Lucene search
K
OracleDatabase Server

516 matches found

CVE
CVE
added 2009/10/22 6:0 p.m.60 views

CVE-2009-1994

CVE-2009-1994 is an Oracle Database 10.1.0.5 vulnerability in the Spatial component (MDSYS.PRVT_CMT_CBK). The issue is listed under the October 2009 CPU with CVSS v2 base score 6.5 (MEDIUM). It can be triggered by an authenticated remote user via Oracle Net to execute code on MDSYS.PRVT_CMT_CBK, ...

6.5CVSS5.5AI score0.02271EPSS
CVE
CVE
added 2009/10/22 6:0 p.m.60 views

CVE-2009-1995

CVE-2009-1995 is an Oracle Database vulnerability affecting the Advanced Queuing component (SYS.DBMS_AQ_INV) in Oracle Database 10.2.0.4 and 11.1.0.7. The issue allows remote authenticated users to impact confidentiality and integrity. The connected documents indicate this CVE was addressed in th...

4.9CVSS5.4AI score0.01829EPSS
CVE
CVE
added 2013/07/17 10:0 a.m.60 views

CVE-2013-3790

CVE-2013-3790 affects Oracle Database Server core RDBMS components. The vulnerability is described as an unspecified issue that allows remote authenticated users to affect integrity via unknown vectors related to a Privileged Account, in Oracle Database Server versions 10.2.0.4, 10.2.0.5, 11.1.0....

2.1CVSS5.5AI score0.01076EPSS
CVE
CVE
added 2014/10/15 3:15 p.m.60 views

CVE-2014-4300

Technical details are not publicly available in the provided documents for CVE-2014-4300; no specifics on affected products, versions, vectors, or impact are given. Monitor for updates.

4CVSS5.5AI score0.014EPSS
CVE
CVE
added 2019/10/16 5:40 p.m.60 views

CVE-2019-2939

CVE-2019-2939 affects Oracle Database Server’s Core RDBMS component. Affected versions include 12.2.0.1, 18c, and 19c. The vulnerability allows a low-privileged attacker with Create Session privilege and network access via OracleNet to compromise Core RDBMS, potentially leading to unauthorized re...

5CVSS4.2AI score0.01129EPSS
CVE
CVE
added 2005/11/02 11:0 a.m.59 views

CVE-2005-3440

Technical details about CVE-2005-3440 are not provided in the supplied documents. No affected product/version or concrete impact is documented here; monitor for updates.

10CVSS6.5AI score0.051EPSS
CVE
CVE
added 2006/04/20 10:0 a.m.59 views

CVE-2006-1868

CVE-2006-1868 affects Oracle Database Server 10.1.0.4, where a buffer overflow in the Advanced Replication component enables database users to execute arbitrary code via the VERIFY_LOG procedure of the DBMS_SNAPSHOT_UTL package (aka Vuln# DB03). The OpenVAS/Nessus records confirm multiple referen...

7.5CVSS7.3AI score0.12063EPSS
CVE
CVE
added 2006/04/20 10:0 a.m.59 views

CVE-2006-1869

CVE-2006-1869: Unspecified vulnerability in Oracle Database Server versions 8.1.7.4 and 9.0.1.5 affects the Dictionary component (DB04). The initial description notes unknown impact and attack vectors; connected documents corroborate that this vulnerability is associated with Oracle’s Dictionary,...

10CVSS6AI score0.07014EPSS
CVE
CVE
added 2007/04/18 6:0 p.m.59 views

CVE-2007-2110

CVE-2007-2110 affects Oracle Database on Windows, targeting the Core RDBMS. The vulnerability (DB03) arises from the RDBMS using a NULL DACL for the Oracle process and certain shared memory sections, enabling local users to inject threads and execute arbitrary code via OpenProcess, OpenThread, an...

4.4CVSS6.9AI score0.00457EPSS
CVE
CVE
added 2007/07/18 7:0 p.m.59 views

CVE-2007-3855

CVE-2007-3855 affects multiple Oracle Database versions (9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3) with vulnerabilities in the DataGuard component (SYS.DRMS), the PL/SQL component (SYS.DBMS_STANDARD), the Spatial component (MDSYS.RTREE_IDX), and the SQL Compiler (DB17). The description no...

