Database Server Security Vulnerabilities and Issues — Page 10 of Database Server CVE List

Lucene search

OracleDatabase Server

508 matches found

CVE•added 2016/10/25 2:29 p.m.•42 views

CVE-2016-5498

Unspecified vulnerability in the RDBMS Security component in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows local users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2016-5499.

3.3CVSS3.5AI score0.00125EPSS

CVE•added 2005/10/14 10:2 a.m.•41 views

CVE-2005-3205

Cross-site scripting (XSS) vulnerability in iSQL*Plus (iSQLPlus) in Oracle9i Database Server Release 2 9.0.2.4 allows remote attackers to inject arbitrary web script or HTML via script in the "set markup HTML TABLE" command, which is executed when the user selects a table.

3.5CVSS5.7AI score0.00462EPSS

CVE•added 2006/01/18 11:3 a.m.•41 views

CVE-2006-0270

Unspecified vulnerability in the Transparent Data Encryption (TDE) Wallet component of Oracle Database server 10.2.0.1 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB27. NOTE: Oracle has not disputed a reliable researcher report that TDA stores the master key without enc...

10CVSS5.9AI score0.02237EPSS

CVE•added 2006/04/20 10:2 a.m.•41 views

CVE-2006-1869

Unspecified vulnerability in Oracle Database Server 8.1.7.4 and 9.0.1.5 has unknown impact and attack vectors in the Dictionary component, aka Vuln# DB04.

10CVSS6AI score0.08925EPSS

CVE•added 2006/05/22 7:2 p.m.•41 views

CVE-2006-2505

Oracle Database Server 10g Release 2 allows local users to execute arbitrary SQL queries via a reference to a malicious package in the TYPE_NAME argument in the (1) GET_DOMAIN_INDEX_TABLES or (2) GET_V2_DOMAIN_INDEX_TABLES function in the DBMS_EXPORT_EXTENSION package.

3.6CVSS7AI score0.01767EPSS

CVE•added 2006/10/18 1:7 a.m.•41 views

CVE-2006-5334

Unspecified vulnerability in Oracle Spatial component in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.5 has unknown impact and remote authenticated attack vectors related to mdsys.md2, aka Vuln# DB03. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB03 is rel...

7.1CVSS7.2AI score0.09823EPSS

CVE•added 2006/10/18 1:7 a.m.•41 views

CVE-2006-5335

Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and 10.2.0.2 have unknown impact and remote authenticated attack vectors related to (1) Vuln# DB04 and sys.dbms_cdc_impdp in the (a) Change Data Capture (CDC) component; (2) Vuln# DB07, (3) DB08, and (4) DB16 in sys.dbms_cdc_isubscrib...

9CVSS7AI score0.04747EPSS

CVE•added 2006/10/18 1:7 a.m.•41 views

CVE-2006-5339

Unspecified vulnerability in Oracle Spatial component in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4 has unknown impact and remote authenticated attack vectors related to mdsys.sdo_geom, aka Vuln# DB11. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties th...

9CVSS5.7AI score0.06062EPSS

CVE•added 2007/04/18 6:19 p.m.•41 views

CVE-2007-2115

Unspecified vulnerability in the Change Data Capture (CDC) component in Oracle Database 9.2.0.7, 10.1.0.5, and 10.2.0.2 has unknown impact and attack vectors, aka DB09. NOTE: as of 20070424, oracle has not disputed reliable claims that this issue involves multiple SQL injection vulnerabilities in t...

6.8CVSS6.9AI score0.03583EPSS

CVE•added 2007/10/17 11:17 p.m.•41 views

CVE-2007-5511

SQL injection vulnerability in Workspace Manager for Oracle Database before OWM 10.2.0.4.1, OWM 10.1.0.8.0, and OWM 9.2.0.8.0 allows attackers to execute arbitrary SQL commands via the FINDRICSET procedure in the LT package. NOTE: this is probably covered by CVE-2007-5510, but there are insufficien...

6.5CVSS7.8AI score0.63711EPSS

CVE•added 2006/04/20 10:2 a.m.•40 views

CVE-2006-1866

Multiple unspecified vulnerabilities in Oracle Database Server 8.1.7.4, 9.0.1.5, 9.2.0.7, 10.1.0.5, and other versions have unknown impact and attack vectors in the (1) Advanced Replication component, as identified by Vuln# DB01, and (2) Oracle Spatial component, as identified by Vuln# DB10. NOTE: ...

