Oracle Database Server vulnerabilities

CVE-2009-1992 [CRITICAL] CVE-2009-1992: Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2 Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.4 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

CVE-2009-1979 [CRITICAL] CVE-2009-1979: Unspecified vulnerability in the Network Authentication component in Oracle Database 10.1.0.5 and 10 Unspecified vulnerability in the Network Authentication component in Oracle Database 10.1.0.5 and 10.2.0.4 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2009 CPU. Oracle has not commented on claims from an independent researcher that this is re

CVE-2009-1965 [MEDIUM] CVE-2009-1965: Unspecified vulnerability in the Net Foundation Layer component in Oracle Database 9.2.0.8 and 10.1. Unspecified vulnerability in the Net Foundation Layer component in Oracle Database 9.2.0.8 and 10.1.0.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

CVE-2009-1995 [MEDIUM] CVE-2009-1995: Unspecified vulnerability in the Advanced Queuing component in Oracle Database 10.2.0.4 and 11.1.0.7 Unspecified vulnerability in the Advanced Queuing component in Oracle Database 10.2.0.4 and 11.1.0.7 allows remote authenticated users to affect confidentiality and integrity, related to SYS.DBMS_AQ_INV.

CVE-2009-1993 [MEDIUM] CVE-2009-1993: Unspecified vulnerability in the Application Express component in Oracle Database 3.0.1 allows remot Unspecified vulnerability in the Application Express component in Oracle Database 3.0.1 allows remote authenticated users to affect confidentiality and integrity, related to FLOWS_030000.WWV_EXECUTE_IMMEDIATE.

CVE-2009-2000 [MEDIUM] CVE-2009-2000: Unspecified vulnerability in the Authentication component in Oracle Database 11.1.0.7 allows remote Unspecified vulnerability in the Authentication component in Oracle Database 11.1.0.7 allows remote attackers to affect confidentiality via unknown vectors.

CVE-2009-1018 [MEDIUM] CVE-2009-1018: Unspecified vulnerability in the Workspace Manager component in Oracle Database 10.2.0.4 allows remo Unspecified vulnerability in the Workspace Manager component in Oracle Database 10.2.0.4 allows remote authenticated users to affect confidentiality and integrity, related to SYS.LTRIC (WMSYS.LTRIC).

CVE-2009-1997 [MEDIUM] CVE-2009-1997: Unspecified vulnerability in the Authentication component in Oracle Database 10.2.0.3 and 11.1.0.7 a Unspecified vulnerability in the Authentication component in Oracle Database 10.2.0.3 and 11.1.0.7 allows remote attackers to affect confidentiality via unknown vectors.

CVE-2009-1994 [MEDIUM] CVE-2009-1994: Unspecified vulnerability in the Oracle Spatial component in Oracle Database 10.1.0.5 allows remote Unspecified vulnerability in the Oracle Spatial component in Oracle Database 10.1.0.5 allows remote authenticated users to affect confidentiality, integrity, and availability, related to MDSYS.PRVT_CMT_CBK.

CVE-2009-1964 [MEDIUM] CVE-2009-1964: Unspecified vulnerability in the Workspace Manager component in Oracle Database 10.2.0.4 allows remo Unspecified vulnerability in the Workspace Manager component in Oracle Database 10.2.0.4 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.

CVE-2009-1007 [MEDIUM] CVE-2009-1007: Unspecified vulnerability in the Data Mining component in Oracle Database 10.2.0.4 allows remote aut Unspecified vulnerability in the Data Mining component in Oracle Database 10.2.0.4 allows remote authenticated users to affect confidentiality, integrity, and availability, related to SYS.DMP_SYS.

CVE-2009-2001 [MEDIUM] CVE-2009-2001: Unspecified vulnerability in the PL/SQL component in Oracle Database 10.2.0.4 and 11.1.0.7 allows re Unspecified vulnerability in the PL/SQL component in Oracle Database 10.2.0.4 and 11.1.0.7 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.

CVE-2009-1972 [LOW] CVE-2009-1972: Unspecified vulnerability in the Auditing component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, Unspecified vulnerability in the Auditing component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote authenticated users to affect integrity, related to DBMS_SYS_SQL and DBMS_SQL.

CVE-2009-1991 [LOW] CVE-2009-1991: Unspecified vulnerability in the Oracle Text component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0 Unspecified vulnerability in the Oracle Text component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.4 allows remote authenticated users to affect confidentiality and integrity, related to CTXSYS.DRVXTABC. NOTE: the previous information was obtained from the October 2009 CPU. Oracle has not commented on claims from an established researcher that th

CVE-2009-1971 [LOW] CVE-2009-1971: Unspecified vulnerability in the Data Pump component in Oracle Database 10.1.0.5, 10.2.0.3, and 11.1 Unspecified vulnerability in the Data Pump component in Oracle Database 10.1.0.5, 10.2.0.3, and 11.1.0.7 allows remote authenticated users to affect integrity via unknown vectors.

CVE-2009-1020 [CRITICAL] CVE-2009-1020: Unspecified vulnerability in the Network Foundation component in Oracle Database 9.2.0.8, 9.2.0.8DV, Unspecified vulnerability in the Network Foundation component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.

CVE-2009-1963 [HIGH] CVE-2009-1963: Unspecified vulnerability in the Network Foundation component in Oracle Database 11.1.0.6 allows rem Unspecified vulnerability in the Network Foundation component in Oracle Database 11.1.0.6 allows remote authenticated users to affect integrity and availability via unknown vectors.

CVE-2009-1019 [HIGH] CVE-2009-1019: Unspecified vulnerability in the Network Authentication component in Oracle Database 9.2.0.8, 9.2.0. Unspecified vulnerability in the Network Authentication component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

CVE-2009-0987 [MEDIUM] CVE-2009-0987: Unspecified vulnerability in the Upgrade component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, Unspecified vulnerability in the Upgrade component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.

CVE-2009-1968 [MEDIUM] CVE-2009-1968: Unspecified vulnerability in the Secure Enterprise Search component in Oracle Database 10.1.8.3 allo Unspecified vulnerability in the Secure Enterprise Search component in Oracle Database 10.1.8.3 allows remote attackers to affect integrity via unknown vectors. NOTE: the previous information was obtained from the July 2009 CPU. Oracle has not commented on claims from an established researcher that this is cross-site scripting (XSS) via the search_p_groups pa