516 matches found
CVE-2006-1874
CVE-2006-1874 affects Oracle Database Server 8.1.7.4, 9.0.1.5, and 9.2.0.6 in the Oracle Spatial component (DB09). The issue is described as a SQL injection in MDSYS.PRVT_IDX via the functions EXECUTE_INSERT, EXECUTE_DELETE, EXECUTE_UPDATE, EXECUTE UPDATE, and CRT_DUMMY. OpenVAS/Nessus entries co...
CVE-2006-3702
CVE-2006-3702 covers multiple Oracle Database vulnerabilities across versions 8.1.7.4, 9.0.1.5, 9.2.0.7, 10.1.0.5, and 10.2.0.2 with unspecified impact/attack vectors. Connected sources tie DB06 to a SQL injection-style issue in DBMS_EXPORT_EXTENSION, specifically GET_DOMAIN_INDEX_METADATA, which...
CVE-2006-5339
CVE-2006-5339 affects the Oracle Spatial component of Oracle Database (versions 8.1.7.4, 9.0.1.5, 9.2.0.7, 10.1.0.4). The vulnerability is linked to the mdsys.sdo_geom path and is related to a suspected length-checking issue before MD2.RELATE is called, as reported by third parties. The described...
CVE-2006-5342
CVE-2006-5342 pertains to an unspecified vulnerability in Oracle Spatial within Oracle Database 9.0.1.5, 9.2.0.6, and 10.1.0.3. The impact is unknown and it involves remote authenticated access vectors tied to mdsys.sdo_tune; there are reports suggesting the issue could be related to SQL injectio...
CVE-2007-5506
The CVE-2007-5506 entry concerns Oracle Database Core RDBMS components (versions 9.0.1.5+; 9.2.0.8; 9.2.0.8DV; 10.1.0.5; 10.2.0.3) where a remote attacker can cause a denial of service by sending a crafted type 6 Data packet (DB20). The vulnerability is a DoS affecting CPU usage, with no document...
CVE-2007-5510
CVE-2007-5511 relates to an SQL injection vulnerability in Oracle Database's SYS.LT.FINDRICSET function (Workspace/ LT package), exploitable via an Evil Cursor technique to escalate privileges to SYS. Reported for Oracle Database around 10g (pre-10.2.0.x), with exploitation potentially performed ...
CVE-2007-5512
CVE-2007-5512 is described as an unspecified vulnerability in the Oracle Database Vault component of Oracle Database 9.2.0.8DV and 10.2.0.3 with unknown impact and remote attack vectors. Connected documents indicate Oracle’s October 2007 CPU patch bundle addresses multiple issues including Oracle...
CVE-2012-0512
CVE-2012-0512 is a SQL Injection vulnerability in Oracle Enterprise Manager components (Database Control 11.1.0.7, 11.2.0.2 and Grid Control 10.2.0.4/earlier) related to the compareWizFirstConfig page. The flaw allows remote, authenticated attackers to execute SQL with SYSMAN privileges via the f...
CVE-2001-0941
CVE-2001-0941 is a vulnerability in Oracle’s dbsnmp where a buffer overflow occurs in versions 8.0.6 through 9.0.1. The flaw allows local users to execute arbitrary code by supplying a long ORACLE_HOME environment variable, indicating the overflow happens via environment data passed to dbsnmp. Af...
CVE-2002-0856
The CVE-2002-0856 entry concerns the SQL*NET listener in Oracle Net for Oracle9i (versions 9.0.x and 9.2). The vulnerability is a denial-of-service caused by handling of certain debug requests in the debugging feature, which are not processed correctly, allowing remote attackers to crash the serv...
CVE-2002-0857
The CVE-2002-0857 entry describes a format-string vulnerability in Oracle’s Listener Control Utility (LSNRCTL) used to administer Listeners. Affects Oracle 9.2 and 9.0, 8.1, and 7.3.4; by inserting format specifiers into the Listener configuration (listener.ora) or supplying crafted commands, an ...