9.7CVSS7.4AI score0.05176EPSS

CVE•added 2006/04/20 10:2 a.m.•40 views

CVE-2006-1867

Unspecified vulnerability in Oracle Database Server 9.2.0.6 has unknown impact and attack vectors in the Advanced Replication component, aka Vuln# DB02.

10CVSS6AI score0.02432EPSS

CVE•added 2006/04/20 10:2 a.m.•40 views

CVE-2006-1871

SQL injection vulnerability in Oracle Database Server 9.2.0.7 and 10.1.0.5 allows remote attackers to execute arbitrary SQL commands via the DELETE_FROM_TABLE function in the DBMS_LOGMNR_SESSION (Log Miner) package, aka Vuln# DB06.

6.5CVSS7.9AI score0.03173EPSS

CVE•added 2006/04/20 10:2 a.m.•40 views

CVE-2006-1876

Unspecified vulnerability in Oracle Database Server 9.2.0.7 and 10.1.0.4 has unknown impact and attack vectors in the Oracle Spatial component, aka Vuln# DB12. NOTE: details are unavailable from Oracle, but as of 20060421, they have not publicly disputed a claim by a reliable independent researcher...

9CVSS7AI score0.01694EPSS

CVE•added 2007/01/17 2:28 a.m.•40 views

CVE-2007-0276

Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4 and 9.0.1.5 have unknown impact and attack vectors related to (1) Advanced Security Option and oklist or okdstry (DB10), (2) Oracle Net Services (DB13), and (3) Recovery Manager and oklist (DB16).

6.8CVSS6.3AI score0.00276EPSS

CVE•added 2007/10/17 11:17 p.m.•40 views

CVE-2007-5514

Multiple unspecified vulnerabilities in Oracle Database 10.2.0.3 have unknown impact and attack vectors related to (1) Database Vault component (DB24) and (2) SQL Execution component (DB26).

6.5CVSS6.8AI score0.01325EPSS

CVE•added 2006/07/21 2:3 p.m.•39 views

CVE-2006-3702

Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, 10.1.0.5, and 10.2.0.2 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB06 in Export; (2) DB08, (3) DB09, (4) DB10, (5) DB11, (6) DB12, (7) DB13, (8) DB14, and (9) DBC01 for OCI; (10) DB16 for Query Rew...

10CVSS6.4AI score0.58402EPSS

CVE•added 2006/10/18 1:7 a.m.•39 views

CVE-2006-5337

Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.2 has unknown impact and remote authenticated attack vectors, aka Vuln# DB09.

9CVSS5.9AI score0.06911EPSS

CVE•added 2006/10/18 1:7 a.m.•39 views

CVE-2006-5340

Multiple unspecified vulnerabilities in Oracle Spatial component in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.2 have unknown impact and remote authenticated attack vectors related to (1) mdsys.sdo_lrs, aka Vuln# DB13, and (2) Vuln# DB17. NOTE: as of 20061023, Oracle has not di...

7.1CVSS6.9AI score0.0914EPSS

CVE•added 2007/03/02 9:18 p.m.•39 views

CVE-2006-7067

Oracle 10g R2 and possibly other versions allows remote attackers to trigger internal errors, and possibly have other impacts, via an "alter session set events" command with invalid arguments. NOTE: this issue was originally disputed by a third party, but the dispute was retracted. NOTE: this issue...

6CVSS7AI score0.01235EPSS

CVE•added 2007/04/18 6:19 p.m.•39 views

CVE-2007-2118

Unspecified vulnerability in the Upgrade/Downgrade component of Oracle Database 9.0.1.5 and 9.2.0.7 has unknown impact and attack vectors, aka DB13. NOTE: as of 20070424, Oracle has not disputed reliable claims that this is a buffer overflow involving the "mig utility."

7.5CVSS6.8AI score0.04215EPSS

CVE•added 2009/10/22 6:30 p.m.•39 views

CVE-2009-1965

Unspecified vulnerability in the Net Foundation Layer component in Oracle Database 9.2.0.8 and 10.1.0.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

5.4CVSS6AI score0.00918EPSS

CVE•added 2009/10/22 6:30 p.m.•39 views

CVE-2009-1997

Unspecified vulnerability in the Authentication component in Oracle Database 10.2.0.3 and 11.1.0.7 allows remote attackers to affect confidentiality via unknown vectors.

