Vulnerabilities > Oracle > Database Server
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-03-14 | CVE-2007-1442 | Insecure Permissions vulnerability in Oracle Database Server 10.2.1/10.2.2/10.2.3 Oracle Database 10g uses a NULL pDacl parameter when calling the SetSecurityDescriptorDacl function to create discretionary access control lists (DACLs), which allows local users to gain privileges. | 7.2 |
| 2007-03-02 | CVE-2006-7067 | Local Security vulnerability in Oracle Database Server 10.2.1 Oracle 10g R2 and possibly other versions allows remote attackers to trigger internal errors, and possibly have other impacts, via an "alter session set events" command with invalid arguments. | 6.0 |
| 2007-01-17 | CVE-2007-0278 | Multiple vulnerability in Oracle January 2007 Security Update Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unknown impact and attack vectors related to (1) NLS Runtime and lmsgen (DB12), and (2) Oracle Text and ctxkbtc (DB14). | 6.8 |
| 2007-01-17 | CVE-2007-0277 | Multiple vulnerability in Oracle Database Server 10.1.0.4 Unspecified vulnerability in Oracle Database client-only 10.1.0.4 has unknown impact and attack vectors related to the Export component and expdp or impdp, aka DB11. | 6.8 |
| 2007-01-17 | CVE-2007-0276 | Multiple vulnerability in Oracle Database Server 8.1.7.4/9.0.1.5 Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4 and 9.0.1.5 have unknown impact and attack vectors related to (1) Advanced Security Option and oklist or okdstry (DB10), (2) Oracle Net Services (DB13), and (3) Recovery Manager and oklist (DB16). | 6.8 |
| 2007-01-17 | CVE-2007-0275 | Cross-Site Scripting vulnerability in Oracle products Cross-site scripting (XSS) vulnerability in Oracle Reports Web Cartridge (RWCGI60) in the Workflow Cartridge component, as used in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3; Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2; Collaboration Suite 10.1.2; and Oracle E-Business Suite and Applications 11.5.10CU2; allows remote authenticated users to inject arbitrary HTML or web script via the genuser parameter to rwcgi60, aka OWF01. | 3.5 |
| 2007-01-17 | CVE-2007-0274 | Multiple vulnerability in Oracle Database Server 10.1.0.5/9.2.0.7 Multiple unspecified vulnerabilities in Oracle Database 9.2.0.7 and 10.1.0.5 have unknown impact and attack vectors related to (1) Export and sys.dbms_logrep_util (DB08), and (2) Oracle Streams and sys.dbms_capture_adm_internal privileges (DB09). | 6.5 |
| 2007-01-17 | CVE-2007-0273 | Multiple vulnerability in Oracle January 2007 Security Update Unspecified vulnerability in Oracle Database 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.3 has unknown impact and attack vectors related to XMLDB, aka DB06. network oracle | 4.3 |
| 2007-01-17 | CVE-2007-0272 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Oracle Database Server Multiple buffer overflows in MDSYS.MD in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4 allows remote authenticated users to cause a denial of service (crash) or execute arbitrary code via unspecified vectors involving certain public procedures, aka DB05. | 8.5 |
| 2007-01-17 | CVE-2007-0271 | Multiple vulnerability in Oracle January 2007 Security Update Unspecified vulnerability in Oracle Database 9.0.1.5 and 9.2.0.7 has unknown impact and attack vectors related to the Log Miner component and sys.dbms_log_mnr privileges, aka DB04. | 6.5 |