516 matches found
CVE-2009-1994
CVE-2009-1994 is an Oracle Database 10.1.0.5 vulnerability in the Spatial component (MDSYS.PRVT_CMT_CBK). The issue is listed under the October 2009 CPU with CVSS v2 base score 6.5 (MEDIUM). It can be triggered by an authenticated remote user via Oracle Net to execute code on MDSYS.PRVT_CMT_CBK, ...
CVE-2009-1995
CVE-2009-1995 is an Oracle Database vulnerability affecting the Advanced Queuing component (SYS.DBMS_AQ_INV) in Oracle Database 10.2.0.4 and 11.1.0.7. The issue allows remote authenticated users to impact confidentiality and integrity. The connected documents indicate this CVE was addressed in th...
CVE-2013-3790
CVE-2013-3790 affects Oracle Database Server core RDBMS components. The vulnerability is described as an unspecified issue that allows remote authenticated users to affect integrity via unknown vectors related to a Privileged Account, in Oracle Database Server versions 10.2.0.4, 10.2.0.5, 11.1.0....
CVE-2014-4300
Technical details are not publicly available in the provided documents for CVE-2014-4300; no specifics on affected products, versions, vectors, or impact are given. Monitor for updates.
CVE-2019-2939
CVE-2019-2939 affects Oracle Database Server’s Core RDBMS component. Affected versions include 12.2.0.1, 18c, and 19c. The vulnerability allows a low-privileged attacker with Create Session privilege and network access via OracleNet to compromise Core RDBMS, potentially leading to unauthorized re...
CVE-2005-3440
Technical details about CVE-2005-3440 are not provided in the supplied documents. No affected product/version or concrete impact is documented here; monitor for updates.
CVE-2006-1868
CVE-2006-1868 affects Oracle Database Server 10.1.0.4, where a buffer overflow in the Advanced Replication component enables database users to execute arbitrary code via the VERIFY_LOG procedure of the DBMS_SNAPSHOT_UTL package (aka Vuln# DB03). The OpenVAS/Nessus records confirm multiple referen...
CVE-2006-1869
CVE-2006-1869: Unspecified vulnerability in Oracle Database Server versions 8.1.7.4 and 9.0.1.5 affects the Dictionary component (DB04). The initial description notes unknown impact and attack vectors; connected documents corroborate that this vulnerability is associated with Oracle’s Dictionary,...
CVE-2007-2110
CVE-2007-2110 affects Oracle Database on Windows, targeting the Core RDBMS. The vulnerability (DB03) arises from the RDBMS using a NULL DACL for the Oracle process and certain shared memory sections, enabling local users to inject threads and execute arbitrary code via OpenProcess, OpenThread, an...
CVE-2007-3855
CVE-2007-3855 affects multiple Oracle Database versions (9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3) with vulnerabilities in the DataGuard component (SYS.DRMS), the PL/SQL component (SYS.DBMS_STANDARD), the Spatial component (MDSYS.RTREE_IDX), and the SQL Compiler (DB17). The description no...
CVE-2007-3856
CVE-2007-3856 affects the Oracle Data Mining component of Oracle Database (versions 10g Release 2 10.2.0.2/10.2.0.3; 10g 10.1.0.5; Oracle9i 9.2.0.7/9.2.0.8/9.2.0.8DV). The vulnerability has unknown impact with remote authenticated vectors related to DMSYS.DMP_SYS (aka DB04). Connected sources con...
CVE-2009-2000
CVE-2009-2000 is an Oracle Database vulnerability affecting the Authentication component in Oracle Database 11.1.0.7. The issue is exploitable remotely via Oracle Net with no authentication, exposing confidentiality (C:P) and providing no impact on integrity or availability per the NVD entry (CVS...
CVE-2012-3151
Technical details (affected products, versions, root cause, exploitability, impact, and fixes) are not publicly provided in the connected documents for CVE-2012-3151. Monitor for updates from Oracle and vendor advisories.
CVE-2014-6537
Technical details about CVE-2014-6537 are not provided in the supplied documents; there is no concrete information on affected products/versions or exploit details. Monitor for future updates.
CVE-2014-6541
CVE-2014-6541 affects Oracle Database Server via the Recovery component (DBMS_IR) on Windows, impacting confidentiality for affected versions (11.1.0.7, 11.2.0.3/4, 12.1.0.1/2) when accessed by remote authenticated users. Connected sources indicate a single-vendor Oracle remediation path through ...
CVE-2005-0297
CVE-2005-0297 concerns a SQL injection vulnerability in Oracle Database 9i and 10g that allows remote attackers to execute arbitrary SQL commands and gain privileges. The available documents identify the affected product family (Oracle Database 9i/10g) and the underlying issue (SQL injection) wit...
CVE-2006-0257
CVE-2006-0257 concerns Oracle Database Server’s Change Data Capture (CDC) component. The entry notes an unspecified vulnerability with unspecified impact/attack vectors, later attributed by independent researchers to a possible SQL injection in the CDC_ALLOCATE_LOCK function of the DBMS_CDC_UTILI...
