Lucene search
K
OracleDatabase Server

516 matches found

CVE
CVE
added 2011/07/20 11:0 p.m.91 views

CVE-2011-2243

CVE-2011-2243 affects Oracle Database Server Core RDBMS Component (versions 11.1.0.7.3, 11.2.0.1, 11.2.0.2). The issue is described as an unspecified vulnerability that allows remote authenticated users to affect integrity, related to SYSDBA. The provided documents do not include concrete root-ca...

3.5CVSS5.8AI score0.00769EPSS
CVE
CVE
added 2011/07/20 11:0 p.m.91 views

CVE-2011-2244

CVE-2011-2244 affects Oracle Database Server versions 10.1.0.5, 10.2.x, 11.1.x, 11.2.x and Enterprise Manager Grid Control 10.1.x–11.1.x, as well as related components. The vulnerability is described as unspecified in the Security Framework component, with impact on confidentiality and integrity ...

6.4CVSS5.7AI score0.01936EPSS
CVE
CVE
added 2019/04/23 6:16 p.m.91 views

CVE-2019-2517

CVE-2019-2517 affects Oracle Database Server’s Core RDBMS component (versions 12.2.0.1 and 18c). The vulnerability can be exploited remotely via Oracle Net by a high-privileged attacker with DBFS_ROLE to compromise the Core RDBMS, potentially taking over the component and impacting related produc...

9.1CVSS8.2AI score0.01713EPSS
CVE
CVE
added 2020/01/15 4:33 p.m.91 views

CVE-2020-2512

CVE-2020-2512 is a vulnerability in the Database Gateway for ODBC component of Oracle Database Server . Affected versions are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. An unauthenticated attacker with network access via OracleNet can trigger a hang or frequently repeatable crash (complete DoS) o...

5.9CVSS5.7AI score0.01466EPSS
CVE
CVE
added 2021/04/22 9:53 p.m.90 views

CVE-2021-2234

CVE-2021-2234 affects Oracle Database Server (Java VM component). Affected: 12.1.0.2, 12.2.0.1, 18c, 19c. Vulnerability allows a low-privilege user with Create Session and network access via Oracle Net to compromise the Java VM, with potential for unauthorized creation/deletion/modification of da...

5.3CVSS4.7AI score0.00789EPSS
CVE
CVE
added 2008/04/16 10:0 a.m.89 views

CVE-2008-1821

CVE-2008-1821 affects Oracle Database 9.0.1.5 FIPS+ and 10.1.0.5 in the Advanced Queuing (AQ) component, related to SYS.DBMS_AQJMS_INTERNAL (DB15). The available description in the provided documents indicates an unspecified vulnerability with unknown impact and remote attack vectors, and mention...

9CVSS6AI score0.02896EPSS
CVE
CVE
added 2008/07/15 11:0 p.m.89 views

CVE-2008-2590

Oracle’s CVE-2008-2590 affects Oracle Database 10.1.0.5 and Enterprise Manager 10.1.0.6 in the Instance Management component. The vulnerability is described as unspecified with unknown impact and requires a valid HTTP session, i.e., it is network-exposed but not openly exploit-able without authen...

3.5CVSS5.7AI score0.01084EPSS
CVE
CVE
added 2011/01/19 3:0 p.m.89 views

CVE-2010-4421

CVE-2010-4421 concerns Oracle Database Server’s Database Vault component (versions 10.2.0.3–11.2.0.1). The connected ThreatPost coverage notes it is remotely exploitable over HTTP without authentication, allowing impacts to confidentiality, integrity, and availability. The CVE is addressed in Ora...

6.8CVSS6.2AI score0.0218EPSS
CVE
CVE
added 2011/07/20 11:0 p.m.89 views

CVE-2011-2240

CVE-2011-2240 affects Oracle Database Server 10.1.0.5, specifically the Oracle Universal Installer component. The vulnerability is described as unspecified and allows local users to affect confidentiality via unknown vectors; no exploit details are provided in the documents. Public references poi...

1.7CVSS5.5AI score0.00353EPSS
CVE
CVE
added 2024/04/16 9:26 p.m.89 views

CVE-2024-21058

CVE-2024-21058 affects Oracle Database Server’s Unified Audit component. Affected: Oracle Database Server versions 19.3–19.22 and 21.3–21.13 . Root cause described as insufficient input validation in the Unified Audit path (per connected PT Security entry). A highly privileged attacker with SYSDB...