CVE-2006-1876
The CVE relates to Oracle Database Server 9.2.0.7 and 10.1.0.4 with Oracle Spatial, where the issue is believed to be a SQL injection vulnerability in the MDSYS.SDO_PRIDX package (GEN_RID_RANGE_BY_AREA and GEN_RID_RANGE functions). Details are not publicly disclosed by Oracle; impact and attack v...
CVE-2006-5335
CVE-2006-5335 affects Oracle Database 10.1.0.5 and 10.2.0.2, with issues reported in the CDC and Spatial areas. The linked CERT entry attributes a PL/SQL injection-style vulnerability to the SYS.DBMS_CDC_IMPDP package, tied to BUMP_SEQUENCE (DB04) and related CDC/Spatial procedures (CREATE_SUBSCR...
CVE-2007-2111
CVE-2007-2111 describes an SQL injection vulnerability in Oracle Database affecting SYS.DBMS_AQADM_SYS, with vulnerable versions 9.0.1.5, 9.2.0.7, and 10.1.0.5. The issue allows remote authenticated users to inject arbitrary SQL via unknown vectors (DB04). According to the NVD entry, the CVSS bas...
CVE-2010-0852
CVE-2010-0852 affects Oracle Database XML DB component across versions 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3. The vulnerability is described as unspecified, allowing remote authenticated users to affect confidentiality and integrity via unknown vectors. The connected NVD entry provides a CVS...
CVE-2010-0860
CVE-2010-0860 affects Oracle Database Core RDBMS components in 9.2.0.8 (and DV variants), 10.1.0.5, 10.2.0.4, and 11.1.0.7. The vulnerability allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to the Create User privilege. The issu...
CVE-2005-3438
Oracle Database vulnerability CVE-2005-3438 involves a buffer overflow in the built-in package sys.pbsde.init, affecting Oracle Database Server 9i up to 10.1.0.4.2. Exploitation could allow execution of arbitrary code or a denial-of-service condition, with exploits documented for 10g (10.1.0.2) a...
CVE-2006-0268
The CVE-2006-0268 entry concerns an unspecified vulnerability in the Security component of Oracle Database Server, affecting Oracle versions 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.6, and 10.1.0.4. The connected OpenVAS/Nessus references corroborate Oracle Database multiple vulnerabilities, but the exact ro...
CVE-2006-0551
Technical details for CVE-2006-0551 are not publicly provided in the supplied documents. Monitoring for updates is advised, as the corpus does not specify affected versions, vectors, or remediation information.
CVE-2006-1866
CVE-2006-1866 affects Oracle Database Server 8.1.7.4, 9.0.1.5, 9.2.0.7, 10.1.0.5 and other versions, with unknown impact/attack vectors in (1) Advanced Replication (DB01) and (2) Oracle Spatial (DB10). Oracle reportedly did not publicly disclose details as of 20060421, but claims exist that DB01 ...
CVE-2006-1870
CVE-2006-1870 concerns Oracle Database Server components’ Export functionality (DB05) with an issue in the DBMS_EXPORT_EXTENSION package. Connected documents provide concrete details for CVE-2006-2081, which states that the issue allows local users to execute arbitrary SQL through GET_DOMAIN_INDE...
CVE-2006-3703
CVE-2006-3703 concerns InterMedia for Oracle Database across versions 9.0.1.5, 9.2.0.6, and 10.1.0.4. The description in the NVD entry characterizes this as an unspecified vulnerability with unknown impact and attack vectors, and the connected data confirms InterMedia as the affected component wi...
CVE-2006-5337
CVE-2006-5337 affects Oracle Database Core RDBMS in versions 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.2. The issue is described as an unspecified vulnerability in the Core RDBMS component with unknown impact and remote authenticated attack vectors (aka Vuln# DB09). The connected documents corrobora...
CVE-2007-2115
CVE-2007-2115 affects Oracle Database CDC (Change Data Capture) in versions 9.2.0.7, 10.1.0.5, and 10.2.0.2. The connected documents indicate multiple SQL injection vulnerabilities in DBMS_CDC_PUBLISH, triggered by remote authenticated vectors involving the CDC.jar Java classes. The impact is des...
