VYPR

Vendor CVEs

Oracle Corporation

All CVEs

10,082 total · sorted by risk
  • CVE-2007-3870Jul 18, 2007
    risk 0.00cvss epss 0.00

    Multiple unspecified vulnerabilities in the Human Capital Management component in Oracle PeopleSoft Enterprise 8.9 Bundle 11 allow local users to have unknown impact via unknown vectors, aka (1) PSE06 and (2) PSE07.

  • CVE-2007-3503Jun 30, 2007
    risk 0.00cvss epss 0.03

    The Javadoc tool in Sun JDK 6 and JDK 5.0 Update 11 can generate HTML documentation pages that contain cross-site scripting (XSS) vulnerabilities, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2007-2702May 16, 2007
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the GroupSpace application in BEA WebLogic Portal 9.2 GA allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to the rich text editor.

  • CVE-2007-2692May 16, 2007
    risk 0.00cvss epss 0.02

    The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines, which allows remote authenticated users to gain privileges.

  • CVE-2007-2703May 16, 2007
    risk 0.00cvss epss 0.02

    BEA WebLogic Portal 9.2 GA can corrupt a visitor entitlements role if an administrator provides a long role description, which might allow remote authenticated users to access privileged resources.

  • CVE-2007-2693May 16, 2007
    risk 0.00cvss epss 0.02

    MySQL before 5.1.18 allows remote authenticated users without SELECT privileges to obtain sensitive information from partitioned tables via an ALTER TABLE statement.

  • CVE-2007-2135Apr 24, 2007
    risk 0.00cvss epss 0.02

    The ADI_BINARY component in the Oracle E-Business Suite allows remote attackers to download arbitrary documents from the APPS.FND_DOCUMENTS table via the ADI_DISPLAY_REPORT function, when passed a certain parameter. NOTE: due to lack of details from Oracle, it is not clear…

  • CVE-2007-2170Apr 24, 2007
    risk 0.00cvss epss 0.04

    The APPLSYS.FND_DM_NODES package in Oracle E-Business Suite does not check for valid sessions, which allows remote attackers to delete arbitrary nodes. NOTE: due to lack of details from Oracle, it is not clear whether this issue is related to other CVE identifiers such as…

  • CVE-2007-2132Apr 18, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise 8.47.12 and 8.48.08 has unknown impact and attack vectors, aka PSE02.

  • CVE-2007-2128Apr 18, 2007
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in the Sales Online component for Oracle E-Business Suite 11.5.10 has unknown impact and remote authenticated attack vectors, aka APPS08.

  • CVE-2007-2120Apr 18, 2007
    risk 0.00cvss epss 0.03

    The Oracle Discoverer servlet in Oracle Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2.0 allows remote attackers to shut down an Oracle TNS Listener via a TNS STOP command in a request that uses the database/TNS alias, aka AS01.

  • CVE-2007-2115Apr 18, 2007
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in the Change Data Capture (CDC) component in Oracle Database 9.2.0.7, 10.1.0.5, and 10.2.0.2 has unknown impact and attack vectors, aka DB09. NOTE: as of 20070424, oracle has not disputed reliable claims that this issue involves multiple SQL injection…

  • CVE-2007-2127Apr 18, 2007
    risk 0.00cvss epss 0.02

    Multiple unspecified vulnerabilities in Oracle E-Business Suite 12.0.0 have unknown impact and remote attack vectors via (1) Application Object Library (APPS04), iStore (2) APPS05 and (3) APPS06, (4) iSupport (APPS07), (5) Trade Management (APPS09), (6) Applications Manager…

  • CVE-2007-2117Apr 18, 2007
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in the Oracle Text component in Oracle Database 9.0.1.5+ and 9.2.0.5 has unknown impact and attack vectors, aka DB12. NOTE: as of 20070424, Oracle has not disputed reliable claims that this involves a buffer overflow in the ctxsrv server daemon.

  • CVE-2007-2129Apr 18, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the Agent component in Oracle Enterprise Manager 9.2.0.8 has unknown impact and remote attack vectors, aka EM01.

