VYPR

Vendor CVEs

Oracle Corporation

All CVEs

10,010 total · sorted by risk
  • CVE-2008-3996Oct 14, 2008
    risk 0.04cvss epss 0.10

    Unspecified vulnerability in the Change Data Capture component in Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to SYS.DBMS_CDC_IPUBLISH.

  • CVE-2008-3995Oct 14, 2008
    risk 0.04cvss epss 0.10

    Unspecified vulnerability in the Change Data Capture component in Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to DBMS_CDC_PUBLISH.

  • CVE-2008-3982Oct 14, 2008
    risk 0.04cvss epss 0.11

    Unspecified vulnerability in the Workspace Manager component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to SYS.LT and WMSYS.LT, a different vulnerability than…

  • CVE-2008-4456Oct 6, 2008
    risk 0.04cvss epss 0.07

    Cross-site scripting (XSS) vulnerability in the command-line client in MySQL 5.0.26 through 5.0.45, and other versions including versions later than 5.0.45, when the --html option is enabled, allows attackers to inject arbitrary web script or HTML by placing it in a database…

  • CVE-2008-3963Sep 11, 2008
    risk 0.04cvss epss 0.06

    MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6 does not properly handle a b'' (b single-quote single-quote) token, aka an empty bit-string literal, which allows remote attackers to cause a denial of service (daemon crash) by using this token in a SQL statement.

  • CVE-2008-2595Jul 15, 2008
    risk 0.04cvss epss 0.11

    Unspecified vulnerability in the Oracle Internet Directory component in Oracle Application Server 9.0.4.3, 10.1.2.3, and 10.1.4.2 has unknown impact and remote attack vectors. NOTE: the previous information was obtained from the Oracle July 2008 CPU. Oracle has not commented…

  • CVE-2008-2138May 12, 2008
    risk 0.04cvss epss 0.16

    Oracle Application Server (OracleAS) Portal 10g allows remote attackers to bypass intended access restrictions and read the contents of /dav_portal/portal/ by sending a request containing a trailing "%0A" (encoded line feed), then using the session ID that is generated from that…

  • CVE-2008-0339Jan 17, 2008
    risk 0.04cvss epss 0.15

    Unspecified vulnerability in the XML DB component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 has unknown impact and remote attack vectors, aka DB01.

  • CVE-2007-5000Dec 13, 2007
    risk 0.04cvss epss 0.47

    Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or…

  • CVE-2007-3855Jul 18, 2007
    risk 0.04cvss epss 0.16

    Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to have an unknown impact via (1) SYS.DBMS_DRS in the DataGuard component (DB03), (2) SYS.DBMS_STANDARD in the PL/SQL component (DB10),…

  • CVE-2007-2583May 10, 2007
    risk 0.04cvss epss 0.11

    The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40, and 5.1 before 5.1.18-beta, allows context-dependent attackers to cause a denial of service (crash) via a crafted IF clause that results in a divide-by-zero error and a NULL pointer dereference.

  • CVE-2006-6697Dec 22, 2006
    risk 0.04cvss epss 0.10

    CRLF injection vulnerability in webapp/jsp/calendar.jsp in Oracle Portal 10g and earlier, including 9.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter.

  • CVE-2006-4227Aug 18, 2006
    risk 0.04cvss epss 0.12

    MySQL before 5.0.25 and 5.1 before 5.1.12 evaluates arguments of suid routines in the security context of the routine's definer instead of the routine's caller, which allows remote authenticated users to gain privileges through a routine that has been made available using GRANT…

  • CVE-2006-3698Jul 21, 2006
    risk 0.04cvss epss 0.06

    Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB01 for Change Data Capture (CDC) component and (2) DB03 for Data Pump Metadata API. NOTE: as of 20060719, Oracle has not disputed a claim by a…

  • CVE-2006-0549Feb 4, 2006
    risk 0.04cvss epss 0.08

    SQL injection vulnerability in the SYS.DBMS_METADATA_UTIL package in Oracle Database 10g, and possibly earlier versions, might allow remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: due to the lack of relevant details from the Oracle advisory, a…

  • CVE-2005-3202Oct 14, 2005
    risk 0.04cvss epss 0.11

    Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTML DB (HTMLDB) 1.3 through 1.3.6 allow remote attackers to inject arbitrary web script or HTML, and subsequently execute SQL statements via the (1) p or (2) p_t02 parameters.

