Lucene search
K
OracleDatabase Server

516 matches found

CVE
CVE
added 2015/07/16 10:0 a.m.74 views

CVE-2015-2655

Oracle Application Express (APEX) in Oracle Database Server is affected by CVE-2015-2655: a cross-site scripting vulnerability affecting all versions prior to 4.2.3.00.08. It can impact confidentiality and integrity via remote access authenticated users. The fixed version is 4.2.3.00.08. Mitigati...

5.5CVSS5.4AI score0.01716EPSS
CVE
CVE
added 2015/07/16 10:0 a.m.74 views

CVE-2015-4753

CVE-2015-4753 affects Oracle Database Server, specifically the RDBMS Support Tools component. The linked SUSE advisory (SUSE-SU-2015:1353-1) describes a vulnerability in Oracle Update/Support Tools where a local attacker could read data and thus compromise confidentiality. This CVE is also listed...

2.1CVSS5.5AI score0.00415EPSS
CVE
CVE
added 2016/01/21 2:0 a.m.74 views

CVE-2016-0472

CVE-2016-0472 affects Oracle Database Server’s XDB - XML Database component. It targets versions 11.2.0.4, 12.1.0.1, and 12.1.0.2, where an unspecified vulnerability allows remote authenticated users to impact confidentiality and availability via unknown vectors. The provided docs do not specify ...

5.5CVSS6.7AI score0.01665EPSS
CVE
CVE
added 2006/01/18 11:0 a.m.73 views

CVE-2006-0282

Technical details for CVE-2006-0282 are not publicly provided in the supplied documents. Monitor for updates from official advisories; the OpenVAS/Nessus entries reference the CVE but do not list affected versions, vectors, or fixes.

10CVSS9.1AI score0.06026EPSS
CVE
CVE
added 2007/01/17 2:0 a.m.73 views

CVE-2007-0270

CVE-2007-0270 affects Oracle Database 9.2.0.7 and 10.1.0.4 via a buffer overflow in SYS.DBMS_DRS.GET_PROPERTY (DB03). The vulnerability allows a remote, authenticated user with EXECUTE on SYS.DBMS_DRS to crash the server or execute arbitrary code. Affected component is the DBMS_DRS package; root ...

6.5CVSS7.2AI score0.05157EPSS
CVE
CVE
added 2010/04/13 10:0 p.m.73 views

CVE-2010-0866

CVE-2010-0866 concerns Oracle Database JavaVM; connected docs cite exploits for DBMS_JVM_EXP_PERMS enabling OS command/code execution via remote authenticated users (CREATE_SESSION) on Oracle DB 10gR2/11gR1/R2. The flaw allows granting Java IO privileges, per Metasploit modules referenced in PACK...

6.5CVSS5.7AI score0.1125EPSS
CVE
CVE
added 2012/05/03 5:18 p.m.73 views

CVE-2012-0526

Technical details for CVE-2012-0526 are not publicly available in the provided documents. Monitor for updates from trusted sources.

4.3CVSS5.8AI score0.01927EPSS
CVE
CVE
added 2014/07/17 10:0 a.m.73 views

CVE-2014-4237

CVE-2014-4237 affects Oracle Database Server 11.2.0.4 and 12.1.0.1, specifically the RDBMS Core component. The vulnerability is described as unspecified with remote authenticated users able to affect confidentiality via unknown vectors. The connected sources provide no concrete exploit details or...

4CVSS5.5AI score0.02527EPSS
CVE
CVE
added 2014/10/15 3:15 p.m.73 views

CVE-2014-4291

Technical details for CVE-2014-4291 are not provided in the connected documents. The EUVD entries reference malware unrelated to this CVE. Monitor for updates from official advisories.

4CVSS5.5AI score0.00995EPSS
CVE
CVE
added 2014/10/15 3:15 p.m.73 views

CVE-2014-4295

Technical details for CVE-2014-4295 are not publicly available in the provided documents. The available records mention an unspecified vulnerability in Oracle Database Server Java VM across several versions. Monitor for updates from official advisories.

4CVSS5.5AI score0.01454EPSS
CVE
CVE
added 2015/01/21 2:0 a.m.73 views

CVE-2014-6514

CVE-2014-6514 affects Oracle Database Server’s PL/SQL component across multiple versions (11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1). The vulnerability allows remote authenticated users to affect confidentiality via unknown vectors. Base CVSS v2 score is 4.0 (AV:N/AC:L/Au:S/C:P/I:N/A:N). No exploita...

