Lucene search
+L
OracleDatabase Server

516 matches found

CVE
CVE
added 2012/05/03 5:18 p.m.57 views

CVE-2012-0512

CVE-2012-0512 is a SQL Injection vulnerability in Oracle Enterprise Manager components (Database Control 11.1.0.7, 11.2.0.2 and Grid Control 10.2.0.4/earlier) related to the compareWizFirstConfig page. The flaw allows remote, authenticated attackers to execute SQL with SYSMAN privileges via the f...

5.5CVSS5.2AI score0.01097EPSS
CVE
CVE
added 2012/07/17 10:39 p.m.57 views

CVE-2012-3134

CVE-2012-3134 affects Oracle Database Server core RDBMS component for versions 11.1.0.7, 11.2.0.2, and 11.2.0.3. The vulnerability is described as enabling remote authenticated users to impact availability via unknown vectors. Exploitation details are not provided in the supplied documents; no ex...

4CVSS5.7AI score0.0144EPSS
CVE
CVE
added 2013/04/17 12:10 p.m.57 views

CVE-2013-1519

CVE-2013-1519 affects the Oracle Application Express component in Oracle Database Server prior to 4.2.1, potentially allowing a remote attacker to impact integrity through unknown vectors. The description is general and does not specify affected configurations beyond the 4.2.1 cutoff, nor explici...

5CVSS6.1AI score0.01408EPSS
CVE
CVE
added 2002/02/02 5:0 a.m.56 views

CVE-2001-0941

CVE-2001-0941 is a vulnerability in Oracle’s dbsnmp where a buffer overflow occurs in versions 8.0.6 through 9.0.1. The flaw allows local users to execute arbitrary code by supplying a long ORACLE_HOME environment variable, indicating the overflow happens via environment data passed to dbsnmp. Af...

4.6CVSS7.4AI score0.01663EPSS
CVE
CVE
added 2006/04/20 10:0 a.m.56 views

CVE-2006-1867

Technical details for CVE-2006-1867 are not publicly available in the provided documents. The entries reference Oracle 9.2.0.6 Advanced Replication with unknown impact and attack vectors. Monitor for authoritative updates and vendor advisories.

10CVSS6AI score0.04021EPSS
CVE
CVE
added 2006/04/20 10:0 a.m.56 views

CVE-2006-1871

CVE-2006-1871 is a SQL injection vulnerability in Oracle Database Server (versions 9.2.0.7 and 10.1.0.5) that allows remote attackers to execute arbitrary SQL commands via the DELETE_FROM_TABLE function in the DBMS_LOGMNR_SESSION (Log Miner) package. The issue is documented with an impact assessm...

6.5CVSS7.9AI score0.02276EPSS
CVE
CVE
added 2006/07/19 10:0 a.m.56 views

CVE-2006-3702

CVE-2006-3702 covers multiple Oracle Database vulnerabilities across versions 8.1.7.4, 9.0.1.5, 9.2.0.7, 10.1.0.5, and 10.2.0.2 with unspecified impact/attack vectors. Connected sources tie DB06 to a SQL injection-style issue in DBMS_EXPORT_EXTENSION, specifically GET_DOMAIN_INDEX_METADATA, which...

10CVSS6.4AI score0.04234EPSS
CVE
CVE
added 2006/10/18 1:0 a.m.56 views

CVE-2006-5342

CVE-2006-5342 pertains to an unspecified vulnerability in Oracle Spatial within Oracle Database 9.0.1.5, 9.2.0.6, and 10.1.0.3. The impact is unknown and it involves remote authenticated access vectors tied to mdsys.sdo_tune; there are reports suggesting the issue could be related to SQL injectio...

7.1CVSS6.6AI score0.02382EPSS
CVE
CVE
added 2007/04/18 6:0 p.m.56 views

CVE-2007-2111

CVE-2007-2111 describes an SQL injection vulnerability in Oracle Database affecting SYS.DBMS_AQADM_SYS, with vulnerable versions 9.0.1.5, 9.2.0.7, and 10.1.0.5. The issue allows remote authenticated users to inject arbitrary SQL via unknown vectors (DB04). According to the NVD entry, the CVSS bas...

