Oracle Database 10G vulnerabilities

37 known vulnerabilities affecting oracle/database_10g.

Total CVEs

37

CISA KEV

0

Public exploits

5

Exploited in wild

0

Severity breakdown

HIGH1MEDIUM35LOW1

Vulnerabilities

Page 2 of 2

CVE-2008-3989MEDIUMCVSS 6.5v10.2.0.32008-10-14

CVE-2008-3989 [MEDIUM] CVE-2008-3989: Unspecified vulnerability in the Oracle Data Mining component in Oracle Database 10.2.0.3 allows rem Unspecified vulnerability in the Oracle Data Mining component in Oracle Database 10.2.0.3 allows remote authenticated users to affect confidentiality, integrity, and availability, related to DMSYS.ODM_MODEL_UTIL.

CVE-2008-3992MEDIUMCVSS 5.5v10.2.0.42008-10-14

CVE-2008-3992 [MEDIUM] CVE-2008-3992: Unspecified vulnerability in the Oracle Data Mining component in Oracle Database 10.2.0.4 allows rem Unspecified vulnerability in the Oracle Data Mining component in Oracle Database 10.2.0.4 allows remote authenticated users to affect confidentiality and integrity, related to DMSYS.DBMS_DM_EXP_INTERNAL.

CVE-2008-2624MEDIUMCVSS 6.5v10.1.0.52008-10-14

CVE-2008-2624 [MEDIUM] CVE-2008-2624: Unspecified vulnerability in the Oracle OLAP component in Oracle Database 10.1.0.5 allows remote aut Unspecified vulnerability in the Oracle OLAP component in Oracle Database 10.1.0.5 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.

CVE-2008-3976MEDIUMCVSS 5.5v10.1.0.5v10.2.0.32008-10-14

CVE-2008-3976 [MEDIUM] CVE-2008-3976: Unspecified vulnerability in the Oracle Spatial component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10. Unspecified vulnerability in the Oracle Spatial component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2009-3413 and CVE-2009-3414.

CVE-2008-3982MEDIUMCVSS 5.5v10.1.0.5v10.2.0.32008-10-14

CVE-2008-3982 [MEDIUM] CVE-2008-3982: Unspecified vulnerability in the Workspace Manager component in Oracle Database 9.2.0.8, 9.2.0.8DV, Unspecified vulnerability in the Workspace Manager component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to SYS.LT and WMSYS.LT, a different vulnerability than CVE-2008-3983 and CVE-2008-3984.

CVE-2008-3990MEDIUMCVSS 4.0v10.1.0.52008-10-14

CVE-2008-3990 [MEDIUM] CVE-2008-3990: Unspecified vulnerability in the Oracle OLAP component in Oracle Database 9.2.08, 9.2.0.8DV, and 10. Unspecified vulnerability in the Oracle OLAP component in Oracle Database 9.2.08, 9.2.0.8DV, and 10.1.0.5 allows remote authenticated users to affect availability, related to OLAPSYS.CWM2_OLAP_AW_AWUTIL, a different vulnerability than CVE-2008-3991.

CVE-2008-3980MEDIUMCVSS 4.9v10.1.0.5v10.2.0.32008-10-14

CVE-2008-3980 [MEDIUM] CVE-2008-3980: Unspecified vulnerability in the Upgrade component in Oracle Database 10.1.0.5 and 10.2.0.3 allows r Unspecified vulnerability in the Upgrade component in Oracle Database 10.1.0.5 and 10.2.0.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.

CVE-2008-3984MEDIUMCVSS 5.5PoCv10.1.0.5v10.2.0.32008-10-14

CVE-2008-3984 [MEDIUM] CVE-2008-3984: Unspecified vulnerability in the Workspace Manager component in Oracle Database 9.2.0.8, 9.2.0.8DV, Unspecified vulnerability in the Workspace Manager component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to SYS.LT and WMSYS.LT, a different vulnerability than CVE-2008-3982 and CVE-2008-3983.

CVE-2008-3994MEDIUMCVSS 5.5v10.1.0.5v10.2.0.32008-10-14

CVE-2008-3994 [MEDIUM] CVE-2008-3994: Unspecified vulnerability in the Workspace Manager component in Oracle Database 9.2.0.8, 9.2.0.8DV, Unspecified vulnerability in the Workspace Manager component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to WMSYS.LTADM.