4CVSS5.5AI score0.01136EPSS
CVE
CVE
added 2016/01/21 2:0 a.m.73 views

CVE-2015-4921

CVE-2015-4921 affects Oracle Database Server’s Database Vault component on versions 11.2.0.4, 12.1.0.1, and 12.1.0.2. It enables remote authenticated users to impact data integrity via unknown vectors (root cause not disclosed). Several connected sources reference this CVE as part of Oracle’s Jan...

4CVSS6.8AI score0.01306EPSS
CVE
CVE
added 2016/01/21 2:0 a.m.73 views

CVE-2016-0467

The connected IBM OpenPages bulletin ties CVE-2016-0467 to an Oracle Database Server Security component vulnerability. It states this unspecified security issue has no confidentiality impact, partial integrity impact, and no availability impact (CVSS Base Score 4, vector AV:N/AC:L/Au:S/C:N/I:P/A:...

4CVSS6.8AI score0.01279EPSS
CVE
CVE
added 2018/07/18 1:0 p.m.73 views

CVE-2018-2939

CVE-2018-2939 affects Oracle Database Server, Core RDBMS component. Affected versions: 11.2.0.4, 12.1.0.2, 12.2.0.1, 18.1, 18.2. An attacker with Local Logon and low privileges can compromise Core RDBMS, potentially leading to unauthorized data creation/deletion/modification and the possibility o...

8.4CVSS8.2AI score0.00408EPSS
CVE
CVE
added 2006/01/18 11:0 a.m.72 views

CVE-2006-0260

CVE-2006-0260 affects Oracle Database Server 9.2.0.7 and 10.1.0.5. The issue is described as a SQL injection vulnerability in SYS.DBMS_METADATA_UTIL (and related DBMS_METADATA packages) caused by insufficient input validation in multiple functions (e.g., LONG2VARCHAR/DBMS_METADATA_UTIL; MAKE_FILT...

10CVSS7.5AI score0.04724EPSS
CVE
CVE
added 2006/01/18 11:0 a.m.72 views

CVE-2006-0263

CVE-2006-0263 affects Oracle Database Server versions 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.7, 10.1.0.5, and 10.2.0.1. The Oracle CPU-Jan-2006 vulnerabilities DB09 (Net Listener) and DB12/DB13 (Network Communications RPC) are cited as the root issues. The described flaws are “unspecified” in impa...

10CVSS6.7AI score0.07461EPSS
CVE
CVE
added 2007/11/08 8:0 p.m.72 views

CVE-2007-4517

CVE-2007-4517 affects Oracle Database 10g Release 2, specifically the XDB_PITRIG_PKG.PITRIG_DROPMETADATA procedure. A buffer overflow is triggered by a long combined OWNER or NAME parameter, enabling remote authenticated attackers to execute arbitrary code. Exploitation evidence exists in multipl...

6CVSS6.9AI score0.05385EPSS
CVE
CVE
added 2012/05/03 5:18 p.m.72 views

CVE-2012-0527

Technical details about CVE-2012-0527 are not publicly provided in the supplied documents. No product/version/impact specifics or remediation are disclosed here. Monitor for official updates from vendors and security advisories.

4.3CVSS5.8AI score0.01927EPSS
CVE
CVE
added 2014/10/15 3:15 p.m.72 views

CVE-2014-4294

CVE-2014-4294 involves an unspecified vulnerability in the Java VM component of Oracle Database Server versions 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2. The description notes remote authenticated users could affect confidentiality via unknown vectors, and it explicitly states this is...

4CVSS5.5AI score0.01454EPSS
CVE
CVE
added 2015/07/16 10:0 a.m.72 views

CVE-2015-4755

CVE-2015-4755 is a disclosed vulnerability in the Oracle Database Server RDBMS Security component (Oracle Database Server 12.1.0.2). OpenVAS lists this CVE as part of the July 2015 CPU suite and notes affected products include Oracle Database Server and specific versions such as 12.1.0.2. The vul...