6.5CVSS6.6AI score0.15815EPSS
CVE
CVE
added 2007/07/18 7:0 p.m.59 views

CVE-2007-3856

CVE-2007-3856 affects the Oracle Data Mining component of Oracle Database (versions 10g Release 2 10.2.0.2/10.2.0.3; 10g 10.1.0.5; Oracle9i 9.2.0.7/9.2.0.8/9.2.0.8DV). The vulnerability has unknown impact with remote authenticated vectors related to DMSYS.DMP_SYS (aka DB04). Connected sources con...

6.5CVSS5.8AI score0.03172EPSS
CVE
CVE
added 2009/10/22 6:0 p.m.59 views

CVE-2009-2000

CVE-2009-2000 is an Oracle Database vulnerability affecting the Authentication component in Oracle Database 11.1.0.7. The issue is exploitable remotely via Oracle Net with no authentication, exposing confidentiality (C:P) and providing no impact on integrity or availability per the NVD entry (CVS...

5CVSS5.9AI score0.02715EPSS
CVE
CVE
added 2012/10/16 11:0 p.m.59 views

CVE-2012-3151

Technical details (affected products, versions, root cause, exploitability, impact, and fixes) are not publicly provided in the connected documents for CVE-2012-3151. Monitor for updates from Oracle and vendor advisories.

3.3CVSS5.8AI score0.00346EPSS
CVE
CVE
added 2014/10/15 10:3 p.m.59 views

CVE-2014-6537

Technical details about CVE-2014-6537 are not provided in the supplied documents; there is no concrete information on affected products/versions or exploit details. Monitor for future updates.

6.5CVSS5.7AI score0.01607EPSS
CVE
CVE
added 2015/01/21 3:0 p.m.59 views

CVE-2014-6541

CVE-2014-6541 affects Oracle Database Server via the Recovery component (DBMS_IR) on Windows, impacting confidentiality for affected versions (11.1.0.7, 11.2.0.3/4, 12.1.0.1/2) when accessed by remote authenticated users. Connected sources indicate a single-vendor Oracle remediation path through ...

6.3CVSS5.3AI score0.01146EPSS
CVE
CVE
added 2005/02/10 5:0 a.m.58 views

CVE-2005-0297

CVE-2005-0297 concerns a SQL injection vulnerability in Oracle Database 9i and 10g that allows remote attackers to execute arbitrary SQL commands and gain privileges. The available documents identify the affected product family (Oracle Database 9i/10g) and the underlying issue (SQL injection) wit...

7.5CVSS8.5AI score0.0238EPSS
CVE
CVE
added 2006/01/18 11:0 a.m.58 views

CVE-2006-0257

CVE-2006-0257 concerns Oracle Database Server’s Change Data Capture (CDC) component. The entry notes an unspecified vulnerability with unspecified impact/attack vectors, later attributed by independent researchers to a possible SQL injection in the CDC_ALLOCATE_LOCK function of the DBMS_CDC_UTILI...

10CVSS7.2AI score0.04517EPSS
CVE
CVE
added 2006/01/18 11:0 a.m.58 views

CVE-2006-0266

Technical details for CVE-2006-0266 are not publicly provided in the supplied documents. No concrete information on affected product/version, root cause, impact, or remediation is available here; monitor for updates.

9CVSS6.3AI score0.04049EPSS
CVE
CVE
added 2006/01/18 11:0 a.m.58 views

CVE-2006-0290

Technical details for CVE-2006-0290 are not publicly disclosed in the provided documents; the entries only note an unspecified vulnerability in the Oracle Workflow Cartridge. Monitor for updates.

10CVSS9AI score0.05947EPSS
CVE
CVE
added 2006/01/18 11:0 a.m.58 views

CVE-2006-0291

Technical details for CVE-2006-0291 are not publicly available in the provided documents. Affected Oracle components are listed but no concrete root cause, impact, or fix information is disclosed here; monitor for updates.

10CVSS9.5AI score0.05947EPSS
CVE
CVE
added 2006/02/04 2:0 a.m.58 views

CVE-2006-0548

CVE-2006-0548 : SQL injection in the Oracle Text component of Oracle Database 10g (and possibly earlier) . The vulnerability arises from inadequate input validation in Oracle Text, potentially allowing remote attackers to execute arbitrary SQL via unknown vectors. Public sources reference related...