4.9CVSS6.5AI score0.00411EPSS
CVE
CVE
added 2011/07/20 10:36 p.m.88 views

CVE-2011-0838

Technical details about CVE-2011-0838 are not publicly provided in the provided documents; monitor for updates.

6.5CVSS5.6AI score0.01646EPSS
CVE
CVE
added 2011/07/20 10:36 p.m.88 views

CVE-2011-2231

CVE-2011-2231 affects Oracle Database Server components (versions 10.1.0.5, 10.2.0.3/4/5, 11.1.0.7, 11.2.0.1) and Oracle Fusion Middleware 10.1.3.5. The XML Developer Kit component harbors an unspecified vulnerability that could allow remote attackers to impact availability via unknown vectors. T...

4.3CVSS6.2AI score0.01672EPSS
CVE
CVE
added 2011/10/18 10:0 p.m.88 views

CVE-2011-3525

Oracle Application Express (APEX) in Oracle Database Server is affected by CVE-2011-3525. The Nessus entry for Oracle APEX CVE-2011-3525 describes an unspecified vulnerability in the APEX component that affects Oracle Database Server versions 3.2 and 4.0, allowing remote authenticated users to im...

6.5CVSS5.8AI score0.02462EPSS
CVE
CVE
added 2020/01/15 4:33 p.m.88 views

CVE-2020-2517

CVE-2020-2517 affects Oracle Database Server (Database Gateway for ODBC). A high-privilege attacker with Create Procedure and Create Database Link privileges over OracleNet can compromise the gateway, enabling unauthorized updates/inserts/deletes and a partial denial of service. Affected versions...

4.9CVSS3.5AI score0.0077EPSS
CVE
CVE
added 2008/01/17 10:0 p.m.87 views

CVE-2008-0345

CVE-2008-0345 : The Connected documents confirm an unspecified vulnerability in the Core RDBMS component of Oracle Database 11.1.0.6. The description provides no detail on the exact affected sub-component, root cause, impact, or exploitation method, only stating “unknown impact” and “remote attac...

10CVSS9AI score0.02625EPSS
CVE
CVE
added 2011/07/20 10:36 p.m.87 views

CVE-2011-0875

Oracle Database Server EMCTL Component Unspecified Vulnerability (CVE-2011-0875) affects EMCTL in Oracle Database Server 11.1.0.7 and Oracle Enterprise Manager Grid Control 10.1.0.6, 10.2.0.5, and 11.1.0.1. Root cause is an unspecified vulnerability allowing remote authenticated users to affect c...

5.5CVSS5.5AI score0.0199EPSS
CVE
CVE
added 2014/10/15 10:3 p.m.87 views

CVE-2014-6546

CVE-2014-6546 affects Oracle Database Server’s JPublisher component across versions 11.1.0.7, 11.2.0.3/4, and 12.1.0.1/2. The vulnerability allows remote authenticated users to impact confidentiality, integrity, and availability via unknown vectors. The connected sources corroborate the affected ...

9CVSS5.7AI score0.01721EPSS
CVE
CVE
added 2008/01/17 10:0 p.m.86 views

CVE-2008-0346

Technical details about CVE-2008-0346 are not publicly provided in the supplied connected documents. The entries reference Oracle Application Server Jinitiator but do not specify vulnerable components, versions, impact, or fixes. Monitor for updates.

10CVSS8.9AI score0.02696EPSS
CVE
CVE
added 2008/04/16 10:0 a.m.86 views

CVE-2008-1816

CVE-2008-1816 concerns Oracle Database 10.1.0.5 and 10.2.0.3 with multiple unspecified vulnerabilities, involving the Spatial component (SDO_UTIL, DB05) and the Audit component (fine-grained auditing, DB14). The documented impact is unknown and remote authenticated attack vectors are noted; Oracl...

5.5CVSS6.7AI score0.01849EPSS
CVE
CVE
added 2008/07/15 11:0 p.m.86 views

CVE-2008-2611

CVE-2008-2611 affects Oracle Database Core RDBMS (Oracle Net) and is tracked across multiple database releases: 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.6. The vulnerability is in the Core RDBMS component with remote authentication required and no remote exploit without a...

