Lucene search
K
OracleDatabase Server

516 matches found

CVE
CVE
added 2008/07/15 11:0 p.m.114 views

CVE-2008-2592

CVE-2008-2592 affects Oracle Database Advanced Replication (SYS.DBMS_DEFER_SYS.DELETE_TRAN) across 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, 11.1.0.6. The issue is a SQL injection claim targeting DELETE_TRAN; Oracle CPU July 2008 provides the patch. Exploitation is described as remot...

5.5CVSS6.1AI score0.01801EPSS
CVE
CVE
added 2011/07/20 10:36 p.m.114 views

CVE-2011-0811

CVE-2011-0811 affects Oracle Database Server (10.1.0.5, 10.2.0.3, 10.2.0.4) and Oracle Enterprise Manager Grid Control (10.1.0.6, 10.2.0.5) via the Enterprise Config Management component. The vulnerability allegedly allows local users to affect confidentiality through unknown vectors. Connected s...

4.9CVSS5.5AI score0.00411EPSS
CVE
CVE
added 2015/10/21 9:0 p.m.113 views

CVE-2015-4794

CVE-2015-4794 affects Oracle Database Server Java VM in versions 11.2.0.4, 12.1.0.1, and 12.1.0.2. The vulnerability involves the Java VM component and allows remote authenticated users to impact confidentiality, integrity, and availability via unknown vectors. The provided documents do not speci...

9CVSS7.8AI score0.0256EPSS
CVE
CVE
added 2018/08/10 10:0 p.m.113 views

CVE-2018-3110

CVE-2018-3110 affects Oracle Database Server’s Java VM component. Affected versions: 11.2.0.4, 12.1.0.2, 12.2.0.1, and 18. An attacker with Create Session privilege and network access via Oracle Net can remotely exploit to take over the Java VM; impact may extend to other products. CVSSv3 base sc...

9.9CVSS8.7AI score0.02481EPSS
CVE
CVE
added 2006/04/20 10:0 a.m.112 views

CVE-2006-1884

Technical details for CVE-2006-1884 are not publicly available in the provided documents. No affected product/version, impact, or remediation is described here. Monitor for updates from official advisories and vulnerability databases.

10CVSS8.9AI score0.03837EPSS
CVE
CVE
added 2021/01/20 2:49 p.m.112 views

CVE-2021-1993

CVE-2021-1993 affects Oracle Database Server’s Java VM component. Affected versions: 12.1.0.2, 12.2.0.1, 18c, 19c. An attacker with Create Session via Oracle Net and low privileges, requiring user interaction, can impact data integrity by compromising Java VM. CVSSv3.1 base score 4.8 (I), vector ...

4.8CVSS5.1AI score0.00806EPSS
CVE
CVE
added 2002/10/05 4:0 a.m.111 views

CVE-2002-0843

CVE-2002-0843 affects Apache httpd’s ApacheBench benchmark tool (ab.c). The description specifies buffer overflows in ab.c that occur in Apache before 1.3.27 and in Apache 2.x before 2.0.43. A malicious web server can trigger a long response to cause a denial of service and potentially execute ar...

7.5CVSS9.5AI score0.21421EPSS
CVE
CVE
added 2008/07/15 11:0 p.m.111 views

CVE-2008-2604

CVE-2008-2604 is an Oracle Database 11.1.0.6 vulnerability in the Authentication component over Oracle Net. The Oracle CPU July 2008 Risk Matrix lists CVE-2008-2604 under Authentication (Network) with a base CVSS v2 score of 5.5 (Partial confidentiality/integrity/availability impact) and notes th...

6.5CVSS5.9AI score0.01451EPSS
CVE
CVE
added 2009/07/14 11:0 p.m.111 views

CVE-2009-1021

CVE-2009-1021 affects Oracle Database Advanced Replication (REPCAT_RPC.VALIDATE_REMOTE_RC) and can be exploited by remote authenticated users to impact confidentiality and integrity. Affected versions include Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3. The vulnerability arises fro...

5.5CVSS5.4AI score0.01778EPSS
CVE
CVE
added 2012/09/21 11:0 p.m.111 views

CVE-2012-3137

CVE-2012-3137 affects Oracle Database Server (10.2.x, 11.1.x, 11.2.x series). The issue is a flaw in the O5LOGIN authentication protocol that lets remote attackers obtain the session key and salt for arbitrary users, leaking information about the password hash and enabling brute-force password gu...

