516 matches found
CVE-2003-0222
CVE-2003-0222 : A stack-based buffer overflow in Oracle Net Services for Oracle Database Server 9i release 2 and earlier allows an attacker to execute arbitrary code via a CREATE DATABASE LINK query containing a connect string with a long USING parameter. The vulnerability requires a valid databa...
CVE-2006-0547
CVE-2006-0547 affects Oracle Database 8i, 9i, and 10g. The issue arises in the authentication phase of the Transparent Network Substrate (TNS) protocol where a modified AUTH_ALTER_SESSION attribute can be exploited by remote authenticated users to execute arbitrary SQL statements in the context o...
CVE-2007-2116
Summary of CVE-2007-2116 (Oracle DB): A buffer overflow in the Oracle Database Advanced Replication component, specifically in package SYS.DBMS_SNAP_INTERNAL, affects Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.5. The vulnerability may allow remote command execution via the SNAP_OWNER or SNAP_N...
CVE-2007-2119
CVE-2007-2119 is an XSS vulnerability in the Administration Front End for Oracle Enterprise (Ultra) Search. The issue affects boundary_rules.jsp and allows remote attackers to inject arbitrary HTML or script via the EXPTYPE parameter. Affected components include the Oracle Database Server variant...
CVE-2007-5505
CVE-2007-5505 affects Oracle Database versions 9.0.1.5+; 9.2.0.8/9.2.0.8DV; 10.1.0.5; 10.2.0.3. Reported vulnerabilities relate to the Export component (DB02), Oracle Text (DB04/DB05), Spatial (DB07), and Advanced Security Option (DB19) with unknown impact and remote attack vectors. Connected sou...
CVE-2007-5520
Technical details for CVE-2007-5520 are not publicly provided in the supplied documents; the entry remains with unspecified impact and remote vectors. Monitor for updates from official advisories to obtain affected products, versions, and remediation guidance.
CVE-2009-1991
CVE-2009-1991 affects Oracle Database (9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4) in the CTXSYS.DRVXTABC.CREATE_TABLES PL/SQL call. The vulnerability is a SQL injection in the create_tables procedure (idx_owner and idx_name parameters) that can be exploited by remote authenticated users, impacting c...
CVE-2012-1708
CVE-2012-1708 affects the Oracle Database Server’s Application Express component, specifically versions 4.0 and 4.1. The vulnerability is described as unspecified, allowing remote attackers to affect integrity via unknown vectors. Connected sources reiterate the same vendor/product scope; no conc...
CVE-2013-1538
CVE-2013-1538 affects Oracle Database Server 11.2.0.2 and 11.2.0.3 in the Network Layer component, enabling remote impact to availability via unknown vectors. The vulnerability is described as unspecified in the Network Layer, with no exploited details provided in the initial or connected documen...
CVE-2018-3004
CVE-2018-3004 concerns the Oracle Database Server’s Java VM component. Affected versions are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18.2. A low-privilege attacker with Create Session and Create Procedure privileges and network access via multiple protocols can potentially compromise the Java VM, leadin...
CVE-2004-1338
CVE-2004-1338 affects Oracle 9i and 10g. The flaw lets local users escalate privileges by abusing CCBKAPPLROWTRIG or EXEC_CBK_FN_DML to seed arbitrary functions into SDO_CMT_DBK_FN_TABLE and SDO_CMT_CBK_DML_TABLE, then deleting from SDO_TXN_IDX_INSERTS to trigger SDO_CMT_CBK_TRIG, which executes ...
CVE-2009-3413
CVE-2009-3413 affects Oracle Database with the Spatial component in versions 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3. The vulnerability is exploitable remotely over Oracle Net by an authenticated user to impact confidentiality and integrity (vector: network, session creation). The NECESSARY ro...
CVE-2012-1737
CVE-2012-1737 is an unspecified vulnerability reported in Oracle Enterprise Manager/DB components (e.g., Oracle Database Server 11.1.0.7, 11.2.0.2/11.2.0.3 and EM Grid Control/Plugin components) that allowed remote attackers to affect confidentiality, integrity, and availability via unknown vecto...
CVE-2014-0377
CVE-2014-0377 affects Oracle Database Server’s Core RDBMS component on 11.1.0.7, 11.2.0.3/11.2.0.4, and 12.1.0.1. The vulnerability allows remote authenticated users to breach confidentiality via vectors related to SYS tables. The NVD entry lists a CVSSv2 base score of 4.0 (MEDIUM) with network a...
CVE-2015-0370
CVE-2015-0370 corresponds to an unspecified vulnerability in Oracle Database Server’s Core RDBMS component. The initial description lists affected Oracle Database Server versions 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1, with remote authenticated access impacting integrity (no confidentiality i...
CVE-2015-0371
CVE-2015-0371 affects Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1. The vulnerability is described as an unspecified issue in the Core RDBMS component that allows remote authenticated users to affect integrity and availability via unknown vectors. The CVSS v2 base score is 4....
