApacheBench benchmark tool (ab.c). The description specifies buffer overflows in ab.c that occur in Apache before 1.3.27 and in Apache 2.x before 2.0.43. A malicious web server can trigger a long response to cause a denial of service and potentially execute ar...

7.5CVSS9.5AI score0.21421EPSS
CVE
CVE
added 2006/04/20 10:0 a.m.111 views

CVE-2006-1884

Technical details for CVE-2006-1884 are not publicly available in the provided documents. No affected product/version, impact, or remediation is described here. Monitor for updates from official advisories and vulnerability databases.

10CVSS8.9AI score0.03837EPSS
CVE
CVE
added 2002/07/31 4:0 a.m.109 views

CVE-2002-0655

OpenSSL CVE-2002-0655 affects 0.9.6d and earlier and 0.9.7-beta2 and earlier; on 64-bit platforms it mishandles ASCII representations of integers, enabling denial of service and potentially arbitrary code execution. Public sources in the connected docs corroborate multiple related CVEs (0655, 065...

7.5CVSS9.5AI score0.08169EPSS
CVE
CVE
added 2005/01/19 5:0 a.m.104 views

CVE-2004-1371

CVE-2004-1371 describes a stack-based buffer overflow in Oracle 9i/10g that allows remote attackers to execute arbitrary code by sending a long token in the text of a wrapped procedure. The vulnerability affects Oracle’s database/server components and can enable remote code execution with the att...

9CVSS9.6AI score0.10767EPSS
CVE
CVE
added 2002/07/31 4:0 a.m.103 views

CVE-2002-0659

CVE-2002-0659 affects the OpenSSL ASN.1 parser in: OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier. The vulnerability allows remote denial of service via invalid ASN.1 encodings. The OpenSSL family also contains related issues (e.g., CVE-2002-0655 and CVE-2002-0656) that have been exploit...

5CVSS8.2AI score0.36039EPSS
CVE
CVE
added 2007/01/17 2:0 a.m.103 views

CVE-2007-0275

CVE-2007-0275 is a documented cross-site scripting (XSS) vulnerability in the Oracle Reports Web Cartridge (RWCGI60) within the Workflow Cartridge component. The issue allows remote authenticated users to inject arbitrary HTML or web script by supplying a crafted value to the genuser parameter of...

3.5CVSS7.4AI score0.01224EPSS
CVE
CVE
added 2008/01/17 10:0 p.m.100 views

CVE-2008-0349

Technical details for CVE-2008-0349 are not publicly provided in the supplied documents; information about affected versions, root cause, impact, and remediation is not disclosed here. Monitor for updates.

10CVSS9AI score0.02625EPSS
CVE
CVE
added 2005/01/19 5:0 a.m.98 views

CVE-2004-1363

CVE-2004-1363 : The provided data confirms a buffer overflow in the extproc component of Oracle 10g. An attacker can trigger remote code execution by manipulating environment variables in the library name, which are expanded after the length check. The vulnerability is described as enabling remot...

9.8CVSS9.7AI score0.09095EPSS
CVE
CVE
added 2006/02/08 1:0 a.m.94 views

CVE-2006-0586

CVE-2006-0586 involves multiple SQL injection vulnerabilities in Oracle 10g Release 1 before the January 2006 CPU. The issues arise in the database server’s server-side packages SYS.KUPV$FT and SYS.KUPV$FT_INT, where insufficient sanitization of user-provided data allows remote attackers to execu...

7.5CVSS9.8AI score0.05434EPSS
CVE
CVE
added 2008/04/16 10:0 a.m.93 views

CVE-2008-1812

CVE-2008-1812 affects the Oracle Enterprise Manager component in Oracle Database 9.0.1.5 FIPS+, Application Server 1.0.2.2, and Enterprise Manager for AS 1.0.2.2 and Database 9.0.1.5. The vulnerability is described as unspecified with unknown impact and local attack vectors (EM01). The connected ...

10CVSS8.8AI score0.02131EPSS
CVE
CVE
added 2002/06/11 4:0 a.m.87 views

CVE-2002-0568

CVE-2002-0568 concerns Oracle 9i Application Server where XSQLConfig.xml and soapConfig.xml configuration files are stored insecurely and may be retrieved via a virtual directory. This allows local users to obtain sensitive information, including usernames and passwords, as described in the OpenV...

2.1CVSS8.4AI score0.75176EPSS
CVE
CVE
added 2008/01/17 10:0 p.m.87 views

CVE-2008-0345

CVE-2008-0345 : The Connected documents confirm an unspecified vulnerability in the Core RDBMS component of Oracle Database 11.1.0.6. The description provides no detail on the exact affected sub-component, root cause, impact, or exploitation method, only stating “unknown impact” and “remote attac...

10CVSS9AI score0.02625EPSS
CVE
CVE
added 2000/06/02 4:0 a.m.86 views

CVE-2000-0169

CVE-2000-0169 is an Oracle Web Listener (ows-bin CGI) vulnerability in Oracle Application Server (Web Listener component) affecting the 4.0.x series according to OpenVAS/NVD entries. The issue allows remote command execution via a crafted URL containing a malformed sequence “?&” in batch files wi...

