Filtered by vendor Oracle
Subscribe
Total
10321 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-2620 | 1 Oracle | 3 Jd Edwards Enterpriseone, Peoplesoft Enterprise, Peoplesoft Peopletools Component | 2025-04-09 | 6.5 MEDIUM | N/A |
|
Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.17 and 8.49.11 has unknown impact and remote authenticated attack vectors, a different vulnerability than CVE-2008-2615, CVE-2008-2616, CVE-2008-2617, CVE-2008-2618, CVE-2008-2621, and CVE-2008-2622.
|
|||||
| CVE-2006-5370 | 1 Oracle | 1 E-business Suite | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10CU2 have unknown impact and remote authenticated attack vectors, aka Vuln# (1) APPS06 for Oracle CRM Gateway for Mobile Devices and (2) APPS08 for Oracle iStore.
|
|||||
| CVE-2007-0288 | 1 Oracle | 1 Application Server | 2025-04-09 | 1.7 LOW | N/A |
|
Unspecified vulnerability in Oracle Application Server 10.1.4.0 has unknown impact and attack vectors related to Oracle Internet Directory, aka OID01.
|
|||||
| CVE-2006-7067 | 1 Oracle | 1 Database Server | 2025-04-09 | 6.0 MEDIUM | N/A |
|
Oracle 10g R2 and possibly other versions allows remote attackers to trigger internal errors, and possibly have other impacts, via an "alter session set events" command with invalid arguments. NOTE: this issue was originally disputed by a third party, but the dispute was retracted. NOTE: this issue was called an "integer overflow" in the original source, but this might be incorrect.
|
|||||
| CVE-2006-5358 | 1 Oracle | 1 Application Server | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in Oracle Forms component in Oracle Application Server 9.0.4.3 and 10.1.2.0.2 has unknown impact and remote attack vectors, aka Vuln# FORM01.
|
|||||
| CVE-2008-5445 | 1 Oracle | 1 Secure Backup | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.2 allows remote attackers to affect availability via unknown vectors. NOTE: the previous information was obtained from the January 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is a denial of service in observiced.exe via malformed private Protocol data that triggers a NULL pointer dereference.
|
|||||
| CVE-2009-1016 | 1 Oracle | 1 Bea Product Suite | 2025-04-09 | 8.5 HIGH | N/A |
|
Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote authenticated users to affect confidentiality, integrity, and availability, related to IIS. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is a stack-based buffer overflow involving an unspecified Server Plug-in and a crafted SSL certificate.
|
|||||
| CVE-2008-4010 | 1 Oracle | 1 Bea Product Suite | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Unspecified vulnerability in the WebLogic Workshop component in BEA Product Suite 10.3, 10.2, 10.0 MP1, 9.2 MP3, and 8.1 SP6 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to "some NetUI tags."
|
|||||
| CVE-2008-0346 | 1 Oracle | 5 Application Server, Collaboration Suite, Database Server and 2 more | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in the Oracle Jinitiator component in Oracle Application Server 1.3.1.27 and E-Business Suite 11.5.10.2 has unknown impact and remote attack vectors, aka AS01.
|
|||||
| CVE-2008-4098 | 4 Canonical, Debian, Mysql and 1 more | 4 Ubuntu Linux, Debian Linux, Mysql and 1 more | 2025-04-09 | 4.6 MEDIUM | N/A |
|
MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL home data directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4097.
|
|||||
| CVE-2008-3980 | 1 Oracle | 1 Database 10g | 2025-04-09 | 4.9 MEDIUM | N/A |
|
Unspecified vulnerability in the Upgrade component in Oracle Database 10.1.0.5 and 10.2.0.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
|
|||||
| CVE-2008-3996 | 1 Oracle | 2 Database 10g, Database 11i | 2025-04-09 | 5.5 MEDIUM | N/A |
|
Unspecified vulnerability in the Change Data Capture component in Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to SYS.DBMS_CDC_IPUBLISH.
|
|||||
| CVE-2007-3860 | 1 Oracle | 1 Apex | 2025-04-09 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in Oracle Application Express (formerly Oracle HTML DB) 2.2.0.00.32 up to 3.0.0.00.20 allows developers to have an unknown impact via unknown attack vectors, aka APEX01. NOTE: a reliable researcher states that this is SQL injection in the wwv_flow_security.check_db_password function due to insufficient checks for '"' characters.
