Lucene search
K
OracleDatabase Server

516 matches found

CVE
CVE
added 2006/01/18 11:0 a.m.68 views

CVE-2006-0267

CVE-2006-0267 affects Oracle Database Server 9.2.0.6 and 10.1.0.4, specifically the Query Optimizer component. The vulnerability’s impact is described as unspecified by Oracle Vuln# DB20, with the NVD entry noting a high base score (CVSS v2: 9.0) and a network attack vector with required low comp...

9CVSS6.3AI score0.04049EPSS
CVE
CVE
added 2006/01/18 11:0 a.m.68 views

CVE-2006-0271

CVE-2006-0271 affectsOracle Database server versions 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4 in the Upgrade & Downgrade component. The description notes an Oracle claim that the issue is SQL injection in the DBMS_REGISTRY package for parameters to IS_COMPONENT, GET_COMP_OPTION, DISABLE_DDL_TRIGGE...

10CVSS7.2AI score0.0336EPSS
CVE
CVE
added 2006/02/04 2:0 a.m.68 views

CVE-2006-0547

CVE-2006-0547 affects Oracle Database 8i, 9i, and 10g. The issue arises in the authentication phase of the Transparent Network Substrate (TNS) protocol where a modified AUTH_ALTER_SESSION attribute can be exploited by remote authenticated users to execute arbitrary SQL statements in the context o...

7.5CVSS7.2AI score0.0965EPSS
CVE
CVE
added 2007/01/17 2:0 a.m.68 views

CVE-2007-0272

The CVE-2007-0272 issue affects Oracle Database Server (MDSYS.MD package) and is confirmed by connected sources. A buffer overflow in MDSYS.MD allows remote authenticated users to crash the server or run arbitrary code, via public procedures in Oracle Database versions 8.1.7.4, 9.0.1.5, 9.2.0.7, ...

8.5CVSS7.1AI score0.06577EPSS
CVE
CVE
added 2007/04/18 6:0 p.m.68 views

CVE-2007-2119

CVE-2007-2119 is an XSS vulnerability in the Administration Front End for Oracle Enterprise (Ultra) Search. The issue affects boundary_rules.jsp and allows remote attackers to inject arbitrary HTML or script via the EXPTYPE parameter. Affected components include the Oracle Database Server variant...

6.8CVSS8AI score0.04352EPSS
CVE
CVE
added 2007/10/17 11:0 p.m.68 views

CVE-2007-5505

CVE-2007-5505 affects Oracle Database versions 9.0.1.5+; 9.2.0.8/9.2.0.8DV; 10.1.0.5; 10.2.0.3. Reported vulnerabilities relate to the Export component (DB02), Oracle Text (DB04/DB05), Spatial (DB07), and Advanced Security Option (DB19) with unknown impact and remote attack vectors. Connected sou...

7.5CVSS6.4AI score0.02661EPSS
CVE
CVE
added 2009/10/22 6:0 p.m.68 views

CVE-2009-1991

CVE-2009-1991 affects Oracle Database (9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4) in the CTXSYS.DRVXTABC.CREATE_TABLES PL/SQL call. The vulnerability is a SQL injection in the create_tables procedure (idx_owner and idx_name parameters) that can be exploited by remote authenticated users, impacting c...

3.6CVSS6.5AI score0.01712EPSS
CVE
CVE
added 2010/01/13 1:0 a.m.68 views

CVE-2009-3413

CVE-2009-3413 affects Oracle Database with the Spatial component in versions 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3. The vulnerability is exploitable remotely over Oracle Net by an authenticated user to impact confidentiality and integrity (vector: network, session creation). The NECESSARY ro...

3.2CVSS5.4AI score0.01397EPSS
CVE
CVE
added 2015/01/21 6:0 p.m.68 views

CVE-2015-0370

CVE-2015-0370 corresponds to an unspecified vulnerability in Oracle Database Server’s Core RDBMS component. The initial description lists affected Oracle Database Server versions 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1, with remote authenticated access impacting integrity (no confidentiality i...

3.5CVSS5.7AI score0.01211EPSS
CVE
CVE
added 2015/01/21 6:0 p.m.68 views

CVE-2015-0371

CVE-2015-0371 affects Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1. The vulnerability is described as an unspecified issue in the Core RDBMS component that allows remote authenticated users to affect integrity and availability via unknown vectors. The CVSS v2 base score is 4....