7.5CVSS9.3AI score0.2669EPSS
CVE
CVE
added 2006/01/18 11:0 a.m.86 views

CVE-2006-0288

Technical details for CVE-2006-0288 are not publicly available in the provided documents. The material only notes multiple unspecified vulnerabilities in Oracle Reports Developer without affected versions, vectors, impacts, or remediation.

10CVSS9.5AI score0.06534EPSS
CVE
CVE
added 2008/01/17 10:0 p.m.86 views

CVE-2008-0346

Technical details about CVE-2008-0346 are not publicly provided in the supplied connected documents. The entries reference Oracle Application Server Jinitiator but do not specify vulnerable components, versions, impact, or fixes. Monitor for updates.

10CVSS8.9AI score0.02696EPSS
CVE
CVE
added 2007/07/18 7:0 p.m.84 views

CVE-2007-3854

CVE-2007-3854 affects Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.5. The entry documents multiple unspecified vulnerabilities allowing remote authenticated users to impact system via two components: the Advanced Queuing component (DB02) and the Spatial component (DB12). The description notes th...

5.5CVSS9.4AI score0.02533EPSS
CVE
CVE
added 2008/01/17 10:0 p.m.84 views

CVE-2008-0347

CVE-2008-0347 concerns an unspecified vulnerability in the Oracle Ultra Search component of Oracle Collaboration Suite 10.1.2, and in related Database 9.2.0.8, 10.1.0.5, 10.2.0.3, and Application Server 9.0.4.3 and 10.1.2.0.2. The issue is described as having unknown impact and local attack vecto...

10CVSS8.6AI score0.02696EPSS
CVE
CVE
added 2009/01/14 2:0 a.m.82 views

CVE-2008-4014

The CVE-2008-4014 issue affects Oracle Application Server’s BPEL (Business Process Execution Language) component, specifically the BPEL Console/Activities.jsp page, where a Linked XSS vulnerability was identified in the DSecRG advisory (DSecRG-09-001). Exploitation was demonstrated via crafted UR...

5.5CVSS7.7AI score0.01018EPSS
Web
CVE
CVE
added 2008/01/17 10:0 p.m.81 views

CVE-2008-0343

CVE-2008-0343 concerns an unspecified vulnerability in the Oracle Spatial component affecting Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, and 10.1.0.5. The description notes unknown impact and remote attack vectors (DB06). Public references list multiple advisories; the NVD entry assigns a...

10CVSS8.9AI score0.02625EPSS
CVE
CVE
added 2005/01/19 5:0 a.m.80 views

CVE-2004-1364

CVE-2004-1364 is an Oracle extproc directory traversal vulnerability affecting Oracle 9i and 10g. The flaw allows remote attackers to access arbitrary libraries outside the $ORACLE_HOME/bin directory by leveraging the extproc mechanism, potentially executing OS commands with the privileges of the...

8.5CVSS9.1AI score0.13782EPSS
CVE
CVE
added 2007/10/17 11:0 p.m.80 views

CVE-2007-5526

Technical details about CVE-2007-5526 are not publicly provided in the supplied documents; no affected product/version or impact specifics are stated. Monitor for updates.

10CVSS8.9AI score0.02238EPSS
CVE
CVE
added 2005/01/19 5:0 a.m.79 views

CVE-2004-1369

CVE-2004-1369 concerns the TNS Listener in Oracle 10g. The vulnerability allows remote attackers to cause a denial of service (listener crash) by sending a malformed service_register_NSGR request, where a value is used as an invalid offset for a pointer that references incorrect memory. The prima...

5CVSS8.9AI score0.0564EPSS
CVE
CVE
added 2008/07/15 11:0 p.m.79 views

CVE-2008-2609

CVE-2008-2609 affects Oracle Portal in Oracle Application Server (9.0.4.3, 10.1.2.3, 10.1.4.2). The CPU July 2008 advisory indicates this vulnerability is exploitable remotely over HTTP without authentication, with a CVSS v2 base score of 6.4 (Network, Low complexity, No authentication; Confident...

6.4CVSS8.8AI score0.0129EPSS
CVE
CVE
added 2005/04/19 4:0 a.m.78 views

CVE-2004-1774

CVE-2004-1774: Buffer overflow in the MD2 package’s SDO_CODE_SIZE function (MDSYS.MD2.SDO_CODE_SIZE) on Oracle Database 10g before 10.1.0.2 Patch 2. The overflow is triggered by a long LAYER parameter, enabling arbitrary code execution. Public documentation indicates vulnerable Oracle 10g configu...

7.2CVSS8.9AI score0.02672EPSS
CVE
CVE
added 2005/01/19 5:0 a.m.77 views

CVE-2004-1366

CVE-2004-1366 affects Oracle 10g Database Server, where the password for the SYSMAN account is stored in cleartext in the world-readable emoms.properties file. This local-access weakness could allow unprivileged or local users to gain DBA privileges. No explicit remediation version or patch is pr...

