Lucene search
K
OracleDatabase Server

516 matches found

CVE
CVE
added 2006/01/18 11:0 a.m.79 views

CVE-2006-0256

CVE-2006-0256 affects Oracle Database Server in multiple versions (e.g., 8.1.7.x, 9.2.x, 10g) with an unspecified impact in the CVE record. Connected sources describe a login-time SQL injection vulnerability in the Oracle DBMS login/authentication flow (AUTH_ALTER_SESSION) that could enable remot...

10CVSS6.2AI score0.05059EPSS
CVE
CVE
added 2014/10/15 3:15 p.m.79 views

CVE-2014-4289

Oracle Database Server (versions 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1) JDBC component vulnerability (CVE-2014-4289) allows remote authenticated users to affect confidentiality and integrity via unknown vectors, per NVD entry. Connected sources corroborate the JDBC-focused issue and reference re...

3.6CVSS5.6AI score0.01187EPSS
CVE
CVE
added 2014/10/15 3:15 p.m.79 views

CVE-2014-6483

CVE-2014-6483 affects the Oracle Database Server, specifically the Application Express component, prior to version 4.2.6. The vulnerability allows remote authenticated users to impact confidentiality, integrity, and availability via unknown vectors. No exploitation details or fixed version are pr...

6CVSS5.7AI score0.00966EPSS
CVE
CVE
added 2015/04/16 4:0 p.m.79 views

CVE-2015-0483

CVE-2015-0483 affects Oracle Database Server Core RDBMS components (versions 11.1.0.7, 11.2.0.3/11.2.0.4, 12.1.0.1/12.1.0.2). The description states a remote authenticated impact to integrity via unknown vectors; no concrete exploit details, affected products beyond Oracle Database Server, or rem...

4CVSS5.7AI score0.01306EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.79 views

CVE-2017-10120

CVE-2017-10120 affects Oracle Database Server 12.1.0.2 in the RDBMS Security component. The vulnerability allows a local attacker with Create Session and Select Any Dictionary privileges to compromise RDBMS Security, potentially enabling unauthorized update/insert/delete of some data (I: LOW; A/N...

1.9CVSS2.8AI score0.00364EPSS
CVE
CVE
added 2019/04/23 6:16 p.m.79 views

CVE-2019-2516

The CVE-2019-2516 issue affects Oracle Database Server’s Portable Clusterware. Affected: 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c. Root cause: vulnerability in Portable Clusterware that enables a high-privilege Grid Infrastructure User with local logon to compromise Portable Clusterware, potentially tak...

8.2CVSS8.2AI score0.00421EPSS
CVE
CVE
added 2020/04/15 1:29 p.m.79 views

CVE-2020-2737

CVE-2020-2737 affects Oracle Database Server, Core RDBMS component. Affected versions include 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, and 19c. The vulnerability can be exploited by a high-privilege user with Create Session and Execute Catalog Role privileges, with network access via Oracle Net, and re...

6.4CVSS5.9AI score0.01031EPSS
CVE
CVE
added 2006/07/19 10:0 a.m.78 views

CVE-2006-3704

CVE-2006-3704 is an unspecified vulnerability in the Oracle ODBC Driver for Oracle Database 10.1.0.4 with unknown impact and attack vectors. Connected data confirms affected component and version (Oracle ODBC Driver, Oracle DB 10.1.0.4). The Nessus entry (July 2006 CPU) lists this CVE among multi...

10CVSS6.4AI score0.03731EPSS
CVE
CVE
added 2010/01/13 1:0 a.m.78 views

CVE-2010-0071

CVE-2010-0071 covers a remote memory-corruption vulnerability in Oracle Database’s TNS Listener that affects 9.2.0.8/9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7. Exploitation is possible via the Oracle Net protocol, potentially impacting confidentiality, integrity, and availability. The vulnerabi...

10CVSS6AI score0.0983EPSS
CVE
CVE
added 2012/05/03 6:17 p.m.78 views

CVE-2012-0552

CVE-2012-0552 affects the Oracle Spatial component in Oracle Database Server versions (10.2.0.3–11.2.0.3). A root cause described in one connected document is a stack-based buffer overflow that can allow a remote attacker with valid authentication to compromise confidentiality, integrity, and ava...