7.5CVSS7.7AI score0.04278EPSS
CVE
CVE
added 2006/07/19 10:0 a.m.58 views

CVE-2006-3698

Oracle Database 10.1.0.5 is affected by multiple SQL injection-related vulnerabilities in two components: Change Data Capture (CDC) via SYS.DBMS_CDC_IMPDP procedures (IMPORT_CHANGE_SET/TRIGGERs etc.) and the Data Pump Metadata API via SYS.KUPW$WORKER.MAIN. The issues are described in CVE-2006-369...

10CVSS7.5AI score0.06403EPSS
CVE
CVE
added 2007/01/17 2:0 a.m.58 views

CVE-2007-0276

Technical details about CVE-2007-0276 are not publicly available in the provided documents. Monitor for updates and consult official advisories for any affected Oracle Database components and fixes.

6.8CVSS6.3AI score0.00376EPSS
CVE
CVE
added 2007/10/17 11:0 p.m.58 views

CVE-2007-5513

The CVE-2007-5513 entry concerns Oracle Database XML DB (XMLDB) component in versions 9.2.0.8, 9.2.0.8DV, and 10.1.0.5. The issue is in audit trail entries for USERID: long usernames get trimmed to five characters, and shorter entries may contain extra characters from previous usernames (DB23). T...

5CVSS6.2AI score0.02895EPSS
CVE
CVE
added 2010/01/13 1:0 a.m.58 views

CVE-2009-3410

CVE-2009-3410 is an unspecified vulnerability in the Oracle Database RDBMS component affecting Oracle Database 11.1.0.7, 10.2.0.3/4, 10.1.0.5, 9.2.0.8 and 9.2.0.8DV. It allows remote authenticated users to affect confidentiality and integrity via unknown vectors. CVSS v2 base score: 3.6 (Low). Th...

3.6CVSS5.5AI score0.01317EPSS
CVE
CVE
added 2012/01/18 10:0 p.m.58 views

CVE-2012-0072

CVE-2012-0072 concerns an unspecified vulnerability in the Listener component of Oracle Database Server versions 10.1.0.5, 10.2.0.3–10.2.0.5, 11.1.0.7, and 11.2.0.2. According to the description, it allows remote attackers to affect availability via unknown vectors. The provided documents do not ...

5CVSS6.2AI score0.0243EPSS
CVE
CVE
added 2016/10/25 2:0 p.m.58 views

CVE-2016-5498

Technical details for CVE-2016-5498 are not publicly provided in the supplied documents. No concrete affected product/version or remediation is included here. Monitor for updates in the connected sources.

3.3CVSS3.5AI score0.00377EPSS
CVE
CVE
added 2001/11/22 5:0 a.m.57 views

CVE-2001-0832

Root cause: gv on Unix contains a buffer overflow due to an unsafe sscanf usage when parsing PostScript/PDF, enabling local arbitrary-code execution with victim privileges. Exploitation requires user to view a malicious file (PoC exists in historical disclosures); affected versions referenced in ...

2.1CVSS6.1AI score0.00489EPSS
CVE
CVE
added 2005/10/14 4:0 a.m.57 views

CVE-2005-3205

CVE-2005-3205 : XSS in Oracle9i iSQLPlus (iSQLPlus) for Oracle9i Database Server Release 2 (9.0.2.4). The vulnerability arises in the iSQL Plus interface when using the command set markup HTML TABLE, allowing remote attackers to inject arbitrary script/HTML that executes when a user selects a tab...

3.5CVSS5.7AI score0.01604EPSS
CVE
CVE
added 2006/01/18 11:0 a.m.57 views

CVE-2006-0283

CVE-2006-0283 refers to an unspecified vulnerability in Oracle products (Database Server 10.1.0.4.2, Application Server 10.1.2.0.2, Collaboration Suite Release 2) and Oracle9i (9.0.4.2), linked to Oracle Vuln# DBC02 in the Reorganize Objects & Convert Tablespace component. Public descriptions do ...

10CVSS9.1AI score0.06534EPSS
CVE
CVE
added 2006/05/22 7:0 p.m.57 views

CVE-2006-2505

The CVE-2006-2505 entry affects Oracle Database Server 10g Release 2. the issue arises in the DBMS_EXPORT_EXTENSION package, specifically the functions GET_DOMAIN_INDEX_TABLES and GET_V2_DOMAIN_INDEX_TABLES, where a reference to a malicious package in the TYPE_NAME argument can let local users ru...

