Oracle 10g R2
CVEs (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2004-1363 | Cri | 0.66 | 9.8 | 0.28 | Aug 4, 2004 | Buffer overflow in extproc in Oracle 10g allows remote attackers to execute arbitrary code via environment variables in the library name, which are expanded after the length check is performed. | ||
| CVE-2007-4517 | 0.07 | — | 0.51 | Nov 8, 2007 | Buffer overflow in the XDB.XDB_PITRIG_PKG.PITRIG_DROPMETADATA procedure in Oracle 10g R2 allows remote authenticated users to execute arbitrary code via a long (1) OWNER or (2) NAME argument. | |||
| CVE-2004-1774 | 0.04 | — | 0.08 | Aug 31, 2004 | Buffer overflow in the SDO_CODE_SIZE procedure of the MD2 package (MDSYS.MD2.SDO_CODE_SIZE) in Oracle 10g before 10.1.0.2 Patch 2 allows local users to execute arbitrary code via a long LAYER parameter. | |||
| CVE-2006-7067 | 0.00 | — | 0.03 | Mar 2, 2007 | Oracle 10g R2 and possibly other versions allows remote attackers to trigger internal errors, and possibly have other impacts, via an "alter session set events" command with invalid arguments. NOTE: this issue was originally disputed by a third party, but the dispute was… | |||
| CVE-2005-1496 | 0.00 | — | 0.01 | May 11, 2005 | The DBMS_Scheduler in Oracle 10g allows remote attackers with CREATE JOB privileges to gain additional privileges by changing SESSION_USER to the SYS user. | |||
| CVE-2004-1338 | 0.00 | — | 0.00 | Dec 23, 2004 | The triggers in Oracle 9i and 10g allow local users to gain privileges by using a sequence of partially privileged actions: using CCBKAPPLROWTRIG or EXEC_CBK_FN_DML to add arbitrary functions to the SDO_CMT_DBK_FN_TABLE and SDO_CMT_CBK_DML_TABLE, then performing a DELETE on the… | |||
| CVE-2004-1369 | 0.00 | — | 0.04 | Aug 4, 2004 | The TNS Listener in Oracle 10g allows remote attackers to cause a denial of service (listener crash) via a malformed service_register_NSGR request containing a value that is used as an invalid offset for a pointer that references incorrect memory. |
- risk 0.66cvss 9.8epss 0.28
Buffer overflow in extproc in Oracle 10g allows remote attackers to execute arbitrary code via environment variables in the library name, which are expanded after the length check is performed.
- CVE-2007-4517Nov 8, 2007risk 0.07cvss —epss 0.51
Buffer overflow in the XDB.XDB_PITRIG_PKG.PITRIG_DROPMETADATA procedure in Oracle 10g R2 allows remote authenticated users to execute arbitrary code via a long (1) OWNER or (2) NAME argument.
- CVE-2004-1774Aug 31, 2004risk 0.04cvss —epss 0.08
Buffer overflow in the SDO_CODE_SIZE procedure of the MD2 package (MDSYS.MD2.SDO_CODE_SIZE) in Oracle 10g before 10.1.0.2 Patch 2 allows local users to execute arbitrary code via a long LAYER parameter.
- CVE-2006-7067Mar 2, 2007risk 0.00cvss —epss 0.03
Oracle 10g R2 and possibly other versions allows remote attackers to trigger internal errors, and possibly have other impacts, via an "alter session set events" command with invalid arguments. NOTE: this issue was originally disputed by a third party, but the dispute was…
- CVE-2005-1496May 11, 2005risk 0.00cvss —epss 0.01
The DBMS_Scheduler in Oracle 10g allows remote attackers with CREATE JOB privileges to gain additional privileges by changing SESSION_USER to the SYS user.
- CVE-2004-1338Dec 23, 2004risk 0.00cvss —epss 0.00
The triggers in Oracle 9i and 10g allow local users to gain privileges by using a sequence of partially privileged actions: using CCBKAPPLROWTRIG or EXEC_CBK_FN_DML to add arbitrary functions to the SDO_CMT_DBK_FN_TABLE and SDO_CMT_CBK_DML_TABLE, then performing a DELETE on the…
- CVE-2004-1369Aug 4, 2004risk 0.00cvss —epss 0.04
The TNS Listener in Oracle 10g allows remote attackers to cause a denial of service (listener crash) via a malformed service_register_NSGR request containing a value that is used as an invalid offset for a pointer that references incorrect memory.