516 matches found
CVE-2011-2243
CVE-2011-2243 affects Oracle Database Server Core RDBMS Component (versions 11.1.0.7.3, 11.2.0.1, 11.2.0.2). The issue is described as an unspecified vulnerability that allows remote authenticated users to affect integrity, related to SYSDBA. The provided documents do not include concrete root-ca...
CVE-2011-2244
CVE-2011-2244 affects Oracle Database Server versions 10.1.0.5, 10.2.x, 11.1.x, 11.2.x and Enterprise Manager Grid Control 10.1.x–11.1.x, as well as related components. The vulnerability is described as unspecified in the Security Framework component, with impact on confidentiality and integrity ...
CVE-2019-2517
CVE-2019-2517 affects Oracle Database Server’s Core RDBMS component (versions 12.2.0.1 and 18c). The vulnerability can be exploited remotely via Oracle Net by a high-privileged attacker with DBFS_ROLE to compromise the Core RDBMS, potentially taking over the component and impacting related produc...
CVE-2020-2512
CVE-2020-2512 is a vulnerability in the Database Gateway for ODBC component of Oracle Database Server . Affected versions are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. An unauthenticated attacker with network access via OracleNet can trigger a hang or frequently repeatable crash (complete DoS) o...
CVE-2021-2234
CVE-2021-2234 affects Oracle Database Server (Java VM component). Affected: 12.1.0.2, 12.2.0.1, 18c, 19c. Vulnerability allows a low-privilege user with Create Session and network access via Oracle Net to compromise the Java VM, with potential for unauthorized creation/deletion/modification of da...
CVE-2008-1821
CVE-2008-1821 affects Oracle Database 9.0.1.5 FIPS+ and 10.1.0.5 in the Advanced Queuing (AQ) component, related to SYS.DBMS_AQJMS_INTERNAL (DB15). The available description in the provided documents indicates an unspecified vulnerability with unknown impact and remote attack vectors, and mention...
CVE-2008-2590
Oracle’s CVE-2008-2590 affects Oracle Database 10.1.0.5 and Enterprise Manager 10.1.0.6 in the Instance Management component. The vulnerability is described as unspecified with unknown impact and requires a valid HTTP session, i.e., it is network-exposed but not openly exploit-able without authen...
CVE-2010-4421
CVE-2010-4421 concerns Oracle Database Server’s Database Vault component (versions 10.2.0.3–11.2.0.1). The connected ThreatPost coverage notes it is remotely exploitable over HTTP without authentication, allowing impacts to confidentiality, integrity, and availability. The CVE is addressed in Ora...
CVE-2011-2240
CVE-2011-2240 affects Oracle Database Server 10.1.0.5, specifically the Oracle Universal Installer component. The vulnerability is described as unspecified and allows local users to affect confidentiality via unknown vectors; no exploit details are provided in the documents. Public references poi...
CVE-2024-21058
CVE-2024-21058 affects Oracle Database Server’s Unified Audit component. Affected: Oracle Database Server versions 19.3–19.22 and 21.3–21.13 . Root cause described as insufficient input validation in the Unified Audit path (per connected PT Security entry). A highly privileged attacker with SYSDB...
CVE-2011-0838
Technical details about CVE-2011-0838 are not publicly provided in the provided documents; monitor for updates.
CVE-2011-2231
CVE-2011-2231 affects Oracle Database Server components (versions 10.1.0.5, 10.2.0.3/4/5, 11.1.0.7, 11.2.0.1) and Oracle Fusion Middleware 10.1.3.5. The XML Developer Kit component harbors an unspecified vulnerability that could allow remote attackers to impact availability via unknown vectors. T...
CVE-2011-3525
Oracle Application Express (APEX) in Oracle Database Server is affected by CVE-2011-3525. The Nessus entry for Oracle APEX CVE-2011-3525 describes an unspecified vulnerability in the APEX component that affects Oracle Database Server versions 3.2 and 4.0, allowing remote authenticated users to im...
CVE-2020-2517
CVE-2020-2517 affects Oracle Database Server (Database Gateway for ODBC). A high-privilege attacker with Create Procedure and Create Database Link privileges over OracleNet can compromise the gateway, enabling unauthorized updates/inserts/deletes and a partial denial of service. Affected versions...
CVE-2008-0345
CVE-2008-0345 : The Connected documents confirm an unspecified vulnerability in the Core RDBMS component of Oracle Database 11.1.0.6. The description provides no detail on the exact affected sub-component, root cause, impact, or exploitation method, only stating “unknown impact” and “remote attac...
CVE-2011-0875
Oracle Database Server EMCTL Component Unspecified Vulnerability (CVE-2011-0875) affects EMCTL in Oracle Database Server 11.1.0.7 and Oracle Enterprise Manager Grid Control 10.1.0.6, 10.2.0.5, and 11.1.0.1. Root cause is an unspecified vulnerability allowing remote authenticated users to affect c...