4.9CVSS5.7AI score0.01086EPSS
CVE
CVE
added 2015/07/16 10:0 a.m.68 views

CVE-2015-4740

CVE-2015-4740 is an Oracle Database Server vulnerability in the RDBMS Partitioning component affecting versions 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2. The issue allows remote authenticated users to impact confidentiality, integrity, and availability via unknown vectors. Connected s...

6CVSS5.7AI score0.01686EPSS
CVE
CVE
added 2019/10/16 5:40 p.m.68 views

CVE-2019-2913

CVE-2019-2913 affects Oracle Database Server (Core RDBMS). Affected: 12.2.0.1, 18c, 19c. Attacker with Create Session privilege and network access via OracleNet can read a subset of Core RDBMS data due to a Core RDBMS component flaw (CVSS 3.0 base 5.0; Confidentiality impact LOW). Root cause deta...

5CVSS4.2AI score0.01129EPSS
CVE
CVE
added 2020/01/15 4:33 p.m.68 views

CVE-2020-2527

CVE-2020-2527 — Oracle Database Core RDBMS affects Oracle Database Server core RDBMS on 12.1.0.2, 12.2.0.1, 18c, 19c. Exploitation requires a high-privilege user (Create Index/Create Table) with OracleNet network access and can lead to unauthorized read access of a subset of Core RDBMS data. CVSS...

4.1CVSS3.6AI score0.00982EPSS
CVE
CVE
added 2005/01/06 5:0 a.m.67 views

CVE-2004-1338

CVE-2004-1338 affects Oracle 9i and 10g. The flaw lets local users escalate privileges by abusing CCBKAPPLROWTRIG or EXEC_CBK_FN_DML to seed arbitrary functions into SDO_CMT_DBK_FN_TABLE and SDO_CMT_CBK_DML_TABLE, then deleting from SDO_TXN_IDX_INSERTS to trigger SDO_CMT_CBK_TRIG, which executes ...

6.5CVSS6.9AI score0.01194EPSS
CVE
CVE
added 2005/11/02 11:0 a.m.67 views

CVE-2005-3445

Technical details are not publicly available in the provided documents. Monitor for updates.

10CVSS9.2AI score0.05572EPSS
CVE
CVE
added 2005/11/16 9:17 p.m.67 views

CVE-2005-3641

CVE-2005-3641 affects Oracle Databases running on Windows XP with Simple File Sharing enabled. The vulnerability allows remote attackers to bypass authentication by supplying a valid username. The available documents describe the affected environment and authentication bypass impact but do not pr...

7.5CVSS7.1AI score0.04699EPSS
CVE
CVE
added 2006/01/18 11:0 a.m.67 views

CVE-2006-0262

Technical details for CVE-2006-0262 are not publicly provided in the supplied documents; no explicit affected versions or remediation are included. Monitor for updates.

10CVSS6.3AI score0.03864EPSS
CVE
CVE
added 2006/01/18 11:0 a.m.67 views

CVE-2006-0285

CVE-2006-0285 is an unspecified vulnerability in the Java Net component of Oracle Database Server (versions 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.7, 10.1.0.4) and Oracle Application Server (1.0.2.2, 9.0.4.2, 10.1.2.0.2). The available documents describe the issue as having unspecified impact and ...

10CVSS9.2AI score0.06026EPSS
CVE
CVE
added 2007/01/17 2:0 a.m.67 views

CVE-2007-0268

CVE-2007-0268 affects Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.5, with vulnerabilities in Advanced Queuing (sys.dbms_aqsys.dbms_aq privileges DB01), Advanced Replication (sys.dbms_repcat_untrusted DB07), and Oracle Text (ctxload DB15). The underlying impact/attack vectors are not fully detail...

6.5CVSS7.7AI score0.02819EPSS
CVE
CVE
added 2007/10/17 11:0 p.m.67 views

CVE-2007-5531

Technical details are not publicly available in the provided documents for CVE-2007-5531. The entry only notes an unspecified vulnerability in Oracle Help for Web with unknown impact and remote vectors. No vendor/version/patch details are given. Monitor for updates.

10CVSS9.1AI score0.0363EPSS
CVE
CVE
added 2012/05/03 10:0 p.m.67 views

CVE-2012-1708

CVE-2012-1708 affects the Oracle Database Server’s Application Express component, specifically versions 4.0 and 4.1. The vulnerability is described as unspecified, allowing remote attackers to affect integrity via unknown vectors. Connected sources reiterate the same vendor/product scope; no conc...