CVE-2006-0266
Technical details for CVE-2006-0266 are not publicly provided in the supplied documents. No concrete information on affected product/version, root cause, impact, or remediation is available here; monitor for updates.
CVE-2006-0290
Technical details for CVE-2006-0290 are not publicly disclosed in the provided documents; the entries only note an unspecified vulnerability in the Oracle Workflow Cartridge. Monitor for updates.
CVE-2006-0291
Technical details for CVE-2006-0291 are not publicly available in the provided documents. Affected Oracle components are listed but no concrete root cause, impact, or fix information is disclosed here; monitor for updates.
CVE-2006-0548
CVE-2006-0548 : SQL injection in the Oracle Text component of Oracle Database 10g (and possibly earlier) . The vulnerability arises from inadequate input validation in Oracle Text, potentially allowing remote attackers to execute arbitrary SQL via unknown vectors. Public sources reference related...
CVE-2006-3698
Oracle Database 10.1.0.5 is affected by multiple SQL injection-related vulnerabilities in two components: Change Data Capture (CDC) via SYS.DBMS_CDC_IMPDP procedures (IMPORT_CHANGE_SET/TRIGGERs etc.) and the Data Pump Metadata API via SYS.KUPW$WORKER.MAIN. The issues are described in CVE-2006-369...
CVE-2007-0276
Technical details about CVE-2007-0276 are not publicly available in the provided documents. Monitor for updates and consult official advisories for any affected Oracle Database components and fixes.
CVE-2007-5513
The CVE-2007-5513 entry concerns Oracle Database XML DB (XMLDB) component in versions 9.2.0.8, 9.2.0.8DV, and 10.1.0.5. The issue is in audit trail entries for USERID: long usernames get trimmed to five characters, and shorter entries may contain extra characters from previous usernames (DB23). T...
CVE-2009-3410
CVE-2009-3410 is an unspecified vulnerability in the Oracle Database RDBMS component affecting Oracle Database 11.1.0.7, 10.2.0.3/4, 10.1.0.5, 9.2.0.8 and 9.2.0.8DV. It allows remote authenticated users to affect confidentiality and integrity via unknown vectors. CVSS v2 base score: 3.6 (Low). Th...
CVE-2012-0072
CVE-2012-0072 concerns an unspecified vulnerability in the Listener component of Oracle Database Server versions 10.1.0.5, 10.2.0.3–10.2.0.5, 11.1.0.7, and 11.2.0.2. According to the description, it allows remote attackers to affect availability via unknown vectors. The provided documents do not ...
CVE-2016-5498
Technical details for CVE-2016-5498 are not publicly provided in the supplied documents. No concrete affected product/version or remediation is included here. Monitor for updates in the connected sources.
CVE-2001-0832
Root cause: gv on Unix contains a buffer overflow due to an unsafe sscanf usage when parsing PostScript/PDF, enabling local arbitrary-code execution with victim privileges. Exploitation requires user to view a malicious file (PoC exists in historical disclosures); affected versions referenced in ...
CVE-2005-3205
CVE-2005-3205 : XSS in Oracle9i iSQLPlus (iSQLPlus) for Oracle9i Database Server Release 2 (9.0.2.4). The vulnerability arises in the iSQL Plus interface when using the command set markup HTML TABLE, allowing remote attackers to inject arbitrary script/HTML that executes when a user selects a tab...
CVE-2006-0283
CVE-2006-0283 refers to an unspecified vulnerability in Oracle products (Database Server 10.1.0.4.2, Application Server 10.1.2.0.2, Collaboration Suite Release 2) and Oracle9i (9.0.4.2), linked to Oracle Vuln# DBC02 in the Reorganize Objects & Convert Tablespace component. Public descriptions do ...
CVE-2006-2505
The CVE-2006-2505 entry affects Oracle Database Server 10g Release 2. the issue arises in the DBMS_EXPORT_EXTENSION package, specifically the functions GET_DOMAIN_INDEX_TABLES and GET_V2_DOMAIN_INDEX_TABLES, where a reference to a malicious package in the TYPE_NAME argument can let local users ru...
CVE-2006-5333
The CVE-2006-5333 entry concerns Oracle Database 10.2.0.2 with the Spatial component. The vulnerability is tied to the SDO_DROP_USER_BEFORE package and a Trigger that can DROP a user within an anonymous PL/SQL block, potentially enabling SQL injection via remote authenticated attempts that exploi...
CVE-2007-2113
CVE-2007-2113 affects Oracle Database (Upgrade/Downgrade component, DBMS_UPGRADE_INTERNAL) and is described as a SQL injection vulnerability in Oracle Database 10.1.0.5. The issue allows remote authenticated users to execute arbitrary SQL via unknown vectors; the description notes this DB07 may c...
CVE-2007-5515
Technical details for CVE-2007-5515 are not publicly available in the provided documents; the entries only note an unspecified Spatial component vulnerability with unknown impact. Monitor for updates.
CVE-2009-3412
CVE-2009-3412 affects Oracle Database components (Unzip) in 9.2.0.8, 9.2.0.8DV and 10.1.0.5, and Oracle Application Server 10.1.2.3. Root cause: Unzip component vulnerability enabling local logon and partial confidentiality impact. CVSS in NVD shows Low base score (Local, High auth, Partial confi...
