Oracle Database Server vulnerabilities

502 known vulnerabilities affecting oracle/database_server.

Total CVEs

502

CISA KEV

Public exploits

Exploited in wild

Severity breakdown

CRITICAL112HIGH71MEDIUM250LOW69

Vulnerabilities

Page 19 of 26

CVE-2007-5506HIGHCVSS 7.8v9.0.1.5v9.2.0.8+3 more2007-10-17

CVE-2007-5506 [HIGH] CWE-399 CVE-2007-5506: The Core RDBMS component in Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 all The Core RDBMS component in Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote attackers to cause a denial of service (CPU consumption) via a crafted type 6 Data packet, aka DB20.

nvd

CVE-2007-5520HIGHCVSS 7.5v9.2.0.8v9.2.0.8dv2007-10-17

CVE-2007-5520 [HIGH] CVE-2007-5520: Unspecified vulnerability in the Oracle Internet Directory component in Oracle Database 9.2.0.8 and Unspecified vulnerability in the Oracle Internet Directory component in Oracle Database 9.2.0.8 and 9.2.0.8DV, and Oracle Application Server 9.0.4.3, 10.1.3.0.0 up to 10.1.3.3.0, and 10.1.2.0.1 up to 10.1.2.2.0, has unknown impact and remote attack vectors, aka AS05.

nvd

CVE-2007-5505HIGHCVSS 7.5v9.0.1.5v9.2.0.8+3 more2007-10-17

CVE-2007-5505 [HIGH] CVE-2007-5505: Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 have unknown impact and remote attack vectors, related to (1) the Export component (DB02), (2) Oracle Text (DB04), (3) Oracle Text (DB05), (4) Spatial component (DB07), and (5) Advanced Security Option (DB19).

nvd

CVE-2007-5515MEDIUMCVSS 6.5v9.2.0.8v9.2.0.8dv+3 more2007-10-17

CVE-2007-5515 [MEDIUM] CVE-2007-5515: Unspecified vulnerability in the Spatial component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, Unspecified vulnerability in the Spatial component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.2, and 10.2.0.3 has unknown impact and remote attack vectors, aka DB27.

nvd

CVE-2007-5508MEDIUMCVSS 6.5PoCv10.1.0.5v10.2.0.32007-10-17

CVE-2007-5508 [MEDIUM] CWE-89 CVE-2007-5508: Multiple SQL injection vulnerabilities in the CTXSYS Intermedia application for the Oracle Text comp Multiple SQL injection vulnerabilities in the CTXSYS Intermedia application for the Oracle Text component (CTX_DOC) in Oracle Database 10.1.0.5 and 10.2.0.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) THEMES, (2) GIST, (3) TOKENS, (4) FILTER, (5) HIGHLIGHT, and (6) MARKUP procedures, aka DB03. NOTE: remote unauthentic

nvd

CVE-2007-5504MEDIUMCVSS 6.5v9.0.1.5v10.1.0.52007-10-17

CVE-2007-5504 [MEDIUM] CVE-2007-5504: Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+ and 10.1.0.5 unknown impact and rem Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+ and 10.1.0.5 unknown impact and remote attack vectors, related to (1) Import (DB01) and (2) Advanced Queuing (DB25). NOTE: as of 20071108, Oracle has not disputed reliable researcher claims that DB25 is for a buffer overflow in the DBLINK_INFO procedure in the DBMS_AQADM_SYS package.

nvd

CVE-2007-5513MEDIUMCVSS 5.0v9.2.0.8v9.2.0.8dv+1 more2007-10-17

CVE-2007-5513 [MEDIUM] CVE-2007-5513: The XML DB (XMLDB) component in Oracle Database 9.2.0.8, 9.2.0.8DV, and 10.1.0.5 generates incorrect The XML DB (XMLDB) component in Oracle Database 9.2.0.8, 9.2.0.8DV, and 10.1.0.5 generates incorrect audit entries in the USERID column in which (1) long usernames are trimmed to 5 characters, or (2) short entries contain any extra characters from usernames in previous entries, aka DB23.

nvd

CVE-2007-5514MEDIUMCVSS 6.5v10.2.0.32007-10-17

CVE-2007-5514 [MEDIUM] CVE-2007-5514: Multiple unspecified vulnerabilities in Oracle Database 10.2.0.3 have unknown impact and attack vect Multiple unspecified vulnerabilities in Oracle Database 10.2.0.3 have unknown impact and attack vectors related to (1) Database Vault component (DB24) and (2) SQL Execution component (DB26).

nvd

CVE-2007-5507MEDIUMCVSS 6.4v9.0.1.5v9.2.0.8+3 more2007-10-17

CVE-2007-5507 [MEDIUM] CWE-20 CVE-2007-5507: The GIOP service in TNS Listener in the Oracle Net Services component in Oracle Database 9.0.1.5+, 9 The GIOP service in TNS Listener in the Oracle Net Services component in Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote attackers to cause a denial of service (crash) or read potentially sensitive memory via a connect GIOP packet with an invalid data size, which triggers a buffer over-read, aka DB22.

nvd

CVE-2007-5509MEDIUMCVSS 6.5v9.2.0.8v9.2.0.8dv2007-10-17

CVE-2007-5509 [MEDIUM] CVE-2007-5509: Unspecified vulnerability in the Spatial component in Oracle Database 9.2.0.8 and 9.2.0.8DV has unkn Unspecified vulnerability in the Spatial component in Oracle Database 9.2.0.8 and 9.2.0.8DV has unknown impact and remote attack vectors, aka DB06.