CVE-2015-0455
CVE-2015-0455 affects Oracle Database Server (XDB-XML Database component) across versions 11.2.0.3/11.2.0.4/12.1.0.1/12.1.0.2. The vulnerability is described as unspecified with remote authentication and confidentiality impact; vectors are not detailed in the provided documents. Public details in...
CVE-2015-4740
CVE-2015-4740 is an Oracle Database Server vulnerability in the RDBMS Partitioning component affecting versions 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2. The issue allows remote authenticated users to impact confidentiality, integrity, and availability via unknown vectors. Connected s...
CVE-2020-2527
CVE-2020-2527 — Oracle Database Core RDBMS affects Oracle Database Server core RDBMS on 12.1.0.2, 12.2.0.1, 18c, 19c. Exploitation requires a high-privilege user (Create Index/Create Table) with OracleNet network access and can lead to unauthorized read access of a subset of Core RDBMS data. CVSS...
CVE-2001-1041
CVE-2001-1041 affects Oracle 8.0.x, 8.1.x, and 9.0.1. The vulnerability arises from a symlink attack on an Oracle log trace (.trc) file that is created in an alternate home directory identified by ORACLE_HOME, enabling local users to overwrite arbitrary files. The root cause is the mishandling of...
CVE-2005-3445
Technical details are not publicly available in the provided documents. Monitor for updates.
CVE-2005-3641
CVE-2005-3641 affects Oracle Databases running on Windows XP with Simple File Sharing enabled. The vulnerability allows remote attackers to bypass authentication by supplying a valid username. The available documents describe the affected environment and authentication bypass impact but do not pr...
CVE-2006-0262
Technical details for CVE-2006-0262 are not publicly provided in the supplied documents; no explicit affected versions or remediation are included. Monitor for updates.
CVE-2006-0285
CVE-2006-0285 is an unspecified vulnerability in the Java Net component of Oracle Database Server (versions 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.7, 10.1.0.4) and Oracle Application Server (1.0.2.2, 9.0.4.2, 10.1.2.0.2). The available documents describe the issue as having unspecified impact and ...
CVE-2007-0268
CVE-2007-0268 affects Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.5, with vulnerabilities in Advanced Queuing (sys.dbms_aqsys.dbms_aq privileges DB01), Advanced Replication (sys.dbms_repcat_untrusted DB07), and Oracle Text (ctxload DB15). The underlying impact/attack vectors are not fully detail...
CVE-2007-5531
Technical details are not publicly available in the provided documents for CVE-2007-5531. The entry only notes an unspecified vulnerability in Oracle Help for Web with unknown impact and remote vectors. No vendor/version/patch details are given. Monitor for updates.
CVE-2010-0867
CVE-2010-0867 targets Oracle Database JavaVM; connected advisories disclose a privilege escalation/command execution flaw in the DBMS_JAVA/DBMS_JVM_EXP_PERMS paths. Remote authenticated users with CREATE_SESSION can exploit the weakness to execute arbitrary OS commands, potentially with elevated ...
CVE-2014-2478
CVE-2014-2478 affects Oracle Database Server (Core RDBMS) versions 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1. The vulnerability is described as unspecified, allowing remote attackers to affect confidentiality via unknown vectors; the exact root cause and exploit details are not disclosed in the ...
CVE-2014-6563
CVE-2014-6563 is described as an unspecified vulnerability in the Java VM component of Oracle Database Server versions 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 that could allow remote authenticated users to affect confidentiality via unknown vectors. The provided documents do not incl...
CVE-2018-2575
CVE-2018-2575 concerns Oracle Database Server — Core RDBMS component. Affects Windows platforms for the following Oracle Database versions: 11.2.0.4, 12.1.0.2, and 12.2.0.1. The vulnerability is exploitable by a user with Local Logon privilege who can access the system over multiple network proto...
CVE-2019-2940
Oracle Database Server Core RDBMS vulnerability CVE-2019-2940 affects Oracle Database Server Core RDBMS for versions 12.1.0.2, 12.2.0.1, and 18c. An attacker with Create Session privilege and local logon can compromise the Core RDBMS, potentially enabling unauthorized updates, inserts, or deletes...
CVE-2019-2956
CVE-2019-2956 affects Oracle Database Server: Core RDBMS (jackson-databind). Affected versions: 12.1.0.2, 12.2.0.1, 18c, 19c. Vulnerability allows a low-privileged attacker with Create Session and network access via multiple protocols to cause a hang or crash (DOS) of Core RDBMS (jackson-databind...
CVE-2001-0942
The CVE concerns Oracle 8.1.6 and 8.1.7 where dbsnmp uses the ORACLE_HOME environment variable to locate and execute the dbsnmp program. A local user can point ORACLE_HOME to an attacker-controlled directory that contains a malicious dbsnmp, enabling arbitrary code execution with local privileges...
CVE-2006-3700
CVE-2006-3700 affects Oracle Database 9.2.0.6 and 10.1.0.4 with two concerns (DB04 DAV and DB23 XMLDB). The NVD entry notes unknown impact/attack vectors. A Nessus July 2006 CPU plugin associates CVE-2006-3700 with missing CPU and lists impacted components including DAV/XMLDB; remediation guidanc...