6.4CVSS9.1AI score0.31437EPSS
CVE
CVE
added 2011/07/20 11:0 p.m.110 views

CVE-2011-2257

CVE-2011-2257 is described as an unspecified vulnerability in the Database Target Type Menus component of Oracle Database Server (versions 10.1.0.5, 10.2.0.x, 11.1.0.x, 11.2.0.x) and Oracle Enterprise Manager Grid Control (10.1.0.6, 10.2.0.5, 11.1.0.1). The reports state that remote attackers can...

6.8CVSS6.2AI score0.01845EPSS
CVE
CVE
added 2011/07/20 10:36 p.m.109 views

CVE-2011-0870

CVE-2011-0870 affects Oracle Database Server and Oracle Enterprise Manager Grid Control in specific older releases (Database Server 10.1.0.5, 10.2.0.3/4/5, 11.1.0.7, 11.2.0.1/2; EM Grid Control 10.1.0.6 and 10.2.0.5). The vulnerability is described as an unspecified issue in the Schema Management...

6.8CVSS8.4AI score0.02413EPSS
CVE
CVE
added 2009/07/14 11:0 p.m.108 views

CVE-2009-1966

CVE-2009-1966 affects Oracle Enterprise Manager 10.2.0.4 (and Oracle Database 11.1.0.7) in the Config Management component. The vulnerability is described as an unspecified issue that allows remote, authenticated users to affect confidentiality and integrity via unknown vectors; the Oracle CPU Ju...

5.5CVSS5.8AI score0.01195EPSS
CVE
CVE
added 2011/04/20 3:9 a.m.108 views

CVE-2011-0792

CVE-2011-0792 affects Oracle Warehouse Builder (OWB) in Oracle Database Server 10.2.0.5 and 11.1.0.7. The vulnerability is a PL/SQL injection in OWBREPOS_OWNER.WB_OLAP_AW_SET_SOLVE_ID, which can let an attacker with OWBREPOS_OWNER rights escalate privileges and potentially access the OS. This is ...

6.5CVSS5.4AI score0.01447EPSS
CVE
CVE
added 2011/07/20 11:0 p.m.108 views

CVE-2011-2239

CVE-2011-2239 refers to an unspecified vulnerability in Oracle Database Server Core RDBMS component affecting versions 10.2.0.3/10.2.0.4/10.2.0.5/11.1.0.7/11.2.0.1/11.2.0.2, related to XMLSEQ_IMP_T. The NVD summary states remote authenticated users could impact confidentiality, integrity, and ava...

7.1CVSS5.8AI score0.02032EPSS
CVE
CVE
added 2016/01/21 2:0 a.m.108 views

CVE-2016-0499

CVE-2016-0499 affects Oracle Database Server’s Java VM component in 11.2.0.4, 12.1.0.1, and 12.1.0.2. The vulnerability allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors; exploitation details are not provided in the included documents. No...

9CVSS7AI score0.02992EPSS
CVE
CVE
added 2009/07/14 11:0 p.m.107 views

CVE-2009-1969

CVE-2009-1969 is an Oracle Database vulnerability in the Auditing component affecting 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7. The issue allows remote authenticated users to affect confidentiality via unknown vectors. The connected documents confirm affected products/versions and the...

2.1CVSS5.5AI score0.01054EPSS
CVE
CVE
added 2011/07/20 10:36 p.m.106 views

CVE-2011-0831

Oracle CVE-2011-0831 affects Oracle Database Server versions 10.1.0.5, 10.2.0.3/4/5, 11.1.0.7, 11.2.0.1/2 and Oracle Enterprise Manager Grid Control 10.1.0.6/10.2.0.5. Description: Unspecified vulnerability in the Enterprise Config Management component allows remote authenticated users to affect ...

5.5CVSS5.5AI score0.01448EPSS
CVE
CVE
added 2021/10/20 12:0 a.m.106 views

CVE-2021-35576

CVE-2021-35576 is a vulnerability in Oracle Database Server's Unified Audit component affecting 12.1.0.2, 12.2.0.1 and 19c. It allows a high-privileged attacker with Local Logon and network access via Oracle Net to compromise the Unified Audit data, potentially enabling unauthorized update/insert...

4CVSS2.4AI score0.01381EPSS
CVE
CVE
added 2005/01/19 5:0 a.m.105 views

CVE-2004-1371

CVE-2004-1371 describes a stack-based buffer overflow in Oracle 9i/10g that allows remote attackers to execute arbitrary code by sending a long token in the text of a wrapped procedure. The vulnerability affects Oracle’s database/server components and can enable remote code execution with the att...