  • CVE-2007-2112Apr 18, 2007
    risk 0.00cvss epss 0.04

    Unspecified vulnerability in the Authentication component for Oracle Database 10.1.0.5 and 10.2.0.3 has unknown impact and attack vectors, aka DB05. NOTE: as of 20070424, Oracle has not disputed reliable claims that this issue allows remote authenticated users to bypass the…

  • CVE-2007-2119Apr 18, 2007
    risk 0.00cvss epss 0.04

    Cross-site scripting (XSS) vulnerability in boundary_rules.jsp in the Administration Front End for Oracle Enterprise (Ultra) Search, as used in Database Server 9.2.0.8, 10.1.0.5, and 10.2.0.2, and in Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2.0 allows remote attackers…

  • CVE-2007-2111Apr 18, 2007
    risk 0.00cvss epss 0.03

    SQL injection vulnerability in the SYS.DBMS_AQADM_SYS package in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.5 allows remote authenticated users to inject arbitrary SQL commands via unknown vectors, aka DB04. NOTE: as of 20070424, Oracle has not disputed reliable claims that…

  • CVE-2007-2114Apr 18, 2007
    risk 0.00cvss epss 0.06

    Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and 10.2.0.2 have unknown impact and remote authenticated attack vectors, related to (1) Change Data Capture (CDC), aka DB08, and (2) Oracle Instant Client, aka DB11. NOTE: as of 20070424, oracle has not disputed…

  • CVE-2007-2110Apr 18, 2007
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in the Core RDBMS component for Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.4 on Windows systems has unknown impact and attack vectors, aka DB03. NOTE: as of 20070424, Oracle has not disputed reliable claims that DB03 occurs because RDBMS uses a NULL…

  • CVE-2007-2123Apr 18, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the Portal component in Oracle Application Server 10.1.3 up to 10.1.3.2.0, 10.1.2 up to 10.1.2.2.0, and 9.0.4.3 has unknown impact and attack vectors, aka AS04.

  • CVE-2007-2116Apr 18, 2007
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in the Advanced Replication component in Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.5 has unknown impact and attack vectors, aka DB10. NOTE: as of 20070424, Oracle has not disputed claims that these are buffer overflows in kkzi.o for the…

  • CVE-2007-2125Apr 18, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Collaborative Workspace in Oracle Collaboration Suite 10.1.2 has unknown impact and attack vectors, aka OCS01.

  • CVE-2007-2113Apr 18, 2007
    risk 0.00cvss epss 0.03

    SQL injection vulnerability in the Upgrade/Downgrade component (DBMS_UPGRADE_INTERNAL) for Oracle Database 10.1.0.5 allows remote authenticated users to execute arbitrary SQL commands via unknown vectors, aka DB07. NOTE: as of 20070424, Oracle has not disputed reliable claims…

  • CVE-2007-2130Apr 18, 2007
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in Workflow Cartridge, as used in Oracle Database Server 9.2.0.1, 10.1.0.2, and 10.2.0.1; Application Server 9.0.4.3 and 10.1.2.0.2; Collaboration Suite 10.1.2; and E-Business Suite; has unknown impact and remote authenticated attack vectors, aka OWF01.

  • CVE-2007-2121Apr 18, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the COREid Access component in Oracle Application Server 7.0.4.4 has unknown impact and attack vectors, aka AS02.

  • CVE-2007-2124Apr 18, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the Portal component in Oracle Application Server 10.1.4.1.0 has unknown impact and remote attack vectors, aka AS05.

  • CVE-2007-2133Apr 18, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the PeopleSoft Enterprise Human Capital Management component in Oracle PeopleSoft Enterprise 8.9 has unknown impact and attack vectors, aka PSEHCM01.

  • CVE-2007-2118Apr 18, 2007
    risk 0.00cvss epss 0.04

    Unspecified vulnerability in the Upgrade/Downgrade component of Oracle Database 9.0.1.5 and 9.2.0.7 has unknown impact and attack vectors, aka DB13. NOTE: as of 20070424, Oracle has not disputed reliable claims that this is a buffer overflow involving the "mig utility."

  • CVE-2007-2134Apr 18, 2007
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in the HTML Server in Oracle JD Edwards EnterpriseOne SP23_Q1 and 8.96.I1 has unknown impact and local attack vectors, aka JDE01.

  • CVE-2007-2109Apr 18, 2007
    risk 0.00cvss epss 0.02

    Multiple unspecified vulnerabilities in Oracle Database 10.2.0.3 have unknown impact and remote authenticated attack vectors related to (1) Rules Manager and Expression Filter components (DB02) and (2) Oracle Streams (DB06). Note: as of 20070424, Oracle has not disputed…

  • CVE-2007-2122Apr 18, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the Wireless component in Oracle Application Server 9.0.4.3 has unknown impact and attack vectors, aka AS03.

  • CVE-2007-2131Apr 18, 2007
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in PeopleTools in Oracle PeopleSoft Enterprise 8.22.14, 8.47.12, and 8.48.08 has unknown impact and attack vectors, aka PSE01.

  • CVE-2007-2126Apr 18, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Oracle E-Business Suite 11.5.10CU2 has unknown impact and remote attack vectors in the (1) Common Applications (APPS01) and (2) iProcurement (APPS02).