CVE-2014-6546
CVE-2014-6546 affects Oracle Database Server’s JPublisher component across versions 11.1.0.7, 11.2.0.3/4, and 12.1.0.1/2. The vulnerability allows remote authenticated users to impact confidentiality, integrity, and availability via unknown vectors. The connected sources corroborate the affected ...
CVE-2008-0346
Technical details about CVE-2008-0346 are not publicly provided in the supplied connected documents. The entries reference Oracle Application Server Jinitiator but do not specify vulnerable components, versions, impact, or fixes. Monitor for updates.
CVE-2008-1816
CVE-2008-1816 concerns Oracle Database 10.1.0.5 and 10.2.0.3 with multiple unspecified vulnerabilities, involving the Spatial component (SDO_UTIL, DB05) and the Audit component (fine-grained auditing, DB14). The documented impact is unknown and remote authenticated attack vectors are noted; Oracl...
CVE-2008-2611
CVE-2008-2611 affects Oracle Database Core RDBMS (Oracle Net) and is tracked across multiple database releases: 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.6. The vulnerability is in the Core RDBMS component with remote authentication required and no remote exploit without a...
CVE-2010-2412
CVE-2010-2412 is an OLAP-component vulnerability in Oracle Database Server 11.1.0.7. It requires authentication and is exploitable over the network to affect confidentiality and integrity; there is no reported impact on availability. The Nessus/CPU documentation associates this CVE with the OLAP ...
CVE-2014-6455
CVE-2014-6455 describes an unspecified vulnerability in the SQLJ component of Oracle Database Server versions 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 that allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. Connected sources c...
CVE-2007-3854
CVE-2007-3854 affects Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.5. The entry documents multiple unspecified vulnerabilities allowing remote authenticated users to impact system via two components: the Advanced Queuing component (DB02) and the Spatial component (DB12). The description notes th...
CVE-2008-2608
CVE-2008-2608 affects Oracle Database 10.1.0.5 and 10.2.0.3 Data Pump, involving SYS.KUPF$FILE_INT. The vulnerability is exploitable via Oracle Net with Execute on SYS.KUPF$FILE_INT and requires authentication; impact is tied to availability (per CVSS data: Network, Low complexity, Single auth, P...
CVE-2015-0373
CVE-2015-0373 is an unspecified vulnerability in the Oracle Database Server OJVM component affecting Oracle Database Server versions 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2. The issue allows remote authenticated users to impact confidentiality, integrity, and availability via unknown...
CVE-2018-2680
Oracle Database Server Java VM component vulnerability (CVE-2018-2680) affects 11.2.0.4, 12.1.0.2 and 12.2.0.1. The issue is described as a vulnerability in the Java VM that can be exploited by an unauthenticated attacker with network access via multiple protocols; however, successful exploitatio...
CVE-2008-0347
CVE-2008-0347 concerns an unspecified vulnerability in the Oracle Ultra Search component of Oracle Collaboration Suite 10.1.2, and in related Database 9.2.0.8, 10.1.0.5, 10.2.0.3, and Application Server 9.0.4.3 and 10.1.2.0.2. The issue is described as having unknown impact and local attack vecto...
CVE-2014-6560
The CVE-2014-6560 entry describes an unspecified vulnerability in the Java VM component of Oracle Database Server versions 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2. It allows remote authenticated users to affect confidentiality, integrity, and availability, via unknown vectors, and is...
CVE-2024-21066
CVE-2024-21066 affects Oracle Database Server RDBMS component. Affected versions are 19.3–19.22 and 21.3–21.13. The issue allows a high-privileged, authenticated user with logon access to compromise the RDBMS, with human interaction required. Exploitation is described as feasible by an authentica...
CVE-2024-21174
CVE-2024-21174 affects Oracle Database Server's Java VM component across 19.3–19.23, 21.3–21.14, and 23.4. The root cause is improper resource clearance/release in the Java VM, allowing a low-privileged attacker with Create Session and Create Procedure privileges and network access via Oracle Net...
CVE-2026-46833
CVE-2026-46833 : Vulnerability in the Net Service component of Oracle Database Server. Affects supported versions 23.4.0–23.26.2. The issue allows an unauthenticated attacker with network access via TLS to compromise Net Service, with potential scope changes to impact additional products and poss...
CVE-2014-2406
The CVE-2014-2406 entry concerns Oracle Database Server Core RDBMS, affecting Oracle Database Server versions 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1. The vulnerability is described as unspecified, allowing remote authenticated users to impact confidentiality, integrity, and availability via u...
CVE-2015-2599
CVE-2015-2599 affects Oracle Database Server (RDBMS Scheduler component). Affected versions include 11.1.0.7, 11.2.0.3/11.2.0.4, 12.1.0.1/12.1.0.2. The vulnerability allows remote authenticated users to affect confidentiality via unknown vectors. NVD notes a Network attack vector with Low complex...