5CVSS5.6AI score0.01831EPSS
CVE
CVE
added 2019/07/23 10:31 p.m.72 views

CVE-2019-2484

CVE-2019-2484 affects Oracle Database Server’s Application Express component, specifically versions 5.1 and 18.2. The flaw allows a low-privileged attacker with a valid account and network access via HTTP to compromise Application Express, with human interaction required. Successful exploitation ...

5.4CVSS5.1AI score0.0074EPSS
CVE
CVE
added 2020/01/15 4:34 p.m.72 views

CVE-2020-2731

CVE-2020-2731 affects Oracle Database Server, specifically the Core RDBMS component. Affects versions 12.1.0.2, 12.2.0.1, 18c, and 19c. The vulnerability allows a low-privileged attacker with Local Logon and user interaction to potentially perform unauthorized updates/inserts/deletes on Core RDBM...

3.9CVSS3.8AI score0.00396EPSS
CVE
CVE
added 2023/07/18 8:18 p.m.72 views

CVE-2023-22034

The CVE-2023-22034 issue affects Oracle Database Server Unified Audit component. Affected versions are 19.3–19.19 and 21.3–21.10. The root cause is described as insufficient input validation, enabling a high-privileged SYSDBA attacker with network access via Oracle Net to compromise Unified Audit...

4.9CVSS4.5AI score0.00411EPSS
CVE
CVE
added 2024/10/15 7:52 p.m.72 views

CVE-2024-21233

Oracle Database Server Core vulnerability CVE-2024-21233 affects Core in Oracle Database Server versions 19.3–19.24, 21.3–21.15, and 23.4–23.5. The flaw stems from improper authorization in the Database Core Component, enabling a low-privileged attacker with Create Session privilege and network a...

4.3CVSS3.5AI score0.00411EPSS
CVE
CVE
added 2003/04/02 5:0 a.m.71 views

CVE-2002-0567

Oracle 8i/9i with PL/SQL EXTPROC vulnerable: remote attackers can bypass authentication and connect via the TNS Listener to the extproc process to execute arbitrary functions. Impact is remote code execution with the Oracle user’s privileges; no explicit exploit code/status is provided in the doc...

7.5CVSS7.5AI score0.08739EPSS
CVE
CVE
added 2007/03/07 8:0 p.m.71 views

CVE-2006-7141

CVE-2006-7141 is an Oracle Database Server directory traversal vulnerability in the UTL_FILE package. When utl_file_dir is wildcarded or CREATE ANY DIRECTORY to PUBLIC privileges exist, remote authenticated users may read or modify arbitrary files via full file paths to utl_file functions such as...

6CVSS6AI score0.05651EPSS
CVE
CVE
added 2007/01/17 2:0 a.m.71 views

CVE-2007-0272

The CVE-2007-0272 issue affects Oracle Database Server (MDSYS.MD package) and is confirmed by connected sources. A buffer overflow in MDSYS.MD allows remote authenticated users to crash the server or run arbitrary code, via public procedures in Oracle Database versions 8.1.7.4, 9.0.1.5, 9.2.0.7, ...

8.5CVSS7.1AI score0.06577EPSS
CVE
CVE
added 2007/07/18 7:0 p.m.71 views

CVE-2007-3853

CVE-2007-3853 affects Oracle Database 10.1.0.5 and 10.2.0.3. The vulnerabilities are in DBMS_JAVA_TEST (JavaVM), Oracle Text, and MDSYS.SDO_GEOR_INT (Spatial). Exact root causes and impact are not fully detailed in the provided documents, but a researcher notes DB01 may be SQL injection in DBMS_P...

6.5CVSS7.1AI score0.02843EPSS
CVE
CVE
added 2009/10/22 6:0 p.m.71 views

CVE-2009-1018

CVE-2009-1018 affects Oracle Database 10.2.0.4 Workspace Manager (WMSYS.LTRIC). The vulnerability is listed in Oracle’s October 2009 CPU and is mapped to CVE-2009-1018 in the Oracle Database Risk Matrix, with a base CVSS v2 score of 5.5 (Network, Low complexity, Single authentication, partial con...

5.5CVSS5.4AI score0.02219EPSS
CVE
CVE
added 2009/10/22 6:0 p.m.71 views

CVE-2009-1985

CVE-2009-1985 is listed in the Oracle October 2009 CPU as affecting Oracle Database components (9.2.0.8/9.2.0.8DV, 10.1.0.5, 10.2.0.4) with a vulnerability in the Network Authentication area. The Oracle Risk Matrix attributes a remote, unauthenticated exploit (Network access) with a CVSS v2 base ...

