Filtered by vendor Oracle
Subscribe
Total
10172 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-5897 | 1 Oracle | 1 Database Server | 2025-04-09 | 8.5 HIGH | N/A |
| Buffer overflow in MDSYS.SDO_CS in Oracle Database Server 8iR3, 9iR1, 9iR2 up to 9.2.0.6, and 10gR1 up to 10.1.0.4 allows remote authenticated users to cause a denial of service (crash) and execute arbitrary code via the TRANSFORM function. NOTE: this issue might already be covered by CVE-2007-5515, CVE-2007-5509, or CVE-2007-5505, but there are insufficient details to be sure. | |||||
| CVE-2006-5350 | 1 Oracle | 2 E-business Suite, Http Server | 2025-04-09 | 7.2 HIGH | N/A |
| Unspecified vulnerability in Oracle HTTP Server 9.2.0.7 and Oracle E-Business Suite and Applications 11.5.10CU2 has unknown impact and local attack vectors, aka Vuln# OHS08. | |||||
| CVE-2008-7238 | 1 Oracle | 1 E-business Suite | 2025-04-09 | 6.0 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in Oracle E-Business Suite 12.0.3 allow (1) local users to affect confidentiality and integrity via unknown vectors related to the Mobile Application Server component (APP01); (2) remote attackers to affect confidentiality via unknown vectors related to the Oracle Applications Framework (APP03); remote authenticated users to affect confidentiality and integrity via unknown vectors related to the (3) CRM Technical Foundation (APP05) and (4) Oracle Application Object Library (APP06); and remote authenticated users to affect integrity and availability via unknown vectors related to (5) Oracle Applications Technology Stack (APP07). | |||||
| CVE-2008-3995 | 1 Oracle | 2 Database 10g, Database 11i | 2025-04-09 | 5.5 MEDIUM | N/A |
| Unspecified vulnerability in the Change Data Capture component in Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to DBMS_CDC_PUBLISH. | |||||
| CVE-2009-1007 | 1 Oracle | 1 Database Server | 2025-04-09 | 6.5 MEDIUM | N/A |
| Unspecified vulnerability in the Data Mining component in Oracle Database 10.2.0.4 allows remote authenticated users to affect confidentiality, integrity, and availability, related to SYS.DMP_SYS. | |||||
| CVE-2006-5341 | 1 Oracle | 1 Database Server | 2025-04-09 | 9.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in XMLDB component in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.2 have unknown impact and remote authenticated attack vectors, aka (1) Vuln# DB14 and (2) DB15 related to xdb.dbms_xdbz. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB14 is for SQL injection in the PITRIG_DROP and PITRIG_DROPMETADATA functions in XDB_PITRIG_PKG, and DB15 is for SQL injection in DISABLE_HIERARCHY_INTERNAL in DBMS_XDBZ. | |||||
| CVE-2006-5375 | 1 Oracle | 1 Peoplesoft Enterprise | 2025-04-09 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in PeopleTools component in Oracle PeopleSoft Enterprise 8.46 GA, 8.47 GA, 8.48 GA, 8.46.15, 8.47.09, and 8.48.03 have unknown impact and remote attack vectors, aka Vuln# (1) PSE01, (2) PSE02, and (3) PSE03. | |||||
| CVE-2007-0273 | 1 Oracle | 1 Database Server | 2025-04-09 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Database 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.3 has unknown impact and attack vectors related to XMLDB, aka DB06. NOTE: as of 20070123, Oracle has not disputed claims by a reliable researcher that DB06 is for multiple cross-site scripting (XSS) vulnerabilities. | |||||
| CVE-2007-3503 | 1 Oracle | 1 Jdk | 2025-04-09 | 4.3 MEDIUM | N/A |
| The Javadoc tool in Sun JDK 6 and JDK 5.0 Update 11 can generate HTML documentation pages that contain cross-site scripting (XSS) vulnerabilities, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2008-3985 | 1 Oracle | 1 E-business Suite | 2025-04-09 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 12.0.4 allows remote attackers to affect confidentiality via unknown vectors. | |||||