CVE-2007-5554
CVE-2007-5554 involves Oracle database servers where remote attackers can obtain server memory contents via crafted packets (Oracle reference number 7892711). The connected documents do not specify affected versions or concrete exploitation details. No remediation or mitigations are provided in t...
CVE-2009-2001
CVE-2009-2001 details (Oracle DB): Unspecified vulnerability in the PL/SQL component of Oracle Database 10.2.0.4 and 11.1.0.7. Exploitation requires remote access with authentication and can affect confidentiality, integrity, and availability . The Oracle October 2009 CPU documents this as a PL/S...
CVE-1999-0784
The CVE-1999-0784 entry describes a Denial of Service against Oracle TNSLSNR SQLNet Listener caused by a malformed string sent to the listener port (NERP). Affected component: Oracle TNSLSNR SQL Net Listener. The root cause is a malformed input to the listener port that can trigger a DoS. The pro...
CVE-2001-0831
The CVE-2001-0831 issue concerns Oracle Label Security in Oracle 8.1.7 and 9.0.1. The vulnerability is triggered when audit functionality, SET_LABEL, or SQL*Predicate is used, enabling local users to gain additional access. This is a local privilege escalation vulnerability affecting the listed O...
CVE-2005-3444
The CVE-2005-3444 entry concerns Oracle Database Server (8i–9.2.0.5) with multiple unspecified vulnerabilities in the Programmatic Interface. The description notes unknown impact and attack vectors. The CVSS data provided indicates a high-severity base score (10.0) with network attack vector and ...
CVE-2006-5338
The CVE-2006-5338 entry concerns Oracle Database 10.1.0.5 Core RDBMS. The connected data confirms a vulnerability in the DBMS_SQLTUNE area (sys.dbms_sqltune or related internal components) that is associated with remote, authenticated access and is characterized by suspected SQL injection vectors...
CVE-2006-7067
CVE-2006-7067 affects Oracle 10g R2 (and possibly other versions). The vulnerability arises when an attacker can issue an invalid ALTER SESSION SET EVENTS command, which may trigger internal errors and potentially cause other impacts as described in the description. The connected documents do not...
CVE-2007-0277
CVE-2007-0277 concerns Oracle Database client-only 10.1.0.4 with an unspecified vulnerability tied to the Export component (expdp/impdp). The connected documents collectively indicate the issue has unknown impact and attack vectors, with no concrete exploit details or remediation/version informat...
CVE-2007-6260
CVE-2007-6260 affects Oracle 10g and llg installations where accounts are created with default passwords, enabling remote login by connecting to the Listener. The underlying cause is default credentials during setup. In practice, DBCA installations may mitigate this by disabling accounts or chang...
CVE-2009-1965
CVE-2009-1965 affects Oracle Database Net Foundation Layer in 9.2.0.8 and 10.1.0.5. The vulnerability can be exploited remotely over the network via adjacent access, leading to partial confidentiality, integrity, and availability impacts. The Oracle October 2009 Critical Patch Update provides fix...
CVE-2006-5334
CVE-2006-5334 affects Oracle Database with the Spatial component in versions 9.0.1.5, 9.2.0.7, and 10.1.0.5. The connected sources corroborate a vulnerability (DB03) with unknown impact and possible remote authenticated vectors related to mdsys.md2, including reported links to (1) a potential buf...
CVE-2006-5340
Oracle Database Spatial component vulnerabilities (CVE-2006-5340) affect multiple releases (8.1.7.4, 9.0.1.5, 9.2.0.8, 10.1.0.5, 10.2.0.2). The issue is linked to the MDSYS.SDO_LRS package, specifically the convert_to_lrs_layer function, and to a vulnerability elsewhere in the Spatial stack (DB17...
CVE-2007-0273
No connected documents provide concrete technical details (affected product, component, root cause, impact, or remediation) for CVE-2007-0273 beyond the initial description. Technical specifics are not publicly available in the provided materials; monitor for updates.