9CVSS9.6AI score0.10767EPSS
CVE
CVE
added 2009/07/14 11:0 p.m.105 views

CVE-2009-1973

CVE-2009-1973 affects Oracle Database VPD (Virtual Private Database) in 10.1.0.5, 10.2.0.4, and 11.1.0.7. The vulnerability allows remote authenticated users to affect confidentiality and integrity by abusing VPD policies. Oracle’s July 2009 CPU fixes this issue, with patches available for the af...

5.5CVSS5.5AI score0.01778EPSS
CVE
CVE
added 2011/07/20 10:36 p.m.105 views

CVE-2011-0877

The CVE-2011-0877 entry concerns an unspecified vulnerability in Oracle’s Instance Management component affecting Oracle Database Server versions 10.1.0.5, 10.2.0.3, 10.2.0.4 and Oracle Enterprise Manager Grid Control 10.1.0.6. The issue is described as allowing remote attackers to affect integri...

4.3CVSS6.1AI score0.01495EPSS
CVE
CVE
added 2011/07/20 10:36 p.m.105 views

CVE-2011-0881

CVE-2011-0881 affects the EMCTL component of Oracle Database Server (versions 10.2.0.3/10.2.0.4/11.1.0.7) and Oracle Enterprise Manager Grid Control 10.1.0.6. The vulnerability is described as unspecified with remote impact to integrity via unknown vectors. The NVD entry lists a CVSS v2 base scor...

4.3CVSS6.1AI score0.0096EPSS
CVE
CVE
added 2019/04/23 6:16 p.m.105 views

CVE-2019-2518

The CVE-2019-2518 entry concerns Oracle Database Server’s Java VM component. Affected are Oracle versions 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, and 19c. The vulnerability is described as difficult to exploit and allows a low-privileged attacker with Create Session and Create Procedure privileges, ov...

7.5CVSS7.6AI score0.0123EPSS
CVE
CVE
added 2007/01/17 2:0 a.m.104 views

CVE-2007-0275

CVE-2007-0275 is a documented cross-site scripting (XSS) vulnerability in the Oracle Reports Web Cartridge (RWCGI60) within the Workflow Cartridge component. The issue allows remote authenticated users to inject arbitrary HTML or web script by supplying a crafted value to the genuser parameter of...

3.5CVSS7.4AI score0.01224EPSS
CVE
CVE
added 2009/07/14 11:0 p.m.104 views

CVE-2009-1020

CVE-2009-1020 affects Oracle Database components’ Network Foundation (Oracle Net). The vulnerability is listed under the Oracle July 2009 CPU with a base CVSS v2 score of 9.0 (HIGH). Affected products/versions include Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7. The risk ...

9CVSS5.7AI score0.10323EPSS
CVE
CVE
added 2020/01/15 4:33 p.m.104 views

CVE-2020-2510

CVE-2020-2510 affects the Oracle Database Server Core RDBMS component. Affected versions are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, and 19c. The vulnerability allows an unauthenticated attacker with network access via OracleNet to compromise the Core RDBMS and potentially take over the system. Exploi...

7.5CVSS7.2AI score0.02121EPSS
CVE
CVE
added 2008/07/15 11:0 p.m.103 views

CVE-2008-2591

CVE-2008-2591 affects Oracle Database Vault (Oracle Database 9.2.0.8DV, 10.2.0.3, 11.1.0.6). The issue is listed in Oracle’s July 2008 CPU and tied to the Database Vault component, with remote authenticated attack vectors and partial impact on confidentiality, integrity, and availability. The CPU...

6.5CVSS5.7AI score0.0137EPSS
CVE
CVE
added 2011/01/19 3:0 p.m.103 views

CVE-2010-3590

CVE-2010-3590 affects the Oracle Spatial component in Oracle Database Server versions 10.2.0.4, 11.1.0.7, and 11.2.0.1. The issue, tied to MDSYS, permits remote authenticated users to impact confidentiality and integrity. Connected sources note this CVE is among the Oracle January 2011 CPU fixes;...

4.9CVSS5.5AI score0.01521EPSS
CVE
CVE
added 2011/07/20 11:0 p.m.103 views

CVE-2011-2253

CVE-2011-2253 relates to an unspecified vulnerability in the Oracle Database Server Core RDBMS component (Oracle DB Server 10.2.0.3–11.2.0.2) that allows remote authenticated users to affect confidentiality, integrity, and availability, with impact linked to SYSDBA. The vulnerability is documente...

