516 matches found
CVE-2006-0267
CVE-2006-0267 affects Oracle Database Server 9.2.0.6 and 10.1.0.4, specifically the Query Optimizer component. The vulnerability’s impact is described as unspecified by Oracle Vuln# DB20, with the NVD entry noting a high base score (CVSS v2: 9.0) and a network attack vector with required low comp...
CVE-2006-0271
CVE-2006-0271 affectsOracle Database server versions 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4 in the Upgrade & Downgrade component. The description notes an Oracle claim that the issue is SQL injection in the DBMS_REGISTRY package for parameters to IS_COMPONENT, GET_COMP_OPTION, DISABLE_DDL_TRIGGE...
CVE-2006-0547
CVE-2006-0547 affects Oracle Database 8i, 9i, and 10g. The issue arises in the authentication phase of the Transparent Network Substrate (TNS) protocol where a modified AUTH_ALTER_SESSION attribute can be exploited by remote authenticated users to execute arbitrary SQL statements in the context o...
CVE-2007-0272
The CVE-2007-0272 issue affects Oracle Database Server (MDSYS.MD package) and is confirmed by connected sources. A buffer overflow in MDSYS.MD allows remote authenticated users to crash the server or run arbitrary code, via public procedures in Oracle Database versions 8.1.7.4, 9.0.1.5, 9.2.0.7, ...
CVE-2007-2119
CVE-2007-2119 is an XSS vulnerability in the Administration Front End for Oracle Enterprise (Ultra) Search. The issue affects boundary_rules.jsp and allows remote attackers to inject arbitrary HTML or script via the EXPTYPE parameter. Affected components include the Oracle Database Server variant...
CVE-2007-5505
CVE-2007-5505 affects Oracle Database versions 9.0.1.5+; 9.2.0.8/9.2.0.8DV; 10.1.0.5; 10.2.0.3. Reported vulnerabilities relate to the Export component (DB02), Oracle Text (DB04/DB05), Spatial (DB07), and Advanced Security Option (DB19) with unknown impact and remote attack vectors. Connected sou...
CVE-2009-1991
CVE-2009-1991 affects Oracle Database (9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4) in the CTXSYS.DRVXTABC.CREATE_TABLES PL/SQL call. The vulnerability is a SQL injection in the create_tables procedure (idx_owner and idx_name parameters) that can be exploited by remote authenticated users, impacting c...
CVE-2009-3413
CVE-2009-3413 affects Oracle Database with the Spatial component in versions 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3. The vulnerability is exploitable remotely over Oracle Net by an authenticated user to impact confidentiality and integrity (vector: network, session creation). The NECESSARY ro...
CVE-2015-0370
CVE-2015-0370 corresponds to an unspecified vulnerability in Oracle Database Server’s Core RDBMS component. The initial description lists affected Oracle Database Server versions 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1, with remote authenticated access impacting integrity (no confidentiality i...
CVE-2015-0371
CVE-2015-0371 affects Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1. The vulnerability is described as an unspecified issue in the Core RDBMS component that allows remote authenticated users to affect integrity and availability via unknown vectors. The CVSS v2 base score is 4....
CVE-2015-4740
CVE-2015-4740 is an Oracle Database Server vulnerability in the RDBMS Partitioning component affecting versions 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2. The issue allows remote authenticated users to impact confidentiality, integrity, and availability via unknown vectors. Connected s...
CVE-2019-2913
CVE-2019-2913 affects Oracle Database Server (Core RDBMS). Affected: 12.2.0.1, 18c, 19c. Attacker with Create Session privilege and network access via OracleNet can read a subset of Core RDBMS data due to a Core RDBMS component flaw (CVSS 3.0 base 5.0; Confidentiality impact LOW). Root cause deta...
