Database Core
CVEs (77)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2012-1675 | 0.09 | — | 0.78 | May 8, 2012 | The TNS Listener, as used in Oracle Database 11g 11.1.0.7, 11.2.0.2, and 11.2.0.3, and 10g 10.2.0.3, 10.2.0.4, and 10.2.0.5, as used in Oracle Fusion Middleware, Enterprise Manager, E-Business Suite, and possibly other products, allows remote attackers to execute arbitrary… | |||
| CVE-2010-0870 | 0.04 | — | 0.13 | Apr 13, 2010 | Unspecified vulnerability in the Change Data Capture component in Oracle Database 9.2.0.8 and 9.2.0.8DV allows remote authenticated users to affect confidentiality and integrity, related to SYS.DBMS_CDC_PUBLISH. | |||
| CVE-2010-0071 | 0.04 | — | 0.10 | Jan 13, 2010 | Unspecified vulnerability in the Listener component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | |||
| CVE-2007-0272 | 0.01 | — | 0.07 | Jan 17, 2007 | Multiple buffer overflows in MDSYS.MD in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4 allows remote authenticated users to cause a denial of service (crash) or execute arbitrary code via unspecified vectors involving certain public procedures, aka DB05. | |||
| CVE-2004-1365 | 0.01 | — | 0.07 | Aug 4, 2004 | Extproc in Oracle 9i and 10g does not require authentication to load a library or execute a function, which allows local users to execute arbitrary commands as the Oracle user. | |||
| CVE-2003-0634 | 0.01 | — | 0.07 | Aug 27, 2003 | Stack-based buffer overflow in the PL/SQL EXTPROC functionality for Oracle9i Database Release 2 and 1, and Oracle 8i, allows authenticated database users, and arbitrary database users in some cases, to execute arbitrary code via a long library name. | |||
| CVE-2003-0096 | 0.01 | — | 0.16 | Mar 3, 2003 | Multiple buffer overflows in Oracle 9i Database release 2, Release 1, 8i, 8.1.7, and 8.0.6 allow remote attackers to execute arbitrary code via (1) a long conversion string argument to the TO_TIMESTAMP_TZ function, (2) a long time zone argument to the TZ_OFFSET function, or (3)… | |||
| CVE-2002-0567 | 0.01 | — | 0.09 | Jul 3, 2002 | Oracle 8i and 9i with PL/SQL package for External Procedures (EXTPROC) allows remote attackers to bypass authentication and execute arbitrary functions by using the TNS Listener to directly connect to the EXTPROC process. | |||
| CVE-2010-0867 | 0.00 | — | 0.01 | Apr 13, 2010 | Unspecified vulnerability in the JavaVM component in Oracle Database 10.2.0.4, 11.1.0.7, and 11.2.0.1.0 allows remote authenticated users to affect integrity via unknown vectors. | |||
| CVE-2010-0854 | 0.00 | — | 0.02 | Apr 13, 2010 | Unspecified vulnerability in the Audit component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote authenticated users to affect integrity, related to "SELECT, INSERT or DELETE on tables subject to auditing." | |||
| CVE-2010-0852 | 0.00 | — | 0.02 | Apr 13, 2010 | Unspecified vulnerability in the XML DB component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. | |||
| CVE-2009-3413 | 0.00 | — | 0.01 | Jan 13, 2010 | Unspecified vulnerability in the Oracle Spatial component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2008-3976 and CVE-2009-3414. | |||
| CVE-2009-3411 | 0.00 | — | 0.01 | Jan 13, 2010 | Unspecified vulnerability in the Oracle Data Pump component in Oracle Database 11.1.0.7, 10.2.0.3, 10.2.0.4, 10.1.0.5, 9.2.0.8, and 9.2.0.8DV allows remote authenticated users to affect confidentiality and integrity via unknown vectors. | |||
| CVE-2009-3410 | 0.00 | — | 0.01 | Jan 13, 2010 | Unspecified vulnerability in the RDBMS component in Oracle Database 11.1.0.7, 10.2.0.3, 10.2.0.4, 10.1.0.5, 9.2.0.8, and 9.2.0.8DV allows remote authenticated users to affect confidentiality and integrity via unknown vectors. | |||
| CVE-2009-1996 | 0.00 | — | 0.01 | Jan 13, 2010 | Unspecified vulnerability in the Logical Standby component in Oracle Database allows remote authenticated users to affect integrity via unknown vectors. | |||
| CVE-2009-1997 | 0.00 | — | 0.03 | Oct 22, 2009 | Unspecified vulnerability in the Authentication component in Oracle Database 10.2.0.3 and 11.1.0.7 allows remote attackers to affect confidentiality via unknown vectors. | |||
| CVE-2009-1995 | 0.00 | — | 0.02 | Oct 22, 2009 | Unspecified vulnerability in the Advanced Queuing component in Oracle Database 10.2.0.4 and 11.1.0.7 allows remote authenticated users to affect confidentiality and integrity, related to SYS.DBMS_AQ_INV. | |||
| CVE-2009-1994 | 0.00 | — | 0.02 | Oct 22, 2009 | Unspecified vulnerability in the Oracle Spatial component in Oracle Database 10.1.0.5 allows remote authenticated users to affect confidentiality, integrity, and availability, related to MDSYS.PRVT_CMT_CBK. | |||
| CVE-2009-1971 | 0.00 | — | 0.02 | Oct 22, 2009 | Unspecified vulnerability in the Data Pump component in Oracle Database 10.1.0.5, 10.2.0.3, and 11.1.0.7 allows remote authenticated users to affect integrity via unknown vectors. | |||
| CVE-2009-1973 | 0.00 | — | 0.02 | Jul 14, 2009 | Unspecified vulnerability in the Virtual Private Database component in Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote authenticated users to affect confidentiality and integrity, related to VPD policies. |
- CVE-2012-1675May 8, 2012risk 0.09cvss —epss 0.78
The TNS Listener, as used in Oracle Database 11g 11.1.0.7, 11.2.0.2, and 11.2.0.3, and 10g 10.2.0.3, 10.2.0.4, and 10.2.0.5, as used in Oracle Fusion Middleware, Enterprise Manager, E-Business Suite, and possibly other products, allows remote attackers to execute arbitrary…
- CVE-2010-0870Apr 13, 2010risk 0.04cvss —epss 0.13
Unspecified vulnerability in the Change Data Capture component in Oracle Database 9.2.0.8 and 9.2.0.8DV allows remote authenticated users to affect confidentiality and integrity, related to SYS.DBMS_CDC_PUBLISH.