9CVSS5.6AI score0.02961EPSS
CVE
CVE
added 2013/01/17 1:30 a.m.78 views

CVE-2012-3220

CVE-2012-3220 is a published vulnerability in Oracle Spatial/GeoRaster within Oracle Database Server (versions 10.2.0.3–11.2.0.3) that exploits a stack-based overflow in the GeoRaster API. The issue allows a remote attacker who can connect to spatially enabled Oracle databases to execute arbitrar...

9CVSS5.8AI score0.01969EPSS
CVE
CVE
added 2013/07/17 10:0 a.m.78 views

CVE-2013-3760

CVE-2013-3760 affects Oracle Database Server installations with Oracle executable component on versions 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3. The vulnerability is described as unspecified and is exploitable by local users, impacting confidentiality, integrity, and availability via...

7.2CVSS5.7AI score0.00385EPSS
CVE
CVE
added 2015/10/21 11:0 p.m.78 views

CVE-2015-4900

CVE-2015-4900 is an Oracle Database Server issue affecting the XDB - XML Database component in versions 11.2.0.4, 12.1.0.1, and 12.1.0.2. The vulnerability is described as unspecified, allowing remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. ...

6.5CVSS7.8AI score0.01652EPSS
CVE
CVE
added 2020/07/15 5:34 p.m.78 views

CVE-2020-2968

CVE-2020-2968 affects Oracle Database Server’s Java VM component. Public docs identify affected versions as 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, and 19c. The vulnerability allows a low-privileged attacker with Create Session and Create Procedure privileges, with network access via multiple protocol...

8CVSS7.4AI score0.01111EPSS
CVE
CVE
added 2006/04/27 11:0 p.m.77 views

CVE-2006-2081

CVE-2006-2081 affects Oracle Database Server 10g Release 2, where local users can trigger arbitrary SQL via the GET_DOMAIN_INDEX_METADATA function in DBMS_EXPORT_EXTENSION. The primary issue is insecure privileges that allow SQL to be introduced outside of a character-based injection, not a tradi...

4.6CVSS6.8AI score0.21556EPSS
CVE
CVE
added 2014/10/15 3:15 p.m.77 views

CVE-2014-4292

Technical details are not publicly available in the provided connected documents for CVE-2014-4292; monitor for updates.

4CVSS5.5AI score0.01152EPSS
CVE
CVE
added 2014/10/15 3:15 p.m.77 views

CVE-2014-4299

Technical details about CVE-2014-4299 are not publicly provided in the supplied documents; no specifics on affected product versions, root cause, or remediation are available here. Monitor for updates.

4CVSS5.5AI score0.014EPSS
CVE
CVE
added 2019/10/16 5:40 p.m.77 views

CVE-2019-2909

CVE-2019-2909 affects Oracle Database Server in the Java VM component. Affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. It can be exploited with network access via multiple protocols by an unauthenticated attacker to compromise Java VM, potentially leading to unauthorized creation, deletio...

6.8CVSS6AI score0.01349EPSS
CVE
CVE
added 2019/10/16 5:40 p.m.77 views

CVE-2019-2954

Oracle CVE-2019-2954 affects the Core RDBMS component of Oracle Database Server. Affected versions are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. The vulnerability can be exploited by a low-privilege user with Create Session and Create Procedure privileges who can log on to the infrastructure whe...

3.9CVSS3.6AI score0.00396EPSS
CVE
CVE
added 2021/01/20 2:50 p.m.77 views

CVE-2021-2000

CVE-2021-2000 affects Oracle Database Server’s Unified Audit component. Affected: 12.1.0.2, 12.2.0.1, 18c, 19c. Root cause described as a vulnerability in the Unified Audit data handling that a high-privilege SYS user with network access via Oracle Net could exploit to perform unauthorized update...

