516 matches found
CVE-2006-0256
CVE-2006-0256 affects Oracle Database Server in multiple versions (e.g., 8.1.7.x, 9.2.x, 10g) with an unspecified impact in the CVE record. Connected sources describe a login-time SQL injection vulnerability in the Oracle DBMS login/authentication flow (AUTH_ALTER_SESSION) that could enable remot...
CVE-2014-4289
Oracle Database Server (versions 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1) JDBC component vulnerability (CVE-2014-4289) allows remote authenticated users to affect confidentiality and integrity via unknown vectors, per NVD entry. Connected sources corroborate the JDBC-focused issue and reference re...
CVE-2014-6483
CVE-2014-6483 affects the Oracle Database Server, specifically the Application Express component, prior to version 4.2.6. The vulnerability allows remote authenticated users to impact confidentiality, integrity, and availability via unknown vectors. No exploitation details or fixed version are pr...
CVE-2015-0483
CVE-2015-0483 affects Oracle Database Server Core RDBMS components (versions 11.1.0.7, 11.2.0.3/11.2.0.4, 12.1.0.1/12.1.0.2). The description states a remote authenticated impact to integrity via unknown vectors; no concrete exploit details, affected products beyond Oracle Database Server, or rem...
CVE-2017-10120
CVE-2017-10120 affects Oracle Database Server 12.1.0.2 in the RDBMS Security component. The vulnerability allows a local attacker with Create Session and Select Any Dictionary privileges to compromise RDBMS Security, potentially enabling unauthorized update/insert/delete of some data (I: LOW; A/N...
CVE-2019-2516
The CVE-2019-2516 issue affects Oracle Database Server’s Portable Clusterware. Affected: 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c. Root cause: vulnerability in Portable Clusterware that enables a high-privilege Grid Infrastructure User with local logon to compromise Portable Clusterware, potentially tak...
CVE-2020-2737
CVE-2020-2737 affects Oracle Database Server, Core RDBMS component. Affected versions include 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, and 19c. The vulnerability can be exploited by a high-privilege user with Create Session and Execute Catalog Role privileges, with network access via Oracle Net, and re...
CVE-2006-3704
CVE-2006-3704 is an unspecified vulnerability in the Oracle ODBC Driver for Oracle Database 10.1.0.4 with unknown impact and attack vectors. Connected data confirms affected component and version (Oracle ODBC Driver, Oracle DB 10.1.0.4). The Nessus entry (July 2006 CPU) lists this CVE among multi...
CVE-2010-0071
CVE-2010-0071 covers a remote memory-corruption vulnerability in Oracle Database’s TNS Listener that affects 9.2.0.8/9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7. Exploitation is possible via the Oracle Net protocol, potentially impacting confidentiality, integrity, and availability. The vulnerabi...
CVE-2012-0552
CVE-2012-0552 affects the Oracle Spatial component in Oracle Database Server versions (10.2.0.3–11.2.0.3). A root cause described in one connected document is a stack-based buffer overflow that can allow a remote attacker with valid authentication to compromise confidentiality, integrity, and ava...
CVE-2012-3220
CVE-2012-3220 is a published vulnerability in Oracle Spatial/GeoRaster within Oracle Database Server (versions 10.2.0.3–11.2.0.3) that exploits a stack-based overflow in the GeoRaster API. The issue allows a remote attacker who can connect to spatially enabled Oracle databases to execute arbitrar...
CVE-2013-3760
CVE-2013-3760 affects Oracle Database Server installations with Oracle executable component on versions 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3. The vulnerability is described as unspecified and is exploitable by local users, impacting confidentiality, integrity, and availability via...
CVE-2015-4900
CVE-2015-4900 is an Oracle Database Server issue affecting the XDB - XML Database component in versions 11.2.0.4, 12.1.0.1, and 12.1.0.2. The vulnerability is described as unspecified, allowing remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. ...
CVE-2020-2968
CVE-2020-2968 affects Oracle Database Server’s Java VM component. Public docs identify affected versions as 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, and 19c. The vulnerability allows a low-privileged attacker with Create Session and Create Procedure privileges, with network access via multiple protocol...
CVE-2006-2081
CVE-2006-2081 affects Oracle Database Server 10g Release 2, where local users can trigger arbitrary SQL via the GET_DOMAIN_INDEX_METADATA function in DBMS_EXPORT_EXTENSION. The primary issue is insecure privileges that allow SQL to be introduced outside of a character-based injection, not a tradi...
CVE-2014-4292
Technical details are not publicly available in the provided connected documents for CVE-2014-4292; monitor for updates.
CVE-2014-4299
Technical details about CVE-2014-4299 are not publicly provided in the supplied documents; no specifics on affected product versions, root cause, or remediation are available here. Monitor for updates.
