516 matches found
CVE-2015-2629
CVE-2015-2629 affects Oracle Database Server’s Java VM component. The SUSE security update notes that the vulnerability allows authenticated network attackers to compromise confidentiality, integrity, and availability via multiple protocols, potentially leading to arbitrary code execution and ope...
CVE-2015-2655
Oracle Application Express (APEX) in Oracle Database Server is affected by CVE-2015-2655: a cross-site scripting vulnerability affecting all versions prior to 4.2.3.00.08. It can impact confidentiality and integrity via remote access authenticated users. The fixed version is 4.2.3.00.08. Mitigati...
CVE-2015-4921
CVE-2015-4921 affects Oracle Database Server’s Database Vault component on versions 11.2.0.4, 12.1.0.1, and 12.1.0.2. It enables remote authenticated users to impact data integrity via unknown vectors (root cause not disclosed). Several connected sources reference this CVE as part of Oracle’s Jan...
CVE-2016-0472
CVE-2016-0472 affects Oracle Database Server’s XDB - XML Database component. It targets versions 11.2.0.4, 12.1.0.1, and 12.1.0.2, where an unspecified vulnerability allows remote authenticated users to impact confidentiality and availability via unknown vectors. The provided docs do not specify ...
CVE-2006-0282
Technical details for CVE-2006-0282 are not publicly provided in the supplied documents. Monitor for updates from official advisories; the OpenVAS/Nessus entries reference the CVE but do not list affected versions, vectors, or fixes.
CVE-2007-0270
CVE-2007-0270 affects Oracle Database 9.2.0.7 and 10.1.0.4 via a buffer overflow in SYS.DBMS_DRS.GET_PROPERTY (DB03). The vulnerability allows a remote, authenticated user with EXECUTE on SYS.DBMS_DRS to crash the server or execute arbitrary code. Affected component is the DBMS_DRS package; root ...
CVE-2010-0866
CVE-2010-0866 concerns Oracle Database JavaVM; connected docs cite exploits for DBMS_JVM_EXP_PERMS enabling OS command/code execution via remote authenticated users (CREATE_SESSION) on Oracle DB 10gR2/11gR1/R2. The flaw allows granting Java IO privileges, per Metasploit modules referenced in PACK...
CVE-2012-0526
Technical details for CVE-2012-0526 are not publicly available in the provided documents. Monitor for updates from trusted sources.
CVE-2014-4237
CVE-2014-4237 affects Oracle Database Server 11.2.0.4 and 12.1.0.1, specifically the RDBMS Core component. The vulnerability is described as unspecified with remote authenticated users able to affect confidentiality via unknown vectors. The connected sources provide no concrete exploit details or...
CVE-2014-4291
Technical details for CVE-2014-4291 are not provided in the connected documents. The EUVD entries reference malware unrelated to this CVE. Monitor for updates from official advisories.
CVE-2014-4295
Technical details for CVE-2014-4295 are not publicly available in the provided documents. The available records mention an unspecified vulnerability in Oracle Database Server Java VM across several versions. Monitor for updates from official advisories.
CVE-2014-6514
CVE-2014-6514 affects Oracle Database Server’s PL/SQL component across multiple versions (11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1). The vulnerability allows remote authenticated users to affect confidentiality via unknown vectors. Base CVSS v2 score is 4.0 (AV:N/AC:L/Au:S/C:P/I:N/A:N). No exploita...
CVE-2016-0467
The connected IBM OpenPages bulletin ties CVE-2016-0467 to an Oracle Database Server Security component vulnerability. It states this unspecified security issue has no confidentiality impact, partial integrity impact, and no availability impact (CVSS Base Score 4, vector AV:N/AC:L/Au:S/C:N/I:P/A:...
CVE-2018-2939
CVE-2018-2939 affects Oracle Database Server, Core RDBMS component. Affected versions: 11.2.0.4, 12.1.0.2, 12.2.0.1, 18.1, 18.2. An attacker with Local Logon and low privileges can compromise Core RDBMS, potentially leading to unauthorized data creation/deletion/modification and the possibility o...
CVE-2020-2731
CVE-2020-2731 affects Oracle Database Server, specifically the Core RDBMS component. Affects versions 12.1.0.2, 12.2.0.1, 18c, and 19c. The vulnerability allows a low-privileged attacker with Local Logon and user interaction to potentially perform unauthorized updates/inserts/deletes on Core RDBM...
CVE-2006-0260
CVE-2006-0260 affects Oracle Database Server 9.2.0.7 and 10.1.0.5. The issue is described as a SQL injection vulnerability in SYS.DBMS_METADATA_UTIL (and related DBMS_METADATA packages) caused by insufficient input validation in multiple functions (e.g., LONG2VARCHAR/DBMS_METADATA_UTIL; MAKE_FILT...
CVE-2006-0263
CVE-2006-0263 affects Oracle Database Server versions 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.7, 10.1.0.5, and 10.2.0.1. The Oracle CPU-Jan-2006 vulnerabilities DB09 (Net Listener) and DB12/DB13 (Network Communications RPC) are cited as the root issues. The described flaws are “unspecified” in impa...
