Total
504 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-1969 | 1 Oracle | 1 Database Server | 2025-04-09 | 2.1 LOW | N/A |
| Unspecified vulnerability in the Auditing component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote authenticated users to affect confidentiality via unknown vectors. | |||||
| CVE-2007-2109 | 1 Oracle | 1 Database Server | 2025-04-09 | 6.0 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in Oracle Database 10.2.0.3 have unknown impact and remote authenticated attack vectors related to (1) Rules Manager and Expression Filter components (DB02) and (2) Oracle Streams (DB06). Note: as of 20070424, Oracle has not disputed reliable claims that DB02 is for a race condition in the RLMGR_TRUNCATE_MAINT trigger in the Rules Manager and Expression Filter components changing the AUTHID of a package from DEFINER to CURRENT_USER after a TRUNCATE call, and DB06 is for SQL injection in the DBMS_APPLY_USER_AGENT.SET_REGISTRATION_HANDLER procedure, which is later passed to the DBMS_APPLY_ADM_INTERNAL.ALTER_APPLY procedure, aka "Oracle Streams". | |||||
| CVE-2009-3412 | 1 Oracle | 2 Application Server, Database Server | 2025-04-09 | 1.0 LOW | N/A |
| Unspecified vulnerability in the Unzip component in Oracle Database 9.2.0.8, 9.2.0.8DV, and 10.1.0.5; and Oracle Application Server 10.1.2.3; allows local users to affect confidentiality via unknown vectors. | |||||
| CVE-2008-2604 | 1 Oracle | 2 Authentication Component, Database Server | 2025-04-09 | 6.5 MEDIUM | N/A |
| Unspecified vulnerability in the Authentication component in Oracle Database 11.1.0.6 has unknown impact and remote authenticated attack vectors, a different vulnerability than CVE-2008-2605. | |||||
| CVE-2008-6065 | 1 Oracle | 1 Database Server | 2025-04-09 | 5.1 MEDIUM | N/A |
| Oracle Database Server 10.1, 10.2, and 11g grants directory WRITE permissions for arbitrary pathnames that are aliased in a CREATE OR REPLACE DIRECTORY statement, which allows remote authenticated users with CREATE ANY DIRECTORY privileges to gain SYSDBA privileges by aliasing the pathname of the password directory, and then overwriting the password file through UTL_FILE operations, a related issue to CVE-2006-7141. | |||||
| CVE-2007-2108 | 2 Microsoft, Oracle | 2 Windows, Database Server | 2025-04-09 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.2 on Windows allows remote attackers to have an unknown impact, aka DB01. NOTE: as of 20070424, Oracle has not disputed reliable claims that this issue occurs because the NTLM SSPI AcceptSecurityContext function grants privileges based on the username provided even though all users are authenticated as Guest, which allows remote attackers to gain privileges. | |||||
| CVE-2007-2110 | 2 Microsoft, Oracle | 2 Windows, Database Server | 2025-04-09 | 4.4 MEDIUM | N/A |
| Unspecified vulnerability in the Core RDBMS component for Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.4 on Windows systems has unknown impact and attack vectors, aka DB03. NOTE: as of 20070424, Oracle has not disputed reliable claims that DB03 occurs because RDBMS uses a NULL Discretionary Access Control List (DACL) for the Oracle process and certain shared memory sections, which allows local users to inject threads and execute arbitrary code via the OpenProcess, OpenThread, and SetThreadContext functions (DB03). | |||||
| CVE-2008-2607 | 1 Oracle | 3 Advanced Queuing Component, Database 9i, Database Server | 2025-04-09 | 6.5 MEDIUM | N/A |
| Unspecified vulnerability in the Advanced Queuing component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.6 has unknown impact and remote authenticated attack vectors related to SYS.DBMS_AQELM. NOTE: the previous information was obtained from the Oracle July 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a buffer overflow that allows attackers to cause a denial of service (database corruption) and possibly execute arbitrary code via a long argument to an unspecified procedure. | |||||
