Vulnerabilities > Oracle > Database Server > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-10-17 | CVE-2007-5506 | Resource Management Errors vulnerability in Oracle Database Server The Core RDBMS component in Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote attackers to cause a denial of service (CPU consumption) via a crafted type 6 Data packet, aka DB20. | 7.8 |
2007-10-17 | CVE-2007-5505 | Unspecified vulnerability in Oracle Database Server Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 have unknown impact and remote attack vectors, related to (1) the Export component (DB02), (2) Oracle Text (DB04), (3) Oracle Text (DB05), (4) Spatial component (DB07), and (5) Advanced Security Option (DB19). | 7.5 |
2007-07-18 | CVE-2007-3859 | Remote Security vulnerability in Oracle products Unspecified vulnerability in the Oracle Internet Directory component for Oracle Database 9.2.0.8 and 9.2.0.8DV; Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2; and Collaboration Suite 10.1.2 has unknown impact and remote attack vectors, aka OID01. | 7.5 |
2007-07-18 | CVE-2007-3858 | Remote Security vulnerability in Oracle Database Server 10.2.0.3 Multiple unspecified vulnerabilities in Oracle Database 10.2.0.3 allow remote authenticated users to have an unknown impact via (1) EXFSYS.DBMS_RLMGR_UTL in Rules Manager (DB11) and (2) Program Interface (DB13). | 7.5 |
2007-04-18 | CVE-2007-2118 | Multiple vulnerability in Oracle April 2007 Security Update Unspecified vulnerability in the Upgrade/Downgrade component of Oracle Database 9.0.1.5 and 9.2.0.7 has unknown impact and attack vectors, aka DB13. | 7.5 |
2007-04-18 | CVE-2007-2113 | SQL Injection vulnerability in Oracle Database Server 10.1.0.5 SQL injection vulnerability in the Upgrade/Downgrade component (DBMS_UPGRADE_INTERNAL) for Oracle Database 10.1.0.5 allows remote authenticated users to execute arbitrary SQL commands via unknown vectors, aka DB07. | 7.5 |
2007-03-14 | CVE-2007-1442 | Insecure Permissions vulnerability in Oracle Database Server 10.2.1/10.2.2/10.2.3 Oracle Database 10g uses a NULL pDacl parameter when calling the SetSecurityDescriptorDacl function to create discretionary access control lists (DACLs), which allows local users to gain privileges. | 7.2 |
2007-01-17 | CVE-2007-0272 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Oracle Database Server Multiple buffer overflows in MDSYS.MD in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4 allows remote authenticated users to cause a denial of service (crash) or execute arbitrary code via unspecified vectors involving certain public procedures, aka DB05. | 8.5 |
2006-10-18 | CVE-2006-5342 | Multiple vulnerability in Oracle October 2006 Security Update Unspecified vulnerability in Oracle Spatial component in Oracle Database 9.0.1.5, 9.2.0.6, and 10.1.0.3 has unknown impact and remote authenticated attack vectors related to mdsys.sdo_tune, aka Vuln# DB18. | 7.1 |
2006-10-18 | CVE-2006-5340 | Multiple vulnerability in Oracle October 2006 Security Update Multiple unspecified vulnerabilities in Oracle Spatial component in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.2 have unknown impact and remote authenticated attack vectors related to (1) mdsys.sdo_lrs, aka Vuln# DB13, and (2) Vuln# DB17. | 7.1 |