37 matches found
CVE-2009-0992
CVE-2009-0992 affects Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.7 in the Advanced Queuing DBMS_AQIN package. The issue is described as a SQL injection vulnerability in the DEQ_EXEJOB procedure due to improper input handling. This can impact confidentiality and integrity for remote-authentica...
CVE-2009-0985
CVE-2009-0985 maps to an unspecified vulnerability in the Core RDBMS component of Oracle Database versions 10.1.0.5, 10.2.0.4 and 11.1.0.6. The NVD entry notes that remote authenticated users with the IMP_FULL_DATABASE role can affect confidentiality, integrity and availability. Connected documen...
CVE-2009-0991
CVE-2009-0991 is a vulnerability in the Oracle Database TNS Listener (Listener component) that allows remote attackers to cause a denial of service by sending crafted TNS packets. The vulnerability affects Oracle Database versions including 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7, an...
CVE-2008-3976
Technical details for CVE-2008-3976 are not provided in the supplied documents. No affected product versions, root cause, or remediation are specified here. Monitor for updates from authoritative sources.
CVE-2008-3983
CVE-2008-3983 is a SQL injection vulnerability in Oracle Database Server’s Workspace Manager component (SYS.LT) affecting 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3, and 11.1.0.6. The flaw allows a remote authenticated user to affect confidentiality and integrity via SYS.LT.MERGEWORKSPACE (and relate...
CVE-2009-0975
Oracle Workspace Manager contains a SQL injection in SYS.LT.ROLLBACKWORKSPACE (CVE-2009-0978) that can be exploited by any user with execute privilege on the vulnerable package to run privileged SQL statements. The CVE-2009-0975 entry is the related, unspecified vulnerability. The connected docum...
CVE-2008-3979
CVE-2008-3979 is an Oracle Database issue affecting the Spatial component in Oracle Database 10.1.0.5 and 10.2.0.2. The vulnerability exists in the MDSYS.SDO_TOPO_DROP_FTBL trigger, where an SQL injection flaw could be exploited by a remote authenticated user to escalate privileges (potentially t...
CVE-2009-0986
CVE-2009-0986 affects Oracle Database Workspace Manager in versions 10.2.0.4 and 11.1.0.6. Described as an unspecified vulnerability allowing remote authenticated access to affect confidentiality, integrity, and availability via unknown vectors. Public materials tie this CVE to Oracle’s April 200...
CVE-2009-0977
The CVE-2009-0977 issue is an Oracle Database SQL injection vulnerability in the DBMS_AQADM_SYS.GRANT_TYPE_ACCESS procedure. Public docs state a SQL injection exists due to insufficient input validation, allowing a remote attacker with valid credentials to inject and execute SQL within the databa...
CVE-2008-3973
Technical details about CVE-2008-3973 are not publicly provided in the connected documents. They note an unspecified vulnerability in the SQL*Plus Windows GUI with limited information; monitor Oracle CPU advisories and vendor updates for specifics.
CVE-2008-3982
CVE-2008-3982 concerns SQL injection in Oracle Workspace Manager (Workspace Manager component) of Oracle Database. Connected sources document concrete exploits in SYS.LT.* procedures (COMPRESSWORKSPACE, MERGEWORKSPACE, REMOVEWORKSPACE) that allow an attacker with execute privilege to inject SQL, ...
CVE-2008-3996
Oracle Database Change Data Capture vulnerability in SYS.DBMS_CDC_IPUBLISH.ALTER_HOTLOG_INTERNAL_CSOURCE allows SQL injection exploitable by any user with EXECUTE privilege on the package (10gR1, 10gR2, 11gR1). Remote attacker can execute injected SQL with SYS privileges; fix available via Octobe...
CVE-2008-3999
CVE-2008-3999 affects the Oracle Database OLAP component (versions 9.2.0.8, 9.2.0.8DV, and 10.1.0.5). The issue is described as an unspecified vulnerability related to SYS.OLAPIMPL_T that could allow remote authenticated users to affect availability. Exploitation details are not provided in the s...
