Oracle Database Server vulnerabilities

CVE-2014-0377 [MEDIUM] CVE-2014-0377: Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect confidentiality via vectors related to SYS tables.

CVE-2013-5764 [LOW] CVE-2013-5764: Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, and 12.1.0.1 allows remote authenticated users to affect availability via unknown vectors.

CVE-2013-5771 [MEDIUM] CVE-2013-5771: Unspecified vulnerability in the XML Parser component in Oracle Database Server 11.1.0.7, 11.2.0.2, Unspecified vulnerability in the XML Parser component in Oracle Database Server 11.1.0.7, 11.2.0.2, 11.2.0.3, and 12.1.0.1 allows remote attackers to affect confidentiality and availability via unknown vectors.

CVE-2013-3826 [MEDIUM] CVE-2013-3826: Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.2, Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.2, 11.2.0.3, and 12.1.0.1 allows remote attackers to affect confidentiality via unknown vectors.

CVE-2013-3751 [CRITICAL] CVE-2013-3751: Unspecified vulnerability in the XML Parser component in Oracle Database Server 11.2.0.2, 11.2.0.3, Unspecified vulnerability in the XML Parser component in Oracle Database Server 11.2.0.2, 11.2.0.3, and 12.1.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.

CVE-2013-3771 [HIGH] CVE-2013-3771: Unspecified vulnerability in the Oracle executable component in Oracle Database Server 10.2.0.4, 10. Unspecified vulnerability in the Oracle executable component in Oracle Database Server 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2013-3760.

CVE-2013-3774 [HIGH] CVE-2013-3774: Unspecified vulnerability in the Network Layer component in Oracle Database Server 10.2.0.4, 10.2.0. Unspecified vulnerability in the Network Layer component in Oracle Database Server 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, 11.2.0.3, and 12.1.0.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

CVE-2013-3760 [HIGH] CVE-2013-3760: Unspecified vulnerability in the Oracle executable component in Oracle Database Server 10.2.0.4, 10. Unspecified vulnerability in the Oracle executable component in Oracle Database Server 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2013-3771.

CVE-2013-3789 [MEDIUM] CVE-2013-3789: Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 10.2.0.4, 10.2.0.5, Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.

CVE-2013-3790 [LOW] CVE-2013-3790: Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 10.2.0.4, 10.2.0.5, Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to affect integrity via unknown vectors related to Privileged Account.

CVE-2013-1534 [CRITICAL] CVE-2013-1534: Unspecified vulnerability in the Workload Manager component in Oracle Database Server 11.2.0.2 and 1 Unspecified vulnerability in the Workload Manager component in Oracle Database Server 11.2.0.2 and 11.2.0.3, when used in RAC configurations, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

CVE-2013-1554 [MEDIUM] CVE-2013-1554: Unspecified vulnerability in the Network Layer component in Oracle Database Server 10.2.0.4, 10.2.0. Unspecified vulnerability in the Network Layer component in Oracle Database Server 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote attackers to affect availability via unknown vectors.

CVE-2013-1519 [MEDIUM] CVE-2013-1519: Unspecified vulnerability in the Application Express component in Oracle Database Server before 4.2. Unspecified vulnerability in the Application Express component in Oracle Database Server before 4.2.1 allows remote attackers to affect integrity via unknown vectors.

CVE-2013-1538 [MEDIUM] CVE-2013-1538: Unspecified vulnerability in the Network Layer component in Oracle Database Server 11.2.0.2 and 11.2 Unspecified vulnerability in the Network Layer component in Oracle Database Server 11.2.0.2 and 11.2.0.3 allows remote attackers to affect availability via unknown vectors.

CVE-2012-3220 [CRITICAL] CVE-2012-3220: Unspecified vulnerability in the Spatial component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10. Unspecified vulnerability in the Spatial component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users with Create Session privileges to affect confidentiality, integrity, and availability via unknown vectors.

CVE-2012-1751 [MEDIUM] CVE-2012-1751: Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.2, Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to flashback archive.

CVE-2012-3146 [LOW] CVE-2012-3146: Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 10.2.0.3, 10.2.0.4, Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to affect integrity via unknown vectors.

CVE-2012-3151 [LOW] CVE-2012-3151: Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 10.2.0.4, 10.2.0.5, Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3, when running on Unix and Linux platforms, allows local users to affect integrity and availability via unknown vectors.

CVE-2012-3137 [MEDIUM] CWE-287 CVE-2012-3137: The authentication protocol in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0 The authentication protocol in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote attackers to obtain the session key and salt for arbitrary users, which leaks information about the cryptographic hash and makes it easier to conduct brute force password guessing attacks, aka "stealth password cracking vu

CVE-2012-3132 [MEDIUM] CWE-89 CVE-2012-3132: SQL injection vulnerability in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0 SQL injection vulnerability in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to execute arbitrary SQL commands via vectors involving CREATE INDEX with a CTXSYS.CONTEXT INDEXTYPE and DBMS_STATS.GATHER_TABLE_STATS.