516 matches found
CVE-2008-2592
CVE-2008-2592 affects Oracle Database Advanced Replication (SYS.DBMS_DEFER_SYS.DELETE_TRAN) across 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, 11.1.0.6. The issue is a SQL injection claim targeting DELETE_TRAN; Oracle CPU July 2008 provides the patch. Exploitation is described as remot...
CVE-2011-0811
CVE-2011-0811 affects Oracle Database Server (10.1.0.5, 10.2.0.3, 10.2.0.4) and Oracle Enterprise Manager Grid Control (10.1.0.6, 10.2.0.5) via the Enterprise Config Management component. The vulnerability allegedly allows local users to affect confidentiality through unknown vectors. Connected s...
CVE-2015-4794
CVE-2015-4794 affects Oracle Database Server Java VM in versions 11.2.0.4, 12.1.0.1, and 12.1.0.2. The vulnerability involves the Java VM component and allows remote authenticated users to impact confidentiality, integrity, and availability via unknown vectors. The provided documents do not speci...
CVE-2018-3110
CVE-2018-3110 affects Oracle Database Server’s Java VM component. Affected versions: 11.2.0.4, 12.1.0.2, 12.2.0.1, and 18. An attacker with Create Session privilege and network access via Oracle Net can remotely exploit to take over the Java VM; impact may extend to other products. CVSSv3 base sc...
CVE-2006-1884
Technical details for CVE-2006-1884 are not publicly available in the provided documents. No affected product/version, impact, or remediation is described here. Monitor for updates from official advisories and vulnerability databases.
CVE-2021-1993
CVE-2021-1993 affects Oracle Database Server’s Java VM component. Affected versions: 12.1.0.2, 12.2.0.1, 18c, 19c. An attacker with Create Session via Oracle Net and low privileges, requiring user interaction, can impact data integrity by compromising Java VM. CVSSv3.1 base score 4.8 (I), vector ...
CVE-2002-0843
CVE-2002-0843 affects Apache httpd’s ApacheBench benchmark tool (ab.c). The description specifies buffer overflows in ab.c that occur in Apache before 1.3.27 and in Apache 2.x before 2.0.43. A malicious web server can trigger a long response to cause a denial of service and potentially execute ar...
CVE-2008-2604
CVE-2008-2604 is an Oracle Database 11.1.0.6 vulnerability in the Authentication component over Oracle Net. The Oracle CPU July 2008 Risk Matrix lists CVE-2008-2604 under Authentication (Network) with a base CVSS v2 score of 5.5 (Partial confidentiality/integrity/availability impact) and notes th...
CVE-2009-1021
CVE-2009-1021 affects Oracle Database Advanced Replication (REPCAT_RPC.VALIDATE_REMOTE_RC) and can be exploited by remote authenticated users to impact confidentiality and integrity. Affected versions include Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3. The vulnerability arises fro...
CVE-2012-3137
CVE-2012-3137 affects Oracle Database Server (10.2.x, 11.1.x, 11.2.x series). The issue is a flaw in the O5LOGIN authentication protocol that lets remote attackers obtain the session key and salt for arbitrary users, leaking information about the password hash and enabling brute-force password gu...
CVE-2011-2257
CVE-2011-2257 is described as an unspecified vulnerability in the Database Target Type Menus component of Oracle Database Server (versions 10.1.0.5, 10.2.0.x, 11.1.0.x, 11.2.0.x) and Oracle Enterprise Manager Grid Control (10.1.0.6, 10.2.0.5, 11.1.0.1). The reports state that remote attackers can...
CVE-2011-0870
CVE-2011-0870 affects Oracle Database Server and Oracle Enterprise Manager Grid Control in specific older releases (Database Server 10.1.0.5, 10.2.0.3/4/5, 11.1.0.7, 11.2.0.1/2; EM Grid Control 10.1.0.6 and 10.2.0.5). The vulnerability is described as an unspecified issue in the Schema Management...