CVE-2008-4015
CVE-2008-4015 affects Oracle Database 10.1.0.5 in the Oracle Streams component, with the vulnerability related to SYS.DBMS_STREAMS_AUTH, allowing remote authenticated users to impact confidentiality and integrity. The issue is documented with a CVSS v2 base score of 5.5 (Network attack, low compl...
CVE-2009-0978
CVE-2009-0978 affects Oracle Database Workspace Manager: a SQL injection flaw in the SYS.LT.ROLLBACKWORKSPACE procedure can allow a user with execute privilege on SYS.LT.ROLLBACKWORKSPACE to run privileged SQL via crafted calls. The public material references a Metasploit module exploiting this v...
CVE-2008-3994
CVE-2008-3994 affects Oracle Database: Workspace Manager component (LTADM) in versions 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3, and 11.1.0.6. The root cause is an SQL injection vulnerability in LTADM (WP/WMSYS owner) that can be triggered by remote authenticated users, potentially compromising con...
CVE-2008-5439
CVE-2008-5439 concerns Oracle Database 10.2.0.4, specifically the SQL*Plus Windows GUI component. The vulnerability is described as unspecified, allowing remote authenticated users to affect confidentiality via unknown vectors. The NVD entry assigns a CVSS v2 base score of 4.0 (Medium) with netwo...
CVE-2008-2624
CVE-2008-2624 affects the Oracle OLAP component of Oracle Database 10.1.0.5. The vulnerability is described as an unspecified issue that could allow remote authenticated users to compromise confidentiality, integrity, and availability via unknown vectors. Connected sources indicate this CVE was a...
CVE-2008-3992
CVE-2008-3992 involves an unspecified vulnerability in the Oracle Data Mining component of Oracle Database 10.2.0.4, allowing remote authenticated users to affect confidentiality and integrity (related to DMSYS.DBMS_DM_EXP_INTERNAL). Connected documents confirm this CVE is among Oracle’s October ...
CVE-2008-3991
The CVE-2008-3991 entry concerns an unspecified vulnerability in the Oracle OLAP component of Oracle Database versions 9.2.08, 9.2.0.8DV, and 10.1.0.5, related to OLAPSYS.CWM2_OLAP_AW_AWUTIL. The impact stated is availability via remote authenticated access. The provided documents do not include ...
CVE-2008-3995
CVE-2008-3995 affects Oracle Database (10gR1/10gR2/11gR1) Change Data Capture component. The root cause is an SQL injection in SYS.DBMS_CDC_PUBLISH.ALTER_AUTOLOG_CHANGE_SOURCE, exploitable by any user with EXECUTE privilege on the package. Impact per sources: remote authenticated access that can ...
CVE-2008-5437
CVE-2008-5437 affects the Job Queue component in Oracle Database (versions 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, 11.1.0.6). The vulnerability allows remote authenticated users to impact confidentiality and integrity via the DBMS_IJOB interface. Root cause details are not provided in the given d...
CVE-2008-3984
CVE-2008-3982, CVE-2008-3983, and CVE-2008-3984 are SQL injection flaws in Oracle Workspace Manager (SYS.LT.*: MERGEWORKSPACE, COMPRESSWORKSPACE, REMOVEWORKSPACE) that allow a remote authenticated user to affect confidentiality and integrity. Public details show Metasploit modules targeting SYS.L...
CVE-2008-3978
Oracle CVE-2008-3978 affects Oracle Database 10.1.0.5, specifically the Spatial component. The vulnerability is described as unspecified and exploitable by remote authenticated users, potentially impacting confidentiality and integrity via unknown vectors. The connected sources indicate Oracle’s ...
CVE-2008-3980
CVE-2008-3980 affects Oracle Database 10.1.0.5 and 10.2.0.3, specifically the Upgrade component. The vulnerability allows remote authenticated users to impact confidentiality and integrity via unknown vectors; the exact vectors/conditions are not detailed in the provided documents. Oracle’s Octob...
