516 matches found
CVE-2020-2968
CVE-2020-2968 affects Oracle Database Server’s Java VM component. Public docs identify affected versions as 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, and 19c. The vulnerability allows a low-privileged attacker with Create Session and Create Procedure privileges, with network access via multiple protocol...
CVE-2021-2332
CVE-2021-2332 affects Oracle Database Server’s LogMiner component (affected 12.1.0.2, 12.2.0.1, 19c). An authenticated, high-privilege DBA attacker with Oracle Net access can compromise data integrity, confidentiality and availability, including unauthorized data modification/deletion, read acces...
CVE-2023-22052
CVE-2023-22052 affects Oracle Database Server under the Java VM component. Affected versions are 19.3–19.19 and 21.3–21.10. The issue arises from insufficient input validation in the Java VM, enabling a low-privileged attacker with Create Session and Create Procedure privileges (and network acces...
CVE-2001-0833
Oracle 8.0.x–9.0.1 contains a buffer overflow in otrcrep that allows local users to execute arbitrary code via a long ORACLE_HOME environment variable. Root cause is a buffer overflow in otrcrep; impact is local code execution with complete confidentiality, integrity, and availability implication...
CVE-2005-0701
Oracle Database Server 8i/9i is affected by a directory traversal vulnerability in the UTL_FILE package (FOPEN, FRENAME) that allows remote attackers to read or rename arbitrary files via crafted ... sequences. The issue stems from insufficient input validation on file-path arguments to UTL_FILE...
CVE-2006-0256
CVE-2006-0256 affects Oracle Database Server in multiple versions (e.g., 8.1.7.x, 9.2.x, 10g) with an unspecified impact in the CVE record. Connected sources describe a login-time SQL injection vulnerability in the Oracle DBMS login/authentication flow (AUTH_ALTER_SESSION) that could enable remot...
CVE-2014-4289
Oracle Database Server (versions 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1) JDBC component vulnerability (CVE-2014-4289) allows remote authenticated users to affect confidentiality and integrity via unknown vectors, per NVD entry. Connected sources corroborate the JDBC-focused issue and reference re...
CVE-2014-6483
CVE-2014-6483 affects the Oracle Database Server, specifically the Application Express component, prior to version 4.2.6. The vulnerability allows remote authenticated users to impact confidentiality, integrity, and availability via unknown vectors. No exploitation details or fixed version are pr...
CVE-2019-2799
CVE-2019-2799 describes a heap-based buffer overflow in the Oracle Database Server’s ODBC Driver on Windows. The ZDI advisory (ZDI-19-662) notes remote code execution via parsing certain attributes in the ODBC driver; exploitation requires user interaction (visiting a malicious page or opening a ...
CVE-2021-2000
CVE-2021-2000 affects Oracle Database Server’s Unified Audit component. Affected: 12.1.0.2, 12.2.0.1, 18c, 19c. Root cause described as a vulnerability in the Unified Audit data handling that a high-privilege SYS user with network access via Oracle Net could exploit to perform unauthorized update...
CVE-2012-0510
CVE-2012-0510 affects Oracle Database Server 10.2.0.3/10.2.0.4/10.2.0.5 and 11.1.0.7, where the Core RDBMS component contains an unspecified vulnerability that allows remote attackers to impact integrity and availability via unknown vectors. Multiple connected sources reiterate the issue as an un...
CVE-2012-3220
CVE-2012-3220 is a published vulnerability in Oracle Spatial/GeoRaster within Oracle Database Server (versions 10.2.0.3–11.2.0.3) that exploits a stack-based overflow in the GeoRaster API. The issue allows a remote attacker who can connect to spatially enabled Oracle databases to execute arbitrar...
CVE-2013-3760
CVE-2013-3760 affects Oracle Database Server installations with Oracle executable component on versions 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3. The vulnerability is described as unspecified and is exploitable by local users, impacting confidentiality, integrity, and availability via...
CVE-2014-4299
Technical details about CVE-2014-4299 are not publicly provided in the supplied documents; no specifics on affected product versions, root cause, or remediation are available here. Monitor for updates.
CVE-2017-10120
CVE-2017-10120 affects Oracle Database Server 12.1.0.2 in the RDBMS Security component. The vulnerability allows a local attacker with Create Session and Select Any Dictionary privileges to compromise RDBMS Security, potentially enabling unauthorized update/insert/delete of some data (I: LOW; A/N...
CVE-2019-2909
CVE-2019-2909 affects Oracle Database Server in the Java VM component. Affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. It can be exploited with network access via multiple protocols by an unauthenticated attacker to compromise Java VM, potentially leading to unauthorized creation, deletio...