4CVSS5.8AI score0.01381EPSS
CVE
CVE
added 2010/10/13 11:0 p.m.86 views

CVE-2010-2412

CVE-2010-2412 is an OLAP-component vulnerability in Oracle Database Server 11.1.0.7. It requires authentication and is exploitable over the network to affect confidentiality and integrity; there is no reported impact on availability. The Nessus/CPU documentation associates this CVE with the OLAP ...

5.5CVSS5.5AI score0.01436EPSS
CVE
CVE
added 2014/10/15 3:15 p.m.86 views

CVE-2014-6455

CVE-2014-6455 describes an unspecified vulnerability in the SQLJ component of Oracle Database Server versions 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 that allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. Connected sources c...

9CVSS5.7AI score0.01721EPSS
CVE
CVE
added 2007/07/18 7:0 p.m.85 views

CVE-2007-3854

CVE-2007-3854 affects Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.5. The entry documents multiple unspecified vulnerabilities allowing remote authenticated users to impact system via two components: the Advanced Queuing component (DB02) and the Spatial component (DB12). The description notes th...

5.5CVSS9.4AI score0.02533EPSS
CVE
CVE
added 2008/07/15 11:0 p.m.85 views

CVE-2008-2608

CVE-2008-2608 affects Oracle Database 10.1.0.5 and 10.2.0.3 Data Pump, involving SYS.KUPF$FILE_INT. The vulnerability is exploitable via Oracle Net with Execute on SYS.KUPF$FILE_INT and requires authentication; impact is tied to availability (per CVSS data: Network, Low complexity, Single auth, P...

4CVSS5.5AI score0.01381EPSS
CVE
CVE
added 2015/01/21 6:0 p.m.85 views

CVE-2015-0373

CVE-2015-0373 is an unspecified vulnerability in the Oracle Database Server OJVM component affecting Oracle Database Server versions 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2. The issue allows remote authenticated users to impact confidentiality, integrity, and availability via unknown...

6.5CVSS5.7AI score0.01293EPSS
CVE
CVE
added 2018/01/18 2:0 a.m.85 views

CVE-2018-2680

Oracle Database Server Java VM component vulnerability (CVE-2018-2680) affects 11.2.0.4, 12.1.0.2 and 12.2.0.1. The issue is described as a vulnerability in the Java VM that can be exploited by an unauthenticated attacker with network access via multiple protocols; however, successful exploitatio...

8.3CVSS8.1AI score0.0169EPSS
CVE
CVE
added 2008/01/17 10:0 p.m.84 views

CVE-2008-0347

CVE-2008-0347 concerns an unspecified vulnerability in the Oracle Ultra Search component of Oracle Collaboration Suite 10.1.2, and in related Database 9.2.0.8, 10.1.0.5, 10.2.0.3, and Application Server 9.0.4.3 and 10.1.2.0.2. The issue is described as having unknown impact and local attack vecto...

10CVSS8.6AI score0.02696EPSS
CVE
CVE
added 2014/10/15 10:3 p.m.84 views

CVE-2014-6560

The CVE-2014-6560 entry describes an unspecified vulnerability in the Java VM component of Oracle Database Server versions 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2. It allows remote authenticated users to affect confidentiality, integrity, and availability, via unknown vectors, and is...

9CVSS5.7AI score0.02457EPSS
CVE
CVE
added 2024/04/16 9:26 p.m.84 views

CVE-2024-21066

CVE-2024-21066 affects Oracle Database Server RDBMS component. Affected versions are 19.3–19.22 and 21.3–21.13. The issue allows a high-privileged, authenticated user with logon access to compromise the RDBMS, with human interaction required. Exploitation is described as feasible by an authentica...

4.2CVSS5.3AI score0.0025EPSS
CVE
CVE
added 2024/07/16 10:40 p.m.84 views

CVE-2024-21174

CVE-2024-21174 affects Oracle Database Server's Java VM component across 19.3–19.23, 21.3–21.14, and 23.4. The root cause is improper resource clearance/release in the Java VM, allowing a low-privileged attacker with Create Session and Create Procedure privileges and network access via Oracle Net...

