Filtered by vendor Oracle
Subscribe
Total
10321 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-0659 | 3 Apple, Openssl, Oracle | 5 Mac Os X, Openssl, Application Server and 2 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allows remote attackers to cause a denial of service via invalid encodings.
|
|||||
| CVE-2006-0273 | 1 Oracle | 1 Application Server | 2025-04-03 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in the Portal component of Oracle Application Server 9.0.4.2 and 10.1.2.0 has unspecified impact and attack vectors, as identified by Oracle Vuln# AS01.
|
|||||
| CVE-2006-0257 | 1 Oracle | 1 Database Server | 2025-04-03 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in the Change Data Capture component of Oracle Database server 9.2.0.7, 10.1.0.5, and 10.2.0.1 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB02. NOTE: details are unavailable from Oracle, but they have not publicly disputed a claim by a reliable independent researcher that states that the problem is SQL injection in the CDC_ALLOCATE_LOCK function of the DBMS_CDC_UTILITY package.
|
|||||
| CVE-2006-0277 | 1 Oracle | 1 E-business Suite | 2025-04-03 | 10.0 HIGH | N/A |
|
Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5.10 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) APPS01 in the (a) Application Install component; (2) APPS07 in the (b) Oracle Applications Framework component; (3) APPS08, (4) APPS09, (5) APPS10, and (6) APPS11 in the (c) Oracle Applications Technology Stack component; (7) APPS12 in the (d) Oracle Human Resources component; (8) APPS15 and (9) APPS16 in the (e) Oracle Marketing c ...
Show More |
|||||
| CVE-2006-1882 | 1 Oracle | 1 E-business Suite | 2025-04-03 | 10.0 HIGH | N/A |
|
Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5.10 have unknown impact and attack vectors, as identified by Vuln# (1) APPS03 in (a) iProcurement; (2) APPS04 in (b) Oracle Application Object Library; (3) APPS06, (4) APPS07, and (5) APPS08 in (c) Oracle Applications Technology Stack; and (6) APPS11 in (d) Oracle Order Capture.
|
|||||
| CVE-2002-0103 | 1 Oracle | 1 Application Server Web Cache | 2025-04-03 | 4.6 MEDIUM | N/A |
|
An installer program for Oracle9iAS Web Cache 2.0.0.x creates executable and configuration files with insecure permissions, which allows local users to gain privileges by (1) running webcached or (2) obtaining the administrator password from webcache.xml.
|
|||||
| CVE-2003-0727 | 1 Oracle | 1 Database Server | 2025-04-03 | 2.1 LOW | N/A |
|
Multiple buffer overflows in the XML Database (XDB) functionality for Oracle 9i Database Release 2 allow local users to cause a denial of service or hijack user sessions.
|
|||||
| CVE-2004-1368 | 1 Oracle | 9 Application Server, Collaboration Suite, E-business Suite and 6 more | 2025-04-03 | 7.8 HIGH | N/A |
|
ISQL*Plus in Oracle 10g Application Server allows remote attackers to execute arbitrary files via an absolute pathname in the file parameter to the load.uix script.
|
|||||
| CVE-2006-0288 | 1 Oracle | 2 Application Server, E-business Suite | 2025-04-03 | 10.0 HIGH | N/A |
|
Multiple unspecified vulnerabilities in the Oracle Reports Developer component of Oracle Application Server 9.0.4.1 and E-Business Suite and Applications 11.5.10 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) REP01 and (2) REP02.
|
|||||
| CVE-2005-0799 | 1 Oracle | 1 Mysql | 2025-04-03 | 5.0 MEDIUM | N/A |
|
MySQL 4.1.9, and possibly earlier versions, allows remote attackers with certain privileges to cause a denial of service (application crash) via a use command followed by an MS-DOS device name such as (1) LPT1 or (2) PRN.
|
|||||
| CVE-2006-0279 | 1 Oracle | 1 E-business Suite | 2025-04-03 | 10.0 HIGH | N/A |
|
Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 4.3 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) APPS13 and (2) APPS14 in the Oracle iLearning component.
|
|||||
| CVE-2002-0509 | 1 Oracle | 1 Oracle9i | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Transparent Network Substrate (TNS) Listener in Oracle 9i 9.0.1.1 allows remote attackers to cause a denial of service (CPU consumption) via a single malformed TCP packet to port 1521.
|
|||||
| CVE-2005-3448 | 1 Oracle | 1 Application Server | 2025-04-03 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in the OC4J Module in Oracle Application Server 9.0 up to 10.1.2.0.2 has unknown impact and attack vectors, as identified by Oracle Vuln# AS01.