CVE-2009-1966
CVE-2009-1966 affects Oracle Enterprise Manager 10.2.0.4 (and Oracle Database 11.1.0.7) in the Config Management component. The vulnerability is described as an unspecified issue that allows remote, authenticated users to affect confidentiality and integrity via unknown vectors; the Oracle CPU Ju...
CVE-2011-0792
CVE-2011-0792 affects Oracle Warehouse Builder (OWB) in Oracle Database Server 10.2.0.5 and 11.1.0.7. The vulnerability is a PL/SQL injection in OWBREPOS_OWNER.WB_OLAP_AW_SET_SOLVE_ID, which can let an attacker with OWBREPOS_OWNER rights escalate privileges and potentially access the OS. This is ...
CVE-2011-2239
CVE-2011-2239 refers to an unspecified vulnerability in Oracle Database Server Core RDBMS component affecting versions 10.2.0.3/10.2.0.4/10.2.0.5/11.1.0.7/11.2.0.1/11.2.0.2, related to XMLSEQ_IMP_T. The NVD summary states remote authenticated users could impact confidentiality, integrity, and ava...
CVE-2016-0499
CVE-2016-0499 affects Oracle Database Server’s Java VM component in 11.2.0.4, 12.1.0.1, and 12.1.0.2. The vulnerability allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors; exploitation details are not provided in the included documents. No...
CVE-2009-1969
CVE-2009-1969 is an Oracle Database vulnerability in the Auditing component affecting 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7. The issue allows remote authenticated users to affect confidentiality via unknown vectors. The connected documents confirm affected products/versions and the...
CVE-2011-0831
Oracle CVE-2011-0831 affects Oracle Database Server versions 10.1.0.5, 10.2.0.3/4/5, 11.1.0.7, 11.2.0.1/2 and Oracle Enterprise Manager Grid Control 10.1.0.6/10.2.0.5. Description: Unspecified vulnerability in the Enterprise Config Management component allows remote authenticated users to affect ...
CVE-2021-35576
CVE-2021-35576 is a vulnerability in Oracle Database Server's Unified Audit component affecting 12.1.0.2, 12.2.0.1 and 19c. It allows a high-privileged attacker with Local Logon and network access via Oracle Net to compromise the Unified Audit data, potentially enabling unauthorized update/insert...
CVE-2004-1371
CVE-2004-1371 describes a stack-based buffer overflow in Oracle 9i/10g that allows remote attackers to execute arbitrary code by sending a long token in the text of a wrapped procedure. The vulnerability affects Oracle’s database/server components and can enable remote code execution with the att...
CVE-2009-1973
CVE-2009-1973 affects Oracle Database VPD (Virtual Private Database) in 10.1.0.5, 10.2.0.4, and 11.1.0.7. The vulnerability allows remote authenticated users to affect confidentiality and integrity by abusing VPD policies. Oracle’s July 2009 CPU fixes this issue, with patches available for the af...
CVE-2011-0877
The CVE-2011-0877 entry concerns an unspecified vulnerability in Oracle’s Instance Management component affecting Oracle Database Server versions 10.1.0.5, 10.2.0.3, 10.2.0.4 and Oracle Enterprise Manager Grid Control 10.1.0.6. The issue is described as allowing remote attackers to affect integri...
CVE-2011-0881
CVE-2011-0881 affects the EMCTL component of Oracle Database Server (versions 10.2.0.3/10.2.0.4/11.1.0.7) and Oracle Enterprise Manager Grid Control 10.1.0.6. The vulnerability is described as unspecified with remote impact to integrity via unknown vectors. The NVD entry lists a CVSS v2 base scor...
CVE-2019-2518
The CVE-2019-2518 entry concerns Oracle Database Server’s Java VM component. Affected are Oracle versions 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, and 19c. The vulnerability is described as difficult to exploit and allows a low-privileged attacker with Create Session and Create Procedure privileges, ov...