CVE-2007-4517
CVE-2007-4517 affects Oracle Database 10g Release 2, specifically the XDB_PITRIG_PKG.PITRIG_DROPMETADATA procedure. A buffer overflow is triggered by a long combined OWNER or NAME parameter, enabling remote authenticated attackers to execute arbitrary code. Exploitation evidence exists in multipl...
CVE-2012-0527
Technical details about CVE-2012-0527 are not publicly provided in the supplied documents. No product/version/impact specifics or remediation are disclosed here. Monitor for official updates from vendors and security advisories.
CVE-2014-4294
CVE-2014-4294 involves an unspecified vulnerability in the Java VM component of Oracle Database Server versions 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2. The description notes remote authenticated users could affect confidentiality via unknown vectors, and it explicitly states this is...
CVE-2015-4755
CVE-2015-4755 is a disclosed vulnerability in the Oracle Database Server RDBMS Security component (Oracle Database Server 12.1.0.2). OpenVAS lists this CVE as part of the July 2015 CPU suite and notes affected products include Oracle Database Server and specific versions such as 12.1.0.2. The vul...
CVE-2019-2484
CVE-2019-2484 affects Oracle Database Server’s Application Express component, specifically versions 5.1 and 18.2. The flaw allows a low-privileged attacker with a valid account and network access via HTTP to compromise Application Express, with human interaction required. Successful exploitation ...
CVE-2023-22034
The CVE-2023-22034 issue affects Oracle Database Server Unified Audit component. Affected versions are 19.3–19.19 and 21.3–21.10. The root cause is described as insufficient input validation, enabling a high-privileged SYSDBA attacker with network access via Oracle Net to compromise Unified Audit...
CVE-2024-21233
Oracle Database Server Core vulnerability CVE-2024-21233 affects Core in Oracle Database Server versions 19.3–19.24, 21.3–21.15, and 23.4–23.5. The flaw stems from improper authorization in the Database Core Component, enabling a low-privileged attacker with Create Session privilege and network a...
CVE-2002-0567
Oracle 8i/9i with PL/SQL EXTPROC vulnerable: remote attackers can bypass authentication and connect via the TNS Listener to the extproc process to execute arbitrary functions. Impact is remote code execution with the Oracle user’s privileges; no explicit exploit code/status is provided in the doc...
CVE-2006-7141
CVE-2006-7141 is an Oracle Database Server directory traversal vulnerability in the UTL_FILE package. When utl_file_dir is wildcarded or CREATE ANY DIRECTORY to PUBLIC privileges exist, remote authenticated users may read or modify arbitrary files via full file paths to utl_file functions such as...
CVE-2007-0272
The CVE-2007-0272 issue affects Oracle Database Server (MDSYS.MD package) and is confirmed by connected sources. A buffer overflow in MDSYS.MD allows remote authenticated users to crash the server or run arbitrary code, via public procedures in Oracle Database versions 8.1.7.4, 9.0.1.5, 9.2.0.7, ...
CVE-2007-3853
CVE-2007-3853 affects Oracle Database 10.1.0.5 and 10.2.0.3. The vulnerabilities are in DBMS_JAVA_TEST (JavaVM), Oracle Text, and MDSYS.SDO_GEOR_INT (Spatial). Exact root causes and impact are not fully detailed in the provided documents, but a researcher notes DB01 may be SQL injection in DBMS_P...
CVE-2009-1018
CVE-2009-1018 affects Oracle Database 10.2.0.4 Workspace Manager (WMSYS.LTRIC). The vulnerability is listed in Oracle’s October 2009 CPU and is mapped to CVE-2009-1018 in the Oracle Database Risk Matrix, with a base CVSS v2 score of 5.5 (Network, Low complexity, Single authentication, partial con...
CVE-2009-1985
CVE-2009-1985 is listed in the Oracle October 2009 CPU as affecting Oracle Database components (9.2.0.8/9.2.0.8DV, 10.1.0.5, 10.2.0.4) with a vulnerability in the Network Authentication area. The Oracle Risk Matrix attributes a remote, unauthenticated exploit (Network access) with a CVSS v2 base ...
CVE-2019-2776
CVE-2019-2776 affects Oracle Database Server Core RDBMS. Affected: 12.1.0.2, 12.2.0.1, 18c, 19c. The vulnerability enables a high-privilege attacker with Create Any Index privilege and network access via OracleNet to compromise Core RDBMS, potentially granting unauthorized access to data and unau...
CVE-2020-2734
CVE-2020-2734 affects Oracle Database Server, specifically the RDBMS/Optimizer component. Affected versions are 12.1.0.2, 12.2.0.1, 18c, and 19c. The vulnerability can be exploited by a highly privileged attacker who has Execute on the DBMS_SQLTUNE privilege and network access via Oracle Net. Exp...
CVE-2020-2969
CVE-2020-2969 affects Oracle Database Server’s Data Pump component. Affected versions: 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, and 19c. The issue is exploitable by a high-privilege DBA account with network access via Oracle Net, potentially allowing takeover of Data Pump. CVSSv3.1 base score is 6.6 (C...