6.5CVSS7.1AI score0.02591EPSS
CVE
CVE
added 2007/10/17 11:0 p.m.56 views

CVE-2007-5510

CVE-2007-5511 relates to an SQL injection vulnerability in Oracle Database's SYS.LT.FINDRICSET function (Workspace/ LT package), exploitable via an Evil Cursor technique to escalate privileges to SYS. Reported for Oracle Database around 10g (pre-10.2.0.x), with exploitation potentially performed ...

6.5CVSS6.4AI score0.02032EPSS
CVE
CVE
added 2007/10/17 11:0 p.m.56 views

CVE-2007-5512

CVE-2007-5512 is described as an unspecified vulnerability in the Oracle Database Vault component of Oracle Database 9.2.0.8DV and 10.2.0.3 with unknown impact and remote attack vectors. Connected documents indicate Oracle’s October 2007 CPU patch bundle addresses multiple issues including Oracle...

7.5CVSS6.2AI score0.02661EPSS
CVE
CVE
added 2003/04/02 5:0 a.m.55 views

CVE-2002-0856

The CVE-2002-0856 entry concerns the SQL*NET listener in Oracle Net for Oracle9i (versions 9.0.x and 9.2). The vulnerability is a denial-of-service caused by handling of certain debug requests in the debugging feature, which are not processed correctly, allowing remote attackers to crash the serv...

5CVSS6.8AI score0.02695EPSS
CVE
CVE
added 2002/08/20 4:0 a.m.55 views

CVE-2002-0857

The CVE-2002-0857 entry describes a format-string vulnerability in Oracle’s Listener Control Utility (LSNRCTL) used to administer Listeners. Affects Oracle 9.2 and 9.0, 8.1, and 7.3.4; by inserting format specifiers into the Listener configuration (listener.ora) or supplying crafted commands, an ...

7.5CVSS7.4AI score0.13789EPSS
CVE
CVE
added 2005/11/02 11:0 a.m.55 views

CVE-2005-3444

The CVE-2005-3444 entry concerns Oracle Database Server (8i–9.2.0.5) with multiple unspecified vulnerabilities in the Programmatic Interface. The description notes unknown impact and attack vectors. The CVSS data provided indicates a high-severity base score (10.0) with network attack vector and ...

10CVSS6.8AI score0.05144EPSS
CVE
CVE
added 2006/04/20 10:0 a.m.55 views

CVE-2006-1866

CVE-2006-1866 affects Oracle Database Server 8.1.7.4, 9.0.1.5, 9.2.0.7, 10.1.0.5 and other versions, with unknown impact/attack vectors in (1) Advanced Replication (DB01) and (2) Oracle Spatial (DB10). Oracle reportedly did not publicly disclose details as of 20060421, but claims exist that DB01 ...

9.7CVSS7.4AI score0.0486EPSS
CVE
CVE
added 2006/04/20 10:0 a.m.55 views

CVE-2006-1870

CVE-2006-1870 concerns Oracle Database Server components’ Export functionality (DB05) with an issue in the DBMS_EXPORT_EXTENSION package. Connected documents provide concrete details for CVE-2006-2081, which states that the issue allows local users to execute arbitrary SQL through GET_DOMAIN_INDE...

9CVSS5.9AI score0.04609EPSS
CVE
CVE
added 2006/10/18 1:0 a.m.55 views

CVE-2006-5335

CVE-2006-5335 affects Oracle Database 10.1.0.5 and 10.2.0.2, with issues reported in the CDC and Spatial areas. The linked CERT entry attributes a PL/SQL injection-style vulnerability to the SYS.DBMS_CDC_IMPDP package, tied to BUMP_SEQUENCE (DB04) and related CDC/Spatial procedures (CREATE_SUBSCR...

9CVSS7AI score0.03131EPSS
CVE
CVE
added 2007/04/18 6:0 p.m.55 views

CVE-2007-2115

CVE-2007-2115 affects Oracle Database CDC (Change Data Capture) in versions 9.2.0.7, 10.1.0.5, and 10.2.0.2. The connected documents indicate multiple SQL injection vulnerabilities in DBMS_CDC_PUBLISH, triggered by remote authenticated vectors involving the CDC.jar Java classes. The impact is des...

6.8CVSS6.9AI score0.03034EPSS
CVE
CVE
added 2010/04/13 10:0 p.m.55 views

CVE-2010-0852

CVE-2010-0852 affects Oracle Database XML DB component across versions 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3. The vulnerability is described as unspecified, allowing remote authenticated users to affect confidentiality and integrity via unknown vectors. The connected NVD entry provides a CVS...