3.1CVSS2.6AI score0.00318EPSS
CVE
CVE
added 2026/05/28 8:17 p.m.84 views

CVE-2026-46833

CVE-2026-46833 : Vulnerability in the Net Service component of Oracle Database Server. Affects supported versions 23.4.0–23.26.2. The issue allows an unauthenticated attacker with network access via TLS to compromise Net Service, with potential scope changes to impact additional products and poss...

9CVSS5.8AI score0.00328EPSS
CVE
CVE
added 2014/04/16 1:0 a.m.83 views

CVE-2014-2406

The CVE-2014-2406 entry concerns Oracle Database Server Core RDBMS, affecting Oracle Database Server versions 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1. The vulnerability is described as unspecified, allowing remote authenticated users to impact confidentiality, integrity, and availability via u...

8.5CVSS5.6AI score0.02171EPSS
CVE
CVE
added 2015/07/16 10:0 a.m.83 views

CVE-2015-2599

CVE-2015-2599 affects Oracle Database Server (RDBMS Scheduler component). Affected versions include 11.1.0.7, 11.2.0.3/11.2.0.4, 12.1.0.1/12.1.0.2. The vulnerability allows remote authenticated users to affect confidentiality via unknown vectors. NVD notes a Network attack vector with Low complex...

4CVSS5.5AI score0.01729EPSS
CVE
CVE
added 2022/10/18 12:0 a.m.83 views

CVE-2022-21606

CVE-2022-21606 affects Oracle Database Server 19c, specifically the Oracle Services for Microsoft Transaction Server component on Windows. The vulnerability allows an unauthenticated attacker with network access via HTTP to compromise the Transaction Server component; exploitation requires human ...

6.1CVSS5.9AI score0.00456EPSS
CVE
CVE
added 2010/10/13 10:0 p.m.82 views

CVE-2010-2407

CVE-2010-2407 affects Oracle Database Server (XDK component) in 10.1.0.5, 10.2.0.4 and 11.1.0.7. The vulnerability allows remote attackers to affect integrity via unknown vectors over the network (CVSS v2 base 4.3, MEDIUM). Oracle’s October 2010 CPU includes fixes for this and related issues; rem...

4.3CVSS6.1AI score0.01538EPSS
CVE
CVE
added 2014/10/15 10:3 p.m.82 views

CVE-2014-6538

Technical details about CVE-2014-6538 are not publicly provided in the supplied documents; no concrete affected product, vulnerability type, impact or fix information is disclosed here. Monitor for updates.

4CVSS5.5AI score0.01454EPSS
CVE
CVE
added 2015/07/16 10:0 a.m.82 views

CVE-2015-0468

CVE-2015-0468 affects Oracle Database Server’s Core RDBMS component (versions 11.1.0.7, 11.2.0.3, 12.1.0.1). The vulnerability allows remote, authenticated users to impact confidentiality, integrity, and availability via unknown vectors. Public references describe an unspecified vulnerability in ...

6CVSS5.7AI score0.01686EPSS
CVE
CVE
added 2017/01/27 10:1 p.m.82 views

CVE-2017-3240

CVE-2017-3240 is tied to the Oracle Database Server, specifically the RDBMS Security component. The vulnerability affects at least version 12.1.0.2 and, as described in the provided documents, enables a low-privileged, locally authenticated attacker to access (read) a subset of data within RDBMS ...

3.3CVSS3.7AI score0.00389EPSS
CVE
CVE
added 2019/04/23 6:16 p.m.82 views

CVE-2019-2571

CVE-2019-2571 affects Oracle Database Server’s RDBMS DataPump component. Affected versions are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c. The issue, described as a high-privilege DBA-authenticated vulnerability exploitable over Oracle Net, can lead to takeover of the DataPump component. Root cause det...

6.6CVSS6.7AI score0.0115EPSS
CVE
CVE
added 2008/01/17 10:0 p.m.81 views

CVE-2008-0343

CVE-2008-0343 concerns an unspecified vulnerability in the Oracle Spatial component affecting Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, and 10.1.0.5. The description notes unknown impact and remote attack vectors (DB06). Public references list multiple advisories; the NVD entry assigns a...