  • CVE-2007-1609Mar 22, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in servlet/Spy in Dynamic Monitoring Services (DMS) in Oracle Application Server (OAS) 10g 10.1.2.0.0 allows remote attackers to inject arbitrary web script or HTML via the table parameter. NOTE: This may be related to CVE-2002-0563.

  • CVE-2007-1442Mar 14, 2007
    risk 0.00cvss epss 0.00

    Oracle Database 10g uses a NULL pDacl parameter when calling the SetSecurityDescriptorDacl function to create discretionary access control lists (DACLs), which allows local users to gain privileges.

  • CVE-2006-7138Mar 7, 2007
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in wwv_flow_utilities.gen_popup_list in the WWV_FLOW_UTILITIES package for Oracle APEX/HTMLDB before 2.2 allows remote authenticated users to execute arbitrary SQL by modifying the P_LOV parameter and calculating a matching MD5 checksum for the…

  • CVE-2006-7158Mar 7, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Oracle Application Express (APEX) before 2.2.1, aka Oracle HTML DB, allows remote attackers to inject arbitrary web script or HTML via the NOTIFICATION_MSG parameter. NOTE: it is likely that this issue overlaps one of the identifiers…

  • CVE-2007-0895Feb 13, 2007
    risk 0.00cvss epss 0.00

    Race condition in recursive directory deletion with the (1) -r or (2) -R option in rm in Solaris 8 through 10 before 20070208 allows local users to delete files and directories as the user running rm by moving a low-level directory to a higher level as it is being deleted, which…

  • CVE-2007-0423Jan 23, 2007
    risk 0.00cvss epss 0.00

    BEA WebLogic Portal 9.2 does not properly handle when an administrator deletes entitlements for a role, which causes other role entitlements to be "inadvertently affected," which has an unknown impact.

  • CVE-2007-0418Jan 23, 2007
    risk 0.00cvss epss 0.02

    BEA WebLogic Server 7.0 through 7.0 SP6, 8.1 through 8.1 SP5, 9.0, and 9.1 does not enforce a security policy that declares permissions for EJB methods that have array parameters, which allows remote attackers to obtain unauthorized access to these methods.

  • CVE-2007-0426Jan 23, 2007
    risk 0.00cvss epss 0.03

    BEA WebLogic Portal 9.2, when running in a WebLogic Server clustered environment using WebLogic Portal entitlements, does not properly propagate entitlement policy changes if the changes are made on a managed server while the Administrative Server is unavailable, which might…

  • CVE-2007-0293Jan 17, 2007
    risk 0.00cvss epss 0.02

    Multiple unspecified vulnerabilities in Oracle Enterprise Manager 10.1.0.5 and 10.2.0.1 have unknown impact and attack vectors related to (1) Oracle Agent (EM03) and (2) EM04 and (3) EM05 in Enterprise Manager Console. NOTE: EM05 might be related to CVE-2007-0222.

  • CVE-2007-0288Jan 17, 2007
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in Oracle Application Server 10.1.4.0 has unknown impact and attack vectors related to Oracle Internet Directory, aka OID01.

  • CVE-2007-0291Jan 17, 2007
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in Oracle E-Business Suite and Applications 6.2.3 has unknown impact and attack vectors related to Oracle Exchange, aka APPS02.

  • CVE-2007-0276Jan 17, 2007
    risk 0.00cvss epss 0.00

    Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4 and 9.0.1.5 have unknown impact and attack vectors related to (1) Advanced Security Option and oklist or okdstry (DB10), (2) Oracle Net Services (DB13), and (3) Recovery Manager and oklist (DB16).

  • CVE-2007-0270Jan 17, 2007
    risk 0.00cvss epss 0.05

    Buffer overflow in SYS.DBMS_DRS in Oracle Database 9.2.0.7 and 10.1.0.4 allows remote authenticated users to cause a denial of service (crash) or execute arbitrary code via the GET_PROPERTY function in SYS.DBMS_DRS, aka DB03.

  • CVE-2007-0286Jan 17, 2007
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in Oracle Application Server 10.1.2.0.2 and 10.1.3.0, and Collaboration Suite 10.1.2, has unknown impact and attack vectors related to Containers for J2EE, aka OC4J07.

  • CVE-2007-0269Jan 17, 2007
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3 has unknown impact and attack vectors related to the Change Data Capture and sys.dbms_cdc_subscribe privileges, aka DB02.

  • CVE-2007-0295Jan 17, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.22.13 and 8.47.11 has unknown impact and attack vectors in PeopleTools, aka PSE01.

Page 195 of 202