5CVSS5.9AI score0.00944EPSS

CVE•added 2009/10/22 6:30 p.m.•39 views

CVE-2009-2001

Unspecified vulnerability in the PL/SQL component in Oracle Database 10.2.0.4 and 11.1.0.7 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.

6.5CVSS5.5AI score0.007EPSS

CVE•added 2005/06/21 4:0 a.m.•38 views

CVE-2002-1767

Buffer overflow in tnslsnr of Oracle 8i Database Server 8.1.5 for Linux allows local users to execute arbitrary code as the oracle user via a long command line argument.

7.2CVSS7.6AI score0.08249EPSS

CVE•added 2005/11/02 11:2 a.m.•38 views

CVE-2005-3437

Unspecified vulnerability in the PL/SQL component in Oracle Database Server 9i up to 10.1.0.4 has unknown impact and attack vectors, aka Oracle Vuln# DB01.

10CVSS6.5AI score0.0321EPSS

CVE•added 2006/04/20 10:2 a.m.•38 views

CVE-2006-1872

Unspecified vulnerability in Oracle Database Server 9.0.1.5 and 9.2.0.7 has unknown impact and attack vectors in the Oracle Enterprise Manager Intelligent Agent component, aka Vuln# DB07.

7.5CVSS6AI score0.02393EPSS

CVE•added 2006/07/21 2:3 p.m.•38 views

CVE-2006-3699

Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.0.1.5 and 9.2.0.6 has unknown impact and attack vectors, aka Oracle Vuln# DB02.

9CVSS6.2AI score0.02251EPSS

CVE•added 2006/07/21 2:3 p.m.•38 views

CVE-2006-3701

Unspecified vulnerability in the Dictionary component in Oracle Database 8.1.7.4, 9.0.1.5, and 9.2.0.6 has unknown impact and attack vectors, aka Oracle Vuln# DB05.

9CVSS6.2AI score0.0199EPSS

CVE•added 2007/01/17 2:28 a.m.•38 views

CVE-2007-0273

Unspecified vulnerability in Oracle Database 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.3 has unknown impact and attack vectors related to XMLDB, aka DB06. NOTE: as of 20070123, Oracle has not disputed claims by a reliable researcher that DB06 is for multiple cross-site scripting (XSS) vulnerabilities.

4.3CVSS5.5AI score0.00594EPSS

CVE•added 2007/10/18 8:17 p.m.•38 views

CVE-2007-5554

Oracle allows remote attackers to obtain server memory contents via crafted packets, aka Oracle reference number 7892711. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE i...

7.1CVSS6.3AI score0.0017EPSS

CVE•added 2007/12/06 2:46 a.m.•38 views

CVE-2007-6260

The installation process for Oracle 10g and llg uses accounts with default passwords, which allows remote attackers to obtain login access by connecting to the Listener. NOTE: at the end of the installation, if performed using the Database Configuration Assistant (DBCA), most accounts are disabled ...

6.8CVSS6.5AI score0.00872EPSS

CVE•added 2009/10/22 6:30 p.m.•38 views

CVE-2009-1007

Unspecified vulnerability in the Data Mining component in Oracle Database 10.2.0.4 allows remote authenticated users to affect confidentiality, integrity, and availability, related to SYS.DMP_SYS.

6.5CVSS5.6AI score0.007EPSS

CVE•added 2011/10/18 10:55 p.m.•38 views

CVE-2011-3511

Unspecified vulnerability in the Database Vault component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.2 allows remote authenticated users to affect integrity and availability via unknown vectors related to Privileged Account.

3.6CVSS5.5AI score0.00344EPSS

CVE•added 2012/01/18 10:55 p.m.•38 views

CVE-2012-0082

Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to affect integrity and availability via unknown vectors.

5.5CVSS5.7AI score0.00534EPSS

CVE•added 2010/01/25 9:30 p.m.•37 views

CVE-2005-4884

Unspecified vulnerability in the Oracle OLAP component in Oracle Database Server 10.1.0.4 (10g) allows remote authenticated attackers to affect availability via unknown vectors, aka DB02.

6.8CVSS5.8AI score0.00361EPSS

CVE•added 2006/02/04 2:2 a.m.•37 views

CVE-2006-0551

SQL injection vulnerability in the Data Pump Metadata API in Oracle Database 10g and possibly earlier might allow remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: due to the lack of relevant details from the Oracle advisory, a separate CVE is being created since it cann...