  • CVE-2005-1382May 3, 2005
    risk 0.04cvss epss 0.07

    The webcacheadmin module in Oracle Webcache 9i allows remote attackers to corrupt arbitrary files via a full pathname in the cache_dump_file parameter.

  • CVE-2005-0873May 2, 2005
    risk 0.04cvss epss 0.11

    Multiple cross-site scripting (XSS) vulnerabilities in test.jsp in Oracle Reports Server 10g (9.0.4.3.3) allow remote attackers to inject arbitrary web script or HTML via the (1) desname or (2) repprod parameter.

  • CVE-2005-0709May 2, 2005
    risk 0.04cvss epss 0.18

    MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authenticated users with INSERT and DELETE privileges to execute arbitrary code by using CREATE FUNCTION to access libc calls, as demonstrated by using strcat, on_exit, and exit.

  • CVE-2005-0710May 2, 2005
    risk 0.04cvss epss 0.13

    MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authenticated users with INSERT and DELETE privileges to bypass library path restrictions and execute arbitrary libraries by using INSERT INTO to modify the mysql.func table, which is processed by the udf_init…

  • CVE-2005-0701Mar 7, 2005
    risk 0.04cvss epss 0.18

    Directory traversal vulnerability in Oracle Database Server 8i and 9i allows remote attackers to read or rename arbitrary files via "\\.\\.." (modified dot dot backslash) sequences to UTL_FILE functions such as (1) UTL_FILE.FOPEN or (2) UTL_FILE.frename.

  • CVE-2004-0637Sep 2, 2004
    risk 0.04cvss epss 0.18

    Oracle Database Server 8.1.7.4 through 9.2.0.4 allows local users to execute commands with additional privileges via the ctxsys.driload package, which is publicly accessible.

  • CVE-2004-1364Aug 4, 2004
    risk 0.04cvss epss 0.14

    Directory traversal vulnerability in extproc in Oracle 9i and 10g allows remote attackers to access arbitrary libraries outside of the $ORACLE_HOME\bin directory.

  • CVE-2002-1809Dec 31, 2002
    risk 0.04cvss epss 0.16

    The default configuration of the Windows binary release of MySQL 3.23.2 through 3.23.52 has a NULL root password, which could allow remote attackers to gain unauthorized root access to the MySQL database.

  • CVE-2002-0563Jul 3, 2002
    risk 0.04cvss epss 0.51

    The default configuration of Oracle 9i Application Server 1.0.2.x allows remote anonymous users to access sensitive services without authentication, including Dynamic Monitoring Services (1) dms0, (2) dms/DMSDump, (3) servlet/DMSDump, (4) servlet/Spy, (5) soap/servlet/Spy, and…

  • CVE-2002-0106Mar 25, 2002
    risk 0.04cvss epss 0.07

    BEA Systems Weblogic Server 6.1 allows remote attackers to cause a denial of service via a series of requests to .JSP files that contain an MS-DOS device name.

  • CVE-2001-1217Dec 21, 2001
    risk 0.04cvss epss 0.54

    Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.

  • CVE-2001-0836Dec 6, 2001
    risk 0.04cvss epss 0.15

    Buffer overflow in Oracle9iAS Web Cache 2.0.0.1 allows remote attackers to execute arbitrary code via a long HTTP GET request.

  • CVE-2000-0045Jan 11, 2000
    risk 0.04cvss epss 0.07

    MySQL allows local users to modify passwords for arbitrary MySQL users via the GRANT privilege.

  • CVE-1999-0101Dec 10, 1996
    risk 0.04cvss epss 0.08

    Buffer overflow in AIX and Solaris "gethostbyname" library call allows root access through corrupt DNS host names.

  • CVE-2015-4878Oct 21, 2015
    risk 0.03cvss epss 0.01

    Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2015-4877.

  • CVE-2015-4877Oct 21, 2015
    risk 0.03cvss epss 0.01

    Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2015-4878.