CVE-2007-2118
The CVE-2007-2118 entry concerns Oracle Database Upgrade/Downgrade component vulnerabilities in 9.0.1.5 and 9.2.0.7. The description indicates an unspecified vulnerability with unknown impact/attack vectors, and a note that claims this may be a buffer overflow in the mig utility. No additional te...
CVE-2009-1997
CVE-2009-1997 concerns Oracle Database 10.2.0.3 and 11.1.0.7, with an unspecified vulnerability in the Authentication component (Oracle Net). It is remotely exploitable and can affect confidentiality via unknown vectors. The Oracle Database risk matrix lists this under the “Authentication” catego...
CVE-2006-3699
CVE-2006-3699 affects Oracle Database Core RDBMS components in versions 9.0.1.5 and 9.2.0.6. The description remains: an unspecified vulnerability with unknown impact/attack vectors (aka Oracle Vuln# DB02). The connected Nessus entry lists this CVE among July 2006 CPU fixes but provides no furthe...
CVE-2006-3701
Technical details on CVE-2006-3701 are not publicly available in the provided documents. Monitor for updates.
CVE-2009-1007
CVE-2009-1007 affects Oracle Database (Data Mining component) in 10.2.0.4. The vulnerability allows an authenticated remote user to execute commands on SYS.DMP_SYS, impacting confidentiality, integrity, and availability (partial/Partial+). The CVSS base score in NVD is 6.5 (MEDIUM) with network a...
CVE-2011-3511
Oracle Database Vault (Database Vault component) on 10gR2/11gR1/11gR2 is affected by CVE-2011-3511, where users with DV_ACCTMGR or SYSDBA can bypass protections and execute OCIPasswordChange to change any user’s password. Root cause relates to privileged account handling; advisory TeamSHATTER not...
CVE-2012-0519
CVE-2012-0519 is an Oracle issue affecting the Core RDBMS in Oracle Database Server 11.2.0.2 on Windows. The vulnerability is described as an unspecified issue that allows remote authenticated users to impact confidentiality, integrity, and availability via unknown vectors. Connected sources refe...
CVE-2002-1767
CVE-2002-1767 describes a buffer overflow in Oracle 8i Database Server 8.1.5 for Linux, specifically in tnslsnr, that allows local users to execute arbitrary code as the oracle user via a long command line argument. The affected component is the tnslsnr process; root cause is improper handling of...
CVE-2006-1872
Technical details about CVE-2006-1872 are not publicly available in the provided documents. Monitor for updates from sources in connected documents; no concrete affected products, root cause, impact, or remediation can be stated from the supplied data.
CVE-2006-3705
CVE-2006-3705 concerns Oracle Database 10.1.0.5 with two unnamed vulnerabilities (DB21: Statistics, DB22: Upgrade/Downgrade) that Oracle notes may be SQL injection in SYS.DBMS_STATS and SYS.DBMS_UPGRADE. The connected documents corroborate that these issues are related to SQL injection in SYS pac...
CVE-2007-0271
CVE-2007-0271 affects Oracle Database 9.0.1.5 and 9.2.0.7 in the Log Miner component (SYS.DBMS_LOGMNR). The description notes an alleged buffer overflow in ADD_LOGFILE within SYS.DBMS_LOGMNR that could allow code execution, with oracle not disputing the researcher claim. Connected documents also ...
CVE-2012-0082
The CVE-2012-0082 entry concerns an unspecified vulnerability in Oracle Database Server's Core RDBMS component affecting multiple versions (10.1.0.5, 10.2.0.3–10.2.0.5, 11.1.0.7, 11.2.0.2–11.2.0.3). The vulnerability allows remote authenticated users to impact integrity and availability via unkno...
CVE-2001-0515
CVE-2001-0515 concerns the Oracle Listener in Oracle 7.3 and 8i, where a remote attacker can cause a denial of service by sending a malformed connection packet with an excessively large offset_to_data value. The issue, characterized as part of a four-pronged set of Oracle Listener DoS vulnerabili...