CVE-2020-2527
CVE-2020-2527 — Oracle Database Core RDBMS affects Oracle Database Server core RDBMS on 12.1.0.2, 12.2.0.1, 18c, 19c. Exploitation requires a high-privilege user (Create Index/Create Table) with OracleNet network access and can lead to unauthorized read access of a subset of Core RDBMS data. CVSS...
CVE-2004-1338
CVE-2004-1338 affects Oracle 9i and 10g. The flaw lets local users escalate privileges by abusing CCBKAPPLROWTRIG or EXEC_CBK_FN_DML to seed arbitrary functions into SDO_CMT_DBK_FN_TABLE and SDO_CMT_CBK_DML_TABLE, then deleting from SDO_TXN_IDX_INSERTS to trigger SDO_CMT_CBK_TRIG, which executes ...
CVE-2005-3445
Technical details are not publicly available in the provided documents. Monitor for updates.
CVE-2005-3641
CVE-2005-3641 affects Oracle Databases running on Windows XP with Simple File Sharing enabled. The vulnerability allows remote attackers to bypass authentication by supplying a valid username. The available documents describe the affected environment and authentication bypass impact but do not pr...
CVE-2006-0262
Technical details for CVE-2006-0262 are not publicly provided in the supplied documents; no explicit affected versions or remediation are included. Monitor for updates.
CVE-2006-0285
CVE-2006-0285 is an unspecified vulnerability in the Java Net component of Oracle Database Server (versions 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.7, 10.1.0.4) and Oracle Application Server (1.0.2.2, 9.0.4.2, 10.1.2.0.2). The available documents describe the issue as having unspecified impact and ...
CVE-2007-0268
CVE-2007-0268 affects Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.5, with vulnerabilities in Advanced Queuing (sys.dbms_aqsys.dbms_aq privileges DB01), Advanced Replication (sys.dbms_repcat_untrusted DB07), and Oracle Text (ctxload DB15). The underlying impact/attack vectors are not fully detail...
CVE-2007-5531
Technical details are not publicly available in the provided documents for CVE-2007-5531. The entry only notes an unspecified vulnerability in Oracle Help for Web with unknown impact and remote vectors. No vendor/version/patch details are given. Monitor for updates.
CVE-2012-1708
CVE-2012-1708 affects the Oracle Database Server’s Application Express component, specifically versions 4.0 and 4.1. The vulnerability is described as unspecified, allowing remote attackers to affect integrity via unknown vectors. Connected sources reiterate the same vendor/product scope; no conc...
CVE-2012-1737
CVE-2012-1737 is an unspecified vulnerability reported in Oracle Enterprise Manager/DB components (e.g., Oracle Database Server 11.1.0.7, 11.2.0.2/11.2.0.3 and EM Grid Control/Plugin components) that allowed remote attackers to affect confidentiality, integrity, and availability via unknown vecto...
CVE-2014-6563
CVE-2014-6563 is described as an unspecified vulnerability in the Java VM component of Oracle Database Server versions 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 that could allow remote authenticated users to affect confidentiality via unknown vectors. The provided documents do not incl...
CVE-2019-2955
CVE-2019-2955 affects Oracle Database Server — Core RDBMS component. Vulnerable are Oracle DB versions 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, and 19c. The flaw allows a low-privilege attacker with Local Logon and user interaction to update, insert, or delete Core RDBMS data and potentially cause a pa...
CVE-2001-0942
The CVE concerns Oracle 8.1.6 and 8.1.7 where dbsnmp uses the ORACLE_HOME environment variable to locate and execute the dbsnmp program. A local user can point ORACLE_HOME to an attacker-controlled directory that contains a malicious dbsnmp, enabling arbitrary code execution with local privileges...
CVE-2001-1041
CVE-2001-1041 affects Oracle 8.0.x, 8.1.x, and 9.0.1. The vulnerability arises from a symlink attack on an Oracle log trace (.trc) file that is created in an alternate home directory identified by ORACLE_HOME, enabling local users to overwrite arbitrary files. The root cause is the mishandling of...
