Database Server Security Vulnerabilities and Issues — Page 9 of Database Server CVE List

Lucene search

OracleDatabase Server

508 matches found

CVE•added 2010/04/13 10:30 p.m.•45 views

CVE-2010-0870

Unspecified vulnerability in the Change Data Capture component in Oracle Database 9.2.0.8 and 9.2.0.8DV allows remote authenticated users to affect confidentiality and integrity, related to SYS.DBMS_CDC_PUBLISH.

3.6CVSS5.6AI score0.47666EPSS

CVE•added 2011/10/18 10:55 p.m.•45 views

CVE-2011-2322

Unspecified vulnerability in the Database Vault component in Oracle Database Server 11.1.0.7 allows remote authenticated users to affect integrity and availability, related to SYSDBA.

3.6CVSS5.7AI score0.00344EPSS

CVE•added 2013/10/16 3:55 p.m.•45 views

CVE-2013-3826

Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.2, 11.2.0.3, and 12.1.0.1 allows remote attackers to affect confidentiality via unknown vectors.

5CVSS6AI score0.00362EPSS

CVE•added 2013/10/16 3:55 p.m.•45 views

CVE-2013-5771

Unspecified vulnerability in the XML Parser component in Oracle Database Server 11.1.0.7, 11.2.0.2, 11.2.0.3, and 12.1.0.1 allows remote attackers to affect confidentiality and availability via unknown vectors.

6.4CVSS6AI score0.00796EPSS

CVE•added 2014/01/15 4:11 p.m.•45 views

CVE-2013-5853

Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, and 12.1.0.1 allows remote attackers to affect availability via unknown vectors.

5CVSS6.1AI score0.01107EPSS

CVE•added 2014/10/15 3:55 p.m.•45 views

CVE-2014-4300

Unspecified vulnerability in the SQLJ component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4298, CVE-2014-4299, CVE-2014-6452, CVE-2014-6454, ...

4CVSS5.5AI score0.00169EPSS

CVE•added 2016/10/25 2:29 p.m.•45 views

CVE-2016-5516

Unspecified vulnerability in the Kernel PDB component in Oracle Database Server 12.1.0.2 allows local users to affect availability via unknown vectors.

6CVSS5.7AI score0.00072EPSS

CVE•added 2024/07/16 11:15 p.m.•45 views

CVE-2024-21123

Vulnerability in the Oracle Database Core component of Oracle Database Server. Supported versions that are affected are 19.3-19.23. Easily exploitable vulnerability allows high privileged attacker having SYSDBA privilege with logon to the infrastructure where Oracle Database Core executes to compro...

2.3CVSS2.6AI score0.00033EPSS

CVE•added 2001/12/06 5:0 a.m.•44 views

CVE-2001-0831

Unknown vulnerability in Oracle Label Security in Oracle 8.1.7 and 9.0.1, when audit functionality, SET_LABEL, or SQL*Predicate is being used, allows local users to gain additional access.

4.6CVSS6.5AI score0.00303EPSS

CVE•added 2001/12/06 5:0 a.m.•44 views

CVE-2001-0832

Vulnerability in Oracle 8.0.x through 9.0.1 on Unix allows local users to overwrite arbitrary files, possibly via a symlink attack or incorrect file permissions in (1) the ORACLE_HOME/rdbms/log directory or (2) an alternate directory as specified in the ORACLE_HOME environmental variable, aka the "...

2.1CVSS6.1AI score0.00244EPSS

CVE•added 2005/02/10 5:0 a.m.•44 views

CVE-2005-0297

SQL injection vulnerability in Oracle Database 9i and 10g allows remote attackers to execute arbitrary SQL commands and gain privileges.

7.5CVSS8.5AI score0.00498EPSS

CVE•added 2006/01/18 11:3 a.m.•44 views

CVE-2006-0266

Unspecified vulnerability in the Query Optimizer component of Oracle Database server 9.0.1.5, 9.2.0.7, and 10.1.0.5 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB19.

9CVSS6.3AI score0.01326EPSS

CVE•added 2006/01/18 11:3 a.m.•44 views

CVE-2006-0291

Multiple unspecified vulnerabilities in Oracle Database Server 10.2.0.1, Application Server 9.0.4.2 and 10.1.2.1, Collaboration Suite Release 2, version 9.0.4.2 (Oracle9i), and E-Business Suite and Applications 11.5.10 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) WF...