5.5CVSS5.5AI score0.01984EPSS
CVE
CVE
added 2010/04/13 10:0 p.m.55 views

CVE-2010-0860

CVE-2010-0860 affects Oracle Database Core RDBMS components in 9.2.0.8 (and DV variants), 10.1.0.5, 10.2.0.4, and 11.1.0.7. The vulnerability allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to the Create User privilege. The issu...

7.1CVSS5.6AI score0.02646EPSS
CVE
CVE
added 2001/11/22 5:0 a.m.54 views

CVE-2001-0831

The CVE-2001-0831 issue concerns Oracle Label Security in Oracle 8.1.7 and 9.0.1. The vulnerability is triggered when audit functionality, SET_LABEL, or SQL*Predicate is used, enabling local users to gain additional access. This is a local privilege escalation vulnerability affecting the listed O...

4.6CVSS6.5AI score0.00562EPSS
CVE
CVE
added 2005/11/02 11:0 a.m.54 views

CVE-2005-3438

Oracle Database vulnerability CVE-2005-3438 involves a buffer overflow in the built-in package sys.pbsde.init, affecting Oracle Database Server 9i up to 10.1.0.4.2. Exploitation could allow execution of arbitrary code or a denial-of-service condition, with exploits documented for 10g (10.1.0.2) a...

10CVSS7AI score0.05866EPSS
CVE
CVE
added 2006/01/18 11:0 a.m.54 views

CVE-2006-0268

The CVE-2006-0268 entry concerns an unspecified vulnerability in the Security component of Oracle Database Server, affecting Oracle versions 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.6, and 10.1.0.4. The connected OpenVAS/Nessus references corroborate Oracle Database multiple vulnerabilities, but the exact ro...

9CVSS6.3AI score0.04049EPSS
CVE
CVE
added 2006/02/04 2:0 a.m.54 views

CVE-2006-0551

Technical details for CVE-2006-0551 are not publicly provided in the supplied documents. Monitoring for updates is advised, as the corpus does not specify affected versions, vectors, or remediation information.

7.5CVSS7.6AI score0.04278EPSS
CVE
CVE
added 2006/07/19 10:0 a.m.54 views

CVE-2006-3703

CVE-2006-3703 concerns InterMedia for Oracle Database across versions 9.0.1.5, 9.2.0.6, and 10.1.0.4. The description in the NVD entry characterizes this as an unspecified vulnerability with unknown impact and attack vectors, and the connected data confirms InterMedia as the affected component wi...

9CVSS6.4AI score0.03321EPSS
CVE
CVE
added 2006/10/18 1:0 a.m.54 views

CVE-2006-5337

CVE-2006-5337 affects Oracle Database Core RDBMS in versions 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.2. The issue is described as an unspecified vulnerability in the Core RDBMS component with unknown impact and remote authenticated attack vectors (aka Vuln# DB09). The connected documents corrobora...

9CVSS5.9AI score0.03422EPSS
CVE
CVE
added 2007/10/18 8:0 p.m.54 views

CVE-2007-5554

CVE-2007-5554 involves Oracle database servers where remote attackers can obtain server memory contents via crafted packets (Oracle reference number 7892711). The connected documents do not specify affected versions or concrete exploitation details. No remediation or mitigations are provided in t...

7.1CVSS6.3AI score0.02308EPSS
CVE
CVE
added 2007/12/06 2:0 a.m.54 views

CVE-2007-6260

CVE-2007-6260 affects Oracle 10g and llg installations where accounts are created with default passwords, enabling remote login by connecting to the Listener. The underlying cause is default credentials during setup. In practice, DBCA installations may mitigate this by disabling accounts or chang...

6.8CVSS6.5AI score0.01434EPSS
CVE
CVE
added 2009/10/22 6:0 p.m.54 views

CVE-2009-2001

CVE-2009-2001 details (Oracle DB): Unspecified vulnerability in the PL/SQL component of Oracle Database 10.2.0.4 and 11.1.0.7. Exploitation requires remote access with authentication and can affect confidentiality, integrity, and availability . The Oracle October 2009 CPU documents this as a PL/S...

6.5CVSS5.5AI score0.02314EPSS
CVE
CVE
added 2001/02/14 5:0 a.m.53 views

CVE-1999-0784

The CVE-1999-0784 entry describes a Denial of Service against Oracle TNSLSNR SQLNet Listener caused by a malformed string sent to the listener port (NERP). Affected component: Oracle TNSLSNR SQL Net Listener. The root cause is a malformed input to the listener port that can trigger a DoS. The pro...

