Oracle9i
CVEs (52)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2002-1118 | 0.00 | — | 0.03 | Oct 28, 2002 | TNS Listener in Oracle Net Services for Oracle 9i 9.2.x and 9.0.x, and Oracle 8i 8.1.x, allows remote attackers to cause a denial of service (hang or crash) via a SERVICE_CURLOAD command. | |||
| CVE-2002-0856 | 0.00 | — | 0.03 | Sep 5, 2002 | SQL*NET listener for Oracle Net Oracle9i 9.0.x and 9.2 allows remote attackers to cause a denial of service (crash) via certain debug requests that are not properly handled by the debugging feature. | |||
| CVE-2002-0858 | 0.00 | — | 0.02 | Sep 5, 2002 | catsnmp in Oracle 9i and 8i is installed with a dbsnmp user with a default dbsnmp password, which allows attackers to perform restricted database operations and possibly gain other privileges. | |||
| CVE-2002-0509 | 0.00 | — | 0.03 | Aug 12, 2002 | Transparent Network Substrate (TNS) Listener in Oracle 9i 9.0.1.1 allows remote attackers to cause a denial of service (CPU consumption) via a single malformed TCP packet to port 1521. | |||
| CVE-2002-0560 | 0.00 | — | 0.04 | Jul 3, 2002 | PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to obtain sensitive information via the OWA_UTIL stored procedures (1) OWA_UTIL.signature, (2) OWA_UTIL.listprint, or (3) OWA_UTIL.show_query_columns. | |||
| CVE-2002-0565 | 0.00 | — | 0.06 | Jul 3, 2002 | Oracle 9iAS 1.0.2.x compiles JSP files in the _pages directory with world-readable permissions under the web root, which allows remote attackers to obtain sensitive information derived from the JSP code, including usernames and passwords, via a direct HTTP request to _pages. | |||
| CVE-2002-0571 | 0.00 | — | 0.03 | Jul 3, 2002 | Oracle Oracle9i database server 9.0.1.x allows local users to access restricted data via a SQL query using ANSI outer join syntax. | |||
| CVE-2002-0566 | 0.00 | — | 0.04 | Jul 3, 2002 | PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to cause a denial of service (crash) via an HTTP Authorization header without an authentication type. | |||
| CVE-2002-0564 | 0.00 | — | 0.05 | Jul 3, 2002 | PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to bypass authentication for a Database Access Descriptor (DAD) by modifying the URL to reference an alternate DAD that already has valid credentials. | |||
| CVE-2001-0516 | 0.00 | — | 0.02 | Jul 21, 2001 | Oracle listener between Oracle 9i and Oracle 8.0 allows remote attackers to cause a denial of service via a malformed connection packet that contains an incorrect requester_version value that does not match an expected offset to the data. | |||
| CVE-2001-0518 | 0.00 | — | 0.02 | Jul 21, 2001 | Oracle listener before Oracle 9i allows attackers to cause a denial of service by repeatedly sending the first portion of a fragmented Oracle command without sending the remainder of the command, which causes the listener to hang. | |||
| CVE-2001-0513 | 0.00 | — | 0.03 | Jul 21, 2001 | Oracle listener process on Windows NT redirects connection requests to another port and creates a separate thread to process the request, which allows remote attackers to cause a denial of service by repeatedly connecting to the Oracle listener but not connecting to the… |
- CVE-2002-1118Oct 28, 2002risk 0.00cvss —epss 0.03
TNS Listener in Oracle Net Services for Oracle 9i 9.2.x and 9.0.x, and Oracle 8i 8.1.x, allows remote attackers to cause a denial of service (hang or crash) via a SERVICE_CURLOAD command.
- CVE-2002-0856Sep 5, 2002risk 0.00cvss —epss 0.03
SQL*NET listener for Oracle Net Oracle9i 9.0.x and 9.2 allows remote attackers to cause a denial of service (crash) via certain debug requests that are not properly handled by the debugging feature.
- CVE-2002-0858Sep 5, 2002risk 0.00cvss —epss 0.02
catsnmp in Oracle 9i and 8i is installed with a dbsnmp user with a default dbsnmp password, which allows attackers to perform restricted database operations and possibly gain other privileges.
- CVE-2002-0509Aug 12, 2002risk 0.00cvss —epss 0.03
Transparent Network Substrate (TNS) Listener in Oracle 9i 9.0.1.1 allows remote attackers to cause a denial of service (CPU consumption) via a single malformed TCP packet to port 1521.
- CVE-2002-0560Jul 3, 2002risk 0.00cvss —epss 0.04
PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to obtain sensitive information via the OWA_UTIL stored procedures (1) OWA_UTIL.signature, (2) OWA_UTIL.listprint, or (3) OWA_UTIL.show_query_columns.
- CVE-2002-0565Jul 3, 2002risk 0.00cvss —epss 0.06
Oracle 9iAS 1.0.2.x compiles JSP files in the _pages directory with world-readable permissions under the web root, which allows remote attackers to obtain sensitive information derived from the JSP code, including usernames and passwords, via a direct HTTP request to _pages.
- CVE-2002-0571Jul 3, 2002risk 0.00cvss —epss 0.03
Oracle Oracle9i database server 9.0.1.x allows local users to access restricted data via a SQL query using ANSI outer join syntax.
- CVE-2002-0566Jul 3, 2002risk 0.00cvss —epss 0.04
PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to cause a denial of service (crash) via an HTTP Authorization header without an authentication type.
- CVE-2002-0564Jul 3, 2002risk 0.00cvss —epss 0.05
PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to bypass authentication for a Database Access Descriptor (DAD) by modifying the URL to reference an alternate DAD that already has valid credentials.
- CVE-2001-0516Jul 21, 2001risk 0.00cvss —epss 0.02
Oracle listener between Oracle 9i and Oracle 8.0 allows remote attackers to cause a denial of service via a malformed connection packet that contains an incorrect requester_version value that does not match an expected offset to the data.
- CVE-2001-0518Jul 21, 2001risk 0.00cvss —epss 0.02
Oracle listener before Oracle 9i allows attackers to cause a denial of service by repeatedly sending the first portion of a fragmented Oracle command without sending the remainder of the command, which causes the listener to hang.
- CVE-2001-0513Jul 21, 2001risk 0.00cvss —epss 0.03
Oracle listener process on Windows NT redirects connection requests to another port and creates a separate thread to process the request, which allows remote attackers to cause a denial of service by repeatedly connecting to the Oracle listener but not connecting to the…
Page 3 of 3