7.1CVSS5.8AI score0.02032EPSS
CVE
CVE
added 2020/04/15 1:29 p.m.102 views

CVE-2020-2735

CVE-2020-2735 is a vulnerability in the Java VM component of Oracle Database Server. Affected Oracle versions are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, and 19c. The issue is difficult to exploit but can be triggered by a low-privileged attacker with Create Session privilege and network access via Or...

8CVSS7.4AI score0.01125EPSS
CVE
CVE
added 2008/04/16 10:0 a.m.101 views

CVE-2008-1819

CVE-2008-1819 concerns an unspecified vulnerability in the Oracle Net Services component of Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3 (DB09). The connected sources confirm the affected product area as Oracle Database with Net Services, but do not provide concrete details on root cause, expl...

7.2CVSS6AI score0.00426EPSS
CVE
CVE
added 2008/07/15 11:0 p.m.101 views

CVE-2008-2613

CVE-2008-2613 affects Oracle Database 10.2.0.4 and 11.1.0.6, via the Database Scheduler: local, unprivileged user can exploit an untrusted library path (libclntsh.so or libnnz10.so) to gain privileges. Affected patches are part of the July 2008 CPU; remediation is to apply the CPU fixes (10.2.0.4...

6.5CVSS5.6AI score0.01343EPSS
CVE
CVE
added 2009/04/15 10:0 a.m.101 views

CVE-2009-0997

CVE-2009-0997 affects Oracle Database 11.1.0.6 (Database Vault) via an unspecified vulnerability related to DBMS_SYS_SQL that could allow remote authenticated users to affect confidentiality. The issue is addressed in Oracle’s April 2009 Critical Patch Update; apply CPU APR 2009 to mitigate.

4CVSS5.8AI score0.02255EPSS
CVE
CVE
added 2010/10/13 10:0 p.m.101 views

CVE-2010-2391

CVE-2010-2391 affects Oracle Database Server Core RDBMS components in Oracle Database Server versions 10.1.0.5 and 10.2.0.3. The vulnerability is described as unspecified, allowing remote authenticated users to impact confidentiality and integrity via unknown vectors. The CVSS data from the refer...

3.6CVSS5.5AI score0.01226EPSS
CVE
CVE
added 2011/04/20 3:9 a.m.101 views

CVE-2011-0785

CVE-2011-0785 affects Oracle Help component exposed by Oracle Database Server (versions 11.1.0.7, 11.2.0.1, 11.2.0.2, 10.1.0.5, 10.2.0.3–10.2.0.5, 10.1.0.5) and Oracle Fusion Middleware (11.1.1.2.0–11.1.1.4.0). Root cause: unspecified vulnerability in the Oracle Help component allowing remote int...

4.3CVSS6AI score0.01361EPSS
CVE
CVE
added 2015/10/21 9:0 p.m.101 views

CVE-2015-4796

Technical details for CVE-2015-4796 are not publicly provided in the supplied documents. No concrete affected product/version, root cause, impact, or remediation is specified here. Monitor updates from vendors and security advisories for new information.

9CVSS8AI score0.17913EPSS
CVE
CVE
added 2024/07/16 10:39 p.m.101 views

CVE-2024-21126

CVE-2024-21126 affects Oracle Database Server’s portable clusterware component. The issue stems from insufficient input validation in Oracle Database Portable Clusterware, allowing an unauthenticated attacker with network access via DNS to compromise the component and potentially cause a partial ...

5.8CVSS5.3AI score0.00493EPSS
CVE
CVE
added 2007/04/18 6:0 p.m.100 views

CVE-2007-2108

CVE-2007-2108 affects Oracle Database Core RDBMS on Windows (versions 9.0.1.5, 9.2.0.8, 10.1.0.5, 10.2.0.2). Remote attackers may gain privileges due to NTLM SSPI AcceptSecurityContext granting privileges based on username while all users appear as Guest. No exploit details provided in the source...

6.8CVSS6.4AI score0.215EPSS
CVE
CVE
added 2008/01/17 10:0 p.m.100 views

CVE-2008-0349

Technical details for CVE-2008-0349 are not publicly provided in the supplied documents; information about affected versions, root cause, impact, and remediation is not disclosed here. Monitor for updates.