CVE-2019-2954
Oracle CVE-2019-2954 affects the Core RDBMS component of Oracle Database Server. Affected versions are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. The vulnerability can be exploited by a low-privilege user with Create Session and Create Procedure privileges who can log on to the infrastructure whe...
CVE-2020-2737
CVE-2020-2737 affects Oracle Database Server, Core RDBMS component. Affected versions include 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, and 19c. The vulnerability can be exploited by a high-privilege user with Create Session and Execute Catalog Role privileges, with network access via Oracle Net, and re...
CVE-2003-0727
CVE-2003-0727 refers to multiple buffer overflows in the Oracle 9i Database Release 2 XML DB (XDB) functionality. Public references describe stack/buffer overflow conditions in Oracle 9i XDB services (HTTP and FTP) that can be triggered by long inputs to XDB commands, enabling local users to caus...
CVE-2006-2081
CVE-2006-2081 affects Oracle Database Server 10g Release 2, where local users can trigger arbitrary SQL via the GET_DOMAIN_INDEX_METADATA function in DBMS_EXPORT_EXTENSION. The primary issue is insecure privileges that allow SQL to be introduced outside of a character-based injection, not a tradi...
CVE-2010-0071
CVE-2010-0071 covers a remote memory-corruption vulnerability in Oracle Database’s TNS Listener that affects 9.2.0.8/9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7. Exploitation is possible via the Oracle Net protocol, potentially impacting confidentiality, integrity, and availability. The vulnerabi...
CVE-2012-0552
CVE-2012-0552 affects the Oracle Spatial component in Oracle Database Server versions (10.2.0.3–11.2.0.3). A root cause described in one connected document is a stack-based buffer overflow that can allow a remote attacker with valid authentication to compromise confidentiality, integrity, and ava...
CVE-2014-4292
Technical details are not publicly available in the provided connected documents for CVE-2014-4292; monitor for updates.
CVE-2014-6578
CVE-2014-6578 affects Oracle Database Server Workspace Manager component in Oracle Database versions 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1. The vulnerability allows remote authenticated users to impact confidentiality, integrity, and availability via vectors related to SDO_TOPO and WMSYS.LT....
CVE-2007-2130
CVE-2007-2130 describes an unspecified vulnerability in Oracle’s Workflow Cartridge affecting Oracle Database Server (9.2.0.1, 10.1.0.2, 10.2.0.1), Application Server (9.0.4.3, 10.1.2.0.2), Collaboration Suite (10.1.2), and E-Business Suite. The description indicates unknown impact and remote aut...
CVE-2014-0378
CVE-2014-0378 affects Oracle Database Server’s Spatial component across 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1. The vulnerability is described as unspecified, enabling local users to impact confidentiality, integrity, and availability via unknown vectors. CVSS v2 base score is 4.1 (MEDIUM), w...
CVE-2014-4290
Technical details for CVE-2014-4290 are not publicly available in the provided documents. Monitor for updates from Oracle or security advisories.
CVE-2015-4753
CVE-2015-4753 affects Oracle Database Server, specifically the RDBMS Support Tools component. The linked SUSE advisory (SUSE-SU-2015:1353-1) describes a vulnerability in Oracle Update/Support Tools where a local attacker could read data and thus compromise confidentiality. This CVE is also listed...
CVE-2015-4857
CVE-2015-4857 affects Oracle Database Server 12.1.0.1 and 12.1.0.2 (RDBMS component). The vulnerability is described as unspecified with remote authenticated access that could impact confidentiality and integrity via unknown vectors. Documented exposure is supported by multiple sources (NVD entry...
CVE-2019-2753
CVE-2019-2753 affects Oracle Text in Oracle Database Server for 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c. The vulnerability allows a low-privileged user with Create Session and network access via OracleNet to read a subset of Oracle Text data and potentially cause partial denial of service. Exploitat...
CVE-2006-0552
Technical details about CVE-2006-0552 (affected Oracle Net Listener, impact, exploitability, and fix) are not publicly provided in the supplied documents; monitor for official advisories for concrete information.
CVE-2008-0340
CVE-2008-0340 concerns Oracle Database with multiple unspecified vulnerabilities affecting the Advanced Queuing (DB02) and Oracle Spatial (DB04) components across several versions (e.g., 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3). The description notes unknown impact and remote attack...
CVE-2008-0344
Technical details about CVE-2008-0344 are not publicly available in the provided documents. The records note an unspecified vulnerability in the Oracle Spatial component with unknown impact; monitor for updates.
CVE-2009-1996
CVE-2009-1996 affects Oracle Database Logical Standby (Oracle Net) and is listed among Oracle’s January 2010 CPU fixes. The vulnerability allows a remote attacker (no authentication required for the exploit in some vectors) to impact integrity via unknown vectors; the CVSSv2 base score in NVD is ...