5CVSS6.5AI score0.02828EPSS
CVE
CVE
added 2006/04/20 10:0 a.m.53 views

CVE-2006-1872

Technical details about CVE-2006-1872 are not publicly available in the provided documents. Monitor for updates from sources in connected documents; no concrete affected products, root cause, impact, or remediation can be stated from the supplied data.

7.5CVSS6AI score0.04439EPSS
CVE
CVE
added 2006/10/18 1:0 a.m.53 views

CVE-2006-5338

The CVE-2006-5338 entry concerns Oracle Database 10.1.0.5 Core RDBMS. The connected data confirms a vulnerability in the DBMS_SQLTUNE area (sys.dbms_sqltune or related internal components) that is associated with remote, authenticated access and is characterized by suspected SQL injection vectors...

9CVSS6.7AI score0.02848EPSS
CVE
CVE
added 2006/10/18 1:0 a.m.53 views

CVE-2006-5340

Oracle Database Spatial component vulnerabilities (CVE-2006-5340) affect multiple releases (8.1.7.4, 9.0.1.5, 9.2.0.8, 10.1.0.5, 10.2.0.2). The issue is linked to the MDSYS.SDO_LRS package, specifically the convert_to_lrs_layer function, and to a vulnerability elsewhere in the Spatial stack (DB17...

7.1CVSS6.9AI score0.04332EPSS
CVE
CVE
added 2007/02/27 6:0 p.m.53 views

CVE-2006-7067

CVE-2006-7067 affects Oracle 10g R2 (and possibly other versions). The vulnerability arises when an attacker can issue an invalid ALTER SESSION SET EVENTS command, which may trigger internal errors and potentially cause other impacts as described in the description. The connected documents do not...

6CVSS7AI score0.06825EPSS
CVE
CVE
added 2007/01/17 2:0 a.m.53 views

CVE-2007-0277

CVE-2007-0277 concerns Oracle Database client-only 10.1.0.4 with an unspecified vulnerability tied to the Export component (expdp/impdp). The connected documents collectively indicate the issue has unknown impact and attack vectors, with no concrete exploit details or remediation/version informat...

6.8CVSS5.9AI score0.00366EPSS
CVE
CVE
added 2009/10/22 6:0 p.m.53 views

CVE-2009-1965

CVE-2009-1965 affects Oracle Database Net Foundation Layer in 9.2.0.8 and 10.1.0.5. The vulnerability can be exploited remotely over the network via adjacent access, leading to partial confidentiality, integrity, and availability impacts. The Oracle October 2009 Critical Patch Update provides fix...

5.4CVSS6AI score0.01073EPSS
CVE
CVE
added 2006/10/18 1:0 a.m.52 views

CVE-2006-5334

CVE-2006-5334 affects Oracle Database with the Spatial component in versions 9.0.1.5, 9.2.0.7, and 10.1.0.5. The connected sources corroborate a vulnerability (DB03) with unknown impact and possible remote authenticated vectors related to mdsys.md2, including reported links to (1) a potential buf...

7.1CVSS7.2AI score0.03395EPSS
CVE
CVE
added 2007/01/17 2:0 a.m.52 views

CVE-2007-0273

No connected documents provide concrete technical details (affected product, component, root cause, impact, or remediation) for CVE-2007-0273 beyond the initial description. Technical specifics are not publicly available in the provided materials; monitor for updates.

4.3CVSS5.5AI score0.01322EPSS
CVE
CVE
added 2007/04/18 6:0 p.m.52 views

CVE-2007-2118

The CVE-2007-2118 entry concerns Oracle Database Upgrade/Downgrade component vulnerabilities in 9.0.1.5 and 9.2.0.7. The description indicates an unspecified vulnerability with unknown impact/attack vectors, and a note that claims this may be a buffer overflow in the mig utility. No additional te...

7.5CVSS6.8AI score0.03761EPSS
CVE
CVE
added 2009/10/22 6:0 p.m.52 views

CVE-2009-1997

CVE-2009-1997 concerns Oracle Database 10.2.0.3 and 11.1.0.7, with an unspecified vulnerability in the Authentication component (Oracle Net). It is remotely exploitable and can affect confidentiality via unknown vectors. The Oracle Database risk matrix lists this under the “Authentication” catego...