CVE-2010-0854
CVE-2010-0854 affects Oracle Database (versions including 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, 11.1.0.7) in the Audit component. The issue is described as an unspecified vulnerability that could let remote authenticated users influence integrity related to auditing on tables, per the NVD entry...
CVE-2012-0520
CVE-2012-0520 affects Oracle EM Base Platform in Oracle Database Server (10.2.0.3–11.2.0.2) and Oracle Enterprise Manager Grid Control (10.2.0.5, 11.1.0.1). The flaw is described as an unspecified vulnerability enabling remote integrity impact via unknown vectors related to Security Framework. No...
CVE-2013-5853
CVE-2013-5853 is an Oracle Database Server Core RDBMS vulnerability affecting versions 11.1.0.7, 11.2.0.3, and 12.1.0.1 that could allow remote attackers to affect availability via unknown vectors. Connected sources corroborate the Core RDBMS impact and list this CVE among fixes in the January 20...
CVE-2013-5858
CVE-2013-5858 is an unspecified vulnerability in the Core RDBMS of Oracle Database Server (versions 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1) that allows remote authenticated users to affect integrity via unknown vectors. The entry notes it is a separate issue from CVE-2015-0370. Connected document...
CVE-2005-4884
CVE-2005-4884 concerns an unspecified vulnerability in the Oracle OLAP component of Oracle Database Server 10.1.0.4 (10g) that allows remote authenticated attackers to affect availability via unknown vectors (DB02). Affected product/version information is stated in the NVD/Red Hat records; exploi...
CVE-2006-1874
CVE-2006-1874 affects Oracle Database Server 8.1.7.4, 9.0.1.5, and 9.2.0.6 in the Oracle Spatial component (DB09). The issue is described as a SQL injection in MDSYS.PRVT_IDX via the functions EXECUTE_INSERT, EXECUTE_DELETE, EXECUTE_UPDATE, EXECUTE UPDATE, and CRT_DUMMY. OpenVAS/Nessus entries co...
CVE-2006-5339
CVE-2006-5339 affects the Oracle Spatial component of Oracle Database (versions 8.1.7.4, 9.0.1.5, 9.2.0.7, 10.1.0.4). The vulnerability is linked to the mdsys.sdo_geom path and is related to a suspected length-checking issue before MD2.RELATE is called, as reported by third parties. The described...
CVE-2006-5342
CVE-2006-5342 pertains to an unspecified vulnerability in Oracle Spatial within Oracle Database 9.0.1.5, 9.2.0.6, and 10.1.0.3. The impact is unknown and it involves remote authenticated access vectors tied to mdsys.sdo_tune; there are reports suggesting the issue could be related to SQL injectio...
CVE-2007-5506
The CVE-2007-5506 entry concerns Oracle Database Core RDBMS components (versions 9.0.1.5+; 9.2.0.8; 9.2.0.8DV; 10.1.0.5; 10.2.0.3) where a remote attacker can cause a denial of service by sending a crafted type 6 Data packet (DB20). The vulnerability is a DoS affecting CPU usage, with no document...
CVE-2007-5509
CVE-2007-5509 affects Oracle Database (Spatial component) and is documented as an unspecified vulnerability in Oracle Database 9.2.0.8 and 9.2.0.8DV with unknown impact and remote attack vectors. The connected materials confirm the affected product/component and version range, but do not provide ...
CVE-2007-5510
CVE-2007-5511 relates to an SQL injection vulnerability in Oracle Database's SYS.LT.FINDRICSET function (Workspace/ LT package), exploitable via an Evil Cursor technique to escalate privileges to SYS. Reported for Oracle Database around 10g (pre-10.2.0.x), with exploitation potentially performed ...
CVE-2007-5511
CVE-2007-5511 is a SQL injection vulnerability in Oracle Database Workspace Manager (SYS.LT.FINDRICSET) that allows an attacker to execute arbitrary SQL via the vulnerable parameter. The flaw affects Workspace Manager components prior to OWM 10.2.0.4.1, OWM 10.1.0.8.0, and OWM 9.2.0.8.0. Public w...
CVE-2007-5514
CVE-2007-5514 pertains to Oracle Database 10.2.0.3 and involves multiple vulnerabilities affecting the Database Vault component (DB24) and the SQL Execution component (DB26). The initial description states unknown impact and attack vectors for these components. A connected Nessus CPU plugin (Octo...
CVE-2012-3134
CVE-2012-3134 affects Oracle Database Server core RDBMS component for versions 11.1.0.7, 11.2.0.2, and 11.2.0.3. The vulnerability is described as enabling remote authenticated users to impact availability via unknown vectors. Exploitation details are not provided in the supplied documents; no ex...
CVE-2013-1519
CVE-2013-1519 affects the Oracle Application Express component in Oracle Database Server prior to 4.2.1, potentially allowing a remote attacker to impact integrity through unknown vectors. The description is general and does not specify affected configurations beyond the 4.2.1 cutoff, nor explici...