25 matches found
CVE-2008-1813
CVE-2008-1813 covers multiple unspecified vulnerabilities in Oracle Database versions 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3. The description notes remote unauthenticated or authenticated attack vectors affecting several components: SYS.DBMS_AQ (Advanced Queuing), Core RDBMS, S...
CVE-2009-0991
CVE-2009-0991 is a vulnerability in the Oracle Database TNS Listener (Listener component) that allows remote attackers to cause a denial of service by sending crafted TNS packets. The vulnerability affects Oracle Database versions including 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7, an...
CVE-2008-2587
CVE-2008-2587 affects Oracle Database Advanced Replication in 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3. The vulnerability allows local access to read trace files (local attack vector) with a low impact (read access, Partial confidentiality). CVSS 2.0 base score is 1.5 (LOW). The ...
CVE-2008-2607
CVE-2008-2607 concerns Oracle Database Advanced Queuing (SYS.DBMS_AQELM). The CVE entry notes an unspecified vulnerability in Oracle Database versions 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.6 with remote authenticated attack vectors related to SYS.DBMS_AQELM. The public material refer...
CVE-2008-3976
Technical details for CVE-2008-3976 are not provided in the supplied documents. No affected product versions, root cause, or remediation are specified here. Monitor for updates from authoritative sources.
CVE-2008-3983
CVE-2008-3983 is a SQL injection vulnerability in Oracle Database Server’s Workspace Manager component (SYS.LT) affecting 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3, and 11.1.0.6. The flaw allows a remote authenticated user to affect confidentiality and integrity via SYS.LT.MERGEWORKSPACE (and relate...
CVE-2009-0979
CVE-2009-0979 maps to a buffer overflow in Oracle Database 9i/9.2 Resource Manager, specifically in the plan name parameter used by ALTER SYSTEM SET RESOURCE_MANAGER_PLAN and SYS.DBMS_RESOURCE_MANAGER.SWITCH_PLAN. The vulnerability allows a remote attacker with database authentication (needs ALTE...
CVE-2009-0977
The CVE-2009-0977 issue is an Oracle Database SQL injection vulnerability in the DBMS_AQADM_SYS.GRANT_TYPE_ACCESS procedure. Public docs state a SQL injection exists due to insufficient input validation, allowing a remote attacker with valid credentials to inject and execute SQL within the databa...
CVE-2008-3982
CVE-2008-3982 concerns SQL injection in Oracle Workspace Manager (Workspace Manager component) of Oracle Database. Connected sources document concrete exploits in SYS.LT.* procedures (COMPRESSWORKSPACE, MERGEWORKSPACE, REMOVEWORKSPACE) that allow an attacker with execute privilege to inject SQL, ...
CVE-2008-2591
CVE-2008-2591 affects Oracle Database Vault (Oracle Database 9.2.0.8DV, 10.2.0.3, 11.1.0.6). The issue is listed in Oracle’s July 2008 CPU and tied to the Database Vault component, with remote authenticated attack vectors and partial impact on confidentiality, integrity, and availability. The CPU...
CVE-2008-3999
CVE-2008-3999 affects the Oracle Database OLAP component (versions 9.2.0.8, 9.2.0.8DV, and 10.1.0.5). The issue is described as an unspecified vulnerability related to SYS.OLAPIMPL_T that could allow remote authenticated users to affect availability. Exploitation details are not provided in the s...
CVE-2008-3994
CVE-2008-3994 affects Oracle Database: Workspace Manager component (LTADM) in versions 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3, and 11.1.0.6. The root cause is an SQL injection vulnerability in LTADM (WP/WMSYS owner) that can be triggered by remote authenticated users, potentially compromising con...
CVE-2008-1819
CVE-2008-1819 concerns an unspecified vulnerability in the Oracle Net Services component of Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3 (DB09). The connected sources confirm the affected product area as Oracle Database with Net Services, but do not provide concrete details on root cause, expl...