CVE-2009-3414
CVE-2009-3414 concerns Oracle Spatial in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3. The vulnerability is described as unspecified and allows remote authenticated users to affect confidentiality and integrity via unknown vectors. Affected component is Oracle Spatial within the dat...
CVE-2012-0525
CVE-2012-0525 affects Oracle Enterprise Manager Base Platform in Oracle Database Server 11.1.0.7, 11.2.0.2, 11.2.0.3 and Oracle Enterprise Manager Grid Control 10.2.0.5 and 11.1.0.1. Connected documentation confirms a SQL Injection vulnerability in the Enterprise Manager web app (searchPage: /em/...
CVE-2014-4310
Technical details about CVE-2014-4310 are not publicly available in the provided documents. Connected EUVD entries reference malware but do not specify affected products/versions/root cause. Monitor for updates.
CVE-2015-0479
CVE-2015-0479 is mapped to Oracle Database Server and is referenced in multiple sources as an unspecified vulnerability affecting the XDK/XDB XML Database component. The connected documents indicate affected software: Oracle Database Server versions 11.2.0.3, 11.2.0.4, and 12.1.0.1, with impact d...
CVE-2016-0461
CVE-2016-0461 affects Oracle Database Server XDB (XML Database) components. Affected are Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2. The vulnerability is described as unspecified, allowing remote authenticated users to affect availability via unknown vectors. No exploit details are p...
CVE-2016-5555
CVE-2016-5555 affects Oracle Database Server 11.2.0.4 and 12.1.0.2, via the OJVM component. The vulnerability allows remote administrators to impact confidentiality, integrity, and availability from unknown vectors. NVD CVSSv3 base score is 9.1 (CRITICAL); CVSSv2 is 6.5 (MEDIUM) with partial impa...
CVE-2019-2734
CVE-2019-2734 affects Oracle Database Server Core RDBMS in 12.2.0.1, 18c and 19c. A low-privileged user with Create Session and DBMS_ADVISOR Execute privileges, over OracleNet, can compromise Core RDBMS data resulting in possible unauthorized updates/inserts/deletes (I by CVSSv3 4.3). Public docu...
CVE-2024-20995
The CVE refers to Oracle Database Sharding in Oracle Database Server. Affected: Oracle Database Server 19.3–19.22 and 21.3–21.13. Root cause: insufficient input validation in the Oracle Database Sharding component. Impact: high-privileged DBA with network access via Oracle Net can cause partial d...
CVE-2006-0259
Concise summary: CVE-2006-0259 relates to multiple unspecified vulnerabilities in Oracle Database Server 10.1.0.5, affecting the Data Pump component (DB04/DB06), Net Listener (DB10), and Oracle Text (DB16). The DB06 issue is alleged to be a SQL injection in specific GENERATE_JOB_NAME/GET_* and re...
CVE-2006-0282
Technical details for CVE-2006-0282 are not publicly provided in the supplied documents. Monitor for updates from official advisories; the OpenVAS/Nessus entries reference the CVE but do not list affected versions, vectors, or fixes.
CVE-2013-3771
CVE-2013-3771 affects Oracle Database Server 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3. It is an unspecified local vulnerability in the Oracle executable component that could impact confidentiality, integrity, and availability via unknown vectors. The connected docs do not provide conc...
CVE-2014-4236
CVE-2014-4236 affects Oracle Database Server 11.2.0.4 and 12.1.0.1, with an unspecified vulnerability in the RDBMS Core component. The impact is partial confidentiality, partial integrity, and partial availability. Exploitation requires remote authenticated access, and the vectors are not detaile...
CVE-2014-6477
Technical details about CVE-2014-6477 (affected Oracle JPublisher component and specific versions, impact, vectors, and fixes) are not publicly available in the provided documents. Monitor for updates.
CVE-2014-6547
Technical details are not publicly available in the provided documents. No confirmed affected products, impact, or remediation are stated. Monitor for updates.
CVE-2015-2655
Oracle Application Express (APEX) in Oracle Database Server is affected by CVE-2015-2655: a cross-site scripting vulnerability affecting all versions prior to 4.2.3.00.08. It can impact confidentiality and integrity via remote access authenticated users. The fixed version is 4.2.3.00.08. Mitigati...
CVE-2015-4921
CVE-2015-4921 affects Oracle Database Server’s Database Vault component on versions 11.2.0.4, 12.1.0.1, and 12.1.0.2. It enables remote authenticated users to impact data integrity via unknown vectors (root cause not disclosed). Several connected sources reference this CVE as part of Oracle’s Jan...