|
|||||
| CVE-2007-5508 | 1 Oracle | 1 Database Server | 2025-04-09 | 6.5 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in the CTXSYS Intermedia application for the Oracle Text component (CTX_DOC) in Oracle Database 10.1.0.5 and 10.2.0.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) THEMES, (2) GIST, (3) TOKENS, (4) FILTER, (5) HIGHLIGHT, and (6) MARKUP procedures, aka DB03. NOTE: remote unauthenticated attack vectors exist when CTXSYS is used with oracle Application Server.
|
|||||
| CVE-2007-0275 | 1 Oracle | 4 Application Server, Collaboration Suite, Database Server and 1 more | 2025-04-09 | 3.5 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in Oracle Reports Web Cartridge (RWCGI60) in the Workflow Cartridge component, as used in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3; Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2; Collaboration Suite 10.1.2; and Oracle E-Business Suite and Applications 11.5.10CU2; allows remote authenticated users to inject arbitrary HTML or web script via the genuser parameter to rwcgi60, aka OWF01.
|
|||||
| CVE-2009-0988 | 1 Oracle | 1 Database 11g | 2025-04-09 | 2.1 LOW | N/A |
|
Unspecified vulnerability in the Password Policy component in Oracle Database 11.1.0.6 allows remote authenticated users to affect confidentiality via unknown vectors.
|
|||||
| CVE-2007-2126 | 1 Oracle | 1 E-business Suite | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in Oracle E-Business Suite 11.5.10CU2 has unknown impact and remote attack vectors in the (1) Common Applications (APPS01) and (2) iProcurement (APPS02).
|
|||||
| CVE-2008-1830 | 2 Jdedwards, Oracle | 2 Enterpriseone, Peoplesoft Hcm Eperformance | 2025-04-09 | 9.0 HIGH | N/A |
|
Unspecified vulnerability in the PeopleSoft HCM ePerformance component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.9 and 9.0 has unknown impact and remote attack vectors, aka PSE03.
|
|||||
| CVE-2009-1974 | 1 Oracle | 1 Bea Product Suite | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to the Servlet Container Package.
|
|||||
| CVE-2008-2589 | 1 Oracle | 2 Application Server, Oracle Portal Component | 2025-04-09 | 6.4 MEDIUM | N/A |
|
Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 9.0.4.3, 10.1.2.2, and 10.1.4.1 has unknown impact and remote attack vectors. NOTE: the previous information was obtained from the Oracle July 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a SQL injection vulnerability in the WWV_RENDER_REPORT package that allows remote attackers to execute arbitrary SQL (PL/SQL) commands via the second argument to the SHOW procedure.
|
|||||
| CVE-2009-1020 | 1 Oracle | 1 Database Server | 2025-04-09 | 9.0 HIGH | N/A |
|
Unspecified vulnerability in the Network Foundation component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.
|
|||||
| CVE-2008-6065 | 1 Oracle | 1 Database Server | 2025-04-09 | 5.1 MEDIUM | N/A |
|
Oracle Database Server 10.1, 10.2, and 11g grants directory WRITE permissions for arbitrary pathnames that are aliased in a CREATE OR REPLACE DIRECTORY statement, which allows remote authenticated users with CREATE ANY DIRECTORY privileges to gain SYSDBA privileges by aliasing the pathname of the password directory, and then overwriting the password file through UTL_FILE operations, a related issue to CVE-2006-7141.
|
|||||
| CVE-2008-4097 | 1 Oracle | 1 Mysql | 2025-04-09 | 4.6 MEDIUM | N/A |
|
MySQL 5.0.51a allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are associated with symlinks within pathnames for subdirectories of the MySQL home data directory, which are followed when tables are created in the future. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-2079.
|
|||||
| CVE-2006-5342 | 1 Oracle | 1 Database Server | 2025-04-09 | 7.1 HIGH | N/A |
|
Unspecified vulnerability in Oracle Spatial component in Oracle Database 9.0.1.5, 9.2.0.6, and 10.1.0.3 has unknown impact and remote authenticated attack vectors related to mdsys.sdo_tune, aka Vuln# DB18. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB18 might be related to SQL injection in the EXTENT_OF function.
|
|||||
| CVE-2007-6283 | 4 Centos, Fedoraproject, Oracle and 1 more | 9 Centos, Fedora Core, Linux and 6 more | 2025-04-09 | 4.9 MEDIUM | N/A |
|
Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key file with world-readable permissions, which allows local users to perform unauthorized named commands, such as causing a denial of service by stopping named.
|
|||||
| CVE-2008-1819 | 1 Oracle | 2 Database 9i, Database Server | 2025-04-09 | 7.2 HIGH | N/A |
|
Unspecified vulnerability in the Oracle Net Services component in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3 has unknown impact and local attack vectors, aka DB09.
|
|||||
| CVE-2009-0993 | 1 Oracle | 1 Application Server | 2025-04-09 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in the OPMN component in Oracle Application Server 10.1.2.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is a format string vulnerability that allows remote attackers to execute arbitrary code via format string specifiers in an HTTP POST URI, which are not properly handled whe ...
