Filtered by vendor Oracle
Subscribe
Total
9592 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2001-0513 | 1 Oracle | 1 Oracle9i | 2023-12-10 | 5.0 MEDIUM | N/A |
Oracle listener process on Windows NT redirects connection requests to another port and creates a separate thread to process the request, which allows remote attackers to cause a denial of service by repeatedly connecting to the Oracle listener but not connecting to the redirected port. | |||||
CVE-2002-0509 | 1 Oracle | 1 Oracle9i | 2023-12-10 | 5.0 MEDIUM | N/A |
Transparent Network Substrate (TNS) Listener in Oracle 9i 9.0.1.1 allows remote attackers to cause a denial of service (CPU consumption) via a single malformed TCP packet to port 1521. | |||||
CVE-2002-1373 | 1 Oracle | 1 Mysql | 2023-12-10 | 5.0 MEDIUM | N/A |
Signed integer vulnerability in the COM_TABLE_DUMP package for MySQL 3.23.x before 3.23.54 allows remote attackers to cause a denial of service (crash or hang) in mysqld by causing large negative integers to be provided to a memcpy call. | |||||
CVE-2001-0498 | 1 Oracle | 1 Oracle8i | 2023-12-10 | 5.0 MEDIUM | N/A |
Transparent Network Substrate (TNS) over Net8 (SQLNet) in Oracle 8i 8.1.7 and earlier allows remote attackers to cause a denial of service via a malformed SQLNet connection request with a large offset in the header extension. | |||||
CVE-2002-0843 | 2 Apache, Oracle | 4 Http Server, Application Server, Database Server and 1 more | 2023-12-10 | 7.5 HIGH | N/A |
Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response. | |||||
CVE-2000-0818 | 1 Oracle | 1 Listener | 2023-12-10 | 10.0 HIGH | N/A |
The default installation for the Oracle listener program 7.3.4, 8.0.6, and 8.1.6 allows an attacker to cause logging information to be appended to arbitrary files and execute commands via the SET TRC_FILE or SET LOG_FILE commands. | |||||
CVE-2003-1208 | 1 Oracle | 1 Oracle9i | 2023-12-10 | 10.0 HIGH | N/A |
Multiple buffer overflows in Oracle 9i 9 before 9.2.0.3 allow local users to execute arbitrary code by (1) setting the TIME_ZONE session parameter to a long value, or providing long parameters to the (2) NUMTOYMINTERVAL, (3) NUMTODSINTERVAL or (4) FROM_TZ functions. | |||||
CVE-2002-0856 | 1 Oracle | 2 Database Server, Oracle9i | 2023-12-10 | 5.0 MEDIUM | N/A |
SQL*NET listener for Oracle Net Oracle9i 9.0.x and 9.2 allows remote attackers to cause a denial of service (crash) via certain debug requests that are not properly handled by the debugging feature. | |||||
CVE-2004-1774 | 1 Oracle | 2 Application Server, Oracle10g | 2023-12-10 | 7.2 HIGH | N/A |
Buffer overflow in the SDO_CODE_SIZE procedure of the MD2 package (MDSYS.MD2.SDO_CODE_SIZE) in Oracle 10g before 10.1.0.2 Patch 2 allows local users to execute arbitrary code via a long LAYER parameter. | |||||
CVE-2002-1375 | 2 Oracle, Symantec Veritas | 3 Mysql, Netbackup Advanced Reporter, Netbackup Global Data Manager | 2023-12-10 | 7.5 HIGH | N/A |
The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x to 4.0.6, allows remote attackers to execute arbitrary code via a long response. | |||||
CVE-2004-0638 | 1 Oracle | 2 Oracle8i, Oracle9i | 2023-12-10 | 8.5 HIGH | N/A |
Buffer overflow in the KSDWRTB function in the dbms_system package (dbms_system.ksdwrt) for Oracle 9i Database Server Release 2 9.2.0.3 and 9.2.0.4, 9i Release 1 9.0.1.4 and 9.0.1.5, and 8i Release 1 8.1.7.4, allows remote authorized users to execute arbitrary code via a long second argument. | |||||
CVE-2002-1882 | 1 Oracle | 1 E-business Suite | 2023-12-10 | 7.5 HIGH | N/A |
Unknown vulnerability in AolSecurityPrivate.class in Oracle E-Business Suite 11i 11.1 through 11.6 allows remote attackers to bypass user authentication checks via unknown attack vectors. | |||||
CVE-2002-0561 | 1 Oracle | 4 Application Server, Application Server Web Cache, Oracle8i and 1 more | 2023-12-10 | 7.5 HIGH | N/A |
The default configuration of the PL/SQL Gateway web administration interface in Oracle 9i Application Server 1.0.2.x uses null authentication, which allows remote attackers to gain privileges and modify DAD settings. | |||||
CVE-2001-0126 | 1 Oracle | 1 Oracle8i | 2023-12-10 | 7.5 HIGH | N/A |
Oracle XSQL servlet 1.0.3.0 and earlier allows remote attackers to execute arbitrary Java code by redirecting the XSQL server to another source via the xml-stylesheet parameter in the xslt stylesheet. | |||||
CVE-2001-0515 | 1 Oracle | 2 Database Server, Oracle8i | 2023-12-10 | 5.0 MEDIUM | N/A |
Oracle Listener in Oracle 7.3 and 8i allows remote attackers to cause a denial of service via a malformed connection packet with a large offset_to_data value. | |||||
CVE-2004-1364 | 1 Oracle | 9 Application Server, Collaboration Suite, E-business Suite and 6 more | 2023-12-10 | 8.5 HIGH | N/A |
Directory traversal vulnerability in extproc in Oracle 9i and 10g allows remote attackers to access arbitrary libraries outside of the $ORACLE_HOME\bin directory. | |||||
CVE-2001-1372 | 1 Oracle | 1 Application Server | 2023-12-10 | 5.0 MEDIUM | N/A |
Oracle 9i Application Server 1.0.2 allows remote attackers to obtain the physical path of a file under the server root via a request for a non-existent .JSP file, which leaks the pathname in an error message. | |||||
CVE-2002-1640 | 1 Oracle | 1 Configurator | 2023-12-10 | 6.8 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Oracle Configurator before 11.5.7.17.32 and 11.5.6.16.53 allows remote attackers to inject arbitrary web script or HTML via (1) Text Features in the DHTML UI or (2) the test parameter to the oracle.apps.cz.servlet.UiServlet servlet. | |||||
CVE-1999-1125 | 1 Oracle | 1 Http Server | 2023-12-10 | 10.0 HIGH | N/A |
Oracle Webserver 2.1 and earlier runs setuid root, but the configuration file is owned by the oracle account, which allows any local or remote attacker who obtains access to the oracle account to gain privileges or modify arbitrary files by modifying the configuration file. | |||||
CVE-2004-2229 | 1 Oracle | 1 Database Server Lite | 2023-12-10 | 4.6 MEDIUM | N/A |
Multiple unknown vulnerabilities in Oracle 9i Lite Mobile Server 5.0.0.0.0 through 5.0.2.9.0 allow remote authenticated users to gain privileges. |