| CVE-2007-5514 | 1 Oracle | 1 Database Server | 2025-04-09 | 6.5 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in Oracle Database 10.2.0.3 have unknown impact and attack vectors related to (1) Database Vault component (DB24) and (2) SQL Execution component (DB26). | |||||
| CVE-2007-2115 | 1 Oracle | 1 Database Server | 2025-04-09 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in the Change Data Capture (CDC) component in Oracle Database 9.2.0.7, 10.1.0.5, and 10.2.0.2 has unknown impact and attack vectors, aka DB09. NOTE: as of 20070424, oracle has not disputed reliable claims that this issue involves multiple SQL injection vulnerabilities in the DBMS_CDC_PUBLISH with remote authenticated vectors involving the "java classes in CDC.jar." | |||||
| CVE-2007-0271 | 1 Oracle | 1 Database Server | 2025-04-09 | 6.5 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Database 9.0.1.5 and 9.2.0.7 has unknown impact and attack vectors related to the Log Miner component and sys.dbms_log_mnr privileges, aka DB04. NOTE: Oracle has not disputed a reliable researcher claim that this is a buffer overflow in the ADD_LOGFILE procedure for the SYS.DBMS_LOGMNR package that allows code execution. | |||||
| CVE-2006-5336 | 1 Oracle | 1 Database Server | 2025-04-09 | 9.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in the Change Data Capture (CDC) component in Oracle Database 9.2.0.7, 10.1.0.5, and have unknown impact and remote authenticated attack vectors related to (1) sys.dbms_cdc_ipublish (Vuln# DB05) and (2) sys.dbms_cdc_isubscribe (DB06). NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB05 is for SQL injection in CREATE_CHANGE_TABLE and CHANGE_TABLE_TRIGGER, and DB06 is for PL/SQL injection in the PREPARE_UNBOUNDED_VIEW procedure. | |||||
| CVE-2009-1018 | 1 Oracle | 1 Database Server | 2025-04-09 | 5.5 MEDIUM | N/A |
| Unspecified vulnerability in the Workspace Manager component in Oracle Database 10.2.0.4 allows remote authenticated users to affect confidentiality and integrity, related to SYS.LTRIC (WMSYS.LTRIC). | |||||
| CVE-2008-1821 | 1 Oracle | 1 Database Server | 2025-04-09 | 9.0 HIGH | N/A |
| Unspecified vulnerability in the Advanced Queuing component in Oracle Database 9.0.1.5 FIPS+, and 10.1.0.5 has unknown impact and remote attack vectors related to SYS.DBMS_AQJMS_INTERNAL, aka DB15. NOTE: the previous information was obtained from the April 2008 CPU. Oracle has not commented on reliable researcher claims that DB15 is for multiple buffer overflows in the (1) AQ$_REGISTER and (2) AQ$_UNREGISTER procedures. | |||||
| CVE-2008-1819 | 1 Oracle | 2 Database 9i, Database Server | 2025-04-09 | 7.2 HIGH | N/A |
| Unspecified vulnerability in the Oracle Net Services component in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3 has unknown impact and local attack vectors, aka DB09. | |||||
| CVE-2007-0278 | 1 Oracle | 1 Database Server | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unknown impact and attack vectors related to (1) NLS Runtime and lmsgen (DB12), and (2) Oracle Text and ctxkbtc (DB14). | |||||
| CVE-2009-1963 | 1 Oracle | 1 Database Server | 2025-04-09 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the Network Foundation component in Oracle Database 11.1.0.6 allows remote authenticated users to affect integrity and availability via unknown vectors. | |||||
| CVE-2008-2605 | 1 Oracle | 2 Authentication Component, Database Server | 2025-04-09 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the Authentication component in Oracle Database 11.1.0.6 has unknown impact and remote authenticated attack vectors, a different vulnerability than CVE-2008-2604. | |||||
| CVE-2008-0342 | 1 Oracle | 1 Database Server | 2025-04-09 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Upgrade/Downgrade component in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3 has unknown impact and remote attack vectors, aka DB05. | |||||
| CVE-2007-5505 | 1 Oracle | 1 Database Server | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 have unknown impact and remote attack vectors, related to (1) the Export component (DB02), (2) Oracle Text (DB04), (3) Oracle Text (DB05), (4) Spatial component (DB07), and (5) Advanced Security Option (DB19). | |||||