- CVE-2010-0071Jan 13, 2010risk 0.04cvss —epss 0.10
Unspecified vulnerability in the Listener component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
- CVE-2007-0272Jan 17, 2007risk 0.01cvss —epss 0.07
Multiple buffer overflows in MDSYS.MD in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4 allows remote authenticated users to cause a denial of service (crash) or execute arbitrary code via unspecified vectors involving certain public procedures, aka DB05.
- CVE-2004-1365Aug 4, 2004risk 0.01cvss —epss 0.07
Extproc in Oracle 9i and 10g does not require authentication to load a library or execute a function, which allows local users to execute arbitrary commands as the Oracle user.
- CVE-2003-0634Aug 27, 2003risk 0.01cvss —epss 0.07
Stack-based buffer overflow in the PL/SQL EXTPROC functionality for Oracle9i Database Release 2 and 1, and Oracle 8i, allows authenticated database users, and arbitrary database users in some cases, to execute arbitrary code via a long library name.
- CVE-2003-0096Mar 3, 2003risk 0.01cvss —epss 0.16
Multiple buffer overflows in Oracle 9i Database release 2, Release 1, 8i, 8.1.7, and 8.0.6 allow remote attackers to execute arbitrary code via (1) a long conversion string argument to the TO_TIMESTAMP_TZ function, (2) a long time zone argument to the TZ_OFFSET function, or (3)…
- CVE-2002-0567Jul 3, 2002risk 0.01cvss —epss 0.09
Oracle 8i and 9i with PL/SQL package for External Procedures (EXTPROC) allows remote attackers to bypass authentication and execute arbitrary functions by using the TNS Listener to directly connect to the EXTPROC process.
- CVE-2010-0867Apr 13, 2010risk 0.00cvss —epss 0.01
Unspecified vulnerability in the JavaVM component in Oracle Database 10.2.0.4, 11.1.0.7, and 11.2.0.1.0 allows remote authenticated users to affect integrity via unknown vectors.
- CVE-2010-0854Apr 13, 2010risk 0.00cvss —epss 0.02
Unspecified vulnerability in the Audit component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote authenticated users to affect integrity, related to "SELECT, INSERT or DELETE on tables subject to auditing."
- CVE-2010-0852Apr 13, 2010risk 0.00cvss —epss 0.02
Unspecified vulnerability in the XML DB component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
- CVE-2009-3413Jan 13, 2010risk 0.00cvss —epss 0.01
Unspecified vulnerability in the Oracle Spatial component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2008-3976 and CVE-2009-3414.
- CVE-2009-3411Jan 13, 2010risk 0.00cvss —epss 0.01
Unspecified vulnerability in the Oracle Data Pump component in Oracle Database 11.1.0.7, 10.2.0.3, 10.2.0.4, 10.1.0.5, 9.2.0.8, and 9.2.0.8DV allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
- CVE-2009-3410Jan 13, 2010risk 0.00cvss —epss 0.01
Unspecified vulnerability in the RDBMS component in Oracle Database 11.1.0.7, 10.2.0.3, 10.2.0.4, 10.1.0.5, 9.2.0.8, and 9.2.0.8DV allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
- CVE-2009-1996Jan 13, 2010risk 0.00cvss —epss 0.01
Unspecified vulnerability in the Logical Standby component in Oracle Database allows remote authenticated users to affect integrity via unknown vectors.
- CVE-2009-1997Oct 22, 2009risk 0.00cvss —epss 0.03
Unspecified vulnerability in the Authentication component in Oracle Database 10.2.0.3 and 11.1.0.7 allows remote attackers to affect confidentiality via unknown vectors.
- CVE-2009-1995Oct 22, 2009risk 0.00cvss —epss 0.02
Unspecified vulnerability in the Advanced Queuing component in Oracle Database 10.2.0.4 and 11.1.0.7 allows remote authenticated users to affect confidentiality and integrity, related to SYS.DBMS_AQ_INV.
- CVE-2009-1994Oct 22, 2009risk 0.00cvss —epss 0.02
Unspecified vulnerability in the Oracle Spatial component in Oracle Database 10.1.0.5 allows remote authenticated users to affect confidentiality, integrity, and availability, related to MDSYS.PRVT_CMT_CBK.
- CVE-2009-1971Oct 22, 2009risk 0.00cvss —epss 0.02
Unspecified vulnerability in the Data Pump component in Oracle Database 10.1.0.5, 10.2.0.3, and 11.1.0.7 allows remote authenticated users to affect integrity via unknown vectors.
- CVE-2009-1973Jul 14, 2009risk 0.00cvss —epss 0.02
Unspecified vulnerability in the Virtual Private Database component in Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote authenticated users to affect confidentiality and integrity, related to VPD policies.
Page 2 of 4