CVE-2019-2909
CVE-2019-2909 affects Oracle Database Server in the Java VM component. Affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. It can be exploited with network access via multiple protocols by an unauthenticated attacker to compromise Java VM, potentially leading to unauthorized creation, deletio...
CVE-2019-2954
Oracle CVE-2019-2954 affects the Core RDBMS component of Oracle Database Server. Affected versions are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. The vulnerability can be exploited by a low-privilege user with Create Session and Create Procedure privileges who can log on to the infrastructure whe...
CVE-2021-2000
CVE-2021-2000 affects Oracle Database Server’s Unified Audit component. Affected: 12.1.0.2, 12.2.0.1, 18c, 19c. Root cause described as a vulnerability in the Unified Audit data handling that a high-privilege SYS user with network access via Oracle Net could exploit to perform unauthorized update...
CVE-2003-0727
CVE-2003-0727 refers to multiple buffer overflows in the Oracle 9i Database Release 2 XML DB (XDB) functionality. Public references describe stack/buffer overflow conditions in Oracle 9i XDB services (HTTP and FTP) that can be triggered by long inputs to XDB commands, enabling local users to caus...
CVE-2012-0510
CVE-2012-0510 affects Oracle Database Server 10.2.0.3/10.2.0.4/10.2.0.5 and 11.1.0.7, where the Core RDBMS component contains an unspecified vulnerability that allows remote attackers to impact integrity and availability via unknown vectors. Multiple connected sources reiterate the issue as an un...
CVE-2014-0378
CVE-2014-0378 affects Oracle Database Server’s Spatial component across 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1. The vulnerability is described as unspecified, enabling local users to impact confidentiality, integrity, and availability via unknown vectors. CVSS v2 base score is 4.1 (MEDIUM), w...
CVE-2014-6578
CVE-2014-6578 affects Oracle Database Server Workspace Manager component in Oracle Database versions 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1. The vulnerability allows remote authenticated users to impact confidentiality, integrity, and availability via vectors related to SDO_TOPO and WMSYS.LT....
CVE-2015-4857
CVE-2015-4857 affects Oracle Database Server 12.1.0.1 and 12.1.0.2 (RDBMS component). The vulnerability is described as unspecified with remote authenticated access that could impact confidentiality and integrity via unknown vectors. Documented exposure is supported by multiple sources (NVD entry...
CVE-2006-0552
Technical details about CVE-2006-0552 (affected Oracle Net Listener, impact, exploitability, and fix) are not publicly provided in the supplied documents; monitor for official advisories for concrete information.
CVE-2007-2130
CVE-2007-2130 describes an unspecified vulnerability in Oracle’s Workflow Cartridge affecting Oracle Database Server (9.2.0.1, 10.1.0.2, 10.2.0.1), Application Server (9.0.4.3, 10.1.2.0.2), Collaboration Suite (10.1.2), and E-Business Suite. The description indicates unknown impact and remote aut...
CVE-2009-1996
CVE-2009-1996 affects Oracle Database Logical Standby (Oracle Net) and is listed among Oracle’s January 2010 CPU fixes. The vulnerability allows a remote attacker (no authentication required for the exploit in some vectors) to impact integrity via unknown vectors; the CVSSv2 base score in NVD is ...
CVE-2009-3414
CVE-2009-3414 concerns Oracle Spatial in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3. The vulnerability is described as unspecified and allows remote authenticated users to affect confidentiality and integrity via unknown vectors. Affected component is Oracle Spatial within the dat...
CVE-2014-4290
Technical details for CVE-2014-4290 are not publicly available in the provided documents. Monitor for updates from Oracle or security advisories.
CVE-2016-0461
CVE-2016-0461 affects Oracle Database Server XDB (XML Database) components. Affected are Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2. The vulnerability is described as unspecified, allowing remote authenticated users to affect availability via unknown vectors. No exploit details are p...
CVE-2016-3562
Oracle Database Server (RDBMS Security and SQL*Plus components) is affected by CVE-2016-3562 in versions 11.2.0.4 and 12.1.0.2. The vulnerability is described as unspecified and allows remote administrators to affect confidentiality via vectors related to DBA. The NVD entry lists CVSSv3 impact as...
CVE-2016-5555
CVE-2016-5555 affects Oracle Database Server 11.2.0.4 and 12.1.0.2, via the OJVM component. The vulnerability allows remote administrators to impact confidentiality, integrity, and availability from unknown vectors. NVD CVSSv3 base score is 9.1 (CRITICAL); CVSSv2 is 6.5 (MEDIUM) with partial impa...