CVE-2008-3990
CVE-2008-3990 affects the Oracle OLAP component in Oracle Database 9.2.08, 9.2.0.8DV, and 10.1.0.5. The issue allows remote authenticated users to affect availability and is linked to OLAPSYS.CWM2_OLAP_AW_AWUTIL; it is a separate vulnerability from CVE-2008-3991. The connected documents confirm t...
CVE-2009-0976
CVE-2009-0976 affects Oracle Database’s Workspace Manager component in versions 10.2.0.4 and 11.1.0.6 . The description notes an unspecified vulnerability that allows remote authenticated users to impact confidentiality and integrity , related to LTADM. Oracle issued the April 2009 Critical Patch...
CVE-2008-1815
CVE-2008-1815: Affects Oracle Database 10.1.0.5, 10.2.0.3, and 11.1.0.6 in the Change Data Capture (CDC) component. The vulnerability involves DBMS_CDC_UTILITY (DB02) with remote authenticated access; the impact is unspecified in the sources, and the exact root cause is not clearly defined. Oracl...
CVE-2008-3997
CVE-2008-3997 describes an unspecified vulnerability in the Oracle OLAP component of Oracle Database 10.1.0.5 and 10.2.0.3, related to SYS.DBMS_XSOQ_ODBO, that allows a remote authenticated user to affect availability. The issue is evidenced by iDefense and Oracle CPU advisory references, which i...
CVE-2009-0984
The CVE concerns Oracle Database Database Vault (versions 9.2.0.8DV, 10.2.0.4, 11.1.0.6). The vulnerability is described as unspecified but affects confidentiality and integrity via DBMS_SYS_SQL when exploited by remote authenticated users. Connected documents confirm this CVE is included in the ...
CVE-2008-1820
CVE-2008-1820 affects Oracle Database Data Pump: vulnerable in versions 9.2.0.8, 10.1.0.5, 10.2.0.3, and 11.1.0.6. The impact is unspecified with remote vectors related to KUPF$FILE_INT, and there are researcher claims of a buffer overflow in SYS.KUPF$FILE_INT.GET_FULL_FILENAME; no confirmation o...
CVE-2008-5436
CVE-2008-5436 affects the Oracle OLAP component in Oracle Database versions 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.4. The vulnerability is described as an unspecified issue allowing remote authenticated users to affect integrity and availability via unknown vectors. The connected documents conf...
CVE-2008-2625
CVE-2008-2625 is an Oracle Database proxy-authentication bypass affecting the Core RDBMS. The connected sources describe an authentication bypass through TNS proxy login, allowing a new connection to impersonate an existing session without passwords. Affected products/versions cited include Oracl...
CVE-2009-0973
CVE-2009-0973 affects Oracle Database 10.1.0.5 specifically the Cluster Ready Services component. The available data characterizes it as an unspecified vulnerability that could allow remote attackers to impact availability via unknown vectors. There are no exploitation details provided in the doc...
CVE-2008-3989
CVE-2008-3989 describes an unspecified vulnerability in the Oracle Data Mining component of Oracle Database 10.2.0.3, related to DMSYS.ODM_MODEL_UTIL, that allows remote authenticated users to affect confidentiality, integrity, and availability. The connected material names Oracle’s October 2008 ...
CVE-2009-0980
The CVE-2009-0980 entry concerns Oracle Database 10.2.0.3 and 11.1.0.6 with an unspecified vulnerability in the SQLX Functions component (related to AGGXQIMP). Affected software: Oracle Database 10.2.0.3 and 11.1.0.6, specifically the SQLX Functions. Root cause/details are not fully disclosed in ...
CVE-2008-2595
CVE-2008-2595 : A pre-authentication denial-of-service vulnerability exists in Oracle Internet Directory (LDAP) within Oracle Application Server 9.0.4.3, 10.1.2.3, and 10.1.4.2. The issue is caused by a NULL pointer dereference when processing malformed LDAP requests, leading to a crash of the vu...