CVE-2008-3991
The CVE-2008-3991 entry concerns an unspecified vulnerability in the Oracle OLAP component of Oracle Database versions 9.2.08, 9.2.0.8DV, and 10.1.0.5, related to OLAPSYS.CWM2_OLAP_AW_AWUTIL. The impact stated is availability via remote authenticated access. The provided documents do not include ...
CVE-2008-5437
CVE-2008-5437 affects the Job Queue component in Oracle Database (versions 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, 11.1.0.6). The vulnerability allows remote authenticated users to impact confidentiality and integrity via the DBMS_IJOB interface. Root cause details are not provided in the given d...
CVE-2008-3984
CVE-2008-3982, CVE-2008-3983, and CVE-2008-3984 are SQL injection flaws in Oracle Workspace Manager (SYS.LT.*: MERGEWORKSPACE, COMPRESSWORKSPACE, REMOVEWORKSPACE) that allow a remote authenticated user to affect confidentiality and integrity. Public details show Metasploit modules targeting SYS.L...
CVE-2008-3990
CVE-2008-3990 affects the Oracle OLAP component in Oracle Database 9.2.08, 9.2.0.8DV, and 10.1.0.5. The issue allows remote authenticated users to affect availability and is linked to OLAPSYS.CWM2_OLAP_AW_AWUTIL; it is a separate vulnerability from CVE-2008-3991. The connected documents confirm t...
CVE-2009-0984
The CVE concerns Oracle Database Database Vault (versions 9.2.0.8DV, 10.2.0.4, 11.1.0.6). The vulnerability is described as unspecified but affects confidentiality and integrity via DBMS_SYS_SQL when exploited by remote authenticated users. Connected documents confirm this CVE is included in the ...
CVE-2008-1812
CVE-2008-1812 affects the Oracle Enterprise Manager component in Oracle Database 9.0.1.5 FIPS+, Application Server 1.0.2.2, and Enterprise Manager for AS 1.0.2.2 and Database 9.0.1.5. The vulnerability is described as unspecified with unknown impact and local attack vectors (EM01). The connected ...
CVE-2008-1817
CVE-2008-1817 affects Oracle Database versions 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3, and 11.1.0.6 with remote attack vectors in (1) SDO_IDX (Spatial) and (2) Core RDBMS (DB10). The issue is described as multiple unspecified vulnerabilities with unknown impact; Oracle’s CPU notes ...
CVE-2008-1820
CVE-2008-1820 affects Oracle Database Data Pump: vulnerable in versions 9.2.0.8, 10.1.0.5, 10.2.0.3, and 11.1.0.6. The impact is unspecified with remote vectors related to KUPF$FILE_INT, and there are researcher claims of a buffer overflow in SYS.KUPF$FILE_INT.GET_FULL_FILENAME; no confirmation o...
CVE-2008-5436
CVE-2008-5436 affects the Oracle OLAP component in Oracle Database versions 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.4. The vulnerability is described as an unspecified issue allowing remote authenticated users to affect integrity and availability via unknown vectors. The connected documents conf...
CVE-2008-2625
CVE-2008-2625 is an Oracle Database proxy-authentication bypass affecting the Core RDBMS. The connected sources describe an authentication bypass through TNS proxy login, allowing a new connection to impersonate an existing session without passwords. Affected products/versions cited include Oracl...
CVE-2008-3974
CVE-2008-3974 concerns a buffer overflow in Oracle Database’s OLAP SYS.OLAPIMPL_T ODCITABLESTART procedure. Exploitation requires a user with EXECUTE privilege on SYS.OLAPIMPL_T and remote access to the Oracle server; a crafted SQL statement can allow arbitrary code execution or DoS on vulnerable...
CVE-2008-2595
CVE-2008-2595 : A pre-authentication denial-of-service vulnerability exists in Oracle Internet Directory (LDAP) within Oracle Application Server 9.0.4.3, 10.1.2.3, and 10.1.4.2. The issue is caused by a NULL pointer dereference when processing malformed LDAP requests, leading to a crash of the vu...