10CVSS9.5AI score0.01989EPSS

CVE•added 2006/04/20 10:2 a.m.•44 views

CVE-2006-1868

Buffer overflow in the Advanced Replication component in Oracle Database Server 10.1.0.4 allows database users to execute arbitrary code via the VERIFY_LOG procedure of the DBMS_SNAPSHOT_UTL package, aka Vuln# DB03.

7.5CVSS7.3AI score0.14767EPSS

CVE•added 2006/04/20 10:2 a.m.•44 views

CVE-2006-1877

Unspecified vulnerability in Oracle Database Server 8.1.7.4, 9.0.1.5, and 9.2.0.7 has unknown impact and attack vectors in the Oracle Spatial component, aka Vuln# DB13.

7.2CVSS5.9AI score0.00334EPSS

CVE•added 2006/04/27 11:2 p.m.•44 views

CVE-2006-2081

Oracle Database Server 10g Release 2 allows local users to execute arbitrary SQL queries via the GET_DOMAIN_INDEX_METADATA function in the DBMS_EXPORT_EXTENSION package. NOTE: this issue was originally linked to DB05 (CVE-2006-1870), but a reliable third party has claimed that it is not the same is...

4.6CVSS6.8AI score0.58402EPSS

CVE•added 2007/04/18 6:19 p.m.•44 views

CVE-2007-2110

Unspecified vulnerability in the Core RDBMS component for Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.4 on Windows systems has unknown impact and attack vectors, aka DB03. NOTE: as of 20070424, Oracle has not disputed reliable claims that DB03 occurs because RDBMS uses a NULL Discretionary Access...

4.4CVSS6.9AI score0.00124EPSS

CVE•added 2007/04/18 6:19 p.m.•44 views

CVE-2007-2111

SQL injection vulnerability in the SYS.DBMS_AQADM_SYS package in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.5 allows remote authenticated users to inject arbitrary SQL commands via unknown vectors, aka DB04. NOTE: as of 20070424, Oracle has not disputed reliable claims that DB04 is actually for m...

6.5CVSS7.1AI score0.01858EPSS

CVE•added 2007/07/18 7:30 p.m.•44 views

CVE-2007-3856

Unspecified vulnerability in the Oracle Data Mining component for Oracle Database 10g Release 2 10.2.0.2 and 10.2.0.3, 10g 10.1.0.5, and Oracle9i Database Release 2 9.2.0.7, 9.2.0.8, and 9.2.0.8DV has unknown impact and remote authenticated attack vectors related to DMSYS.DMP_SYS, aka DB04.

6.5CVSS5.8AI score0.04936EPSS

CVE•added 2012/01/18 10:55 p.m.•44 views

CVE-2012-0072

Unspecified vulnerability in the Listener component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.2 allows remote attackers to affect availability via unknown vectors.

5CVSS6.2AI score0.00874EPSS

CVE•added 2012/07/17 10:55 p.m.•44 views

CVE-2012-1747

Unspecified vulnerability in the Network Layer component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3, when running on Windows, allows remote attackers to affect availability via unknown vectors, a different vulnerability than CVE-2012-1746.

5CVSS6.2AI score0.00874EPSS

CVE•added 2012/07/17 11:55 p.m.•44 views

CVE-2012-3134

Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to affect availability via unknown vectors.

4CVSS5.7AI score0.00923EPSS

CVE•added 2001/03/12 5:0 a.m.•43 views

CVE-1999-0784

Denial of service in Oracle TNSLSNR SQL*Net Listener via a malformed string to the listener port, aka NERP.

5CVSS6.5AI score0.00604EPSS

CVE•added 2002/02/02 5:0 a.m.•43 views

CVE-2001-0941

Buffer overflow in dbsnmp in Oracle 8.0.6 through 9.0.1 allows local users to execute arbitrary code via a long ORACLE_HOME environment variable.

4.6CVSS7.4AI score0.00383EPSS

CVE•added 2005/01/06 5:0 a.m.•43 views

CVE-2004-1339

SQL injection vulnerability in the (1) MDSYS.SDO_GEOM_TRIG_INS1 and (2) MDSYS.SDO_LRS_TRIG_INS default triggers in Oracle 9i and 10g allows remote attackers to execute arbitrary SQL commands via the new.table_name or new.column_name parameters.