|
|||||
| CVE-2002-1632 | 1 Oracle | 1 Application Server | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Oracle 9i Application Server (9iAS) installs multiple sample pages that allow remote attackers to obtain environment variables and other sensitive information via (1) info.jsp, (2) printenv, (3) echo, or (4) echo2.
|
|||||
| CVE-2004-0835 | 3 Debian, Mysql, Oracle | 3 Debian Linux, Mysql, Mysql | 2025-04-03 | 7.5 HIGH | N/A |
|
MySQL 3.x before 3.23.59, 4.x before 4.0.19, 4.1.x before 4.1.2, and 5.x before 5.0.1, checks the CREATE/INSERT rights of the original table instead of the target table in an ALTER TABLE RENAME operation, which could allow attackers to conduct unauthorized activities.
|
|||||
| CVE-2002-0386 | 1 Oracle | 1 Application Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The administration module for Oracle Web Cache in Oracle9iAS (9i Application Suite) 9.0.2 allows remote attackers to cause a denial of service (crash) via (1) an HTTP GET request containing a ".." (dot dot) sequence, or (2) a malformed HTTP GET request with a chunked Transfer-Encoding with missing data.
|
|||||
| CVE-2006-1885 | 1 Oracle | 1 Enterprise Manager | 2025-04-03 | 10.0 HIGH | N/A |
|
Multiple unspecified vulnerabilities in the Reporting Framework component in Oracle Enterprise Manager 9.0.1.5 and 9.2.0.7 have unknown impact and attack vectors, aka Vuln# (1) EM01 and (2) EM02.
|
|||||
| CVE-2004-1371 | 1 Oracle | 10 Application Server, Collaboration Suite, Database Server and 7 more | 2025-04-03 | 9.0 HIGH | N/A |
|
Stack-based buffer overflow in Oracle 9i and 10g allows remote attackers to execute arbitrary code via a long token in the text of a wrapped procedure.
|
|||||
| CVE-2002-1767 | 1 Oracle | 1 Database Server | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in tnslsnr of Oracle 8i Database Server 8.1.5 for Linux allows local users to execute arbitrary code as the oracle user via a long command line argument.
|
|||||
| CVE-2001-0249 | 3 Hp, Oracle, Sgi | 3 Hp-ux, Solaris, Irix | 2025-04-03 | 10.0 HIGH | 9.8 CRITICAL |
|
Heap overflow in FTP daemon in Solaris 8 allows remote attackers to execute arbitrary commands by creating a long pathname and calling the LIST command, which uses glob to generate long strings.
|
|||||
| CVE-2006-0287 | 1 Oracle | 2 Application Server, Database Server | 2025-04-03 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in the Oracle HTTP Server component of Oracle Database Server 10.1.0.5 and Application Server 10.1.2.0.2 has unspecified impact and attack vectors, as identified by Oracle Vuln# OHS02.
|
|||||
| CVE-2005-3459 | 1 Oracle | 2 Clinical, E-business Suite | 2025-04-03 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in Oracle E-Business Suite and Applications 4.5 up to 4.5.1 has unknown impact and attack vectors, as identified by Oracle Vuln# APPS22 in Oracle Clinical.
|
|||||
| CVE-2006-4031 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2025-04-03 | 2.1 LOW | N/A |
|
MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access a table through a previously created MERGE table, even after the user's privileges are revoked for the original table, which might violate intended security policy.
|
|||||
| CVE-2005-3438 | 1 Oracle | 1 Database Server | 2025-04-03 | 10.0 HIGH | N/A |
|
Multiple unspecified vulnerabilities in Oracle Database Server 9i up to 10.1.0.4.2 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB04 in Change Data Capture; (2) DB06 in Data Guard Logical Standby; (3) DB10 in Locale; (4) DB12 in Materialized Views; (5) DB13 in Objects Extension; (6) DB15 in Oracle Label Security; (7) DB27 in Security, possibly due to a buffer overflow in sys.pbsde.init; and (8) DB28 and (9) DB29 in Workspace Manager.
|
|||||
| CVE-2006-3081 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2025-04-03 | 4.0 MEDIUM | N/A |
|
mysqld in MySQL 4.1.x before 4.1.18, 5.0.x before 5.0.19, and 5.1.x before 5.1.6 allows remote authorized users to cause a denial of service (crash) via a NULL second argument to the str_to_date function.
|
|||||
| CVE-2006-0260 | 1 Oracle | 1 Database Server | 2025-04-03 | 10.0 HIGH | N/A |
|
Multiple unspecified vulnerabilities in Oracle Database server 9.2.0.7 and 10.1.0.5 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) DB05 in the (a) Data Pump component; (2) DB15 in the (b) Oracle Text component; (3) DB22 in the (c) Streams Apply component; (4) DB23 and (5) DB24 in the (d) Streams Capture component; and (6) DB26 in the (e) Streams Subcomponent. NOTE: details are unavailable from Oracle, but they have not publicly disputed a claim by a reliable indep ...
