516 matches found
CVE-2007-2117
CVE-2007-2117 concerns Oracle Text in Oracle Database 9.0.1.5+ and 9.2.0.5; the note from 2007 CPU claims a buffer overflow in the ctxsrv server daemon, but the impact and exploit details are not publicly provided in the supplied documents. No remediation/patch details are specified here.
CVE-2009-1992
CVE-2009-1992 affects Oracle Database Core RDBMS components (versions 9.2.0.8, 10.1.0.5, 10.2.0.4). The vulnerability allows remote attackers to impact confidentiality, integrity, and availability via unknown vectors. The issue is listed in the Oracle October 2009 CPU with a Base Score of 10.0 (C...
CVE-2009-1993
CVE-2009-1993 affects Oracle Application Express (Apex) within Oracle Database 3.0.1. The vulnerability allows remote authenticated users to affect confidentiality and integrity through FLOWS_030000.WWV_EXECUTE_IMMEDIATE. The October 2009 CPU includes a fix for this, as part of the Oracle Databas...
CVE-2009-3415
Concrete details available: CVE-2009-3415 is listed in Oracle CPU January 2010 as affecting Oracle OLAP within Oracle Database 9.2.0.8/9.2.0.8DV, 10.1.0.5 and 10.2.0.3. The vulnerability is mapped to Oracle OLAP with remote impact pathway requiring an authenticated session (Remote Exploit without...
CVE-2010-0870
CVE-2010-0870 affects Oracle Database 9.2.0.8 and 9.2.0.8DV in the Change Data Capture component, related to SYS.DBMS_CDC_PUBLISH. Connected sources describe a SQL injection flaw in the DBMS_CDC_PUBLISH.DROP_CHANGE_SOURCE procedure that can be exploited by any user with execute privilege (default...
CVE-2012-1747
CVE-2012-1747 affects Oracle Database Server on Windows (versions 10.2.0.3/10.2.0.4/10.2.0.5/11.1.0.7/11.2.0.2/11.2.0.3). The Network Layer component is implicated in an unspecified vulnerability that allows remote attackers to impact availability via unknown vectors (distinct from CVE-2012-1746)...
CVE-2013-1554
CVE-2013-1554 affects Oracle Database Server (versions 10.2.0.4/10.2.0.5/11.1.0.7/11.2.0.2/11.2.0.3) with an unspecified vulnerability in the Network Layer component that could allow remote attackers to impact availability via unknown vectors. The risk is described as a network-exposed issue with...
CVE-2013-5764
CVE-2013-5764 affects Oracle Database Server’s Core RDBMS in versions 11.1.0.7, 11.2.0.3, and 12.1.0.1. The vulnerability is described as unspecified and allows remote authenticated users to impact availability via unknown vectors. Root cause and exact exploit details are not provided in the init...
CVE-2014-6452
Technical details for CVE-2014-6452 are not publicly provided in the connected documents; no explicit affected products, root cause, impact, or remediation are given here. Monitor for updates.
CVE-2018-2575
CVE-2018-2575 concerns Oracle Database Server — Core RDBMS component. Affects Windows platforms for the following Oracle Database versions: 11.2.0.4, 12.1.0.2, and 12.2.0.1. The vulnerability is exploitable by a user with Local Logon privilege who can access the system over multiple network proto...
CVE-2004-1339
CVE-2004-1339 affects Oracle 9i and 10g via two default triggers (MDSYS.SDO_GEOM_TRIG_INS1 and MDSYS.SDO_LRS_TRIG_INS). The vulnerability is a SQL injection that allows remote attackers to execute arbitrary SQL commands through the new.table_name or new.column_name parameters within those trigger...
CVE-2005-0298
CVE-2005-0298 concerns Oracle 8i–10g DIRECTORY objects that expose the location of a specific operating system directory. Read access to such a DIRECTORY object can allow a user to obtain sensitive information about the OS directory path, indicating a potential information-disclosure risk. The pr...
CVE-2005-3446
Technical details for CVE-2005-3446 are not publicly available in the provided documents. Monitor for updates.
CVE-2008-0341
The CVE-2008-0341 entry concerns Oracle Database’s Advanced Queuing component in versions 9.0.1.5 FIPS+ and 10.1.0.5, described as an unspecified vulnerability with unknown impact and remote attack vectors (DB03). Connected sources corroborate a family of unspecified Oracle Database vulnerabiliti...
CVE-2009-1971
CVE-2009-1971 affects Oracle Database Data Pump in 10.1.0.5, 10.2.0.3, and 11.1.0.7. Root cause and vectors are not described in the Initial Document, but the vulnerability allows remote authenticated users to affect integrity via unknown vectors. The issue is acknowledged in the Oracle October 2...
CVE-2010-0851
CVE-2010-0851 affects the Oracle Database XML DB component. The vulnerability exists in Oracle Database versions 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3, caused by an unspecified issue that allows remote authenticated users to affect confidentiality via unknown vectors. The connected documents...