6.5CVSS8.3AI score0.00487EPSS

CVE•added 2006/01/18 11:3 a.m.•43 views

CVE-2006-0257

Unspecified vulnerability in the Change Data Capture component of Oracle Database server 9.2.0.7, 10.1.0.5, and 10.2.0.1 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB02. NOTE: details are unavailable from Oracle, but they have not publicly disputed a claim by a reliabl...

10CVSS7.2AI score0.01243EPSS

CVE•added 2006/04/20 10:2 a.m.•43 views

CVE-2006-1875

Unspecified vulnerability in Oracle Database Server 9.0.1.5, 9.2.0.7, and 10.1.0.5 has unknown impact and attack vectors in the Oracle Spatial component, aka Vuln# DB11. NOTE: Oracle has not disputed reliable researcher claims that this issue is SQL injection in MDSYS.SDO_LRS_TRIG_INS.

10CVSS6.9AI score0.01289EPSS

CVE•added 2007/04/18 6:19 p.m.•43 views

CVE-2007-2113

SQL injection vulnerability in the Upgrade/Downgrade component (DBMS_UPGRADE_INTERNAL) for Oracle Database 10.1.0.5 allows remote authenticated users to execute arbitrary SQL commands via unknown vectors, aka DB07. NOTE: as of 20070424, Oracle has not disputed reliable claims that DB07 is actually ...

7.5CVSS7.7AI score0.02027EPSS

CVE•added 2007/07/18 7:30 p.m.•43 views

CVE-2007-3855

Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to have an unknown impact via (1) SYS.DBMS_DRS in the DataGuard component (DB03), (2) SYS.DBMS_STANDARD in the PL/SQL component (DB10), (3) MDSYS.RTREE_IDX ...

6.5CVSS6.6AI score0.31136EPSS

CVE•added 2007/10/17 11:17 p.m.•43 views

CVE-2007-5510

Multiple unspecified vulnerabilities in the Workspace Manager component in Oracle Database before OWM 10.2.0.4.1, OWM 10.1.0.8.0, and OWM 9.2.0.8.0 have unknown impact and remote attack vectors, aka (1) DB08, (2) DB09, (3) DB10, (4) DB11, (5) DB12, (6) DB13, (7) DB14, (8) DB15, (9) DB16, (10) DB17,...

6.5CVSS6.4AI score0.63711EPSS

CVE•added 2007/10/17 11:17 p.m.•43 views

CVE-2007-5512

Unspecified vulnerability in the Oracle Database Vault component in Oracle Database 9.2.0.8DV and 10.2.0.3 has unknown impact and remote attack vectors, aka DB21.

7.5CVSS6.2AI score0.00709EPSS

CVE•added 2008/01/17 11:0 p.m.•43 views

CVE-2008-0341

Unspecified vulnerability in the Advanced Queuing component in Oracle Database 9.0.1.5 FIPS+ and 10.1.0.5 has unknown impact and remote attack vectors, aka DB03.

10CVSS6.2AI score0.023EPSS

CVE•added 2009/10/22 6:30 p.m.•43 views

CVE-2009-2000

Unspecified vulnerability in the Authentication component in Oracle Database 11.1.0.7 allows remote attackers to affect confidentiality via unknown vectors.

5CVSS5.9AI score0.00944EPSS

CVE•added 2010/01/13 1:30 a.m.•43 views

CVE-2009-3412

Unspecified vulnerability in the Unzip component in Oracle Database 9.2.0.8, 9.2.0.8DV, and 10.1.0.5; and Oracle Application Server 10.1.2.3; allows local users to affect confidentiality via unknown vectors.

1CVSS7.6AI score0.00241EPSS

CVE•added 2010/04/13 10:30 p.m.•43 views

CVE-2010-0852

Unspecified vulnerability in the XML DB component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.

5.5CVSS5.5AI score0.00302EPSS

CVE•added 2012/05/03 5:55 p.m.•43 views

CVE-2012-0512

Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Database Server 11.1.0.7 and 11.2.0.2 and Oracle Enterprise Manager Grid Control allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Enterprise Config Managemen...

