Vulnerabilities > Oracle > Database Server
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-02-05 | CVE-2008-6065 | Permissions, Privileges, and Access Controls vulnerability in Oracle Database Server 10.1/10.2/11 Oracle Database Server 10.1, 10.2, and 11g grants directory WRITE permissions for arbitrary pathnames that are aliased in a CREATE OR REPLACE DIRECTORY statement, which allows remote authenticated users with CREATE ANY DIRECTORY privileges to gain SYSDBA privileges by aliasing the pathname of the password directory, and then overwriting the password file through UTL_FILE operations, a related issue to CVE-2006-7141. | 5.1 |
2008-07-15 | CVE-2008-2613 | Unspecified vulnerability in Oracle Database Scheduler and Database Server Unspecified vulnerability in the Database Scheduler component in Oracle Database 10.2.0.4 and 11.1.0.6 has unknown impact and local attack vectors. | 6.5 |
2008-07-15 | CVE-2008-2611 | Unspecified vulnerability in Oracle products Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.6 has unknown impact and remote authenticated attack vectors. | 4.0 |
2008-07-15 | CVE-2008-2608 | Unspecified vulnerability in Oracle Data Pump Component and Database Server Unspecified vulnerability in the Data Pump component in Oracle Database 10.1.0.5 and 10.2.0.3 has unknown impact and remote authenticated attack vectors related to SYS.KUPF$FILE_INT. | 4.0 |
2008-07-15 | CVE-2008-2607 | Unspecified vulnerability in Oracle products Unspecified vulnerability in the Advanced Queuing component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.6 has unknown impact and remote authenticated attack vectors related to SYS.DBMS_AQELM. | 6.5 |
2008-07-15 | CVE-2008-2605 | Unspecified vulnerability in Oracle Authentication Component and Database Server Unspecified vulnerability in the Authentication component in Oracle Database 11.1.0.6 has unknown impact and remote authenticated attack vectors, a different vulnerability than CVE-2008-2604. | 4.0 |
2008-07-15 | CVE-2008-2604 | Unspecified vulnerability in Oracle Authentication Component and Database Server Unspecified vulnerability in the Authentication component in Oracle Database 11.1.0.6 has unknown impact and remote authenticated attack vectors, a different vulnerability than CVE-2008-2605. | 6.5 |
2008-07-15 | CVE-2008-2602 | Unspecified vulnerability in Oracle Data Pump Component and Database Server Unspecified vulnerability in the Data Pump component in Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.6 has unknown impact and remote authenticated attack vectors related to the IMP_FULL_DATABASE role. | 4.6 |
2008-07-15 | CVE-2008-2600 | Unspecified vulnerability in Oracle Database Server, Oracle Database and Spatial Component Unspecified vulnerability in the Oracle Spatial component in Oracle Database 10.1.0.5, 10.2.0.3, and 11.1.0.6 has unknown impact and remote authenticated attack vectors related to MDSYS.SDO_TOPO_MAP. | 6.5 |
2008-07-15 | CVE-2008-2592 | Unspecified vulnerability in Oracle products Unspecified vulnerability in the Advanced Replication component in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.6 has unknown impact and remote authenticated attack vectors related to SYS.DBMS_DEFER_SYS. | 5.5 |