CVE-2006-5332
CVE-2006-5332 concerns Oracle Database components: an unspecified vulnerability in xdb.dbms_xdbz within XMLDB affecting Oracle Database 9.2.0.6 and 10.1.0.4. The DB01 issue is reported as PL/SQL injection in the ENABLE_HIERARCHY_INTERNAL procedure, with evidence that reports of this vulnerability...
CVE-2007-2112
CVE-2007-2112 is an authentication bypass in Oracle Database 10.1.0.5 and 10.2.0.3 (DB05). The description states that remote authenticated users may bypass the AUTH_ALTER_SESSION policy via an AFTER LOGON ON DATABASE trigger, and notes this as related to CVE-2006-0547. The connected documents al...
CVE-2007-3859
Technical details for CVE-2007-3859 are not publicly available in the provided documents. No specifics on affected product version, root cause, or impact are given here; monitor for updates.
CVE-2010-0853
Technical details for CVE-2010-0853 are not publicly available in the provided documents. No concrete affected product/version or exploit information is provided. Monitor for updates in connected sources for any published specifics.
CVE-2010-0870
CVE-2010-0870 affects Oracle Database 9.2.0.8 and 9.2.0.8DV in the Change Data Capture component, related to SYS.DBMS_CDC_PUBLISH. Connected sources describe a SQL injection flaw in the DBMS_CDC_PUBLISH.DROP_CHANGE_SOURCE procedure that can be exploited by any user with execute privilege (default...
CVE-2014-2408
CVE-2014-2408 affects Oracle Database Server 11.1.0.7, 11.2.0.3/4, and 12.1.0.1, targeting the Core RDBMS component. The vulnerability is described as using unknown vectors related to the Grant Any Object Privilege and can potentially impact confidentiality and integrity when accessed by remote, ...
CVE-2016-5505
CVE-2016-5505 affects Oracle Database Server (RDBMS Programmable Interface) in versions 11.2.0.4 and 12.1.0.2. The vulnerability is local and allows an attacker to affect confidentiality via unknown vectors; the CVSSv3 base score is 5.5 (Medium) with local access, low attack complexity, and no us...
CVE-2018-2875
Oracle Database Server CVE-2018-2875 affects the Core RDBMS component in Oracle Database Server and targets 12.2.0.1, 18c, and 19c. A low-privilege attacker with Create Session and network access via OracleNet can read a subset of Core RDBMS data. The vulnerability’s CVSS v3.0 base score is 5.0 (...
CVE-1999-0888
The CVE-1999-0888 entry concerns dbsnmp in Oracle Intelligent Agent. Local users can gain privileges by manipulating the ORACLE_HOME environment variable, which dbsnmp uses to locate the nmiconf.tcl script. The vulnerability affects the component responsible for Oracle Agent operations and has a ...
CVE-2003-0096
Oracle 9i/8i family affected by CVE-2003-0096 due to multiple buffer overflows in Oracle Database: TO_TIMESTAMP_TZ (long conversion string argument), TZ_OFFSET (long time zone argument), and BFILENAME (long DIRECTORY parameter). Remote code execution could be possible. Root cause: buffer overflow...
CVE-2006-0261
CVE-2006-0261 affects Oracle Database Server versions 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.5, linked to two Oracle vulnerabilities (DB07 in Dictionary; DB14 in Oracle Label Security) with unspecified impact/attack vectors. A note states researchers claim DB07 involves plaintext storage of the TD...
CVE-2006-0549
Technical details about CVE-2005-0549 are not publicly available in the provided connected documents. Monitor for updates from Oracle advisories and vulnerability databases before drawing conclusions about impact or remediation.
CVE-2007-2117
CVE-2007-2117 concerns Oracle Text in Oracle Database 9.0.1.5+ and 9.2.0.5; the note from 2007 CPU claims a buffer overflow in the ctxsrv server daemon, but the impact and exploit details are not publicly provided in the supplied documents. No remediation/patch details are specified here.
CVE-2008-0339
Oracle Database Server XDB PITRIG_TRUNCATE buffer overflow (CVE-2008-0339) affects Oracle Database Server 10g/10.1.0.5 with XDB.XDB_PITRIG_PKG. A remote, authenticated attacker can exploit a buffer overflow in PITRIG_TRUNCATE by supplying long OWNER/NAME arguments, potentially executing arbitrary...
CVE-2009-1992
CVE-2009-1992 affects Oracle Database Core RDBMS components (versions 9.2.0.8, 10.1.0.5, 10.2.0.4). The vulnerability allows remote attackers to impact confidentiality, integrity, and availability via unknown vectors. The issue is listed in the Oracle October 2009 CPU with a Base Score of 10.0 (C...
CVE-2009-1993
CVE-2009-1993 affects Oracle Application Express (Apex) within Oracle Database 3.0.1. The vulnerability allows remote authenticated users to affect confidentiality and integrity through FLOWS_030000.WWV_EXECUTE_IMMEDIATE. The October 2009 CPU includes a fix for this, as part of the Oracle Databas...