10CVSS6AI score0.05377EPSS
CVE
CVE
added 2019/07/23 10:31 p.m.71 views

CVE-2019-2776

CVE-2019-2776 affects Oracle Database Server Core RDBMS. Affected: 12.1.0.2, 12.2.0.1, 18c, 19c. The vulnerability enables a high-privilege attacker with Create Any Index privilege and network access via OracleNet to compromise Core RDBMS, potentially granting unauthorized access to data and unau...

7.6CVSS7.2AI score0.01111EPSS
CVE
CVE
added 2020/04/15 1:29 p.m.71 views

CVE-2020-2734

CVE-2020-2734 affects Oracle Database Server, specifically the RDBMS/Optimizer component. Affected versions are 12.1.0.2, 12.2.0.1, 18c, and 19c. The vulnerability can be exploited by a highly privileged attacker who has Execute on the DBMS_SQLTUNE privilege and network access via Oracle Net. Exp...

3.5CVSS2.8AI score0.00892EPSS
CVE
CVE
added 2020/07/15 5:34 p.m.71 views

CVE-2020-2969

CVE-2020-2969 affects Oracle Database Server’s Data Pump component. Affected versions: 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, and 19c. The issue is exploitable by a high-privilege DBA account with network access via Oracle Net, potentially allowing takeover of Data Pump. CVSSv3.1 base score is 6.6 (C...

6.6CVSS6.3AI score0.02031EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.70 views

CVE-2003-0095

The CVE-2003-0095 entry concerns a buffer overflow in ORACLE.EXE for Oracle Database Server 9i, 8i, 8.1.7, and 8.0.6. The vulnerability permits remote code execution via a long username supplied during login, exploitable through client applications that perform their own authentication, demonstra...

10CVSS8.1AI score0.13106EPSS
CVE
CVE
added 2006/01/18 11:0 a.m.70 views

CVE-2006-0258

Oracle Database Server versions 8.1.7.4 and 9.0.1.5 are affected in the Connection Manager component by CVE-2006-0258. The vulnerability is described as unspecified in impact and attack vectors (Oracle Vuln# DB03); no root cause, exploit details, or official fix are provided in the connected docu...

10CVSS6.3AI score0.05897EPSS
CVE
CVE
added 2011/10/18 10:0 p.m.70 views

CVE-2011-3512

CVE-2011-3512 is an Oracle Database Core RDBMS vulnerability affecting Oracle Database Server 10.1.0.5, 10.2.0.3–10.2.0.5, 11.1.0.7, and 11.2.0.2. The issue arises in the handling of spatial datatypes, enabling a remote-authenticated user with create table/procedure privileges to escalate to SYSD...

6.5CVSS5.7AI score0.01501EPSS
CVE
CVE
added 2012/05/03 5:18 p.m.70 views

CVE-2012-0528

CVE-2012-0528 is linked to Oracle Enterprise Manager (Database Control 10.2.0.5, 11.1.0.7 and related patchsets). The connected advisory describes a session fixation vulnerability where Oracle Enterprise Manager authenticates a web user without invalidating the existing session ID, enabling an at...

5.8CVSS5.7AI score0.01891EPSS
CVE
CVE
added 2014/10/15 3:15 p.m.70 views

CVE-2014-4293

Technical details for CVE-2014-4293 are not publicly provided in the supplied documents. Monitor for updates from Oracle advisories and vulnerability databases.

4CVSS5.5AI score0.00995EPSS
CVE
CVE
added 2015/07/16 10:0 a.m.70 views

CVE-2015-2585

CVE-2015-2585: Oracle Database Server’s Application Express component (before version 5.0) is affected. The vulnerability allows remote authenticated users to impact availability via unknown vectors; CVSSv2 base score 2.1 (Low) with network access and high authentication complexity. Connected sou...

2.1CVSS5.7AI score0.01249EPSS
CVE
CVE
added 2015/07/16 10:0 a.m.70 views

CVE-2015-2595

CVE-2015-2595 affects Oracle Database Server 12.1.0.1 and 12.1.0.2 where the Oracle OLAP component contains an unspecified vulnerability that can be exploited by remote authenticated users to impact confidentiality, integrity, and availability via unknown vectors. The connected OpenVAS entry and ...