4.6CVSS9.1AI score0.15495EPSS
CVE
CVE
added 2006/01/18 11:0 a.m.77 views

CVE-2006-0289

CVE-2006-0289 concerns Oracle Application Server 6.0.8.26 (PS17) and related E-Business Suite/Applications 11.5.10 with multiple vulnerabilities in Oracle Reports Developer (REP05/REP06). Connected sources link REP05 to CVE-2005-2378 (directory traversal for read access) and REP06 to CVE-2005-237...

10CVSS9.5AI score0.1086EPSS
CVE
CVE
added 2007/04/18 6:0 p.m.77 views

CVE-2007-2123

Technical details about CVE-2007-2123 are not publicly available in the provided documents. The entries describe an unspecified vulnerability in Oracle Portal across multiple versions; no root cause, impact, or remediation is disclosed here. Monitor for updates.

10CVSS9AI score0.02238EPSS
CVE
CVE
added 2002/03/15 5:0 a.m.76 views

CVE-2001-1216

CVE-2001-1216 affects Oracle 9i Application Server’s PL/SQL Apache module (mod_plsql). A buffer overflow in the mod_plsql/PLSQL path can be triggered by a long request for a help page, allowing remote attackers to execute arbitrary code or cause a crash. The vulnerability is tied to Oracle 9iAS’s...

7.5CVSS9.4AI score0.08547EPSS
CVE
CVE
added 2005/01/19 5:0 a.m.76 views

CVE-2004-1367

CVE-2004-1367 affects Oracle 10g Database Server. When installed with a password containing an exclamation point for the DBSNMP or SYSMAN user, an error is logged to the world‑readable postDBCreation.log, potentially exposing the password to local users who could use it against SYS or SYSTEM acco...

4.4CVSS9AI score0.07275EPSS
CVE
CVE
added 2005/01/19 5:0 a.m.74 views

CVE-2004-1365

CVE-2004-1365 affects Oracle 9i/10g extproc. The vulnerability allows local users to load a library or execute a function without authentication, enabling arbitrary commands to run as the Oracle user. This is documented in the NVD entry and reflected in related Nessus/NVD references.

4.6CVSS9.2AI score0.07362EPSS
CVE
CVE
added 2007/04/18 6:0 p.m.74 views

CVE-2007-2130

CVE-2007-2130 describes an unspecified vulnerability in Oracle’s Workflow Cartridge affecting Oracle Database Server (9.2.0.1, 10.1.0.2, 10.2.0.1), Application Server (9.0.4.3, 10.1.2.0.2), Collaboration Suite (10.1.2), and E-Business Suite. The description indicates unknown impact and remote aut...

9CVSS8.7AI score0.02527EPSS
CVE
CVE
added 2008/01/17 10:0 p.m.74 views

CVE-2008-0340

CVE-2008-0340 concerns Oracle Database with multiple unspecified vulnerabilities affecting the Advanced Queuing (DB02) and Oracle Spatial (DB04) components across several versions (e.g., 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3). The description notes unknown impact and remote attack...

10CVSS9.2AI score0.02625EPSS
CVE
CVE
added 2008/01/17 10:0 p.m.74 views

CVE-2008-0344

Technical details about CVE-2008-0344 are not publicly available in the provided documents. The records note an unspecified vulnerability in the Oracle Spatial component with unknown impact; monitor for updates.

10CVSS8.9AI score0.02625EPSS
CVE
CVE
added 2005/01/19 5:0 a.m.73 views

CVE-2004-1370

CVE-2004-1370 is a set of confirmed SQL injection vulnerabilities in Oracle 9i/10g that affect PL/SQL procedures running with definer rights. The flaws allow remote attackers to execute arbitrary SQL commands and potentially gain privileges via the following procedures: DBMS_EXPORT_EXTENSION, WK_...

7.5CVSS10AI score0.03856EPSS
CVE
CVE
added 2006/02/04 11:0 a.m.73 views

CVE-2006-0552

Technical details about CVE-2006-0552 (affected Oracle Net Listener, impact, exploitability, and fix) are not publicly provided in the supplied documents; monitor for official advisories for concrete information.

7.5CVSS9.2AI score0.04835EPSS
CVE
CVE
added 2006/10/18 1:0 a.m.73 views

CVE-2006-5361

Technical details for CVE-2006-5361 are not publicly provided in the supplied documents; monitor for updates.

10CVSS9.1AI score0.0231EPSS
CVE
CVE
added 2006/01/18 11:0 a.m.72 views

CVE-2006-0282

Technical details for CVE-2006-0282 are not publicly provided in the supplied documents. Monitor for updates from official advisories; the OpenVAS/Nessus entries reference the CVE but do not list affected versions, vectors, or fixes.

10CVSS9.1AI score0.05029EPSS
Total number of security vulnerabilities198