CVE-2006-5332
CVE-2006-5332 concerns Oracle Database components: an unspecified vulnerability in xdb.dbms_xdbz within XMLDB affecting Oracle Database 9.2.0.6 and 10.1.0.4. The DB01 issue is reported as PL/SQL injection in the ENABLE_HIERARCHY_INTERNAL procedure, with evidence that reports of this vulnerability...
CVE-2010-0853
Technical details for CVE-2010-0853 are not publicly available in the provided documents. No concrete affected product/version or exploit information is provided. Monitor for updates in connected sources for any published specifics.
CVE-2010-0867
CVE-2010-0867 targets Oracle Database JavaVM; connected advisories disclose a privilege escalation/command execution flaw in the DBMS_JAVA/DBMS_JVM_EXP_PERMS paths. Remote authenticated users with CREATE_SESSION can exploit the weakness to execute arbitrary OS commands, potentially with elevated ...
CVE-2014-0377
CVE-2014-0377 affects Oracle Database Server’s Core RDBMS component on 11.1.0.7, 11.2.0.3/11.2.0.4, and 12.1.0.1. The vulnerability allows remote authenticated users to breach confidentiality via vectors related to SYS tables. The NVD entry lists a CVSSv2 base score of 4.0 (MEDIUM) with network a...
CVE-2014-2478
CVE-2014-2478 affects Oracle Database Server (Core RDBMS) versions 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1. The vulnerability is described as unspecified, allowing remote attackers to affect confidentiality via unknown vectors; the exact root cause and exploit details are not disclosed in the ...
CVE-2015-0455
CVE-2015-0455 affects Oracle Database Server (XDB-XML Database component) across versions 11.2.0.3/11.2.0.4/12.1.0.1/12.1.0.2. The vulnerability is described as unspecified with remote authentication and confidentiality impact; vectors are not detailed in the provided documents. Public details in...
CVE-2018-2875
Oracle Database Server CVE-2018-2875 affects the Core RDBMS component in Oracle Database Server and targets 12.2.0.1, 18c, and 19c. A low-privilege attacker with Create Session and network access via OracleNet can read a subset of Core RDBMS data. The vulnerability’s CVSS v3.0 base score is 5.0 (...
CVE-2019-2956
CVE-2019-2956 affects Oracle Database Server: Core RDBMS (jackson-databind). Affected versions: 12.1.0.2, 12.2.0.1, 18c, 19c. Vulnerability allows a low-privileged attacker with Create Session and network access via multiple protocols to cause a hang or crash (DOS) of Core RDBMS (jackson-databind...
CVE-1999-0888
The CVE-1999-0888 entry concerns dbsnmp in Oracle Intelligent Agent. Local users can gain privileges by manipulating the ORACLE_HOME environment variable, which dbsnmp uses to locate the nmiconf.tcl script. The vulnerability affects the component responsible for Oracle Agent operations and has a ...
CVE-2003-0096
Oracle 9i/8i family affected by CVE-2003-0096 due to multiple buffer overflows in Oracle Database: TO_TIMESTAMP_TZ (long conversion string argument), TZ_OFFSET (long time zone argument), and BFILENAME (long DIRECTORY parameter). Remote code execution could be possible. Root cause: buffer overflow...
CVE-2007-3859
Technical details for CVE-2007-3859 are not publicly available in the provided documents. No specifics on affected product version, root cause, or impact are given here; monitor for updates.
CVE-2008-0339
Oracle Database Server XDB PITRIG_TRUNCATE buffer overflow (CVE-2008-0339) affects Oracle Database Server 10g/10.1.0.5 with XDB.XDB_PITRIG_PKG. A remote, authenticated attacker can exploit a buffer overflow in PITRIG_TRUNCATE by supplying long OWNER/NAME arguments, potentially executing arbitrary...