nvd

CVE-2007-3859HIGHCVSS 7.5v9.2.0.8v9.2.0.8dv2007-07-18

CVE-2007-3859 [HIGH] CVE-2007-3859: Unspecified vulnerability in the Oracle Internet Directory component for Oracle Database 9.2.0.8 and Unspecified vulnerability in the Oracle Internet Directory component for Oracle Database 9.2.0.8 and 9.2.0.8DV; Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2; and Collaboration Suite 10.1.2 has unknown impact and remote attack vectors, aka OID01.

nvd

CVE-2007-3858HIGHCVSS 7.5v10.2.0.32007-07-18

CVE-2007-3858 [HIGH] CVE-2007-3858: Multiple unspecified vulnerabilities in Oracle Database 10.2.0.3 allow remote authenticated users to Multiple unspecified vulnerabilities in Oracle Database 10.2.0.3 allow remote authenticated users to have an unknown impact via (1) EXFSYS.DBMS_RLMGR_UTL in Rules Manager (DB11) and (2) Program Interface (DB13).

nvd

CVE-2007-3855MEDIUMCVSS 6.5PoCv9.0.1.5v9.2.0.8+3 more2007-07-18

CVE-2007-3855 [MEDIUM] CVE-2007-3855: Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to have an unknown impact via (1) SYS.DBMS_DRS in the DataGuard component (DB03), (2) SYS.DBMS_STANDARD in the PL/SQL component (DB10), (3) MDSYS.RTREE_IDX in the Spatial component (DB16), and (4) SQL Compiler (DB17). N

nvd

CVE-2007-3853MEDIUMCVSS 6.5v10.1.0.5v10.2.0.32007-07-18

CVE-2007-3853 [MEDIUM] CVE-2007-3853: Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and 10.2.0.3 allow remote authentic Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and 10.2.0.3 allow remote authenticated users to have unknown impact via (1) DBMS_JAVA_TEST in the JavaVM component (DB01), (2) Oracle Text component (DB09), and (3) MDSYS.SDO_GEOR_INT in the Spatial component (DB15). NOTE: a reliable researcher claims that DB01 is SQL injection in DBMS_PRVTAQIS

nvd

CVE-2007-3854MEDIUMCVSS 5.5v9.0.1.5v9.2.0.7+5 more2007-07-18

CVE-2007-3854 [MEDIUM] CVE-2007-3854: Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.5 allow remote Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.5 allow remote authenticated users to have unknown impact via (1) SYS.DBMS_PRVTAQIS in the Advanced Queuing component (DB02) and (2) MDSYS.MD in the Spatial component (DB12). NOTE: Oracle has not disputed reliable researcher claims that DB02 is for SQL injection and DB12 is

nvd

CVE-2007-3856MEDIUMCVSS 6.5v9.2.0.7v9.2.0.8+3 more2007-07-18

CVE-2007-3856 [MEDIUM] CVE-2007-3856: Unspecified vulnerability in the Oracle Data Mining component for Oracle Database 10g Release 2 10.2 Unspecified vulnerability in the Oracle Data Mining component for Oracle Database 10g Release 2 10.2.0.2 and 10.2.0.3, 10g 10.1.0.5, and Oracle9i Database Release 2 9.2.0.7, 9.2.0.8, and 9.2.0.8DV has unknown impact and remote authenticated attack vectors related to DMSYS.DMP_SYS, aka DB04.

nvd

CVE-2007-3857MEDIUMCVSS 6.5v10.1.0.52007-07-18

CVE-2007-3857 [MEDIUM] CVE-2007-3857: Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 allow remote authenticated users to Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 allow remote authenticated users to have an unknown impact via (a) the Oracle Text component, including (1) unspecified vectors (DB05), (2) CTXSYS.DRVXMD (DB06), (3) CTXSYS.DRI_MOVE_CTXSYS (DB07), (4) CTXSYS.DRVXMD (DB08), and (b) JavaVM (DB14).

nvd

CVE-2007-2130CRITICALCVSS 9.0v9.2.0.1v10.1.0.2+1 more2007-04-18

CVE-2007-2130 [CRITICAL] CVE-2007-2130: Unspecified vulnerability in Workflow Cartridge, as used in Oracle Database Server 9.2.0.1, 10.1.0.2 Unspecified vulnerability in Workflow Cartridge, as used in Oracle Database Server 9.2.0.1, 10.1.0.2, and 10.2.0.1; Application Server 9.0.4.3 and 10.1.2.0.2; Collaboration Suite 10.1.2; and E-Business Suite; has unknown impact and remote authenticated attack vectors, aka OWF01.

nvd

CVE-2007-2116CRITICALCVSS 9.0v9.0.1.5v9.2.0.7+1 more2007-04-18

CVE-2007-2116 [CRITICAL] CVE-2007-2116: Unspecified vulnerability in the Advanced Replication component in Oracle Database 9.0.1.5+, 9.2.0.7 Unspecified vulnerability in the Advanced Replication component in Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.5 has unknown impact and attack vectors, aka DB10. NOTE: as of 20070424, Oracle has not disputed claims that these are buffer overflows in kkzi.o for the SYS.DBMS_SNAP_INTERNAL package using the (1) SNAP_OWNER or (2) SNAP_NAME parameters.

nvd

CVE-2007-2114CRITICALCVSS 9.0v10.1.0.5v10.2.0.22007-04-18

CVE-2007-2114 [CRITICAL] CVE-2007-2114: Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and 10.2.0.2 have unknown impact an Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and 10.2.0.2 have unknown impact and remote authenticated attack vectors, related to (1) Change Data Capture (CDC), aka DB08, and (2) Oracle Instant Client, aka DB11. NOTE: as of 20070424, oracle has not disputed reliable claims that these issues are buffer overflows using a long CHANGE_TABLE_

nvd

← Previous19 / 26Next →