Show More |
|||||
| CVE-1999-0046 | 10 Bsdi, Debian, Digital and 7 more | 10 Bsd Os, Debian Linux, Ultrix and 7 more | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow of rlogin program using TERM environmental variable.
|
|||||
| CVE-2005-3460 | 1 Oracle | 2 10g Enterprise Manager Database Control, Enterprise Manager Application Server Control | 2025-04-03 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in Oracle Agent in Oracle Enterprise Manager 9.0.4.1 up to 10.1.0.4 has unknown impact and attack vectors, as identified by Oracle Vuln# EM01.
|
|||||
| CVE-2005-2680 | 1 Oracle | 1 Weblogic Portal | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in BEA WebLogic Portal 8.1 through SP4, when using entitlements, allows remote attackers to bypass access restrictions for the pages of a Book via crafted URLs.
|
|||||
| CVE-2006-1877 | 1 Oracle | 1 Database Server | 2025-04-03 | 7.2 HIGH | N/A |
|
Unspecified vulnerability in Oracle Database Server 8.1.7.4, 9.0.1.5, and 9.2.0.7 has unknown impact and attack vectors in the Oracle Spatial component, aka Vuln# DB13.
|
|||||
| CVE-2002-0856 | 1 Oracle | 2 Database Server, Oracle9i | 2025-04-03 | 5.0 MEDIUM | N/A |
|
SQL*NET listener for Oracle Net Oracle9i 9.0.x and 9.2 allows remote attackers to cause a denial of service (crash) via certain debug requests that are not properly handled by the debugging feature.
|
|||||
| CVE-2002-0858 | 1 Oracle | 2 Oracle8i, Oracle9i | 2025-04-03 | 7.5 HIGH | N/A |
|
catsnmp in Oracle 9i and 8i is installed with a dbsnmp user with a default dbsnmp password, which allows attackers to perform restricted database operations and possibly gain other privileges.
|
|||||
| CVE-2001-0832 | 1 Oracle | 1 Database Server | 2025-04-03 | 2.1 LOW | N/A |
|
Vulnerability in Oracle 8.0.x through 9.0.1 on Unix allows local users to overwrite arbitrary files, possibly via a symlink attack or incorrect file permissions in (1) the ORACLE_HOME/rdbms/log directory or (2) an alternate directory as specified in the ORACLE_HOME environmental variable, aka the "Oracle File Overwrite Security Vulnerability."
|
|||||
| CVE-2002-1921 | 1 Oracle | 1 Mysql | 2025-04-03 | 7.5 HIGH | N/A |
|
The default configuration of MySQL 3.20.32 through 3.23.52, when running on Windows, does set the bind address to the loopback interface, which allows remote attackers to connect to the database.
|
|||||
| CVE-2002-1264 | 1 Oracle | 1 Oracle9i | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Oracle iSQL*Plus web application of the Oracle 9 database server allows remote attackers to execute arbitrary code via a long USERID parameter in the isqlplus URL.
|
|||||
| CVE-2005-3204 | 1 Oracle | 2 Application Server, Oracle9i | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Oracle XML DB 9iR2 allows remote attackers to inject arbitrary web script or HTML via the query string in an HTTP request.
|
|||||
| CVE-2005-3464 | 1 Oracle | 1 Peoplesoft Enterprise | 2025-04-03 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in PeopleTools in Oracle PeopleSoft Enterprise 8.44 up to 8.46 has unknown impact and attack vectors, as identified by Oracle Vuln# PSE04.
|
|||||
| CVE-2002-1666 | 1 Oracle | 1 E-business Suite | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability in Oracle E-Business Suite 11i.1 through 11i.6 allows remote attackers to execute unauthorized PL/SQL procedures by modifying the Oracle Applications URL.
|
|||||
| CVE-2005-1745 | 2 Bea, Oracle | 2 Weblogic Server, Weblogic Portal | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The UserLogin control in BEA WebLogic Portal 8.1 through Service Pack 3 prints the password to standard output when an incorrect login attempt is made, which could make it easier for attackers to guess the correct password.
|
|||||
| CVE-2001-1372 | 1 Oracle | 1 Application Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Oracle 9i Application Server 1.0.2 allows remote attackers to obtain the physical path of a file under the server root via a request for a non-existent .JSP file, which leaks the pathname in an error message.
|
|||||