  • CVE-2015-4481Aug 16, 2015
    risk 0.03cvss epss 0.01

    Race condition in the Mozilla Maintenance Service in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Windows allows local users to write to arbitrary files and consequently gain privileges via vectors involving a hard link to a log file during an update.

  • CVE-2015-3329Jun 9, 2015
    risk 0.03cvss epss 0.38

    Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allow remote attackers to execute arbitrary code via a crafted length value in a (1) tar, (2) phar, or (3) ZIP archive.

  • CVE-2015-3145Apr 24, 2015
    risk 0.03cvss epss 0.38

    The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing…

  • CVE-2015-2572Apr 16, 2015
    risk 0.03cvss epss 0.01

    Unspecified vulnerability in the Oracle Hyperion Smart View for Office component in Oracle Hyperion 11.1.2.5.216 and earlier, when running on Windows, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core.

  • CVE-2015-0493Apr 16, 2015
    risk 0.03cvss epss 0.01

    Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.1, 8.5.0, and 8.5.1 allows local users to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2015-0474.

  • CVE-2015-0474Apr 16, 2015
    risk 0.03cvss epss 0.01

    Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.1, 8.5.0, and 8.5.1 allows local users to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2015-0493.

  • CVE-2014-4210Jul 17, 2014
    risk 0.03cvss epss 0.38

    Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0 and 10.3.6.0 allows remote attackers to affect confidentiality via vectors related to WLS - Web Services.

  • CVE-2014-0050Apr 1, 2014
    risk 0.03cvss epss 0.83

    MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended…

  • CVE-2014-0981Mar 31, 2014
    risk 0.03cvss epss 0.01

    VBox/GuestHost/OpenGL/util/net.c in Oracle VirtualBox before 3.2.22, 4.0.x before 4.0.24, 4.1.x before 4.1.32, 4.2.x before 4.2.24, and 4.3.x before 4.3.8, when using 3D Acceleration allows local guest OS users to execute arbitrary code on the Chromium server via crafted…

  • CVE-2013-5791Oct 16, 2013
    risk 0.03cvss epss 0.02

    Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.4.1 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters. NOTE: the previous information is from the October…

  • CVE-2013-3792Oct 16, 2013
    risk 0.03cvss epss 0.01

    Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.18, 4.0.20, 4.1.28, and 4.2.18 allows local users to affect availability via unknown vectors related to Core.

  • CVE-2013-1509Apr 17, 2013
    risk 0.03cvss epss 0.02

    Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 7.6.2, 11.1.1.6.0, and 11.1.1.6.1 allows remote authenticated users to affect integrity via unknown vectors related to WebCenter Sites.

  • CVE-2013-0169Feb 8, 2013
    risk 0.03cvss epss 0.36

    The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote…

  • CVE-2013-0397Jan 17, 2013
    risk 0.03cvss epss 0.03

    Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Diagnostics.

  • CVE-2012-3221Oct 17, 2012
    risk 0.03cvss epss 0.01

    Unspecified vulnerability in the Oracle VM Virtual Box component in Oracle Virtualization 3.2, 4.0, and 4.1 allows local users to affect availability via unknown vectors related to VirtualBox Core. NOTE: The previous information was obtained from the October 2012 CPU. Oracle…

  • CVE-2012-3186Oct 17, 2012
    risk 0.03cvss epss 0.04

    Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 6.1, 6.2, 6.3.x, 7, 7.0.1, 7.0.2, 7.0.3, 7.5, 7.6.1, 7.6.2, and 11.1.1.6.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to…

  • CVE-2012-3185Oct 17, 2012
    risk 0.03cvss epss 0.04

    Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 6.1, 6.2, 6.3.x, 7, 7.0.1, 7.0.2, 7.0.3, 7.5, 7.6.1, 7.6.2, and 11.1.1.6.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to…

  • CVE-2012-3184Oct 17, 2012
    risk 0.03cvss epss 0.04

    Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 6.1, 6.2, 6.3.x, 7, 7.0.1, 7.0.2, 7.0.3, 7.5, 7.6.1, 7.6.2, and 11.1.1.6.0 allows remote attackers to affect integrity via unknown vectors related to Advanced UI.

Page 122 of 201