CVE-2007-0275
CVE-2007-0275 is a documented cross-site scripting (XSS) vulnerability in the Oracle Reports Web Cartridge (RWCGI60) within the Workflow Cartridge component. The issue allows remote authenticated users to inject arbitrary HTML or web script by supplying a crafted value to the genuser parameter of...
CVE-2009-1020
CVE-2009-1020 affects Oracle Database components’ Network Foundation (Oracle Net). The vulnerability is listed under the Oracle July 2009 CPU with a base CVSS v2 score of 9.0 (HIGH). Affected products/versions include Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7. The risk ...
CVE-2020-2510
CVE-2020-2510 affects the Oracle Database Server Core RDBMS component. Affected versions are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, and 19c. The vulnerability allows an unauthenticated attacker with network access via OracleNet to compromise the Core RDBMS and potentially take over the system. Exploi...
CVE-2008-2591
CVE-2008-2591 affects Oracle Database Vault (Oracle Database 9.2.0.8DV, 10.2.0.3, 11.1.0.6). The issue is listed in Oracle’s July 2008 CPU and tied to the Database Vault component, with remote authenticated attack vectors and partial impact on confidentiality, integrity, and availability. The CPU...
CVE-2010-3590
CVE-2010-3590 affects the Oracle Spatial component in Oracle Database Server versions 10.2.0.4, 11.1.0.7, and 11.2.0.1. The issue, tied to MDSYS, permits remote authenticated users to impact confidentiality and integrity. Connected sources note this CVE is among the Oracle January 2011 CPU fixes;...
CVE-2011-2253
CVE-2011-2253 relates to an unspecified vulnerability in the Oracle Database Server Core RDBMS component (Oracle DB Server 10.2.0.3–11.2.0.2) that allows remote authenticated users to affect confidentiality, integrity, and availability, with impact linked to SYSDBA. The vulnerability is documente...
CVE-2020-2735
CVE-2020-2735 is a vulnerability in the Java VM component of Oracle Database Server. Affected Oracle versions are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, and 19c. The issue is difficult to exploit but can be triggered by a low-privileged attacker with Create Session privilege and network access via Or...
CVE-2008-1819
CVE-2008-1819 concerns an unspecified vulnerability in the Oracle Net Services component of Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3 (DB09). The connected sources confirm the affected product area as Oracle Database with Net Services, but do not provide concrete details on root cause, expl...
CVE-2008-2613
CVE-2008-2613 affects Oracle Database 10.2.0.4 and 11.1.0.6, via the Database Scheduler: local, unprivileged user can exploit an untrusted library path (libclntsh.so or libnnz10.so) to gain privileges. Affected patches are part of the July 2008 CPU; remediation is to apply the CPU fixes (10.2.0.4...
CVE-2009-0997
CVE-2009-0997 affects Oracle Database 11.1.0.6 (Database Vault) via an unspecified vulnerability related to DBMS_SYS_SQL that could allow remote authenticated users to affect confidentiality. The issue is addressed in Oracle’s April 2009 Critical Patch Update; apply CPU APR 2009 to mitigate.
CVE-2010-2391
CVE-2010-2391 affects Oracle Database Server Core RDBMS components in Oracle Database Server versions 10.1.0.5 and 10.2.0.3. The vulnerability is described as unspecified, allowing remote authenticated users to impact confidentiality and integrity via unknown vectors. The CVSS data from the refer...
CVE-2011-0785
CVE-2011-0785 affects Oracle Help component exposed by Oracle Database Server (versions 11.1.0.7, 11.2.0.1, 11.2.0.2, 10.1.0.5, 10.2.0.3–10.2.0.5, 10.1.0.5) and Oracle Fusion Middleware (11.1.1.2.0–11.1.1.4.0). Root cause: unspecified vulnerability in the Oracle Help component allowing remote int...
CVE-2015-4796
Technical details for CVE-2015-4796 are not publicly provided in the supplied documents. No concrete affected product/version, root cause, impact, or remediation is specified here. Monitor updates from vendors and security advisories for new information.