5CVSS5.9AI score0.02715EPSS
CVE
CVE
added 2005/06/21 4:0 a.m.51 views

CVE-2002-1767

CVE-2002-1767 describes a buffer overflow in Oracle 8i Database Server 8.1.5 for Linux, specifically in tnslsnr, that allows local users to execute arbitrary code as the oracle user via a long command line argument. The affected component is the tnslsnr process; root cause is improper handling of...

7.2CVSS7.6AI score0.03764EPSS
CVE
CVE
added 2006/04/20 10:0 a.m.51 views

CVE-2006-1873

Technical details about CVE-2006-1873 are not publicly available in the provided documents; no concrete impact, vectors, or mitigations are described. Monitor for updates as more information may be released.

9CVSS5.9AI score0.03425EPSS
CVE
CVE
added 2006/07/19 10:0 a.m.51 views

CVE-2006-3699

CVE-2006-3699 affects Oracle Database Core RDBMS components in versions 9.0.1.5 and 9.2.0.6. The description remains: an unspecified vulnerability with unknown impact/attack vectors (aka Oracle Vuln# DB02). The connected Nessus entry lists this CVE among July 2006 CPU fixes but provides no furthe...

9CVSS6.2AI score0.02556EPSS
CVE
CVE
added 2006/07/19 10:0 a.m.51 views

CVE-2006-3701

Technical details on CVE-2006-3701 are not publicly available in the provided documents. Monitor for updates.

9CVSS6.2AI score0.03321EPSS
CVE
CVE
added 2009/10/22 6:0 p.m.51 views

CVE-2009-1007

CVE-2009-1007 affects Oracle Database (Data Mining component) in 10.2.0.4. The vulnerability allows an authenticated remote user to execute commands on SYS.DMP_SYS, impacting confidentiality, integrity, and availability (partial/Partial+). The CVSS base score in NVD is 6.5 (MEDIUM) with network a...

6.5CVSS5.6AI score0.02251EPSS
CVE
CVE
added 2011/10/18 10:0 p.m.51 views

CVE-2011-3511

Oracle Database Vault (Database Vault component) on 10gR2/11gR1/11gR2 is affected by CVE-2011-3511, where users with DV_ACCTMGR or SYSDBA can bypass protections and execute OCIPasswordChange to change any user’s password. Root cause relates to privileged account handling; advisory TeamSHATTER not...

3.6CVSS5.5AI score0.01104EPSS
CVE
CVE
added 2012/01/18 10:0 p.m.51 views

CVE-2012-0082

The CVE-2012-0082 entry concerns an unspecified vulnerability in Oracle Database Server's Core RDBMS component affecting multiple versions (10.1.0.5, 10.2.0.3–10.2.0.5, 11.1.0.7, 11.2.0.2–11.2.0.3). The vulnerability allows remote authenticated users to impact integrity and availability via unkno...

5.5CVSS5.7AI score0.01899EPSS
CVE
CVE
added 2012/05/03 5:18 p.m.51 views

CVE-2012-0519

CVE-2012-0519 is an Oracle issue affecting the Core RDBMS in Oracle Database Server 11.2.0.2 on Windows. The vulnerability is described as an unspecified issue that allows remote authenticated users to impact confidentiality, integrity, and availability via unknown vectors. Connected sources refe...

7.1CVSS5.7AI score0.01713EPSS
CVE
CVE
added 2006/07/19 10:0 a.m.50 views

CVE-2006-3705

CVE-2006-3705 concerns Oracle Database 10.1.0.5 with two unnamed vulnerabilities (DB21: Statistics, DB22: Upgrade/Downgrade) that Oracle notes may be SQL injection in SYS.DBMS_STATS and SYS.DBMS_UPGRADE. The connected documents corroborate that these issues are related to SQL injection in SYS pac...

10CVSS7.4AI score0.03289EPSS
CVE
CVE
added 2007/01/17 2:0 a.m.50 views

CVE-2007-0271

CVE-2007-0271 affects Oracle Database 9.0.1.5 and 9.2.0.7 in the Log Miner component (SYS.DBMS_LOGMNR). The description notes an alleged buffer overflow in ADD_LOGFILE within SYS.DBMS_LOGMNR that could allow code execution, with oracle not disputing the researcher claim. Connected documents also ...

6.5CVSS6.9AI score0.04185EPSS
Total number of security vulnerabilities516