Filtered by vendor Oracle
Subscribe
Total
10321 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-5376 | 1 Oracle | 1 Peoplesoft Enterprise | 2025-04-09 | 9.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in PeopleTools component in Oracle PeopleSoft Enterprise 8.22 GA, 8.46 GA, 8.47 GA, 8.48 GA, 8.22.11, 8.46.15, 8.47.09, and 8.48.03 have unknown impact and remote authenticated attack vectors, aka Vuln# (1) PSE04, (2) PSE06, (3) PSE07, and (4) PSE08. | |||||
| CVE-2006-5358 | 1 Oracle | 1 Application Server | 2025-04-09 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Oracle Forms component in Oracle Application Server 9.0.4.3 and 10.1.2.0.2 has unknown impact and remote attack vectors, aka Vuln# FORM01. | |||||
| CVE-2009-1977 | 1 Oracle | 1 Secure Backup | 2025-04-09 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the July 2009 Oracle CPU. Oracle has not commented on claims from an independent researcher that this vulnerability allows attackers to bypass authentication via unknown vectors involving the username parameter and login.php. | |||||
| CVE-2009-1553 | 1 Oracle | 1 Glassfish Server | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Admin Console in Sun GlassFish Enterprise Server 2.1 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) applications/applications.jsf, (2) configuration/configuration.jsf, (3) customMBeans/customMBeans.jsf, (4) resourceNode/resources.jsf, (5) sysnet/registration.jsf, or (6) webService/webServicesGeneral.jsf; or the name parameter to (7) configuration/auditModuleEdit.jsf, (8) configuration/httpListenerEdit.jsf, or (9) resourceNode/jdbcResourceEdit.jsf. | |||||
| CVE-2010-0077 | 1 Oracle | 1 E-business Suite | 2025-04-09 | 6.4 MEDIUM | N/A |
| Unspecified vulnerability in the CRM Technical Foundation (mobile) component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.2 allows remote attackers to affect confidentiality and integrity via unknown vectors. | |||||
| CVE-2007-4822 | 2 Buffalotech, Oracle | 2 Airstation Whr-g54s, Database Server | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the device management interface in Buffalo AirStation WHR-G54S 1.20 allows remote attackers to make configuration changes as an administrator via HTTP requests to certain HTML pages in the res parameter with an inp req parameter to cgi-bin/cgi, as demonstrated by accessing (1) ap.html and (2) filter_ip.html. | |||||
| CVE-2008-5461 | 1 Oracle | 1 Bea Product Suite | 2025-04-09 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0, and SP7 allows remote attackers to affect confidentiality, integrity, and availability, related to WLS. NOTE: the previous information was obtained from the January 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is cross-site scripting. | |||||
| CVE-2008-2625 | 1 Oracle | 2 Database 10g, Database 9i | 2025-04-09 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.2 allows remote attackers to affect confidentiality and integrity via unknown vectors. NOTE: the previous information was obtained from the Oracle October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue involves an authentication bypass by establishing a TNS connection and impersonating a user session via a crafted authentication message during proxy authentication mode. | |||||
| CVE-2009-1992 | 2 Microsoft, Oracle | 2 Windows, Database Server | 2025-04-09 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.4 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | |||||
| CVE-2008-4001 | 1 Oracle | 2 Jd Edwards Enterpriseone Ep, Peoplesoft Enterprise | 2025-04-09 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in the PeopleSoft Enterprise Portal component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne EP 8.9 and EP 9.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. | |||||
| CVE-2008-5455 | 2 Jdedwards, Oracle | 2 Enterpriseone, Peoplesoft Enterprise | 2025-04-09 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in the PeopleSoft Enterprise HRMS - ePerformance component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.9.18 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. | |||||
| CVE-2008-2601 | 1 Oracle | 1 E-business Suite | 2025-04-09 | 5.5 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle iStore component in Oracle E-Business Suite 12.0.4 has unknown impact and remote authenticated attack vectors. | |||||
| CVE-2008-7235 | 1 Oracle | 2 Application Server, E-business Suite | 2025-04-09 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Forms component in Oracle Application Server 10.1.2.2 and E-Business Suite 12.0.3 allows remote attackers to affect integrity via unknown vectors, aka AS04. | |||||
| CVE-2008-2600 | 1 Oracle | 3 Database Server, Oracle Database, Spatial Component | 2025-04-09 | 6.5 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Spatial component in Oracle Database 10.1.0.5, 10.2.0.3, and 11.1.0.6 has unknown impact and remote authenticated attack vectors related to MDSYS.SDO_TOPO_MAP. | |||||
| CVE-2007-0285 | 1 Oracle | 3 Application Server, Collaboration Suite, E-business Suite | 2025-04-09 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2; Collaboration Suite 9.0.4.2 and 10.1.2; and E-Business Suite and Applications 11.5.10CU2 has unknown impact and attack vectors related to Oracle Reports Developer, aka REP01. | |||||
| CVE-2008-6065 | 1 Oracle | 1 Database Server | 2025-04-09 | 5.1 MEDIUM | N/A |
| Oracle Database Server 10.1, 10.2, and 11g grants directory WRITE permissions for arbitrary pathnames that are aliased in a CREATE OR REPLACE DIRECTORY statement, which allows remote authenticated users with CREATE ANY DIRECTORY privileges to gain SYSDBA privileges by aliasing the pathname of the password directory, and then overwriting the password file through UTL_FILE operations, a related issue to CVE-2006-7141. | |||||
| CVE-2008-5445 | 1 Oracle | 1 Secure Backup | 2025-04-09 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.2 allows remote attackers to affect availability via unknown vectors. NOTE: the previous information was obtained from the January 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is a denial of service in observiced.exe via malformed private Protocol data that triggers a NULL pointer dereference. | |||||
| CVE-2006-5333 | 1 Oracle | 1 Database Server | 2025-04-09 | 7.1 HIGH | N/A |
| Unspecified vulnerability in Oracle Spatial component in Oracle Database 10.2.0.2 has unknown impact and remote authenticated attack vectors related to "create session" privileges, aka Vuln# DB02. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB02 is for SQL injection in the SDO_DROP_USER_BEFORE package using a Trigger for a DROP USER statement in an anonymous PL/SQL block. | |||||
| CVE-2007-0268 | 1 Oracle | 1 Database Server | 2025-04-09 | 6.5 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unknown impact and attack vectors related to (1) the Advanced Queuing component and sys.dbms_aqsys.dbms_aq privileges (DB01), (2) Advanced Replication and sys.dbms_repcat_untrusted (DB07), and (3) Oracle Text and ctxload (DB15). NOTE: Oracle has not publicly claims by reliable researchers that DB01 is for SQL injection in the SYS.DBMS_AQ_INV package, and DB07 is for a buffer overflow in the UNREGISTER_SNAPSHOT procedure in the DBMS_REPCAT_UNTRUSTED package. | |||||
| CVE-2009-0987 | 1 Oracle | 1 Database Server | 2025-04-09 | 5.5 MEDIUM | N/A |
| Unspecified vulnerability in the Upgrade component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. | |||||