CVE-2003-0095
The CVE-2003-0095 entry concerns a buffer overflow in ORACLE.EXE for Oracle Database Server 9i, 8i, 8.1.7, and 8.0.6. The vulnerability permits remote code execution via a long username supplied during login, exploitable through client applications that perform their own authentication, demonstra...
CVE-2006-0258
Oracle Database Server versions 8.1.7.4 and 9.0.1.5 are affected in the Connection Manager component by CVE-2006-0258. The vulnerability is described as unspecified in impact and attack vectors (Oracle Vuln# DB03); no root cause, exploit details, or official fix are provided in the connected docu...
CVE-2011-3512
CVE-2011-3512 is an Oracle Database Core RDBMS vulnerability affecting Oracle Database Server 10.1.0.5, 10.2.0.3–10.2.0.5, 11.1.0.7, and 11.2.0.2. The issue arises in the handling of spatial datatypes, enabling a remote-authenticated user with create table/procedure privileges to escalate to SYSD...
CVE-2012-0528
CVE-2012-0528 is linked to Oracle Enterprise Manager (Database Control 10.2.0.5, 11.1.0.7 and related patchsets). The connected advisory describes a session fixation vulnerability where Oracle Enterprise Manager authenticates a web user without invalidating the existing session ID, enabling an at...
CVE-2014-4293
Technical details for CVE-2014-4293 are not publicly provided in the supplied documents. Monitor for updates from Oracle advisories and vulnerability databases.
CVE-2015-2585
CVE-2015-2585: Oracle Database Server’s Application Express component (before version 5.0) is affected. The vulnerability allows remote authenticated users to impact availability via unknown vectors; CVSSv2 base score 2.1 (Low) with network access and high authentication complexity. Connected sou...
CVE-2015-2595
CVE-2015-2595 affects Oracle Database Server 12.1.0.1 and 12.1.0.2 where the Oracle OLAP component contains an unspecified vulnerability that can be exploited by remote authenticated users to impact confidentiality, integrity, and availability via unknown vectors. The connected OpenVAS entry and ...
CVE-2019-2955
CVE-2019-2955 affects Oracle Database Server — Core RDBMS component. Vulnerable are Oracle DB versions 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, and 19c. The flaw allows a low-privilege attacker with Local Logon and user interaction to update, insert, or delete Core RDBMS data and potentially cause a pa...
CVE-2006-0265
CVE-2006-0265 involves multiple vulnerabilities in Oracle Database server (versions 8.1.7.4, 9.0.1.5, 9.2.0.7, 10.1.0.5, 10.2.0.1). Connected sources (PRION entries) describe a likely SQL injection in CTXSYS and program interface/network components (DB17/DB18), with specific function names cited:...
CVE-2006-0267
CVE-2006-0267 affects Oracle Database Server 9.2.0.6 and 10.1.0.4, specifically the Query Optimizer component. The vulnerability’s impact is described as unspecified by Oracle Vuln# DB20, with the NVD entry noting a high base score (CVSS v2: 9.0) and a network attack vector with required low comp...
CVE-2007-2116
Summary of CVE-2007-2116 (Oracle DB): A buffer overflow in the Oracle Database Advanced Replication component, specifically in package SYS.DBMS_SNAP_INTERNAL, affects Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.5. The vulnerability may allow remote command execution via the SNAP_OWNER or SNAP_N...
CVE-2007-3857
CVE-2007-3857 affects Oracle Database 10.1.0.5, with vulnerabilities in the Oracle Text component (including vectors DB05, CTXSYS.DRVXMD, CTXSYS.DRI_MOVE_CTXSYS, CTXSYS.DRVXMD) and in JavaVM. The issue allows remotely authenticated users to impact confidentiality, integrity, and availability (per...
CVE-2007-5520
Technical details for CVE-2007-5520 are not publicly provided in the supplied documents; the entry remains with unspecified impact and remote vectors. Monitor for updates from official advisories to obtain affected products, versions, and remediation guidance.
CVE-2008-0348
Technical details for CVE-2008-0348 are not publicly available in the provided documents. Monitor for updates in the connected sources.
CVE-2009-1991
CVE-2009-1991 affects Oracle Database (9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4) in the CTXSYS.DRVXTABC.CREATE_TABLES PL/SQL call. The vulnerability is a SQL injection in the create_tables procedure (idx_owner and idx_name parameters) that can be exploited by remote authenticated users, impacting c...
CVE-2012-1708
CVE-2012-1708 affects the Oracle Database Server’s Application Express component, specifically versions 4.0 and 4.1. The vulnerability is described as unspecified, allowing remote attackers to affect integrity via unknown vectors. Connected sources reiterate the same vendor/product scope; no conc...
CVE-2013-1538
CVE-2013-1538 affects Oracle Database Server 11.2.0.2 and 11.2.0.3 in the Network Layer component, enabling remote impact to availability via unknown vectors. The vulnerability is described as unspecified in the Network Layer, with no exploited details provided in the initial or connected documen...