CVE-2019-2734
CVE-2019-2734 affects Oracle Database Server Core RDBMS in 12.2.0.1, 18c and 19c. A low-privileged user with Create Session and DBMS_ADVISOR Execute privileges, over OracleNet, can compromise Core RDBMS data resulting in possible unauthorized updates/inserts/deletes (I by CVSSv3 4.3). Public docu...
CVE-2019-2753
CVE-2019-2753 affects Oracle Text in Oracle Database Server for 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c. The vulnerability allows a low-privileged user with Create Session and network access via OracleNet to read a subset of Oracle Text data and potentially cause partial denial of service. Exploitat...
CVE-2024-20995
The CVE refers to Oracle Database Sharding in Oracle Database Server. Affected: Oracle Database Server 19.3–19.22 and 21.3–21.13. Root cause: insufficient input validation in the Oracle Database Sharding component. Impact: high-privileged DBA with network access via Oracle Net can cause partial d...
CVE-2005-1197
CVE-2005-1197 is a SQL injection vulnerability in Oracle Database Server 10g affecting the SYS.DBMS_CDC_IPUBLISH.CREATE_SCN_CHANGE_SET procedure via the CHANGE_SET_NAME parameter. Remote attackers could potentially execute arbitrary SQL commands; impact and remediation details are not specified i...
CVE-2008-0340
CVE-2008-0340 concerns Oracle Database with multiple unspecified vulnerabilities affecting the Advanced Queuing (DB02) and Oracle Spatial (DB04) components across several versions (e.g., 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3). The description notes unknown impact and remote attack...
CVE-2008-0344
Technical details about CVE-2008-0344 are not publicly available in the provided documents. The records note an unspecified vulnerability in the Oracle Spatial component with unknown impact; monitor for updates.
CVE-2012-0525
CVE-2012-0525 affects Oracle Enterprise Manager Base Platform in Oracle Database Server 11.1.0.7, 11.2.0.2, 11.2.0.3 and Oracle Enterprise Manager Grid Control 10.2.0.5 and 11.1.0.1. Connected documentation confirms a SQL Injection vulnerability in the Enterprise Manager web app (searchPage: /em/...
CVE-2013-3771
CVE-2013-3771 affects Oracle Database Server 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3. It is an unspecified local vulnerability in the Oracle executable component that could impact confidentiality, integrity, and availability via unknown vectors. The connected docs do not provide conc...
CVE-2014-4236
CVE-2014-4236 affects Oracle Database Server 11.2.0.4 and 12.1.0.1, with an unspecified vulnerability in the RDBMS Core component. The impact is partial confidentiality, partial integrity, and partial availability. Exploitation requires remote authenticated access, and the vectors are not detaile...
CVE-2014-4310
Technical details about CVE-2014-4310 are not publicly available in the provided documents. Connected EUVD entries reference malware but do not specify affected products/versions/root cause. Monitor for updates.
CVE-2014-6454
Oracle Database Server contains an unspecified vulnerability in the SQLJ component affecting multiple versions (11.1.0.7, 11.2.0.3/4, 12.1.0.1/2). The issue allows remote authenticated users to impact confidentiality via unknown vectors. No concrete exploit or vector details are provided in the s...
CVE-2014-6477
Technical details about CVE-2014-6477 (affected Oracle JPublisher component and specific versions, impact, vectors, and fixes) are not publicly available in the provided documents. Monitor for updates.
CVE-2014-6547
Technical details are not publicly available in the provided documents. No confirmed affected products, impact, or remediation are stated. Monitor for updates.
CVE-2015-0479
CVE-2015-0479 is mapped to Oracle Database Server and is referenced in multiple sources as an unspecified vulnerability affecting the XDK/XDB XML Database component. The connected documents indicate affected software: Oracle Database Server versions 11.2.0.3, 11.2.0.4, and 12.1.0.1, with impact d...
CVE-2015-2629
CVE-2015-2629 affects Oracle Database Server’s Java VM component. The SUSE security update notes that the vulnerability allows authenticated network attackers to compromise confidentiality, integrity, and availability via multiple protocols, potentially leading to arbitrary code execution and ope...
CVE-2015-2655
Oracle Application Express (APEX) in Oracle Database Server is affected by CVE-2015-2655: a cross-site scripting vulnerability affecting all versions prior to 4.2.3.00.08. It can impact confidentiality and integrity via remote access authenticated users. The fixed version is 4.2.3.00.08. Mitigati...
CVE-2015-4753
CVE-2015-4753 affects Oracle Database Server, specifically the RDBMS Support Tools component. The linked SUSE advisory (SUSE-SU-2015:1353-1) describes a vulnerability in Oracle Update/Support Tools where a local attacker could read data and thus compromise confidentiality. This CVE is also listed...