10CVSS9AI score0.02625EPSS
CVE
CVE
added 2008/04/16 10:0 a.m.100 views

CVE-2008-1818

Technical details for CVE-2008-1818 are not publicly provided in the supplied documents. Available records only describe an unspecified authentication vulnerability in Oracle Database 11.1.0.6 with unknown impact. Monitor for updates from official advisories.

10CVSS6.3AI score0.03EPSS
CVE
CVE
added 2008/07/15 11:0 p.m.100 views

CVE-2008-2600

CVE-2008-2600 is an Oracle Database vulnerability affecting the Oracle Spatial component (MDSYS.SDO_TOPO_MAP) on 10.1.0.5, 10.2.0.3, and 11.1.0.6. The description indicates an unspecified impact with remote authenticated attack vectors. The CVSSv2 base score reported is 6.5 (Medium) with network ...

6.5CVSS5.4AI score0.0137EPSS
CVE
CVE
added 2009/07/14 11:0 p.m.100 views

CVE-2009-0987

CVE-2009-0987 affects Oracle Database: Upgrade component in versions 9.2.0.8, 9.2.0.8DV, 10.1.0.5 and 10.2.0.3. The vulnerability allows remote authenticated users to affect confidentiality and integrity via unknown vectors, with the vulnerability listed in the July 2009 CPU. The Oracle risk matr...

5.5CVSS5.5AI score0.01778EPSS
CVE
CVE
added 2009/07/14 11:0 p.m.100 views

CVE-2009-1967

CVE-2009-1967 affects Oracle Enterprise Manager (Config Management) on Oracle Database 11.1.0.7 and Oracle Enterprise Manager 10.2.0.4. The vulnerability, described as an unspecified issue, allows a remote attacker with a valid session to affect confidentiality and integrity via an unknown vector...

5.5CVSS5.8AI score0.01195EPSS
CVE
CVE
added 2010/07/13 10:7 p.m.100 views

CVE-2010-0900

CVE-2010-0900 involves the Network Layer component (Oracle Net) in Oracle Database Server on Windows (versions 9.2.0.8, 10.1.0.5, 10.2.0.4, 11.1.0.7, 11.2.0.1). The vulnerability allows remote attackers to affect availability via unknown vectors and is listed in the Oracle July 2010 CPU advisory ...

2.6CVSS6.2AI score0.00945EPSS
CVE
CVE
added 2010/10/13 10:0 p.m.100 views

CVE-2010-2390

CVE-2010-2390 describes a buffer overflow in the Oracle Enterprise Manager Grid Control EM Console component when processing overly long HTTP requests. The vulnerability affects Oracle Database Server 10.1.0.5/10.2.0.3, Oracle Fusion Middleware 10.1.2.3/10.1.4.3, and Enterprise Manager Grid Contr...

7.5CVSS6.1AI score0.02622EPSS
CVE
CVE
added 2011/07/20 10:36 p.m.100 views

CVE-2011-0832

CVE-2011-0832 affects Oracle Database Server (Core RDBMS) versions 11.1.0.7, 11.2.0.1, and 11.2.0.2. The vulnerability is described as unspecified with unknown vectors, allowing remote authenticated users to impact confidentiality, integrity, and availability. No concrete root cause, exploit deta...

6CVSS5.7AI score0.01743EPSS
CVE
CVE
added 2013/04/17 12:10 p.m.100 views

CVE-2013-1534

The CVE-2013-1534 issue affects Oracle Database Server (11.2.0.2/11.2.0.3) Workload Manager when used in RAC setups. The root cause is a vulnerability in the Workload Manager component that could let remote attackers affect confidentiality, integrity, and availability via unknown vectors. Documen...

10CVSS6.1AI score0.03729EPSS
CVE
CVE
added 2015/10/21 11:0 p.m.100 views

CVE-2015-4873

CVE-2015-4873 affects Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2, with vulnerability in the Database Scheduler component that allows local users to impact confidentiality, integrity, and availability via unknown vectors. The cited sources (NVD/SUSE/OpenVAS/Oracle CPU Oct 2015) confir...

7.2CVSS7.7AI score0.00422EPSS
CVE
CVE
added 2008/07/15 11:0 p.m.99 views

CVE-2008-2602

CVE-2008-2602 is an Oracle Database Data Pump vulnerability affecting 10.1.0.5, 10.2.0.4, and 11.1.0.6. The issue involves remote authenticated access via the IMP_FULL_DATABASE role. The impact is not specified in the CVE description. The issue is listed in the July 2008 Critical Patch Update (CP...

4.6CVSS5.5AI score0.01169EPSS
Total number of security vulnerabilities516