3.5CVSS3.5AI score0.00764EPSS
CVE
CVE
added 2003/09/03 4:0 a.m.76 views

CVE-2003-0727

CVE-2003-0727 refers to multiple buffer overflows in the Oracle 9i Database Release 2 XML DB (XDB) functionality. Public references describe stack/buffer overflow conditions in Oracle 9i XDB services (HTTP and FTP) that can be triggered by long inputs to XDB commands, enabling local users to caus...

2.1CVSS6AI score0.68395EPSS
Web
CVE
CVE
added 2012/05/03 5:18 p.m.76 views

CVE-2012-0510

CVE-2012-0510 affects Oracle Database Server 10.2.0.3/10.2.0.4/10.2.0.5 and 11.1.0.7, where the Core RDBMS component contains an unspecified vulnerability that allows remote attackers to impact integrity and availability via unknown vectors. Multiple connected sources reiterate the issue as an un...

6.4CVSS6.1AI score0.01581EPSS
CVE
CVE
added 2014/01/15 1:33 a.m.76 views

CVE-2014-0378

CVE-2014-0378 affects Oracle Database Server’s Spatial component across 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1. The vulnerability is described as unspecified, enabling local users to impact confidentiality, integrity, and availability via unknown vectors. CVSS v2 base score is 4.1 (MEDIUM), w...

4.1CVSS5.7AI score0.00322EPSS
CVE
CVE
added 2015/01/21 3:0 p.m.76 views

CVE-2014-6578

CVE-2014-6578 affects Oracle Database Server Workspace Manager component in Oracle Database versions 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1. The vulnerability allows remote authenticated users to impact confidentiality, integrity, and availability via vectors related to SDO_TOPO and WMSYS.LT....

6.5CVSS5.5AI score0.01896EPSS
CVE
CVE
added 2015/10/21 11:0 p.m.76 views

CVE-2015-4857

CVE-2015-4857 affects Oracle Database Server 12.1.0.1 and 12.1.0.2 (RDBMS component). The vulnerability is described as unspecified with remote authenticated access that could impact confidentiality and integrity via unknown vectors. Documented exposure is supported by multiple sources (NVD entry...

5.5CVSS4.5AI score0.01441EPSS
CVE
CVE
added 2006/02/04 11:0 a.m.75 views

CVE-2006-0552

Technical details about CVE-2006-0552 (affected Oracle Net Listener, impact, exploitability, and fix) are not publicly provided in the supplied documents; monitor for official advisories for concrete information.

7.5CVSS9.2AI score0.04835EPSS
CVE
CVE
added 2007/04/18 6:0 p.m.75 views

CVE-2007-2130

CVE-2007-2130 describes an unspecified vulnerability in Oracle’s Workflow Cartridge affecting Oracle Database Server (9.2.0.1, 10.1.0.2, 10.2.0.1), Application Server (9.0.4.3, 10.1.2.0.2), Collaboration Suite (10.1.2), and E-Business Suite. The description indicates unknown impact and remote aut...

9CVSS8.7AI score0.02527EPSS
CVE
CVE
added 2010/01/13 1:0 a.m.75 views

CVE-2009-1996

CVE-2009-1996 affects Oracle Database Logical Standby (Oracle Net) and is listed among Oracle’s January 2010 CPU fixes. The vulnerability allows a remote attacker (no authentication required for the exploit in some vectors) to impact integrity via unknown vectors; the CVSSv2 base score in NVD is ...

4CVSS5.5AI score0.01327EPSS
CVE
CVE
added 2010/01/13 1:0 a.m.75 views

CVE-2009-3414

CVE-2009-3414 concerns Oracle Spatial in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3. The vulnerability is described as unspecified and allows remote authenticated users to affect confidentiality and integrity via unknown vectors. Affected component is Oracle Spatial within the dat...

4.9CVSS5.4AI score0.01761EPSS
CVE
CVE
added 2014/10/15 3:15 p.m.75 views

CVE-2014-4290

Technical details for CVE-2014-4290 are not publicly available in the provided documents. Monitor for updates from Oracle or security advisories.