3.6CVSS7AI score0.02086EPSS
CVE
CVE
added 2006/10/18 1:0 a.m.57 views

CVE-2006-5333

The CVE-2006-5333 entry concerns Oracle Database 10.2.0.2 with the Spatial component. The vulnerability is tied to the SDO_DROP_USER_BEFORE package and a Trigger that can DROP a user within an anonymous PL/SQL block, potentially enabling SQL injection via remote authenticated attempts that exploi...

7.1CVSS6.7AI score0.02152EPSS
CVE
CVE
added 2007/04/18 6:0 p.m.57 views

CVE-2007-2113

CVE-2007-2113 affects Oracle Database (Upgrade/Downgrade component, DBMS_UPGRADE_INTERNAL) and is described as a SQL injection vulnerability in Oracle Database 10.1.0.5. The issue allows remote authenticated users to execute arbitrary SQL via unknown vectors; the description notes this DB07 may c...

7.5CVSS7.7AI score0.03425EPSS
CVE
CVE
added 2007/10/17 11:0 p.m.57 views

CVE-2007-5515

Technical details for CVE-2007-5515 are not publicly available in the provided documents; the entries only note an unspecified Spatial component vulnerability with unknown impact. Monitor for updates.

6.5CVSS6.1AI score0.02049EPSS
CVE
CVE
added 2010/01/13 1:0 a.m.57 views

CVE-2009-3412

CVE-2009-3412 affects Oracle Database components (Unzip) in 9.2.0.8, 9.2.0.8DV and 10.1.0.5, and Oracle Application Server 10.1.2.3. Root cause: Unzip component vulnerability enabling local logon and partial confidentiality impact. CVSS in NVD shows Low base score (Local, High auth, Partial confi...

1CVSS7.6AI score0.00311EPSS
CVE
CVE
added 2010/04/13 10:0 p.m.57 views

CVE-2010-0854

CVE-2010-0854 affects Oracle Database (versions including 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, 11.1.0.7) in the Audit component. The issue is described as an unspecified vulnerability that could let remote authenticated users influence integrity related to auditing on tables, per the NVD entry...

2.1CVSS5.8AI score0.01632EPSS
CVE
CVE
added 2012/05/03 5:18 p.m.57 views

CVE-2012-0520

CVE-2012-0520 affects Oracle EM Base Platform in Oracle Database Server (10.2.0.3–11.2.0.2) and Oracle Enterprise Manager Grid Control (10.2.0.5, 11.1.0.1). The flaw is described as an unspecified vulnerability enabling remote integrity impact via unknown vectors related to Security Framework. No...

4.3CVSS5.9AI score0.01887EPSS
CVE
CVE
added 2014/01/15 12:30 a.m.57 views

CVE-2013-5853

CVE-2013-5853 is an Oracle Database Server Core RDBMS vulnerability affecting versions 11.1.0.7, 11.2.0.3, and 12.1.0.1 that could allow remote attackers to affect availability via unknown vectors. Connected sources corroborate the Core RDBMS impact and list this CVE among fixes in the January 20...

5CVSS6.1AI score0.01855EPSS
CVE
CVE
added 2014/01/15 12:30 a.m.57 views

CVE-2013-5858

CVE-2013-5858 is an unspecified vulnerability in the Core RDBMS of Oracle Database Server (versions 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1) that allows remote authenticated users to affect integrity via unknown vectors. The entry notes it is a separate issue from CVE-2015-0370. Connected document...

4CVSS5.7AI score0.01249EPSS
CVE
CVE
added 2010/01/25 9:0 p.m.56 views

CVE-2005-4884

CVE-2005-4884 concerns an unspecified vulnerability in the Oracle OLAP component of Oracle Database Server 10.1.0.4 (10g) that allows remote authenticated attackers to affect availability via unknown vectors (DB02). Affected product/version information is stated in the NVD/Red Hat records; exploi...

6.8CVSS5.8AI score0.01436EPSS
CVE
CVE
added 2006/04/20 10:0 a.m.56 views

CVE-2006-1874

CVE-2006-1874 affects Oracle Database Server 8.1.7.4, 9.0.1.5, and 9.2.0.6 in the Oracle Spatial component (DB09). The issue is described as a SQL injection in MDSYS.PRVT_IDX via the functions EXECUTE_INSERT, EXECUTE_DELETE, EXECUTE_UPDATE, EXECUTE UPDATE, and CRT_DUMMY. OpenVAS/Nessus entries co...