CVE-2008-3991MEDIUMCVSS 4.0v10.1.0.52008-10-14

CVE-2008-3991 [MEDIUM] CVE-2008-3991: Unspecified vulnerability in the Oracle OLAP component in Oracle Database 9.2.08, 9.2.0.8DV, and 10. Unspecified vulnerability in the Oracle OLAP component in Oracle Database 9.2.08, 9.2.0.8DV, and 10.1.0.5 allows remote authenticated users to affect availability, related to OLAPSYS.CWM2_OLAP_AW_AWUTIL, a different vulnerability than CVE-2008-3990.

CVE-2008-3995MEDIUMCVSS 5.5v10.1.0.5v10.2.0.42008-10-14

CVE-2008-3995 [MEDIUM] CVE-2008-3995: Unspecified vulnerability in the Change Data Capture component in Oracle Database 10.1.0.5, 10.2.0.4 Unspecified vulnerability in the Change Data Capture component in Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to DBMS_CDC_PUBLISH.

CVE-2008-3983MEDIUMCVSS 5.5PoCv10.1.0.5v10.2.0.32008-10-14

CVE-2008-3983 [MEDIUM] CVE-2008-3983: Unspecified vulnerability in the Workspace Manager component in Oracle Database 9.2.0.8, 9.2.0.8DV, Unspecified vulnerability in the Workspace Manager component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to SYS.LT and WMSYS.LT, a different vulnerability than CVE-2008-3982 and CVE-2008-3984.

CVE-2008-3996MEDIUMCVSS 5.5v10.1.0.5v10.2.0.42008-10-14

CVE-2008-3996 [MEDIUM] CVE-2008-3996: Unspecified vulnerability in the Change Data Capture component in Oracle Database 10.1.0.5, 10.2.0.4 Unspecified vulnerability in the Change Data Capture component in Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to SYS.DBMS_CDC_IPUBLISH.

CVE-2008-2625MEDIUMCVSS 4.0v10.1.0.5v10.2.0.22008-10-14

CVE-2008-2625 [MEDIUM] CVE-2008-2625: Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0. Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.2 allows remote attackers to affect confidentiality and integrity via unknown vectors. NOTE: the previous information was obtained from the Oracle October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue involves an

CVE-2008-2595MEDIUMCVSS 5.0PoCv10.1.2.3v10.1.4.22008-07-15

CVE-2008-2595 [MEDIUM] CVE-2008-2595: Unspecified vulnerability in the Oracle Internet Directory component in Oracle Application Server 9. Unspecified vulnerability in the Oracle Internet Directory component in Oracle Application Server 9.0.4.3, 10.1.2.3, and 10.1.4.2 has unknown impact and remote attack vectors. NOTE: the previous information was obtained from the Oracle July 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a denial of service (crash) via a ma

CVE-2008-1820MEDIUMCVSS 4.0v10.1.0.5v10.2.0.32008-04-16

CVE-2008-1820 [MEDIUM] CVE-2008-1820: Unspecified vulnerability in the Data Pump component in Oracle Database 9.2.0.8, 10.1.0.5, 10.2.0.3, Unspecified vulnerability in the Data Pump component in Oracle Database 9.2.0.8, 10.1.0.5, 10.2.0.3, and 11.1.0.6 has unknown impact and remote attack vectors related to KUPF$FILE_INT, aka DB11. NOTE: the previous information was obtained from the April 2008 CPU. Oracle has not commented on reliable researcher claims that DB11 is for a buffer overflow in the

CVE-2008-1815MEDIUMCVSS 5.5v10.1.0.5v10.2.0.32008-04-16

CVE-2008-1815 [MEDIUM] CVE-2008-1815: Unspecified vulnerability in the Change Data Capture component in Oracle Database 10.1.0.5, 10.2.0.3 Unspecified vulnerability in the Change Data Capture component in Oracle Database 10.1.0.5, 10.2.0.3, and 11.1.0.6 has unknown impact and remote authenticated attack vectors related to DBMS_CDC_UTILITY, aka DB02. NOTE: the previous information was obtained from the April 2008 CPU. Oracle has not commented on reliable researcher claims that DB02 is for SQL inj

← Previous2 / 2