Filtered by vendor Oracle
Subscribe
Total
9592 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2004-0836 | 2 Debian, Oracle | 2 Debian Linux, Mysql | 2023-12-10 | 10.0 HIGH | N/A |
Buffer overflow in the mysql_real_connect function in MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows remote DNS servers to cause a denial of service and possibly execute arbitrary code via a DNS response with a large address length (h_length). | |||||
CVE-2003-1116 | 1 Oracle | 1 E-business Suite | 2023-12-10 | 5.0 MEDIUM | N/A |
The communications protocol for the Report Review Agent (RRA), aka FND File Server (FNDFS) program, in Oracle E-Business Suite 10.7, 11.0, and 11.5.1 to 11.5.8 allows remote attackers to bypass authentication and obtain sensitive information from the Oracle Applications Concurrent Manager by spoofing requests to the TNS Listener. | |||||
CVE-2001-0974 | 1 Oracle | 1 Internet Directory | 2023-12-10 | 7.5 HIGH | N/A |
Format string vulnerabilities in Oracle Internet Directory Server (LDAP) 2.1.1.x and 3.0.1 allow remote attackers to execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite. | |||||
CVE-2002-0857 | 1 Oracle | 2 Database Server, Oracle8i | 2023-12-10 | 7.5 HIGH | N/A |
Format string vulnerabilities in Oracle Listener Control utility (lsnrctl) for Oracle 9.2 and 9.0, 8.1, and 7.3.4, allow remote attackers to execute arbitrary code on the Oracle DBA system by placing format strings into certain entries in the listener.ora configuration file. | |||||
CVE-2002-1767 | 1 Oracle | 1 Database Server | 2023-12-10 | 7.2 HIGH | N/A |
Buffer overflow in tnslsnr of Oracle 8i Database Server 8.1.5 for Linux allows local users to execute arbitrary code as the oracle user via a long command line argument. | |||||
CVE-2002-0659 | 3 Apple, Openssl, Oracle | 5 Mac Os X, Openssl, Application Server and 2 more | 2023-12-10 | 5.0 MEDIUM | N/A |
The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allows remote attackers to cause a denial of service via invalid encodings. | |||||
CVE-2004-2244 | 1 Oracle | 2 Application Server, Oracle9i | 2023-12-10 | 5.0 MEDIUM | N/A |
The XML parser in Oracle 9i Application Server Release 2 9.0.3.0 and 9.0.3.1, 9.0.2.3 and earlier, and Release 1 1.0.2.2 and 1.0.2.2.2, and Database Server Release 2 9.2.0.1 and later, allows remote attackers to cause a denial of service (CPU and memory consumption) via a SOAP message containing a crafted DTD. | |||||
CVE-2003-0727 | 1 Oracle | 1 Database Server | 2023-12-10 | 2.1 LOW | N/A |
Multiple buffer overflows in the XML Database (XDB) functionality for Oracle 9i Database Release 2 allow local users to cause a denial of service or hijack user sessions. | |||||
CVE-2001-0831 | 1 Oracle | 1 Database Server | 2023-12-10 | 4.6 MEDIUM | N/A |
Unknown vulnerability in Oracle Label Security in Oracle 8.1.7 and 9.0.1, when audit functionality, SET_LABEL, or SQL*Predicate is being used, allows local users to gain additional access. | |||||
CVE-2004-1349 | 2 Gnu, Oracle | 2 Gzip, Solaris | 2023-12-10 | 2.1 LOW | N/A |
gzip before 1.3 in Solaris 8, when called with the -f or -force flags, will change the permissions of files that are hard linked to the target files, which allows local users to view or modify these files. | |||||
CVE-2003-1331 | 1 Oracle | 1 Mysql | 2023-12-10 | 4.0 MEDIUM | N/A |
Stack-based buffer overflow in the mysql_real_connect function in the MySql client library (libmysqlclient) 4.0.13 and earlier allows local users to execute arbitrary code via a long socket name, a different vulnerability than CVE-2001-1453. | |||||
CVE-1999-0524 | 11 Apple, Cisco, Hp and 8 more | 14 Mac Os X, Macos, Ios and 11 more | 2023-12-10 | 2.1 LOW | N/A |
ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts. | |||||
CVE-2002-2153 | 1 Oracle | 1 Application Server | 2023-12-10 | 7.5 HIGH | N/A |
Format string vulnerability in the administrative pages of the PL/SQL module for Oracle Application Server 4.0.8 and 4.0.8 2 allows remote attackers to execute arbitrary code. | |||||
CVE-2001-1255 | 2 Mysql, Oracle | 2 Winmysqladmin, Mysql | 2023-12-10 | 4.6 MEDIUM | N/A |
WinMySQLadmin 1.1 stores the MySQL password in plain text in the my.ini file, which allows local users to obtain unathorized access the MySQL database. | |||||
CVE-2002-1374 | 2 Oracle, Symantec Veritas | 3 Mysql, Netbackup Advanced Reporter, Netbackup Global Data Manager | 2023-12-10 | 7.5 HIGH | N/A |
The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x before 4.0.6, allows remote attackers to gain privileges via a brute force attack using a one-character password, which causes MySQL to only compare the provided password against the first character of the real password. | |||||
CVE-2002-2347 | 1 Oracle | 1 Application Server | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Oracle Java Server Page (OJSP) demo files (1) hellouser.jsp, (2) welcomeuser.jsp and (3) usebean.jsp in Oracle 9i Application Server 9.0.2, 1.0.2.2, 1.0.2.1s and 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the text entry field. | |||||
CVE-2001-0516 | 1 Oracle | 2 Oracle8i, Oracle9i | 2023-12-10 | 5.0 MEDIUM | N/A |
Oracle listener between Oracle 9i and Oracle 8.0 allows remote attackers to cause a denial of service via a malformed connection packet that contains an incorrect requester_version value that does not match an expected offset to the data. | |||||
CVE-2003-1183 | 1 Oracle | 1 Oracle Files | 2023-12-10 | 4.6 MEDIUM | N/A |
The WebCache component in Oracle Files 9.0.3.1.0, 9.0.3.2.0, and 9.0.3.3.0 of Oracle Collaboration Suite Release 1 caches files despite the cacheability rules imposed by Oracle Files, which allows local users to gain access. | |||||
CVE-2002-0567 | 1 Oracle | 3 Database Server, Oracle8i, Oracle9i | 2023-12-10 | 7.5 HIGH | N/A |
Oracle 8i and 9i with PL/SQL package for External Procedures (EXTPROC) allows remote attackers to bypass authentication and execute arbitrary functions by using the TNS Listener to directly connect to the EXTPROC process. | |||||
CVE-2003-0841 | 1 Oracle | 1 Peopletools | 2023-12-10 | 5.0 MEDIUM | N/A |
The grid option in PeopleSoft 8.42 stores temporary .xls files in guessable directories under the web document root, which allows remote attackers to steal search results by directly accessing the files via a URL request. |