CVE-2012-1745
CVE-2012-1745 affects Oracle Database Server (versions 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, 11.2.0.3) in the Network Layer. The vulnerability is described as unspecified and allows remote attackers to affect availability via unknown vectors. The cited sources do not provide a concret...
CVE-2012-3146
CVE-2012-3146 affects Oracle Database Server Core RDBMS components across multiple versions (10.2.0.x to 11.2.0.x). The vulnerability is described as unspecified and exploitable by remote authenticated users to impact integrity via unknown vectors. The linked documents indicate this CVE is includ...
CVE-2013-3789
CVE-2013-3789 affects Oracle Database Server Core RDBMS. Affected are Oracle Database Server versions 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3. The vulnerability is described as unspecified but allows remote authenticated users to impact confidentiality, integrity, and availability vi...
CVE-2013-5771
CVE-2013-5771 concerns Oracle Database Server XML Parser vulnerabilities in Oracle Database Server versions 11.1.0.7, 11.2.0.2, 11.2.0.3, and 12.1.0.1. The issue, described as an unspecified vulnerability in the XML Parser component, could allow remote attackers to affect confidentiality and avai...
CVE-2016-5499
Technical details about CVE-2016-5499 are not provided in the supplied documents; no affected product versions, root cause, or remediation are disclosed. Monitor for updates.
CVE-2006-0286
The CVE-2006-0286 entry concerns Oracle HTTP Server in Oracle Database Server (various versions). The connected documents identify an unspecified vulnerability with unspecified impact/attack vectors (Oracle Vuln# OHS01) and reference multiple advisories noting potential information disclosure and...
CVE-2006-0549
Technical details about CVE-2005-0549 are not publicly available in the provided connected documents. Monitor for updates from Oracle advisories and vulnerability databases before drawing conclusions about impact or remediation.
CVE-2006-5344
The CVE-2006-5344 issue concerns a buffer overflow in the Oracle Spatial component (SDO_CS.TRANSFORM_LAYER) of Oracle Database, exploitable by an authenticated user with EXECUTE privileges. Public details indicate the vulnerability affects Oracle Database 9.2.0.1 and 10.1.0.2, where crafting a ca...
CVE-2007-0274
CVE-2007-0274 affects Oracle Database 9.2.0.7 and 10.1.0.5. The Connected document notes buffer overflow issues in DBMS_LOGREP_UTIL.GET_OBJECT_NAME (DB08) and in SYS.DBMS_CAPTURE_ADM_INTERNAL procedures CREATE_CAPTURE, ALTER_CAPTURE, and ABORT_TABLE_INSTANTIATION (DB09). The exact impact and atta...
CVE-2009-1964
CVE-2009-1964 affects Oracle Database 10.2.0.4 Workspace Manager. Description: an unspecified vulnerability that allows remote authenticated users to impact confidentiality and integrity via unknown vectors. CVSS (NVD) indicates network access with low complexity and partial confidentiality/integ...
CVE-2012-0511
CVE-2012-0511 refers to an unspecified vulnerability in the OCI component of Oracle Database Server (versions 10.2.0.3/10.2.0.4/11.1.0.7) that allows remote attackers to impact confidentiality and integrity via unknown vectors. Connected advisories reveal concrete details: the OCIPasswordChange A...
CVE-2014-2408
CVE-2014-2408 affects Oracle Database Server 11.1.0.7, 11.2.0.3/4, and 12.1.0.1, targeting the Core RDBMS component. The vulnerability is described as using unknown vectors related to the Grant Any Object Privilege and can potentially impact confidentiality and integrity when accessed by remote, ...
CVE-2014-4298
CVE-2014-6542 is an Oracle Database Server vulnerability affecting the SQLJ component in versions 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, 12.1.0.2 . The issue allows remote authenticated users to affect confidentiality via unknown vectors. This is described as a separate vulnerability from CVE-20...
CVE-2014-6544
CVE-2014-6544 corresponds to an unspecified vulnerability in the JDBC component of Oracle Database Server (versions 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1). The description notes remote authenticated access affecting confidentiality and integrity via unknown vectors, and explicitly states it is a...
CVE-2004-2345
Oracle9i Database Server versions 9.0.1.4, 9.0.1.5, 9.2.0.3, and 9.2.0.4 are affected by unknown local vulnerabilities that allow a user with SQL access to cause a denial of service or to obtain sensitive information. The available documents confirm the affected product versions and the general i...
CVE-2005-3206
CVE-2005-3206 affects iSQL*Plus (isqlplus) for Oracle9i Database Server Release 2 (9.0.2.4). The issue enables remote attackers to cause a denial of service by sending an HTTP request with an sid parameter containing a STOP command, which can stop the TNS listener. The available connected documen...
CVE-2006-1875
CVE-2006-1875 concerns Oracle Database Server versions 9.0.1.5, 9.2.0.7, and 10.1.0.5 with an unspecified vulnerability in the Oracle Spatial component (aka Vuln# DB11). The connected sources indicate the issue has unknown impact and attack vectors in Spatial, and note a researcher claim that the...