7.5CVSS7.6AI score0.01489EPSS

CVE•added 2007/01/17 2:28 a.m.•37 views

CVE-2007-0271

Unspecified vulnerability in Oracle Database 9.0.1.5 and 9.2.0.7 has unknown impact and attack vectors related to the Log Miner component and sys.dbms_log_mnr privileges, aka DB04. NOTE: Oracle has not disputed a reliable researcher claim that this is a buffer overflow in the ADD_LOGFILE procedure ...

6.5CVSS6.9AI score0.08094EPSS

CVE•added 2007/01/17 2:28 a.m.•37 views

CVE-2007-0277

Unspecified vulnerability in Oracle Database client-only 10.1.0.4 has unknown impact and attack vectors related to the Export component and expdp or impdp, aka DB11.

6.8CVSS5.9AI score0.00373EPSS

CVE•added 2003/04/02 5:0 a.m.•36 views

CVE-2002-0856

SQL*NET listener for Oracle Net Oracle9i 9.0.x and 9.2 allows remote attackers to cause a denial of service (crash) via certain debug requests that are not properly handled by the debugging feature.

5CVSS6.8AI score0.00738EPSS

CVE•added 2005/11/02 11:2 a.m.•36 views

CVE-2005-3444

Multiple unspecified vulnerabilities in the Programmatic Interface in Oracle Database Server from 8i up to 9.2.0.5 have unknown impact and attack vectors, aka Oracle Vuln# DB26.

10CVSS6.8AI score0.02049EPSS

CVE•added 2006/01/18 11:3 a.m.•36 views

CVE-2006-0268

Unspecified vulnerability in the Security component of Oracle Database server 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.6, and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB21.

9CVSS6.3AI score0.01326EPSS

CVE•added 2006/04/20 10:2 a.m.•36 views

CVE-2006-1870

Unspecified vulnerability in Oracle Database Server 8.1.7.4, 9.0.1.5, 9.2.0.7, 10.1.0.5, and 10.2.0.2 has unknown impact and attack vectors in the Export component, aka Vuln# DB05. NOTE: details are unavailable from Oracle, but as of 20060427, they have not publicly commented on whether DB05 is the...

9CVSS5.9AI score0.58402EPSS

CVE•added 2006/07/21 2:3 p.m.•36 views

CVE-2006-3703

Unspecified vulnerability in InterMedia for Oracle Database 9.0.1.5, 9.2.0.6, and 10.1.0.4 has unknown impact and attack vectors, aka oracle Vuln# DB07.

9CVSS6.4AI score0.0199EPSS

CVE•added 2006/07/21 2:3 p.m.•36 views

CVE-2006-3705

Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB21 for Statistics and (2) DB22 for Upgrade & Downgrade. NOTE: as of 20060719, Oracle has not disputed a claim by a reliable researcher that DB21 is for a local SQL injecti...

10CVSS7.4AI score0.04238EPSS

CVE•added 2007/07/18 7:30 p.m.•36 views

CVE-2007-3858

Multiple unspecified vulnerabilities in Oracle Database 10.2.0.3 allow remote authenticated users to have an unknown impact via (1) EXFSYS.DBMS_RLMGR_UTL in Rules Manager (DB11) and (2) Program Interface (DB13).

7.5CVSS6.2AI score0.05334EPSS

CVE•added 2005/11/02 11:2 a.m.•35 views

CVE-2005-3438

Multiple unspecified vulnerabilities in Oracle Database Server 9i up to 10.1.0.4.2 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB04 in Change Data Capture; (2) DB06 in Data Guard Logical Standby; (3) DB10 in Locale; (4) DB12 in Materialized Views; (5) DB13 in Objects Extension; (6)...

10CVSS7AI score0.08341EPSS

CVE•added 2006/04/20 10:2 a.m.•35 views

CVE-2006-1873

Unspecified vulnerability in Oracle Database Server 9.2.0.7, 10.1.0.4, and 10.2.0.1 has unknown impact and attack vectors in the Oracle Spatial component, aka Vuln# DB08.

9CVSS5.9AI score0.02179EPSS

CVE•added 2012/05/03 5:55 p.m.•35 views

CVE-2012-0519

Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.2.0.2, when running on Windows, allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.

7.1CVSS5.7AI score0.00668EPSS

CVE•added 2001/07/27 4:0 a.m.•34 views

CVE-2001-0515

Oracle Listener in Oracle 7.3 and 8i allows remote attackers to cause a denial of service via a malformed connection packet with a large offset_to_data value.

5CVSS6.2AI score0.00542EPSS

Total number of security vulnerabilities508