516 matches found
CVE-2001-0515
CVE-2001-0515 concerns the Oracle Listener in Oracle 7.3 and 8i, where a remote attacker can cause a denial of service by sending a malformed connection packet with an excessively large offset_to_data value. The issue, characterized as part of a four-pronged set of Oracle Listener DoS vulnerabili...
CVE-2007-3858
Oracle Database 10.2.0.3 is affected by multiple unspecified vulnerabilities that allow remote authenticated users to impact via (1) EXFSYS.DBMS_RLMGR_UTL in Rules Manager (DB11) and (2) Program Interface (DB13). The exact impact, affected subcomponents, and root cause details are not specified i...
CVE-2006-5341
CVE-2006-5341 affects Oracle Database XMLDB component (versions 9.2.0.8, 10.1.0.5, 10.2.0.2). Reports describe two SQL injection vulnerabilities, DB14 in PITRIG_DROP/PITRIG_DROPMETADATA (XDB_PITRIG_PKG) and DB15 in DISABLE_HIERARCHY_INTERNAL (DBMS_XDBZ), exploitable by a remote, authenticated att...
CVE-2006-5343
This CVE (CVE-2006-5343) concerns Oracle Database Server 10.1.0.3, specifically the Database Scheduler component. The available description states an unspecified vulnerability in sys.dbms_scheduler with unknown impact and remote authenticated attack vectors. No concrete exploit details, affected ...
CVE-2007-5508
CVE-2007-5508 concerns the CTXSYS Intermedia/Oracle Text component (CTX_DOC) in Oracle Database 10.1.0.5 and 10.2.0.3. The vulnerability enables SQL injection via six procedures (THEMES, GIST, TOKENS, FILTER, HIGHLIGHT, MARKUP), with remote authenticated users able to execute arbitrary SQL comman...
CVE-2007-1442
CVE-2007-1442 describes a local privilege escalation in Oracle Database 10g caused by passing a NULL pDacl parameter to SetSecurityDescriptorDacl when creating discretionary access control lists (DACLs). This can allow local users to gain privileges. The description and connected records confirm ...
CVE-2026-46834
The CVE-2026-46834 entry concerns Oracle Database Server’s Net Service component. Affected versions are 23.4.0 through 23.26.2. The vulnerability is remotely exploitable by an unauthenticated attacker over TLS, enabling a hang or frequent crash of Net Service (complete DOS) as described in the so...
CVE-2026-46835
The CVE-2026-46835 entry concerns Oracle Database Server’s Net Service component. Affected are Oracle versions 23.4.0 through 23.26.2. An unauthenticated attacker who can access the Net Service over TLS can cause the Net Service to hang or crash, resulting in a complete denial of service. The doc...
CVE-2025-50070
CVE-2025-50070 affects Oracle Database Server JDBC: vulnerable in JDBC component for Oracle Database Server versions 23.4–23.8. Root cause as described is a vulnerability in JDBC that can enable a low-privileged, authenticated OS user with logon to the infrastructure where JDBC runs to access JDB...
CVE-2026-34312
The CVE-2026-34312 entry concerns Oracle Database Server's RDBMS component with affected versions 19.3–19.30. It describes a vulnerability that an attacker with Row Access Method privilege and network access via multiple protocols can exploit to achieve unauthorized read access to a subset of RDB...
CVE-2025-30750
CVE-2025-30750 affects Oracle Database Server Unified Audit. Affected versions: 19.3–19.27, 21.3–21.18, 23.4–23.8. High-privileged attacker with Create User privilege and network access via Oracle Net can compromise Unified Audit; exploitation requires user interaction and may allow unauthorized ...
CVE-2025-50066
CVE-2025-50066 affects the Oracle Database Server’s Materialized View component. Affected versions are 19.3–19.27, 21.3–21.18, and 23.4–23.8. An attacker with Execute on DBMS_REDEFINITION and network access via Oracle Net can exploit this to gain unauthorized update/insert/delete access to data i...
CVE-2026-21939
Oracle Database Server SQLcl component vulnerability CVE-2026-21939 affects versions 23.4.0–23.26.0. An unauthenticated attacker with local logon and required user interaction can compromise SQLcl, potentially taking over the SQLcl process. Connected sources (Oracle Jan 2026 CPU, Red Hat advisori...
CVE-2025-53047
CVE-2025-53047 affects Oracle Database Server’s Portable Clusterware. Affected versions are 19.3–19.28, 21.3–21.19, and 23.4–23.9. The issue allows an unauthenticated attacker with network access via Bonjour to read data from Portable Clusterware. The vulnerability is specifically tied to Portabl...
CVE-2025-53051
CVE-2025-53051 affects Oracle Database Server’s RDBMS Functional Index component, with affected versions 23.4–23.9. The vulnerability enables a high-privilege SYSDBA attacker, with network access via Oracle Net, to read a subset of RDBMS Functional Index data. The CVSS base score is 2.7 (LOW) wit...
CVE-2025-61749
CVE-2025-61749 affects the Unified Audit component of Oracle Database Server (versions 23.4–23.9). The issue allows a high-privilege attacker with DBA privileges and network access via Oracle Net to compromise Unified Audit, potentially enabling unauthorized update, insert, or delete of some data...