5.5CVSS5.2AI score0.00185EPSS

CVE•added 2012/05/03 5:55 p.m.•43 views

CVE-2012-0520

Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.2, and in Oracle Enterprise Manager Grid Control 10.2.0.5 and 11.1.0.1, allows remote attackers to affect integrity via unknown vectors related to...

4.3CVSS5.9AI score0.00483EPSS

CVE•added 2014/01/15 4:11 p.m.•43 views

CVE-2013-5858

Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect integrity via unknown vectors, a different vulnerability than CVE-2015-0370.

4CVSS5.7AI score0.00379EPSS

CVE•added 2002/09/05 4:0 a.m.•42 views

CVE-2002-0857

Format string vulnerabilities in Oracle Listener Control utility (lsnrctl) for Oracle 9.2 and 9.0, 8.1, and 7.3.4, allow remote attackers to execute arbitrary code on the Oracle DBA system by placing format strings into certain entries in the listener.ora configuration file.

7.5CVSS7.4AI score0.02312EPSS

CVE•added 2006/04/20 10:2 a.m.•42 views

CVE-2006-1874

Unspecified vulnerability in Oracle Database Server 8.1.7.4, 9.0.1.5, and 9.2.0.6 has unknown impact and attack vectors in the Oracle Spatial component, aka Vuln# DB09. NOTE: Oracle has not disputed reliable claims that this issue is SQL injection in MDSYS.PRVT_IDX using the (1) EXECUTE_INSERT, (2)...

7.5CVSS6.9AI score0.01499EPSS

CVE•added 2006/07/21 2:3 p.m.•42 views

CVE-2006-3698

Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB01 for Change Data Capture (CDC) component and (2) DB03 for Data Pump Metadata API. NOTE: as of 20060719, Oracle has not disputed a claim by a reliable researcher that DB0...

10CVSS7.5AI score0.1767EPSS

CVE•added 2006/10/18 1:7 a.m.•42 views

CVE-2006-5338

Unspecified vulnerability in the Core RDBMS component in Oracle Database 10.1.0.5 has unknown impact and remote authenticated attack vectors related to sys.dbms_sqltune, aka Vuln# DB10. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB10 is for SQL injection ...

9CVSS6.7AI score0.04612EPSS

CVE•added 2007/10/17 11:17 p.m.•42 views

CVE-2007-5506

The Core RDBMS component in Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote attackers to cause a denial of service (CPU consumption) via a crafted type 6 Data packet, aka DB20.

7.8CVSS6.1AI score0.06217EPSS

CVE•added 2007/10/17 11:17 p.m.•42 views

CVE-2007-5509

Unspecified vulnerability in the Spatial component in Oracle Database 9.2.0.8 and 9.2.0.8DV has unknown impact and remote attack vectors, aka DB06.

6.5CVSS6.2AI score0.00536EPSS

CVE•added 2007/10/17 11:17 p.m.•42 views

CVE-2007-5515

Unspecified vulnerability in the Spatial component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.2, and 10.2.0.3 has unknown impact and remote attack vectors, aka DB27.

6.5CVSS6.1AI score0.00701EPSS

CVE•added 2009/10/22 6:30 p.m.•42 views

CVE-2009-1995

Unspecified vulnerability in the Advanced Queuing component in Oracle Database 10.2.0.4 and 11.1.0.7 allows remote authenticated users to affect confidentiality and integrity, related to SYS.DBMS_AQ_INV.

4.9CVSS5.4AI score0.00977EPSS

CVE•added 2010/04/13 10:30 p.m.•42 views

CVE-2010-0854

Unspecified vulnerability in the Audit component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote authenticated users to affect integrity, related to "SELECT, INSERT or DELETE on tables subject to auditing."

2.1CVSS5.8AI score0.00277EPSS

CVE•added 2010/04/13 10:30 p.m.•42 views

CVE-2010-0860

Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to the Create User privilege.

7.1CVSS5.6AI score0.00539EPSS

CVE•added 2013/04/17 12:19 p.m.•42 views

CVE-2013-1519

Unspecified vulnerability in the Application Express component in Oracle Database Server before 4.2.1 allows remote attackers to affect integrity via unknown vectors.

5CVSS6.1AI score0.00397EPSS

CVE•added 2014/10/15 10:55 p.m.•42 views

CVE-2014-6537

Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.

6.5CVSS5.7AI score0.00375EPSS

Total number of security vulnerabilities508