4.3CVSS6AI score0.02558EPSS
CVE
CVE
added 2012/07/17 10:0 p.m.67 views

CVE-2012-1737

CVE-2012-1737 is an unspecified vulnerability reported in Oracle Enterprise Manager/DB components (e.g., Oracle Database Server 11.1.0.7, 11.2.0.2/11.2.0.3 and EM Grid Control/Plugin components) that allowed remote attackers to affect confidentiality, integrity, and availability via unknown vecto...

6.8CVSS6AI score0.02372EPSS
CVE
CVE
added 2014/10/15 10:3 p.m.67 views

CVE-2014-6563

CVE-2014-6563 is described as an unspecified vulnerability in the Java VM component of Oracle Database Server versions 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 that could allow remote authenticated users to affect confidentiality via unknown vectors. The provided documents do not incl...

4CVSS5.5AI score0.01454EPSS
CVE
CVE
added 2019/10/16 5:40 p.m.67 views

CVE-2019-2955

CVE-2019-2955 affects Oracle Database Server — Core RDBMS component. Vulnerable are Oracle DB versions 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, and 19c. The flaw allows a low-privilege attacker with Local Logon and user interaction to update, insert, or delete Core RDBMS data and potentially cause a pa...

3.9CVSS3.6AI score0.00396EPSS
CVE
CVE
added 2002/02/02 5:0 a.m.66 views

CVE-2001-0942

The CVE concerns Oracle 8.1.6 and 8.1.7 where dbsnmp uses the ORACLE_HOME environment variable to locate and execute the dbsnmp program. A local user can point ORACLE_HOME to an attacker-controlled directory that contains a malicious dbsnmp, enabling arbitrary code execution with local privileges...

4.6CVSS6.9AI score0.00562EPSS
CVE
CVE
added 2002/02/02 5:0 a.m.66 views

CVE-2001-1041

CVE-2001-1041 affects Oracle 8.0.x, 8.1.x, and 9.0.1. The vulnerability arises from a symlink attack on an Oracle log trace (.trc) file that is created in an alternate home directory identified by ORACLE_HOME, enabling local users to overwrite arbitrary files. The root cause is the mishandling of...

2.1CVSS6.3AI score0.00584EPSS
CVE
CVE
added 2006/10/18 1:0 a.m.66 views

CVE-2006-5332

CVE-2006-5332 concerns Oracle Database components: an unspecified vulnerability in xdb.dbms_xdbz within XMLDB affecting Oracle Database 9.2.0.6 and 10.1.0.4. The DB01 issue is reported as PL/SQL injection in the ENABLE_HIERARCHY_INTERNAL procedure, with evidence that reports of this vulnerability...

9CVSS6.4AI score0.04459EPSS
CVE
CVE
added 2010/04/13 10:0 p.m.66 views

CVE-2010-0853

Technical details for CVE-2010-0853 are not publicly available in the provided documents. No concrete affected product/version or exploit information is provided. Monitor for updates in connected sources for any published specifics.

7.5CVSS6.2AI score0.02916EPSS
CVE
CVE
added 2010/04/13 10:0 p.m.66 views

CVE-2010-0867

CVE-2010-0867 targets Oracle Database JavaVM; connected advisories disclose a privilege escalation/command execution flaw in the DBMS_JAVA/DBMS_JVM_EXP_PERMS paths. Remote authenticated users with CREATE_SESSION can exploit the weakness to execute arbitrary OS commands, potentially with elevated ...

4CVSS5.7AI score0.01327EPSS
CVE
CVE
added 2014/01/15 1:33 a.m.66 views

CVE-2014-0377

CVE-2014-0377 affects Oracle Database Server’s Core RDBMS component on 11.1.0.7, 11.2.0.3/11.2.0.4, and 12.1.0.1. The vulnerability allows remote authenticated users to breach confidentiality via vectors related to SYS tables. The NVD entry lists a CVSSv2 base score of 4.0 (MEDIUM) with network a...

4CVSS5.3AI score0.01264EPSS
CVE
CVE
added 2014/10/15 3:15 p.m.66 views

CVE-2014-2478

CVE-2014-2478 affects Oracle Database Server (Core RDBMS) versions 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1. The vulnerability is described as unspecified, allowing remote attackers to affect confidentiality via unknown vectors; the exact root cause and exploit details are not disclosed in the ...