CVE-2006-1877
Technical details about CVE-2006-1877 are not provided in the supplied documents. The Oracle Spatial vulnerability is described as unspecified with unknown impact and vectors.
CVE-2006-5336
Technical details for CVE-2006-5336 are not publicly provided in the connected documents; no affected products, versions, or fixes are specified here. Monitor for updates.
CVE-2006-5345
CVE-2006-5345 is an unspecified vulnerability in the Oracle Spatial component of Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.4. The entry notes remote authenticated attack vectors related to mdsys.sdo_geom and cites a possible relation to a length-checking issue in RELATE before MD2.RELATE is ca...
CVE-2007-0269
CVE-2007-0269 affects Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3. The description specifies an unspecified vulnerability with unknown impact and attack vectors linked to Change Data Capture and the sys.dbms_cdc_subscribe privileges (aka DB02). The connected documents provide no concrete expl...
CVE-2007-2114
CVE-2007-2114 refers to multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and 10.2.0.2, specifically affecting Change Data Capture (CDC, DB08) and Oracle Instant Client (DB11). The description notes reliable claims that these issues are buffer overflows involving a long CHANGE_TABL...
CVE-2007-5507
CVE-2007-5507 concerns the Oracle Net Services GIOP service on the TNS Listener. The vulnerability, affecting Oracle Database 9.0.1.5+ and certain 9.x/10.x releases, arises when handling a connect GIOP packet with an invalid data size, causing a buffer over-read. This can allow remote attackers t...
CVE-2012-1746
CVE-2012-1746 concerns an unspecified vulnerability in the Oracle Database Server Network Layer on Windows, affecting versions 10.2.0.3/10.2.0.4/10.2.0.5/11.1.0.7/11.2.0.2/11.2.0.3. The vulnerability allows remote attackers to affect availability via unknown vectors; root cause details and exploi...
CVE-2012-1751
CVE-2012-1751 affects Oracle Database Server Core RDBMS (11.1.0.7, 11.2.0.2, 11.2.0.3). The vulnerability is triggered by SQL injection when renaming a flashback-enabled table (flashback archive) via specially crafted table name, allowing remote authenticated attackers to elevate privileges and p...
CVE-2013-3826
CVE-2013-3826 is mapped to Oracle Database Server 11.1.0.7, 11.2.0.2, 11.2.0.3, and 12.1.0.1 under the Core RDBMS component. The description indicates an unspecified vulnerability allowing remote attackers to affect confidentiality via unknown vectors. The NVD entry assigns a CVSS v2 base score o...
CVE-2014-6542
Technical details for CVE-2014-6542 are not publicly provided in the connected documents. The sources lack explicit affected components, versions, root cause, or fixes. Monitor for updates.
CVE-2008-0342
The CVE-2008-0342 entry affects Oracle Database Upgrade/Downgrade component in Oracle Database versions 9.2.0.8, 10.1.0.5, and 10.2.0.3. The vulnerability is described as unspecified with unknown impact and remote attack vectors (DB05). No explicit root-cause, exploit details, or remediation are ...
CVE-2009-1994
CVE-2009-1994 is an Oracle Database 10.1.0.5 vulnerability in the Spatial component (MDSYS.PRVT_CMT_CBK). The issue is listed under the October 2009 CPU with CVSS v2 base score 6.5 (MEDIUM). It can be triggered by an authenticated remote user via Oracle Net to execute code on MDSYS.PRVT_CMT_CBK, ...
CVE-2009-1995
CVE-2009-1995 is an Oracle Database vulnerability affecting the Advanced Queuing component (SYS.DBMS_AQ_INV) in Oracle Database 10.2.0.4 and 11.1.0.7. The issue allows remote authenticated users to impact confidentiality and integrity. The connected documents indicate this CVE was addressed in th...
CVE-2009-3411
CVE-2009-3411 (Oracle Data Pump) affects Oracle Database components including Data Pump across multiple versions (11.1.0.7; 10.2.0.3/0.4; 10.1.0.5; 9.2.0.8/9.2.0.8DV). The vulnerability allows remote authenticated users to impact confidentiality and integrity via unknown vectors due to an unspeci...
CVE-2012-0534
CVE-2012-0534 affects Oracle Database Server (RDBMS Core) versions 10.2.0.3/10.2.0.4/10.2.0.5/11.1.0.7/11.2.0.2/11.2.0.3. Description: an unspecified vulnerability in the RDBMS Core allows remote authenticated users to affect integrity via unknown vectors related to Create Session. Impact: partia...
CVE-2014-4300
Technical details are not publicly available in the provided documents for CVE-2014-4300; no specifics on affected products, versions, vectors, or impact are given. Monitor for updates.
CVE-2019-2939
CVE-2019-2939 affects Oracle Database Server’s Core RDBMS component. Affected versions include 12.2.0.1, 18c, and 19c. The vulnerability allows a low-privileged attacker with Create Session privilege and network access via OracleNet to compromise Core RDBMS, potentially leading to unauthorized re...