| CVE-2007-3870 | 1 Oracle | 1 Peoplesoft Enterprise | 2025-04-09 | 4.6 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in the Human Capital Management component in Oracle PeopleSoft Enterprise 8.9 Bundle 11 allow local users to have unknown impact via unknown vectors, aka (1) PSE06 and (2) PSE07. | |||||
| CVE-2010-0070 | 1 Oracle | 1 Application Server | 2025-04-09 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Application Server 10.1.2.3 and 10.1.3.4 allows remote attackers to affect integrity via unknown vectors. | |||||
| CVE-2006-7138 | 1 Oracle | 1 Apex | 2025-04-09 | 6.0 MEDIUM | N/A |
| SQL injection vulnerability in wwv_flow_utilities.gen_popup_list in the WWV_FLOW_UTILITIES package for Oracle APEX/HTMLDB before 2.2 allows remote authenticated users to execute arbitrary SQL by modifying the P_LOV parameter and calculating a matching MD5 checksum for the P_LOV_CHECKSUM parameter. NOTE: it is likely that this issue is subsumed by CVE-2006-5351, but due to lack of details from Oracle, this cannot be proven. | |||||
| CVE-2007-2110 | 2 Microsoft, Oracle | 2 Windows, Database Server | 2025-04-09 | 4.4 MEDIUM | N/A |
| Unspecified vulnerability in the Core RDBMS component for Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.4 on Windows systems has unknown impact and attack vectors, aka DB03. NOTE: as of 20070424, Oracle has not disputed reliable claims that DB03 occurs because RDBMS uses a NULL Discretionary Access Control List (DACL) for the Oracle process and certain shared memory sections, which allows local users to inject threads and execute arbitrary code via the OpenProcess, OpenThread, and SetThreadContext functions (DB03). | |||||
| CVE-2008-3993 | 1 Oracle | 1 E-business Suite | 2025-04-09 | 3.5 LOW | N/A |
| Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2 and 12.0.4 allows remote authenticated users to affect integrity via unknown vectors. | |||||
| CVE-2008-7247 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2025-04-09 | 6.0 MEDIUM | N/A |
| sql/sql_table.cc in MySQL 5.0.x through 5.0.88, 5.1.x through 5.1.41, and 6.0 before 6.0.9-alpha, when the data home directory contains a symlink to a different filesystem, allows remote authenticated users to bypass intended access restrictions by calling CREATE TABLE with a (1) DATA DIRECTORY or (2) INDEX DIRECTORY argument referring to a subdirectory that requires following this symlink. | |||||
| CVE-2008-4006 | 1 Oracle | 1 Secure Backup | 2025-04-09 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.1.0.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | |||||
| CVE-2009-3410 | 1 Oracle | 1 Database Server | 2025-04-09 | 3.6 LOW | N/A |
| Unspecified vulnerability in the RDBMS component in Oracle Database 11.1.0.7, 10.2.0.3, 10.2.0.4, 10.1.0.5, 9.2.0.8, and 9.2.0.8DV allows remote authenticated users to affect confidentiality and integrity via unknown vectors. | |||||
| CVE-2008-1820 | 1 Oracle | 3 Database 10g, Database 11g, Database 9i | 2025-04-09 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the Data Pump component in Oracle Database 9.2.0.8, 10.1.0.5, 10.2.0.3, and 11.1.0.6 has unknown impact and remote attack vectors related to KUPF$FILE_INT, aka DB11. NOTE: the previous information was obtained from the April 2008 CPU. Oracle has not commented on reliable researcher claims that DB11 is for a buffer overflow in the SYS.KUPF$FILE_INT.GET_FULL_FILENAME procedure. | |||||
| CVE-2009-0987 | 1 Oracle | 1 Database Server | 2025-04-09 | 5.5 MEDIUM | N/A |
| Unspecified vulnerability in the Upgrade component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. | |||||