CVE-2024-21126
CVE-2024-21126 affects Oracle Database Server’s portable clusterware component. The issue stems from insufficient input validation in Oracle Database Portable Clusterware, allowing an unauthenticated attacker with network access via DNS to compromise the component and potentially cause a partial ...
CVE-2007-2108
CVE-2007-2108 affects Oracle Database Core RDBMS on Windows (versions 9.0.1.5, 9.2.0.8, 10.1.0.5, 10.2.0.2). Remote attackers may gain privileges due to NTLM SSPI AcceptSecurityContext granting privileges based on username while all users appear as Guest. No exploit details provided in the source...
CVE-2008-0349
Technical details for CVE-2008-0349 are not publicly provided in the supplied documents; information about affected versions, root cause, impact, and remediation is not disclosed here. Monitor for updates.
CVE-2008-1818
Technical details for CVE-2008-1818 are not publicly provided in the supplied documents. Available records only describe an unspecified authentication vulnerability in Oracle Database 11.1.0.6 with unknown impact. Monitor for updates from official advisories.
CVE-2008-2600
CVE-2008-2600 is an Oracle Database vulnerability affecting the Oracle Spatial component (MDSYS.SDO_TOPO_MAP) on 10.1.0.5, 10.2.0.3, and 11.1.0.6. The description indicates an unspecified impact with remote authenticated attack vectors. The CVSSv2 base score reported is 6.5 (Medium) with network ...
CVE-2009-0987
CVE-2009-0987 affects Oracle Database: Upgrade component in versions 9.2.0.8, 9.2.0.8DV, 10.1.0.5 and 10.2.0.3. The vulnerability allows remote authenticated users to affect confidentiality and integrity via unknown vectors, with the vulnerability listed in the July 2009 CPU. The Oracle risk matr...
CVE-2009-1967
CVE-2009-1967 affects Oracle Enterprise Manager (Config Management) on Oracle Database 11.1.0.7 and Oracle Enterprise Manager 10.2.0.4. The vulnerability, described as an unspecified issue, allows a remote attacker with a valid session to affect confidentiality and integrity via an unknown vector...
CVE-2010-0900
CVE-2010-0900 involves the Network Layer component (Oracle Net) in Oracle Database Server on Windows (versions 9.2.0.8, 10.1.0.5, 10.2.0.4, 11.1.0.7, 11.2.0.1). The vulnerability allows remote attackers to affect availability via unknown vectors and is listed in the Oracle July 2010 CPU advisory ...
CVE-2010-2390
CVE-2010-2390 describes a buffer overflow in the Oracle Enterprise Manager Grid Control EM Console component when processing overly long HTTP requests. The vulnerability affects Oracle Database Server 10.1.0.5/10.2.0.3, Oracle Fusion Middleware 10.1.2.3/10.1.4.3, and Enterprise Manager Grid Contr...
CVE-2011-0832
CVE-2011-0832 affects Oracle Database Server (Core RDBMS) versions 11.1.0.7, 11.2.0.1, and 11.2.0.2. The vulnerability is described as unspecified with unknown vectors, allowing remote authenticated users to impact confidentiality, integrity, and availability. No concrete root cause, exploit deta...
CVE-2013-1534
The CVE-2013-1534 issue affects Oracle Database Server (11.2.0.2/11.2.0.3) Workload Manager when used in RAC setups. The root cause is a vulnerability in the Workload Manager component that could let remote attackers affect confidentiality, integrity, and availability via unknown vectors. Documen...
CVE-2015-4873
CVE-2015-4873 affects Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2, with vulnerability in the Database Scheduler component that allows local users to impact confidentiality, integrity, and availability via unknown vectors. The cited sources (NVD/SUSE/OpenVAS/Oracle CPU Oct 2015) confir...
CVE-2008-2602
CVE-2008-2602 is an Oracle Database Data Pump vulnerability affecting 10.1.0.5, 10.2.0.4, and 11.1.0.6. The issue involves remote authenticated access via the IMP_FULL_DATABASE role. The impact is not specified in the CVE description. The issue is listed in the July 2008 Critical Patch Update (CP...