CVE-2011-2322
CVE-2011-2322 affects Oracle Database Server 11.1.0.7 (Database Vault component). The issue, tied to SYSDBA privileges, allows a remote authenticated user to bypass protections and modify user passwords via the OCIPasswordChange API, impacting integrity and availability. The related advisory note...
CVE-2012-3132
CVE-2012-3132 affects Oracle Database Server versions 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3. The vulnerability is a SQL injection in the database server that allows a remote authenticated user to execute arbitrary SQL commands via vectors involving CREATE INDEX with a CTX...
CVE-2016-5505
CVE-2016-5505 affects Oracle Database Server (RDBMS Programmable Interface) in versions 11.2.0.4 and 12.1.0.2. The vulnerability is local and allows an attacker to affect confidentiality via unknown vectors; the CVSSv3 base score is 5.5 (Medium) with local access, low attack complexity, and no us...
CVE-2019-2940
Oracle Database Server Core RDBMS vulnerability CVE-2019-2940 affects Oracle Database Server Core RDBMS for versions 12.1.0.2, 12.2.0.1, and 18c. An attacker with Create Session privilege and local logon can compromise the Core RDBMS, potentially enabling unauthorized updates, inserts, or deletes...
CVE-2024-21251
CVE-2024-21251 — Oracle Database Server Java VM component affected versions: 19.3–19.24, 21.3–21.15, 23.4–23.5. Cause: insufficient input validation in the Java VM component. Impact: a low-privileged attacker with Create Session and Create Procedure privileges and network access via Oracle Net ca...
CVE-2001-0943
CVE-2001-0943 : Affects Oracle 8.0.5 and 8.1.5 where dbsnmp trusts the PATH environment to locate and execute (1) chown or (2) chgrp). By manipulating PATH, a local attacker can run Trojan Horse programs and gain arbitrary code execution. The description does not specify exploit status, affected ...
CVE-2006-0261
CVE-2006-0261 affects Oracle Database Server versions 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.5, linked to two Oracle vulnerabilities (DB07 in Dictionary; DB14 in Oracle Label Security) with unspecified impact/attack vectors. A note states researchers claim DB07 involves plaintext storage of the TD...
CVE-2006-0287
Affected software: Oracle HTTP Server component of Oracle Database Server 10.1.0.5 and Application Server 10.1.2.0.2. The CVE-2006-0287 entry is described as an unspecified vulnerability with unspecified impact/attack vectors per Oracle (Oracle Vuln# OHS02). Some connected sources (Oracle HTTP Se...
CVE-2006-3700
CVE-2006-3700 affects Oracle Database 9.2.0.6 and 10.1.0.4 with two concerns (DB04 DAV and DB23 XMLDB). The NVD entry notes unknown impact/attack vectors. A Nessus July 2006 CPU plugin associates CVE-2006-3700 with missing CPU and lists impacted components including DAV/XMLDB; remediation guidanc...
CVE-2007-2112
CVE-2007-2112 is an authentication bypass in Oracle Database 10.1.0.5 and 10.2.0.3 (DB05). The description states that remote authenticated users may bypass the AUTH_ALTER_SESSION policy via an AFTER LOGON ON DATABASE trigger, and notes this as related to CVE-2006-0547. The connected documents al...
CVE-2007-2117
CVE-2007-2117 concerns Oracle Text in Oracle Database 9.0.1.5+ and 9.2.0.5; the note from 2007 CPU claims a buffer overflow in the ctxsrv server daemon, but the impact and exploit details are not publicly provided in the supplied documents. No remediation/patch details are specified here.
CVE-2009-1992
CVE-2009-1992 affects Oracle Database Core RDBMS components (versions 9.2.0.8, 10.1.0.5, 10.2.0.4). The vulnerability allows remote attackers to impact confidentiality, integrity, and availability via unknown vectors. The issue is listed in the Oracle October 2009 CPU with a Base Score of 10.0 (C...