Vulnerabilities > Oracle > Database Server
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-12-06 | CVE-2007-6260 | Credentials Management vulnerability in Oracle Database Server The installation process for Oracle 10g and llg uses accounts with default passwords, which allows remote attackers to obtain login access by connecting to the Listener. | 6.8 |
| 2007-11-08 | CVE-2007-5897 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Oracle Database Server Buffer overflow in MDSYS.SDO_CS in Oracle Database Server 8iR3, 9iR1, 9iR2 up to 9.2.0.6, and 10gR1 up to 10.1.0.4 allows remote authenticated users to cause a denial of service (crash) and execute arbitrary code via the TRANSFORM function. | 8.5 |
| 2007-11-08 | CVE-2007-4517 | Buffer Errors vulnerability in Oracle Database Server Release2 Buffer overflow in the XDB.XDB_PITRIG_PKG.PITRIG_DROPMETADATA procedure in Oracle 10g R2 allows remote authenticated users to execute arbitrary code via a long (1) OWNER or (2) NAME argument. | 6.0 |
| 2007-10-18 | CVE-2007-5554 | Information Exposure vulnerability in Oracle Database Server Oracle allows remote attackers to obtain server memory contents via crafted packets, aka Oracle reference number 7892711. | 7.1 |
| 2007-10-17 | CVE-2007-5531 | Unspecified vulnerability in Oracle products Unspecified vulnerability in Oracle Help for Web, as used in Oracle Application Server, Oracle Database 10.2.0.3, and Enterprise Manager 10.1.0.6, has unknown impact and remote attack vectors, aka EM02. | 10.0 |
| 2007-10-17 | CVE-2007-5530 | Unspecified vulnerability in Oracle Database Server 10.1.0.5/10.2.0.3 Unspecified vulnerability in the Database Control component in Oracle Database 10.1.0.5 and 10.2.0.3, and Enterprise Manager, has unknown impact and remote attack vectors, aka EM01. | 10.0 |
| 2007-10-17 | CVE-2007-5520 | Unspecified vulnerability in Oracle Application Server and Database Server Unspecified vulnerability in the Oracle Internet Directory component in Oracle Database 9.2.0.8 and 9.2.0.8DV, and Oracle Application Server 9.0.4.3, 10.1.3.0.0 up to 10.1.3.3.0, and 10.1.2.0.1 up to 10.1.2.2.0, has unknown impact and remote attack vectors, aka AS05. | 7.5 |
| 2007-10-17 | CVE-2007-5515 | Unspecified vulnerability in Oracle Database Server Unspecified vulnerability in the Spatial component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.2, and 10.2.0.3 has unknown impact and remote attack vectors, aka DB27. | 6.5 |
| 2007-10-17 | CVE-2007-5514 | Unspecified vulnerability in Oracle Database Server 10.2.0.3 Multiple unspecified vulnerabilities in Oracle Database 10.2.0.3 have unknown impact and attack vectors related to (1) Database Vault component (DB24) and (2) SQL Execution component (DB26). | 6.5 |
| 2007-10-17 | CVE-2007-5513 | Unspecified vulnerability in Oracle Database Server 10.1.0.5/9.2.0.8/9.2.0.8Dv The XML DB (XMLDB) component in Oracle Database 9.2.0.8, 9.2.0.8DV, and 10.1.0.5 generates incorrect audit entries in the USERID column in which (1) long usernames are trimmed to 5 characters, or (2) short entries contain any extra characters from usernames in previous entries, aka DB23. | 5.0 |