Database Server Security Vulnerabilities and Issues — Database Server CVE List

Lucene search

OracleDatabase Server

20 matches found

CVE•added 2005/01/19 5:0 a.m.•88 views

CVE-2004-1371

Stack-based buffer overflow in Oracle 9i and 10g allows remote attackers to execute arbitrary code via a long token in the text of a wrapped procedure.

9CVSS9.6AI score0.32439EPSS

CVE•added 2005/01/19 5:0 a.m.•79 views

CVE-2004-1363

Buffer overflow in extproc in Oracle 10g allows remote attackers to execute arbitrary code via environment variables in the library name, which are expanded after the length check is performed.

9.8CVSS9.7AI score0.27664EPSS

CVE•added 2005/03/09 5:0 a.m.•65 views

CVE-2005-0701

Directory traversal vulnerability in Oracle Database Server 8i and 9i allows remote attackers to read or rename arbitrary files via "\.\.." (modified dot dot backslash) sequences to UTL_FILE functions such as (1) UTL_FILE.FOPEN or (2) UTL_FILE.frename.

5CVSS6.2AI score0.2878EPSS

CVE•added 2005/05/02 4:0 a.m.•59 views

CVE-2005-1197

SQL injection vulnerability in the SYS.DBMS_CDC_IPUBLISH.CREATE_SCN_CHANGE_SET procedure in Oracle Database Server 10g allows remote attackers to execute arbitrary SQL commands via the CHANGE_SET_NAME parameter.

7.5CVSS7.8AI score0.00899EPSS

CVE•added 2005/11/02 11:3 a.m.•54 views

CVE-2005-3445

Multiple unspecified vulnerabilities in HTTP Server in Oracle Database Server 8i up to 10.1.0.4.2 and Application Server 1.0.2.2 up to 10.1.2.0 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB30 and AS03 or (2) DB31 and AS05.

10CVSS9.2AI score0.02021EPSS

CVE•added 2005/05/02 4:0 a.m.•49 views

CVE-2005-0298

The DIRECTORY objects in Oracle 8i through Oracle 10g contain the location of a specific operating system directory, which allows users with read privileges to a DIRECTORY object to obtain sensitive information.

5CVSS6.2AI score0.00337EPSS

CVE•added 2005/08/16 4:0 a.m.•48 views

CVE-2004-2345

Unknown multiple vulnerabilities in Oracle9i Database Server 9.0.1.4, 9.0.1.5, 9.2.0.3, and 9.2.0.4 allow local users with the ability to invoke SQL to cause a denial of service or obtain sensitive information.

6.5CVSS7.6AI score0.0048EPSS

CVE•added 2005/10/14 10:2 a.m.•48 views

CVE-2005-3206

iSQL*Plus (isqlplus) for Oracle9i Database Server Release 2 9.0.2.4 allows remote attackers to cause a denial of service (TNS listener stop) via an HTTP request with an sid parameter that contains a STOP command.

5CVSS6.7AI score0.2703EPSS

CVE•added 2005/11/02 11:2 a.m.•48 views

CVE-2005-3443

Unspecified vulnerability in the Spatial component in Oracle Database Server from 9i up to 10.1.0.3 has unknown impact and attack vectors, aka Oracle Vuln# DB17.

10CVSS6.5AI score0.03419EPSS

CVE•added 2005/11/02 11:3 a.m.•46 views

CVE-2005-3446

Unspecified vulnerability in Internet Directory in Oracle Database Server 9i up to 9.2.0.6 and Application Server 9.0.2.3 up to 10.1.2.0 has unknown impact and attack vectors, aka Oracle Vuln# DB32 and AS06.

10CVSS9AI score0.02049EPSS

CVE•added 2005/11/16 9:22 p.m.•46 views

CVE-2005-3641

Oracle Databases running on Windows XP with Simple File Sharing enabled, allows remote attackers to bypass authentication by supplying a valid username.

7.5CVSS7.1AI score0.00482EPSS

CVE•added 2005/01/06 5:0 a.m.•45 views

CVE-2004-1338

The triggers in Oracle 9i and 10g allow local users to gain privileges by using a sequence of partially privileged actions: using CCBKAPPLROWTRIG or EXEC_CBK_FN_DML to add arbitrary functions to the SDO_CMT_DBK_FN_TABLE and SDO_CMT_CBK_DML_TABLE, then performing a DELETE on the SDO_TXN_IDX_INSERTS ...

6.5CVSS6.9AI score0.00303EPSS

CVE•added 2005/11/02 11:2 a.m.•45 views

CVE-2005-3440

Unspecified vulnerability in Database Scheduler in Oracle Database Server 10g up to 10.1.0.3 has unknown impact and attack vectors, aka Oracle Vuln# DB08.

10CVSS6.5AI score0.0321EPSS

CVE•added 2005/02/10 5:0 a.m.•44 views

CVE-2005-0297

SQL injection vulnerability in Oracle Database 9i and 10g allows remote attackers to execute arbitrary SQL commands and gain privileges.

7.5CVSS8.5AI score0.00498EPSS

CVE•added 2005/01/06 5:0 a.m.•43 views

CVE-2004-1339

SQL injection vulnerability in the (1) MDSYS.SDO_GEOM_TRIG_INS1 and (2) MDSYS.SDO_LRS_TRIG_INS default triggers in Oracle 9i and 10g allows remote attackers to execute arbitrary SQL commands via the new.table_name or new.column_name parameters.

6.5CVSS8.3AI score0.00487EPSS

CVE•added 2005/10/14 10:2 a.m.•41 views

CVE-2005-3205

Cross-site scripting (XSS) vulnerability in iSQL*Plus (iSQLPlus) in Oracle9i Database Server Release 2 9.0.2.4 allows remote attackers to inject arbitrary web script or HTML via script in the "set markup HTML TABLE" command, which is executed when the user selects a table.

3.5CVSS5.7AI score0.00462EPSS

CVE•added 2005/06/21 4:0 a.m.•38 views

CVE-2002-1767

Buffer overflow in tnslsnr of Oracle 8i Database Server 8.1.5 for Linux allows local users to execute arbitrary code as the oracle user via a long command line argument.

7.2CVSS7.6AI score0.08249EPSS

CVE•added 2005/11/02 11:2 a.m.•38 views

CVE-2005-3437

Unspecified vulnerability in the PL/SQL component in Oracle Database Server 9i up to 10.1.0.4 has unknown impact and attack vectors, aka Oracle Vuln# DB01.

10CVSS6.5AI score0.0321EPSS

CVE•added 2005/11/02 11:2 a.m.•36 views

CVE-2005-3444

Multiple unspecified vulnerabilities in the Programmatic Interface in Oracle Database Server from 8i up to 9.2.0.5 have unknown impact and attack vectors, aka Oracle Vuln# DB26.

10CVSS6.8AI score0.02049EPSS

CVE•added 2005/11/02 11:2 a.m.•35 views

CVE-2005-3438

Multiple unspecified vulnerabilities in Oracle Database Server 9i up to 10.1.0.4.2 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB04 in Change Data Capture; (2) DB06 in Data Guard Logical Standby; (3) DB10 in Locale; (4) DB12 in Materialized Views; (5) DB13 in Objects Extension; (6)...

10CVSS7AI score0.08341EPSS