Total
500 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-1818 | 1 Oracle | 1 Database Server | 2018-10-11 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Authentication component in Oracle Database 11.1.0.6 has unknown impact and remote attack vectors, aka DB08. | |||||
| CVE-2008-1817 | 1 Oracle | 2 Database 9i, Database Server | 2018-10-11 | 9.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3, and 11.1.0.6 have unknown impact and remote attack vectors related to (1) SDO_IDX in the Spatial component, aka DB07; and (2) Core RDBMS, aka DB10. NOTE: the previous information was obtained from the Oracle CPU. Oracle has not commented on reliable researcher claims that DB07 is SQL injection. | |||||
| CVE-2008-1816 | 1 Oracle | 1 Database Server | 2018-10-11 | 5.5 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and 10.2.0.3 have unknown impact and remote authenticated attack vectors related to (1) SDO_UTIL in the Oracle Spatial component, aka DB05; or (2) fine grained auditing in the Audit component, aka DB14. NOTE: the previous information was obtained from the Oracle CPU. Oracle has not commented on reliable researcher claims that DB05 is SQL injection. | |||||
| CVE-2008-1813 | 1 Oracle | 2 Database 9i, Database Server | 2018-10-11 | 6.5 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 have unknown impact and remote unauthenticated or authenticated attack vectors related to (1) SYS.DBMS_AQ in the Advanced Queuing component, aka DB01; (2) Core RDBMS, aka DB03; (3) SDO_GEOM in Oracle Spatial, aka DB06; (4) Export, aka DB12; and (5) DBMS_STATS in Query Optimizer, aka DB13. NOTE: the previous information was obtained from the Oracle CPU. Oracle has not commented on reliable researcher claims that DB06 is SQL injection, and DB13 occurs when the OUTLN account is reset to use a hard-coded password. | |||||
| CVE-2009-1979 | 1 Oracle | 1 Database Server | 2018-10-10 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Network Authentication component in Oracle Database 10.1.0.5 and 10.2.0.4 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2009 CPU. Oracle has not commented on claims from an independent researcher that this is related to improper validation of the AUTH_SESSKEY parameter length that leads to arbitrary code execution. | |||||
| CVE-2014-4245 | 1 Oracle | 1 Database Server | 2018-10-09 | 3.5 LOW | N/A |
| Unspecified vulnerability in the RDBMS Core component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect confidentiality via unknown vectors. | |||||
| CVE-2014-4237 | 1 Oracle | 1 Database Server | 2018-10-09 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the RDBMS Core component in Oracle Database Server 11.2.0.4 and 12.1.0.1 allows remote authenticated users to affect confidentiality via unknown vectors. | |||||
| CVE-2014-4236 | 1 Oracle | 1 Database Server | 2018-10-09 | 6.5 MEDIUM | N/A |
| Unspecified vulnerability in the RDBMS Core component in Oracle Database Server 11.2.0.4 and 12.1.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. | |||||
| CVE-2013-3774 | 1 Oracle | 1 Database Server | 2018-10-09 | 7.6 HIGH | N/A |
| Unspecified vulnerability in the Network Layer component in Oracle Database Server 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, 11.2.0.3, and 12.1.0.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | |||||
| CVE-2013-3751 | 1 Oracle | 1 Database Server | 2018-10-09 | 9.0 HIGH | N/A |
| Unspecified vulnerability in the XML Parser component in Oracle Database Server 11.2.0.2, 11.2.0.3, and 12.1.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. | |||||
| CVE-2012-1675 | 1 Oracle | 1 Database Server | 2018-08-23 | 7.5 HIGH | N/A |
| The TNS Listener, as used in Oracle Database 11g 11.1.0.7, 11.2.0.2, and 11.2.0.3, and 10g 10.2.0.3, 10.2.0.4, and 10.2.0.5, as used in Oracle Fusion Middleware, Enterprise Manager, E-Business Suite, and possibly other products, allows remote attackers to execute arbitrary database commands by performing a remote registration of a database (1) instance or (2) service name that already exists, then conducting a man-in-the-middle (MITM) attack to hijack database connections, aka "TNS Poison." | |||||
| CVE-2001-0833 | 1 Oracle | 1 Database Server | 2018-05-03 | 7.2 HIGH | N/A |
| Buffer overflow in otrcrep in Oracle 8.0.x through 9.0.1 allows local users to execute arbitrary code via a long ORACLE_HOME environment variable, aka the "Oracle Trace Collection Security Vulnerability." | |||||
| CVE-2002-0567 | 1 Oracle | 3 Database Server, Oracle8i, Oracle9i | 2017-10-10 | 7.5 HIGH | N/A |
| Oracle 8i and 9i with PL/SQL package for External Procedures (EXTPROC) allows remote attackers to bypass authentication and execute arbitrary functions by using the TNS Listener to directly connect to the EXTPROC process. | |||||
| CVE-2003-0727 | 1 Oracle | 1 Database Server | 2017-09-28 | 2.1 LOW | N/A |
| Multiple buffer overflows in the XML Database (XDB) functionality for Oracle 9i Database Release 2 allow local users to cause a denial of service or hijack user sessions. | |||||
| CVE-2015-4755 | 1 Oracle | 1 Database Server | 2017-09-22 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the RDBMS Security component in Oracle Database Server 12.1.0.2 allows remote attackers to affect confidentiality via unknown vectors. | |||||
| CVE-2015-4753 | 1 Oracle | 1 Database Server | 2017-09-22 | 2.1 LOW | N/A |
| Unspecified vulnerability in the RDBMS Support Tools component in Oracle Database Server 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows local users to affect confidentiality via unknown vectors. | |||||
| CVE-2015-4740 | 1 Oracle | 1 Database Server | 2017-09-22 | 6.0 MEDIUM | N/A |
| Unspecified vulnerability in the RDBMS Partitioning component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. | |||||
| CVE-2015-2655 | 1 Oracle | 1 Database Server | 2017-09-22 | 5.5 MEDIUM | N/A |
| Unspecified vulnerability in the Application Express component in Oracle Database Server before 4.2.3.00.08 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. | |||||
| CVE-2015-2629 | 1 Oracle | 1 Database Server | 2017-09-22 | 9.0 HIGH | N/A |
| Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-0457. | |||||
| CVE-2015-2599 | 1 Oracle | 1 Database Server | 2017-09-22 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the RDBMS Scheduler component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors. | |||||