4CVSS5.5AI score0.00995EPSS
CVE
CVE
added 2016/01/21 2:0 a.m.75 views

CVE-2016-0461

CVE-2016-0461 affects Oracle Database Server XDB (XML Database) components. Affected are Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2. The vulnerability is described as unspecified, allowing remote authenticated users to affect availability via unknown vectors. No exploit details are p...

4CVSS6.9AI score0.01764EPSS
CVE
CVE
added 2016/10/25 2:0 p.m.75 views

CVE-2016-3562

Oracle Database Server (RDBMS Security and SQL*Plus components) is affected by CVE-2016-3562 in versions 11.2.0.4 and 12.1.0.2. The vulnerability is described as unspecified and allows remote administrators to affect confidentiality via vectors related to DBA. The NVD entry lists CVSSv3 impact as...

4.3CVSS4.5AI score0.01261EPSS
CVE
CVE
added 2016/10/25 2:0 p.m.75 views

CVE-2016-5555

CVE-2016-5555 affects Oracle Database Server 11.2.0.4 and 12.1.0.2, via the OJVM component. The vulnerability allows remote administrators to impact confidentiality, integrity, and availability from unknown vectors. NVD CVSSv3 base score is 9.1 (CRITICAL); CVSSv2 is 6.5 (MEDIUM) with partial impa...

9.1CVSS7.8AI score0.01678EPSS
CVE
CVE
added 2019/10/16 5:40 p.m.75 views

CVE-2019-2734

CVE-2019-2734 affects Oracle Database Server Core RDBMS in 12.2.0.1, 18c and 19c. A low-privileged user with Create Session and DBMS_ADVISOR Execute privileges, over OracleNet, can compromise Core RDBMS data resulting in possible unauthorized updates/inserts/deletes (I by CVSSv3 4.3). Public docu...

4.3CVSS3.7AI score0.00844EPSS
CVE
CVE
added 2019/07/23 10:31 p.m.75 views

CVE-2019-2753

CVE-2019-2753 affects Oracle Text in Oracle Database Server for 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c. The vulnerability allows a low-privileged user with Create Session and network access via OracleNet to read a subset of Oracle Text data and potentially cause partial denial of service. Exploitat...

4.9CVSS4.3AI score0.00887EPSS
CVE
CVE
added 2024/04/16 9:25 p.m.75 views

CVE-2024-20995

The CVE refers to Oracle Database Sharding in Oracle Database Server. Affected: Oracle Database Server 19.3–19.22 and 21.3–21.13. Root cause: insufficient input validation in the Oracle Database Sharding component. Impact: high-privileged DBA with network access via Oracle Net can cause partial d...

2.4CVSS5.4AI score0.00532EPSS
CVE
CVE
added 2005/04/21 4:0 a.m.74 views

CVE-2005-1197

CVE-2005-1197 is a SQL injection vulnerability in Oracle Database Server 10g affecting the SYS.DBMS_CDC_IPUBLISH.CREATE_SCN_CHANGE_SET procedure via the CHANGE_SET_NAME parameter. Remote attackers could potentially execute arbitrary SQL commands; impact and remediation details are not specified i...

7.5CVSS7.8AI score0.04265EPSS
CVE
CVE
added 2008/01/17 10:0 p.m.74 views

CVE-2008-0340

CVE-2008-0340 concerns Oracle Database with multiple unspecified vulnerabilities affecting the Advanced Queuing (DB02) and Oracle Spatial (DB04) components across several versions (e.g., 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3). The description notes unknown impact and remote attack...

10CVSS9.2AI score0.02625EPSS
CVE
CVE
added 2008/01/17 10:0 p.m.74 views

CVE-2008-0344

Technical details about CVE-2008-0344 are not publicly available in the provided documents. The records note an unspecified vulnerability in the Oracle Spatial component with unknown impact; monitor for updates.

10CVSS8.9AI score0.02625EPSS
CVE
CVE
added 2012/05/03 5:18 p.m.74 views

CVE-2012-0525

CVE-2012-0525 affects Oracle Enterprise Manager Base Platform in Oracle Database Server 11.1.0.7, 11.2.0.2, 11.2.0.3 and Oracle Enterprise Manager Grid Control 10.2.0.5 and 11.1.0.1. Connected documentation confirms a SQL Injection vulnerability in the Enterprise Manager web app (searchPage: /em/...