2.6CVSS6AI score0.01458EPSS
CVE
CVE
added 2015/04/16 4:0 p.m.66 views

CVE-2015-0455

CVE-2015-0455 affects Oracle Database Server (XDB-XML Database component) across versions 11.2.0.3/11.2.0.4/12.1.0.1/12.1.0.2. The vulnerability is described as unspecified with remote authentication and confidentiality impact; vectors are not detailed in the provided documents. Public details in...

6.8CVSS5.5AI score0.01734EPSS
CVE
CVE
added 2019/10/16 5:40 p.m.66 views

CVE-2018-2875

Oracle Database Server CVE-2018-2875 affects the Core RDBMS component in Oracle Database Server and targets 12.2.0.1, 18c, and 19c. A low-privilege attacker with Create Session and network access via OracleNet can read a subset of Core RDBMS data. The vulnerability’s CVSS v3.0 base score is 5.0 (...

5CVSS4.2AI score0.0098EPSS
CVE
CVE
added 2019/10/16 5:40 p.m.66 views

CVE-2019-2956

CVE-2019-2956 affects Oracle Database Server: Core RDBMS (jackson-databind). Affected versions: 12.1.0.2, 12.2.0.1, 18c, 19c. Vulnerability allows a low-privileged attacker with Create Session and network access via multiple protocols to cause a hang or crash (DOS) of Core RDBMS (jackson-databind...

5.7CVSS4.9AI score0.01117EPSS
CVE
CVE
added 2000/04/18 4:0 a.m.65 views

CVE-1999-0888

The CVE-1999-0888 entry concerns dbsnmp in Oracle Intelligent Agent. Local users can gain privileges by manipulating the ORACLE_HOME environment variable, which dbsnmp uses to locate the nmiconf.tcl script. The vulnerability affects the component responsible for Oracle Agent operations and has a ...

4.6CVSS6.4AI score0.01075EPSS
CVE
CVE
added 2003/02/21 5:0 a.m.65 views

CVE-2003-0096

Oracle 9i/8i family affected by CVE-2003-0096 due to multiple buffer overflows in Oracle Database: TO_TIMESTAMP_TZ (long conversion string argument), TZ_OFFSET (long time zone argument), and BFILENAME (long DIRECTORY parameter). Remote code execution could be possible. Root cause: buffer overflow...

9CVSS7.8AI score0.15931EPSS
CVE
CVE
added 2007/07/18 7:0 p.m.65 views

CVE-2007-3859

Technical details for CVE-2007-3859 are not publicly available in the provided documents. No specifics on affected product version, root cause, or impact are given here; monitor for updates.

7.5CVSS9.2AI score0.03288EPSS
CVE
CVE
added 2008/01/17 10:0 p.m.65 views

CVE-2008-0339

Oracle Database Server XDB PITRIG_TRUNCATE buffer overflow (CVE-2008-0339) affects Oracle Database Server 10g/10.1.0.5 with XDB.XDB_PITRIG_PKG. A remote, authenticated attacker can exploit a buffer overflow in PITRIG_TRUNCATE by supplying long OWNER/NAME arguments, potentially executing arbitrary...

10CVSS6AI score0.1453EPSS
CVE
CVE
added 2011/10/18 10:0 p.m.65 views

CVE-2011-2322

CVE-2011-2322 affects Oracle Database Server 11.1.0.7 (Database Vault component). The issue, tied to SYSDBA privileges, allows a remote authenticated user to bypass protections and modify user passwords via the OCIPasswordChange API, impacting integrity and availability. The related advisory note...

3.6CVSS5.7AI score0.01053EPSS
CVE
CVE
added 2012/08/10 11:0 p.m.65 views

CVE-2012-3132

CVE-2012-3132 affects Oracle Database Server versions 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3. The vulnerability is a SQL injection in the database server that allows a remote authenticated user to execute arbitrary SQL commands via vectors involving CREATE INDEX with a CTX...

6.5CVSS7.5AI score0.01822EPSS
CVE
CVE
added 2016/10/25 2:0 p.m.65 views

CVE-2016-5505

CVE-2016-5505 affects Oracle Database Server (RDBMS Programmable Interface) in versions 11.2.0.4 and 12.1.0.2. The vulnerability is local and allows an attacker to affect confidentiality via unknown vectors; the CVSSv3 base score is 5.5 (Medium) with local access, low attack complexity, and no us...