6.5CVSS4.7AI score0.01652EPSS
CVE
CVE
added 2019/10/16 5:40 p.m.70 views

CVE-2019-2955

CVE-2019-2955 affects Oracle Database Server — Core RDBMS component. Vulnerable are Oracle DB versions 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, and 19c. The flaw allows a low-privilege attacker with Local Logon and user interaction to update, insert, or delete Core RDBMS data and potentially cause a pa...

3.9CVSS3.6AI score0.00396EPSS
CVE
CVE
added 2006/01/18 11:0 a.m.69 views

CVE-2006-0265

CVE-2006-0265 involves multiple vulnerabilities in Oracle Database server (versions 8.1.7.4, 9.0.1.5, 9.2.0.7, 10.1.0.5, 10.2.0.1). Connected sources (PRION entries) describe a likely SQL injection in CTXSYS and program interface/network components (DB17/DB18), with specific function names cited:...

10CVSS7.5AI score0.05274EPSS
CVE
CVE
added 2006/01/18 11:0 a.m.69 views

CVE-2006-0267

CVE-2006-0267 affects Oracle Database Server 9.2.0.6 and 10.1.0.4, specifically the Query Optimizer component. The vulnerability’s impact is described as unspecified by Oracle Vuln# DB20, with the NVD entry noting a high base score (CVSS v2: 9.0) and a network attack vector with required low comp...

9CVSS6.3AI score0.04049EPSS
CVE
CVE
added 2007/04/18 6:0 p.m.69 views

CVE-2007-2116

Summary of CVE-2007-2116 (Oracle DB): A buffer overflow in the Oracle Database Advanced Replication component, specifically in package SYS.DBMS_SNAP_INTERNAL, affects Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.5. The vulnerability may allow remote command execution via the SNAP_OWNER or SNAP_N...

9CVSS6.4AI score0.02946EPSS
CVE
CVE
added 2007/07/18 7:0 p.m.69 views

CVE-2007-3857

CVE-2007-3857 affects Oracle Database 10.1.0.5, with vulnerabilities in the Oracle Text component (including vectors DB05, CTXSYS.DRVXMD, CTXSYS.DRI_MOVE_CTXSYS, CTXSYS.DRVXMD) and in JavaVM. The issue allows remotely authenticated users to impact confidentiality, integrity, and availability (per...

6.5CVSS6AI score0.03199EPSS
CVE
CVE
added 2007/10/17 11:0 p.m.69 views

CVE-2007-5520

Technical details for CVE-2007-5520 are not publicly provided in the supplied documents; the entry remains with unspecified impact and remote vectors. Monitor for updates from official advisories to obtain affected products, versions, and remediation guidance.

7.5CVSS8.9AI score0.02661EPSS
CVE
CVE
added 2008/01/17 10:0 p.m.69 views

CVE-2008-0348

Technical details for CVE-2008-0348 are not publicly available in the provided documents. Monitor for updates in the connected sources.

10CVSS9.3AI score0.02625EPSS
CVE
CVE
added 2009/10/22 6:0 p.m.69 views

CVE-2009-1991

CVE-2009-1991 affects Oracle Database (9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4) in the CTXSYS.DRVXTABC.CREATE_TABLES PL/SQL call. The vulnerability is a SQL injection in the create_tables procedure (idx_owner and idx_name parameters) that can be exploited by remote authenticated users, impacting c...

3.6CVSS6.5AI score0.01712EPSS
CVE
CVE
added 2013/04/17 12:10 p.m.69 views

CVE-2013-1538

CVE-2013-1538 affects Oracle Database Server 11.2.0.2 and 11.2.0.3 in the Network Layer component, enabling remote impact to availability via unknown vectors. The vulnerability is described as unspecified in the Network Layer, with no exploited details provided in the initial or connected documen...

5CVSS6.1AI score0.01625EPSS
CVE
CVE
added 2014/07/17 10:0 a.m.69 views

CVE-2014-4245

CVE-2014-4245 is an unspecified vulnerability in the RDBMS Core of Oracle Database Server affecting 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1. The impact is limited to confidentiality and requires remote authenticated access; vectors are unknown. CVSS v2 base score reported as 3.5 (low). Public ...

3.5CVSS5.5AI score0.01945EPSS
Total number of security vulnerabilities516