Total
500 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-1021 | 1 Oracle | 1 Database Server | 2024-02-28 | 5.5 MEDIUM | N/A |
| Unspecified vulnerability in the Advanced Replication component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. | |||||
| CVE-2009-1991 | 1 Oracle | 1 Database Server | 2024-02-28 | 3.6 LOW | N/A |
| Unspecified vulnerability in the Oracle Text component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.4 allows remote authenticated users to affect confidentiality and integrity, related to CTXSYS.DRVXTABC. NOTE: the previous information was obtained from the October 2009 CPU. Oracle has not commented on claims from an established researcher that this is for multiple SQL injection vulnerabilities via the (1) idx_owner or (2) idx_name parameters to the create_tables procedure. | |||||
| CVE-2009-1018 | 1 Oracle | 1 Database Server | 2024-02-28 | 5.5 MEDIUM | N/A |
| Unspecified vulnerability in the Workspace Manager component in Oracle Database 10.2.0.4 allows remote authenticated users to affect confidentiality and integrity, related to SYS.LTRIC (WMSYS.LTRIC). | |||||
| CVE-2009-1979 | 1 Oracle | 1 Database Server | 2024-02-28 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Network Authentication component in Oracle Database 10.1.0.5 and 10.2.0.4 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2009 CPU. Oracle has not commented on claims from an independent researcher that this is related to improper validation of the AUTH_SESSKEY parameter length that leads to arbitrary code execution. | |||||
| CVE-2008-2591 | 1 Oracle | 2 Database 9i, Database Server | 2024-02-28 | 6.5 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Database Vault component in Oracle Database 9.2.0.8DV, 10.2.0.3, and 11.1.0.6 has unknown impact and remote authenticated attack vectors. | |||||
| CVE-2009-1963 | 1 Oracle | 1 Database Server | 2024-02-28 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the Network Foundation component in Oracle Database 11.1.0.6 allows remote authenticated users to affect integrity and availability via unknown vectors. | |||||
| CVE-2009-1019 | 1 Oracle | 1 Database Server | 2024-02-28 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the Network Authentication component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | |||||
| CVE-2009-1966 | 1 Oracle | 2 Database Server, Enterprise Manager | 2024-02-28 | 5.5 MEDIUM | N/A |
| Unspecified vulnerability in the Config Management component in (1) Oracle Database 11.1.0.7 and (2) Oracle Enterprise Manager 10.2.0.4 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2009-1967. | |||||
| CVE-2009-1993 | 1 Oracle | 1 Database Server | 2024-02-28 | 5.5 MEDIUM | N/A |
| Unspecified vulnerability in the Application Express component in Oracle Database 3.0.1 allows remote authenticated users to affect confidentiality and integrity, related to FLOWS_030000.WWV_EXECUTE_IMMEDIATE. | |||||
| CVE-2008-2607 | 1 Oracle | 3 Advanced Queuing Component, Database 9i, Database Server | 2024-02-28 | 6.5 MEDIUM | N/A |
| Unspecified vulnerability in the Advanced Queuing component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.6 has unknown impact and remote authenticated attack vectors related to SYS.DBMS_AQELM. NOTE: the previous information was obtained from the Oracle July 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a buffer overflow that allows attackers to cause a denial of service (database corruption) and possibly execute arbitrary code via a long argument to an unspecified procedure. | |||||
| CVE-2008-1817 | 1 Oracle | 2 Database 9i, Database Server | 2024-02-28 | 9.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3, and 11.1.0.6 have unknown impact and remote attack vectors related to (1) SDO_IDX in the Spatial component, aka DB07; and (2) Core RDBMS, aka DB10. NOTE: the previous information was obtained from the Oracle CPU. Oracle has not commented on reliable researcher claims that DB07 is SQL injection. | |||||
| CVE-2009-2001 | 1 Oracle | 1 Database Server | 2024-02-28 | 6.5 MEDIUM | N/A |
| Unspecified vulnerability in the PL/SQL component in Oracle Database 10.2.0.4 and 11.1.0.7 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. | |||||
| CVE-2008-1816 | 1 Oracle | 1 Database Server | 2024-02-28 | 5.5 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and 10.2.0.3 have unknown impact and remote authenticated attack vectors related to (1) SDO_UTIL in the Oracle Spatial component, aka DB05; or (2) fine grained auditing in the Audit component, aka DB14. NOTE: the previous information was obtained from the Oracle CPU. Oracle has not commented on reliable researcher claims that DB05 is SQL injection. | |||||
| CVE-2008-2600 | 1 Oracle | 3 Database Server, Oracle Database, Spatial Component | 2024-02-28 | 6.5 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Spatial component in Oracle Database 10.1.0.5, 10.2.0.3, and 11.1.0.6 has unknown impact and remote authenticated attack vectors related to MDSYS.SDO_TOPO_MAP. | |||||
| CVE-2009-1970 | 1 Oracle | 1 Database Server | 2024-02-28 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Listener component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote attackers to affect availability via unknown vectors, a different vulnerability than CVE-2009-0991. | |||||
| CVE-2008-2608 | 1 Oracle | 2 Data Pump Component, Database Server | 2024-02-28 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the Data Pump component in Oracle Database 10.1.0.5 and 10.2.0.3 has unknown impact and remote authenticated attack vectors related to SYS.KUPF$FILE_INT. | |||||
| CVE-2009-1968 | 1 Oracle | 1 Database Server | 2024-02-28 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the Secure Enterprise Search component in Oracle Database 10.1.8.3 allows remote attackers to affect integrity via unknown vectors. NOTE: the previous information was obtained from the July 2009 CPU. Oracle has not commented on claims from an established researcher that this is cross-site scripting (XSS) via the search_p_groups parameter in search/query/search. | |||||
| CVE-2009-1020 | 1 Oracle | 1 Database Server | 2024-02-28 | 9.0 HIGH | N/A |
| Unspecified vulnerability in the Network Foundation component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. | |||||
| CVE-2009-1971 | 1 Oracle | 1 Database Server | 2024-02-28 | 3.5 LOW | N/A |
| Unspecified vulnerability in the Data Pump component in Oracle Database 10.1.0.5, 10.2.0.3, and 11.1.0.7 allows remote authenticated users to affect integrity via unknown vectors. | |||||
| CVE-2009-1015 | 1 Oracle | 1 Database Server | 2024-02-28 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.05, and 10.2.04 allows remote authenticated users to affect integrity via unknown vectors. | |||||