4.9CVSS5.2AI score0.00979EPSS
CVE
CVE
added 2013/07/17 10:0 a.m.74 views

CVE-2013-3771

CVE-2013-3771 affects Oracle Database Server 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3. It is an unspecified local vulnerability in the Oracle executable component that could impact confidentiality, integrity, and availability via unknown vectors. The connected docs do not provide conc...

7.2CVSS5.7AI score0.00419EPSS
CVE
CVE
added 2014/07/17 10:0 a.m.74 views

CVE-2014-4236

CVE-2014-4236 affects Oracle Database Server 11.2.0.4 and 12.1.0.1, with an unspecified vulnerability in the RDBMS Core component. The impact is partial confidentiality, partial integrity, and partial availability. Exploitation requires remote authenticated access, and the vectors are not detaile...

6.5CVSS5.6AI score0.0245EPSS
CVE
CVE
added 2014/10/15 3:15 p.m.74 views

CVE-2014-4310

Technical details about CVE-2014-4310 are not publicly available in the provided documents. Connected EUVD entries reference malware but do not specify affected products/versions/root cause. Monitor for updates.

4CVSS5.5AI score0.00995EPSS
CVE
CVE
added 2014/10/15 3:15 p.m.74 views

CVE-2014-6454

Oracle Database Server contains an unspecified vulnerability in the SQLJ component affecting multiple versions (11.1.0.7, 11.2.0.3/4, 12.1.0.1/2). The issue allows remote authenticated users to impact confidentiality via unknown vectors. No concrete exploit or vector details are provided in the s...

4CVSS5.5AI score0.014EPSS
CVE
CVE
added 2014/11/23 7:0 p.m.74 views

CVE-2014-6477

Technical details about CVE-2014-6477 (affected Oracle JPublisher component and specific versions, impact, vectors, and fixes) are not publicly available in the provided documents. Monitor for updates.

6.8CVSS5.6AI score0.01152EPSS
CVE
CVE
added 2014/10/15 10:3 p.m.74 views

CVE-2014-6547

Technical details are not publicly available in the provided documents. No confirmed affected products, impact, or remediation are stated. Monitor for updates.

4CVSS5.5AI score0.00995EPSS
CVE
CVE
added 2015/04/16 4:0 p.m.74 views

CVE-2015-0479

CVE-2015-0479 is mapped to Oracle Database Server and is referenced in multiple sources as an unspecified vulnerability affecting the XDK/XDB XML Database component. The connected documents indicate affected software: Oracle Database Server versions 11.2.0.3, 11.2.0.4, and 12.1.0.1, with impact d...

4CVSS5.7AI score0.01508EPSS
CVE
CVE
added 2015/07/16 10:0 a.m.74 views

CVE-2015-2629

CVE-2015-2629 affects Oracle Database Server’s Java VM component. The SUSE security update notes that the vulnerability allows authenticated network attackers to compromise confidentiality, integrity, and availability via multiple protocols, potentially leading to arbitrary code execution and ope...

9CVSS5.7AI score0.03049EPSS
CVE
CVE
added 2015/07/16 10:0 a.m.74 views

CVE-2015-2655

Oracle Application Express (APEX) in Oracle Database Server is affected by CVE-2015-2655: a cross-site scripting vulnerability affecting all versions prior to 4.2.3.00.08. It can impact confidentiality and integrity via remote access authenticated users. The fixed version is 4.2.3.00.08. Mitigati...

5.5CVSS5.4AI score0.01716EPSS
CVE
CVE
added 2015/07/16 10:0 a.m.74 views

CVE-2015-4753

CVE-2015-4753 affects Oracle Database Server, specifically the RDBMS Support Tools component. The linked SUSE advisory (SUSE-SU-2015:1353-1) describes a vulnerability in Oracle Update/Support Tools where a local attacker could read data and thus compromise confidentiality. This CVE is also listed...

2.1CVSS5.5AI score0.00415EPSS
Total number of security vulnerabilities516