7.5CVSS6.9AI score0.03324EPSS
CVE
CVE
added 2006/10/18 1:0 a.m.56 views

CVE-2006-5339

CVE-2006-5339 affects the Oracle Spatial component of Oracle Database (versions 8.1.7.4, 9.0.1.5, 9.2.0.7, 10.1.0.4). The vulnerability is linked to the mdsys.sdo_geom path and is related to a suspected length-checking issue before MD2.RELATE is called, as reported by third parties. The described...

9CVSS5.7AI score0.03092EPSS
CVE
CVE
added 2006/10/18 1:0 a.m.56 views

CVE-2006-5342

CVE-2006-5342 pertains to an unspecified vulnerability in Oracle Spatial within Oracle Database 9.0.1.5, 9.2.0.6, and 10.1.0.3. The impact is unknown and it involves remote authenticated access vectors tied to mdsys.sdo_tune; there are reports suggesting the issue could be related to SQL injectio...

7.1CVSS6.6AI score0.02152EPSS
CVE
CVE
added 2007/10/17 11:0 p.m.56 views

CVE-2007-5506

The CVE-2007-5506 entry concerns Oracle Database Core RDBMS components (versions 9.0.1.5+; 9.2.0.8; 9.2.0.8DV; 10.1.0.5; 10.2.0.3) where a remote attacker can cause a denial of service by sending a crafted type 6 Data packet (DB20). The vulnerability is a DoS affecting CPU usage, with no document...

7.8CVSS6.1AI score0.03061EPSS
CVE
CVE
added 2007/10/17 11:0 p.m.56 views

CVE-2007-5509

CVE-2007-5509 affects Oracle Database (Spatial component) and is documented as an unspecified vulnerability in Oracle Database 9.2.0.8 and 9.2.0.8DV with unknown impact and remote attack vectors. The connected materials confirm the affected product/component and version range, but do not provide ...

6.5CVSS6.2AI score0.02049EPSS
CVE
CVE
added 2007/10/17 11:0 p.m.56 views

CVE-2007-5510

CVE-2007-5511 relates to an SQL injection vulnerability in Oracle Database's SYS.LT.FINDRICSET function (Workspace/ LT package), exploitable via an Evil Cursor technique to escalate privileges to SYS. Reported for Oracle Database around 10g (pre-10.2.0.x), with exploitation potentially performed ...

6.5CVSS6.4AI score0.02032EPSS
CVE
CVE
added 2007/10/17 11:0 p.m.56 views

CVE-2007-5511

CVE-2007-5511 is a SQL injection vulnerability in Oracle Database Workspace Manager (SYS.LT.FINDRICSET) that allows an attacker to execute arbitrary SQL via the vulnerable parameter. The flaw affects Workspace Manager components prior to OWM 10.2.0.4.1, OWM 10.1.0.8.0, and OWM 9.2.0.8.0. Public w...

6.5CVSS7.8AI score0.31758EPSS
CVE
CVE
added 2007/10/17 11:0 p.m.56 views

CVE-2007-5514

CVE-2007-5514 pertains to Oracle Database 10.2.0.3 and involves multiple vulnerabilities affecting the Database Vault component (DB24) and the SQL Execution component (DB26). The initial description states unknown impact and attack vectors for these components. A connected Nessus CPU plugin (Octo...

6.5CVSS6.8AI score0.028EPSS
CVE
CVE
added 2012/07/17 10:39 p.m.56 views

CVE-2012-3134

CVE-2012-3134 affects Oracle Database Server core RDBMS component for versions 11.1.0.7, 11.2.0.2, and 11.2.0.3. The vulnerability is described as enabling remote authenticated users to impact availability via unknown vectors. Exploitation details are not provided in the supplied documents; no ex...

4CVSS5.7AI score0.0144EPSS
CVE
CVE
added 2013/04/17 12:10 p.m.56 views

CVE-2013-1519

CVE-2013-1519 affects the Oracle Application Express component in Oracle Database Server prior to 4.2.1, potentially allowing a remote attacker to impact integrity through unknown vectors. The description is general and does not specify affected configurations beyond the 4.2.1 cutoff, nor explici...

5CVSS6.1AI score0.01408EPSS
Total number of security vulnerabilities516