Vulnerabilities > Oracle > Database Server > 11.2.0.3

DATE CVE VULNERABILITY TITLE RISK
2012-08-10 CVE-2012-3132 SQL Injection vulnerability in Oracle Database Server
SQL injection vulnerability in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to execute arbitrary SQL commands via vectors involving CREATE INDEX with a CTXSYS.CONTEXT INDEXTYPE and DBMS_STATS.GATHER_TABLE_STATS.
network
low complexity
oracle CWE-89
6.5
6.5
2012-07-17 CVE-2012-3134 Remote Core RDBMS vulnerability in Oracle Database Server 11.1.0.7/11.2.0.2/11.2.0.3
Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to affect availability via unknown vectors.
network
low complexity
oracle
4.0
4.0
2012-07-17 CVE-2012-1747 Unspecified vulnerability in Oracle Database Server
Unspecified vulnerability in the Network Layer component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3, when running on Windows, allows remote attackers to affect availability via unknown vectors, a different vulnerability than CVE-2012-1746.
network
low complexity
oracle
5.0
5.0
2012-07-17 CVE-2012-1746 Unspecified vulnerability in Oracle Database Server
Unspecified vulnerability in the Network Layer component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3, when running on Windows, allows remote attackers to affect availability via unknown vectors, a different vulnerability than CVE-2012-1747.
network
low complexity
oracle microsoft
5.0
5.0
2012-07-17 CVE-2012-1745 Remote Network Layer vulnerability in Oracle Database Server
Unspecified vulnerability in the Network Layer component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote attackers to affect availability via unknown vectors.
network
low complexity
oracle
5.0
5.0
2012-07-17 CVE-2012-1737 SQL Injection vulnerability in Oracle Enterprise Manager for Oracle Database
Unspecified vulnerability in the Enterprise Manager for Oracle Database component in Oracle Database Server 11.1.0.7, 11.2.0.2, and 11.2.0.3, and Enterprise Manager Grid Control EM Base Platform 10.2.0.5, EM Base Platform 11.1.0.1, EM Plugin for DB 12.1.0.1, and EM Plugin for DB 12.1.0.2, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to DB Performance Advisories/UIs.
network
oracle
6.8
6.8
2012-05-08 CVE-2012-1675 Permissions, Privileges, and Access Controls vulnerability in Oracle Database Server
The TNS Listener, as used in Oracle Database 11g 11.1.0.7, 11.2.0.2, and 11.2.0.3, and 10g 10.2.0.3, 10.2.0.4, and 10.2.0.5, as used in Oracle Fusion Middleware, Enterprise Manager, E-Business Suite, and possibly other products, allows remote attackers to execute arbitrary database commands by performing a remote registration of a database (1) instance or (2) service name that already exists, then conducting a man-in-the-middle (MITM) attack to hijack database connections, aka "TNS Poison."
network
low complexity
oracle CWE-264
7.5
7.5
2012-05-03 CVE-2012-0552 Remote Oracle Spatial vulnerability in Oracle Database Server
Unspecified vulnerability in the Oracle Spatial component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.
network
low complexity
oracle
critical
 9.0
9.0
2012-05-03 CVE-2012-0534 Remote RDBMS Core vulnerability in Oracle Database Server
Unspecified vulnerability in the RDBMS Core component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to affect integrity via unknown vectors related to Create Session.
network
low complexity
oracle
4.0
4.0
2012-05-03 CVE-2012-0527 Remote HTTP Response Splitting vulnerability in Oracle Database Server
Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3, and Oracle Enterprise Manager Grid Control 10.2.0.5, allows remote attackers to affect integrity via unknown vectors related to Schema Management, a different vulnerability than CVE-2012-0526.
network
oracle
4.3
4.3