5.5CVSS5.5AI score0.00386EPSS
CVE
CVE
added 2019/10/16 5:40 p.m.65 views

CVE-2019-2940

Oracle Database Server Core RDBMS vulnerability CVE-2019-2940 affects Oracle Database Server Core RDBMS for versions 12.1.0.2, 12.2.0.1, and 18c. An attacker with Create Session privilege and local logon can compromise the Core RDBMS, potentially enabling unauthorized updates, inserts, or deletes...

2.3CVSS3.1AI score0.00387EPSS
CVE
CVE
added 2024/10/15 7:52 p.m.65 views

CVE-2024-21251

CVE-2024-21251 — Oracle Database Server Java VM component affected versions: 19.3–19.24, 21.3–21.15, 23.4–23.5. Cause: insufficient input validation in the Java VM component. Impact: a low-privileged attacker with Create Session and Create Procedure privileges and network access via Oracle Net ca...

3.1CVSS2.7AI score0.00375EPSS
CVE
CVE
added 2002/02/02 5:0 a.m.64 views

CVE-2001-0943

CVE-2001-0943 : Affects Oracle 8.0.5 and 8.1.5 where dbsnmp trusts the PATH environment to locate and execute (1) chown or (2) chgrp). By manipulating PATH, a local attacker can run Trojan Horse programs and gain arbitrary code execution. The description does not specify exploit status, affected ...

7.2CVSS7.2AI score0.01967EPSS
CVE
CVE
added 2006/01/18 11:0 a.m.64 views

CVE-2006-0261

CVE-2006-0261 affects Oracle Database Server versions 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.5, linked to two Oracle vulnerabilities (DB07 in Dictionary; DB14 in Oracle Label Security) with unspecified impact/attack vectors. A note states researchers claim DB07 involves plaintext storage of the TD...

10CVSS6.9AI score0.06328EPSS
CVE
CVE
added 2006/01/18 11:0 a.m.64 views

CVE-2006-0287

Affected software: Oracle HTTP Server component of Oracle Database Server 10.1.0.5 and Application Server 10.1.2.0.2. The CVE-2006-0287 entry is described as an unspecified vulnerability with unspecified impact/attack vectors per Oracle (Oracle Vuln# OHS02). Some connected sources (Oracle HTTP Se...

10CVSS9.1AI score0.29006EPSS
CVE
CVE
added 2006/07/19 10:0 a.m.64 views

CVE-2006-3700

CVE-2006-3700 affects Oracle Database 9.2.0.6 and 10.1.0.4 with two concerns (DB04 DAV and DB23 XMLDB). The NVD entry notes unknown impact/attack vectors. A Nessus July 2006 CPU plugin associates CVE-2006-3700 with missing CPU and lists impacted components including DAV/XMLDB; remediation guidanc...

10CVSS6.6AI score0.04842EPSS
CVE
CVE
added 2007/04/18 6:0 p.m.64 views

CVE-2007-2112

CVE-2007-2112 is an authentication bypass in Oracle Database 10.1.0.5 and 10.2.0.3 (DB05). The description states that remote authenticated users may bypass the AUTH_ALTER_SESSION policy via an AFTER LOGON ON DATABASE trigger, and notes this as related to CVE-2006-0547. The connected documents al...

6CVSS6.1AI score0.04031EPSS
CVE
CVE
added 2007/04/18 6:0 p.m.64 views

CVE-2007-2117

CVE-2007-2117 concerns Oracle Text in Oracle Database 9.0.1.5+ and 9.2.0.5; the note from 2007 CPU claims a buffer overflow in the ctxsrv server daemon, but the impact and exploit details are not publicly provided in the supplied documents. No remediation/patch details are specified here.

6.8CVSS6.7AI score0.00563EPSS
CVE
CVE
added 2009/10/22 6:0 p.m.64 views

CVE-2009-1992

CVE-2009-1992 affects Oracle Database Core RDBMS components (versions 9.2.0.8, 10.1.0.5, 10.2.0.4). The vulnerability allows remote attackers to impact confidentiality, integrity, and availability via unknown vectors. The issue is listed in the Oracle October 2009 CPU with a Base Score of 10.0 (C...

10CVSS6AI score0.04222EPSS
Total number of security vulnerabilities516