10CVSS8.9AI score0.02625EPSS
CVE
CVE
added 2018/01/18 2:0 a.m.81 views

CVE-2017-10282

CVE-2017-10282 affects Oracle Database Server’s Core RDBMS component. Affected versions are 12.1.0.2 and 12.2.0.1. An attacker with Create Session and Execute Catalog Role privileges and network access via Oracle Net can compromise the Core RDBMS, with potential takeover and impacts to confidenti...

9.1CVSS8.3AI score0.01747EPSS
CVE
CVE
added 2002/03/09 5:0 a.m.80 views

CVE-2001-0833

Oracle 8.0.x–9.0.1 contains a buffer overflow in otrcrep that allows local users to execute arbitrary code via a long ORACLE_HOME environment variable. Root cause is a buffer overflow in otrcrep; impact is local code execution with complete confidentiality, integrity, and availability implication...

7.2CVSS7.4AI score0.02146EPSS
CVE
CVE
added 2009/02/05 2:0 a.m.80 views

CVE-2008-6065

Oracle Database Server 10.1/10.2/11g vulnerability: GRANTs for CREATE ANY DIRECTORY plus CREATE OR REPLACE DIRECTORY aliasing allow remote authenticated users to abuse aliased pathnames to overwrite the password file via UTL_FILE, potentially elevating to SYSDBA. Root cause is directory permissio...

5.1CVSS6.9AI score0.02198EPSS
CVE
CVE
added 2014/10/15 3:15 p.m.80 views

CVE-2014-4296

Technical details are not publicly available in the provided documents. Monitor for updates.

4CVSS5.5AI score0.00995EPSS
CVE
CVE
added 2015/10/21 11:0 p.m.80 views

CVE-2015-4888

CVE-2015-4888 affects Oracle Database Server components (Java VM) on versions 11.2.0.4, 12.1.0.1, and 12.1.0.2. The issue is described as an unspecified vulnerability in the Java VM component that allows remote authenticated users to impact confidentiality, integrity, and availability via unknown...

6.5CVSS8AI score0.01724EPSS
CVE
CVE
added 2021/10/20 10:49 a.m.80 views

CVE-2021-2332

CVE-2021-2332 affects Oracle Database Server’s LogMiner component (affected 12.1.0.2, 12.2.0.1, 19c). An authenticated, high-privilege DBA attacker with Oracle Net access can compromise data integrity, confidentiality and availability, including unauthorized data modification/deletion, read acces...

6.7CVSS6.3AI score0.00856EPSS
CVE
CVE
added 2023/07/18 8:18 p.m.80 views

CVE-2023-22052

CVE-2023-22052 affects Oracle Database Server under the Java VM component. Affected versions are 19.3–19.19 and 21.3–21.10. The issue arises from insufficient input validation in the Java VM, enabling a low-privileged attacker with Create Session and Create Procedure privileges (and network acces...

3.1CVSS2.5AI score0.00346EPSS
CVE
CVE
added 2005/03/09 5:0 a.m.79 views

CVE-2005-0701

Oracle Database Server 8i/9i is affected by a directory traversal vulnerability in the UTL_FILE package (FOPEN, FRENAME) that allows remote attackers to read or rename arbitrary files via crafted ... sequences. The issue stems from insufficient input validation on file-path arguments to UTL_FILE...

5CVSS6.2AI score0.18145EPSS
CVE
CVE
added 2014/10/15 3:15 p.m.79 views

CVE-2014-4289

Oracle Database Server (versions 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1) JDBC component vulnerability (CVE-2014-4289) allows remote authenticated users to affect confidentiality and integrity via unknown vectors, per NVD entry. Connected sources corroborate the JDBC-focused issue and reference re...

3.6CVSS5.6AI score0.01187EPSS
CVE
CVE
added 2014/10/15 3:15 p.m.79 views

CVE-2014-6483

CVE-2014-6483 affects the Oracle Database Server, specifically the Application Express component, prior to version 4.2.6. The vulnerability allows remote authenticated users to impact confidentiality, integrity, and availability via unknown vectors. No exploitation details or fixed version are pr...

6CVSS5.7AI score0.00966EPSS
Total number of security vulnerabilities516