Vulnerabilities > Oracle
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-12-18 | CVE-2007-6283 | Information Exposure vulnerability in multiple products Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key file with world-readable permissions, which allows local users to perform unauthorized named commands, such as causing a denial of service by stopping named. | 4.9 |
| 2007-12-10 | CVE-2007-6304 | Privilege Escalation And Denial Of Service vulnerability in MySQL Server The federated engine in MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4, when performing a certain SHOW TABLE STATUS query, allows remote MySQL servers to cause a denial of service (federated handler crash and daemon crash) via a response that lacks the minimum required number of columns. | 5.0 |
| 2007-12-10 | CVE-2007-6303 | Privilege Escalation And Denial Of Service vulnerability in MySQL Server MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered, which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement. | 3.5 |
| 2007-12-10 | CVE-2007-5970 | Remote Security vulnerability in MySQL MySQL 5.1.x before 5.1.23 and 6.0.x before 6.0.4 allows remote authenticated users to gain privileges on arbitrary tables via unspecified vectors involving use of table-level DATA DIRECTORY and INDEX DIRECTORY options when creating a partitioned table with the same name as a table on which the user lacks privileges. network oracle | 5.8 |
| 2007-12-06 | CVE-2007-6260 | Credentials Management vulnerability in Oracle Database Server The installation process for Oracle 10g and llg uses accounts with default passwords, which allows remote attackers to obtain login access by connecting to the Listener. | 6.8 |
| 2007-11-08 | CVE-2007-5897 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Oracle Database Server Buffer overflow in MDSYS.SDO_CS in Oracle Database Server 8iR3, 9iR1, 9iR2 up to 9.2.0.6, and 10gR1 up to 10.1.0.4 allows remote authenticated users to cause a denial of service (crash) and execute arbitrary code via the TRANSFORM function. | 8.5 |
| 2007-11-08 | CVE-2007-5766 | SQL Injection vulnerability in Oracle E-Business Suite 11I/12 SQL injection vulnerability in okxLOV.jsp in Oracle E-Business Suite 11 and 12 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | 7.5 |
| 2007-11-08 | CVE-2007-4517 | Buffer Errors vulnerability in Oracle Database Server Release2 Buffer overflow in the XDB.XDB_PITRIG_PKG.PITRIG_DROPMETADATA procedure in Oracle 10g R2 allows remote authenticated users to execute arbitrary code via a long (1) OWNER or (2) NAME argument. | 6.0 |
| 2007-10-18 | CVE-2007-5576 | Information Exposure vulnerability in multiple products BEA Tuxedo 8.0 before RP392 and 8.1 before RP293, and WebLogic Enterprise 5.1 before RP174, echo the password in cleartext, which allows physically proximate attackers to obtain sensitive information via the (1) cnsbind, (2) cnsunbind, or (3) cnsls commands. | 6.8 |
| 2007-10-18 | CVE-2007-5561 | USE of Externally-Controlled Format String vulnerability in Oracle Enterprise Grid Console Server and Opmn Daemon Format string vulnerability in the logging function in the Oracle OPMN daemon, as used on Oracle Enterprise Grid Console server 10.2.0.1, allows remote attackers to execute arbitrary code via format string specifiers in the URI in an HTTP request to port 6003, aka Oracle reference number 6296175. | 10.0 |