Show More |
|||||
| CVE-2009-1553 | 1 Oracle | 1 Glassfish Server | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in the Admin Console in Sun GlassFish Enterprise Server 2.1 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) applications/applications.jsf, (2) configuration/configuration.jsf, (3) customMBeans/customMBeans.jsf, (4) resourceNode/resources.jsf, (5) sysnet/registration.jsf, or (6) webService/webServicesGeneral.jsf; or the name parameter to (7) configuration/auditModuleEdit.jsf, (8) configuration/httpListen ...
Show More |
|||||
| CVE-2009-1973 | 1 Oracle | 1 Database Server | 2025-04-09 | 5.5 MEDIUM | N/A |
|
Unspecified vulnerability in the Virtual Private Database component in Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote authenticated users to affect confidentiality and integrity, related to VPD policies.
|
|||||
| CVE-2008-3995 | 1 Oracle | 2 Database 10g, Database 11i | 2025-04-09 | 5.5 MEDIUM | N/A |
|
Unspecified vulnerability in the Change Data Capture component in Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to DBMS_CDC_PUBLISH.
|
|||||
| CVE-2007-5533 | 1 Oracle | 1 Peoplesoft Enterprise | 2025-04-09 | 6.5 MEDIUM | N/A |
|
Unspecified vulnerability in the People Tools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.47.14, 8.48.13, 8.49.05 has unknown impact and remote attack vectors, aka PSE02.
|
|||||
| CVE-2007-3868 | 1 Oracle | 1 Peoplesoft Enterprise | 2025-04-09 | 6.5 MEDIUM | N/A |
|
Multiple unspecified vulnerabilities in PeopleTools in Oracle PeopleSoft Enterprise 8.22.15, 8.47.13, 8.48.10, and 8.49.02 allows remote authenticated users or attackers to have an unknown impact via multiple vectors, aka (1) PSE01, (2) PSE02, and (3) PSE03.
|
|||||
| CVE-2009-3401 | 1 Oracle | 1 E-business Suite | 2025-04-09 | 1.7 LOW | N/A |
|
Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.1 allows local users to affect confidentiality via unknown vectors.
|
|||||
| CVE-2009-0581 | 4 Gimp, Littlecms, Mozilla and 1 more | 4 Gimp, Little Cms, Firefox and 1 more | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Memory leak in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allows context-dependent attackers to cause a denial of service (memory consumption and application crash) via a crafted image file.
|
|||||
| CVE-2008-5455 | 2 Jdedwards, Oracle | 2 Enterpriseone, Peoplesoft Enterprise | 2025-04-09 | 4.9 MEDIUM | N/A |
|
Unspecified vulnerability in the PeopleSoft Enterprise HRMS - ePerformance component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.9.18 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
|
|||||
| CVE-2009-1019 | 1 Oracle | 1 Database Server | 2025-04-09 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in the Network Authentication component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
|
|||||
| CVE-2008-2604 | 1 Oracle | 2 Authentication Component, Database Server | 2025-04-09 | 6.5 MEDIUM | N/A |
|
Unspecified vulnerability in the Authentication component in Oracle Database 11.1.0.6 has unknown impact and remote authenticated attack vectors, a different vulnerability than CVE-2008-2605.
|
|||||
| CVE-2006-5357 | 1 Oracle | 1 Application Server | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in Oracle HTTP Server component in Oracle Application Server 10.1.2.0.1, 10.1.2.0.2, and 10.1.2.1.0 has unknown impact and remote attack vectors related to the PHP Module, aka Vuln# OHS03.
|
|||||
| CVE-2009-1017 | 1 Oracle | 1 Application Server | 2025-04-09 | 4.0 MEDIUM | N/A |
|
Unspecified vulnerability in the BI Publisher component in Oracle Application Server 5.6.2, 10.1.3.2.1, 10.1.3.3.3, and 10.1.3.4 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2009-0994.
|
|||||
| CVE-2008-2578 | 1 Oracle | 1 Weblogic Server | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Unspecified vulnerability in the WebLogic Server component in Oracle BEA Product Suite 10.0 and 9.2 MP1 has unknown impact and local attack vectors.
|
|||||