CVE-2022-21606
CVE-2022-21606 affects Oracle Database Server 19c, specifically the Oracle Services for Microsoft Transaction Server component on Windows. The vulnerability allows an unauthenticated attacker with network access via HTTP to compromise the Transaction Server component; exploitation requires human ...
CVE-2010-2407
CVE-2010-2407 affects Oracle Database Server (XDK component) in 10.1.0.5, 10.2.0.4 and 11.1.0.7. The vulnerability allows remote attackers to affect integrity via unknown vectors over the network (CVSS v2 base 4.3, MEDIUM). Oracle’s October 2010 CPU includes fixes for this and related issues; rem...
CVE-2014-6538
Technical details about CVE-2014-6538 are not publicly provided in the supplied documents; no concrete affected product, vulnerability type, impact or fix information is disclosed here. Monitor for updates.
CVE-2015-0468
CVE-2015-0468 affects Oracle Database Server’s Core RDBMS component (versions 11.1.0.7, 11.2.0.3, 12.1.0.1). The vulnerability allows remote, authenticated users to impact confidentiality, integrity, and availability via unknown vectors. Public references describe an unspecified vulnerability in ...
CVE-2017-3240
CVE-2017-3240 is tied to the Oracle Database Server, specifically the RDBMS Security component. The vulnerability affects at least version 12.1.0.2 and, as described in the provided documents, enables a low-privileged, locally authenticated attacker to access (read) a subset of data within RDBMS ...
CVE-2019-2571
CVE-2019-2571 affects Oracle Database Server’s RDBMS DataPump component. Affected versions are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c. The issue, described as a high-privilege DBA-authenticated vulnerability exploitable over Oracle Net, can lead to takeover of the DataPump component. Root cause det...
CVE-2008-0343
CVE-2008-0343 concerns an unspecified vulnerability in the Oracle Spatial component affecting Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, and 10.1.0.5. The description notes unknown impact and remote attack vectors (DB06). Public references list multiple advisories; the NVD entry assigns a...
CVE-2017-10282
CVE-2017-10282 affects Oracle Database Server’s Core RDBMS component. Affected versions are 12.1.0.2 and 12.2.0.1. An attacker with Create Session and Execute Catalog Role privileges and network access via Oracle Net can compromise the Core RDBMS, with potential takeover and impacts to confidenti...
CVE-2001-0833
Oracle 8.0.x–9.0.1 contains a buffer overflow in otrcrep that allows local users to execute arbitrary code via a long ORACLE_HOME environment variable. Root cause is a buffer overflow in otrcrep; impact is local code execution with complete confidentiality, integrity, and availability implication...
CVE-2008-6065
Oracle Database Server 10.1/10.2/11g vulnerability: GRANTs for CREATE ANY DIRECTORY plus CREATE OR REPLACE DIRECTORY aliasing allow remote authenticated users to abuse aliased pathnames to overwrite the password file via UTL_FILE, potentially elevating to SYSDBA. Root cause is directory permissio...
CVE-2014-4296
Technical details are not publicly available in the provided documents. Monitor for updates.
CVE-2015-4888
CVE-2015-4888 affects Oracle Database Server components (Java VM) on versions 11.2.0.4, 12.1.0.1, and 12.1.0.2. The issue is described as an unspecified vulnerability in the Java VM component that allows remote authenticated users to impact confidentiality, integrity, and availability via unknown...
CVE-2021-2332
CVE-2021-2332 affects Oracle Database Server’s LogMiner component (affected 12.1.0.2, 12.2.0.1, 19c). An authenticated, high-privilege DBA attacker with Oracle Net access can compromise data integrity, confidentiality and availability, including unauthorized data modification/deletion, read acces...
CVE-2023-22052
CVE-2023-22052 affects Oracle Database Server under the Java VM component. Affected versions are 19.3–19.19 and 21.3–21.10. The issue arises from insufficient input validation in the Java VM, enabling a low-privileged attacker with Create Session and Create Procedure privileges (and network acces...
CVE-2005-0701
Oracle Database Server 8i/9i is affected by a directory traversal vulnerability in the UTL_FILE package (FOPEN, FRENAME) that allows remote attackers to read or rename arbitrary files via crafted ... sequences. The issue stems from insufficient input validation on file-path arguments to UTL_FILE...
CVE-2014-4289
Oracle Database Server (versions 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1) JDBC component vulnerability (CVE-2014-4289) allows remote authenticated users to affect confidentiality and integrity via unknown vectors, per NVD entry. Connected sources corroborate the JDBC-focused issue and reference re...
CVE-2014-6483
CVE-2014-6483 affects the Oracle Database Server, specifically the Application Express component, prior to version 4.2.6. The vulnerability allows remote authenticated users to impact confidentiality, integrity, and availability via unknown vectors. No exploitation details or fixed version are pr...