Vulnerabilities > Oracle > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-12-03 | CVE-2003-1208 | Buffer Overflow vulnerability in Multiple Oracle Database Parameter/Statement Multiple buffer overflows in Oracle 9i 9 before 9.2.0.3 allow local users to execute arbitrary code by (1) setting the TIME_ZONE session parameter to a long value, or providing long parameters to the (2) NUMTOYMINTERVAL, (3) NUMTODSINTERVAL or (4) FROM_TZ functions. | 10.0 |
| 2004-11-03 | CVE-2004-0836 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Buffer overflow in the mysql_real_connect function in MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows remote DNS servers to cause a denial of service and possibly execute arbitrary code via a DNS response with a large address length (h_length). | 10.0 |
| 2004-08-06 | CVE-2004-0543 | SQL Injection vulnerability in Oracle Applications and E-Business Suite Multiple SQL injection vulnerabilities in Oracle Applications 11.0 and Oracle E-Business Suite 11.5.1 through 11.5.8 allow remote attackers to execute arbitrary SQL procedures and queries. | 10.0 |
| 2004-08-04 | CVE-2004-1371 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Oracle products Stack-based buffer overflow in Oracle 9i and 10g allows remote attackers to execute arbitrary code via a long token in the text of a wrapped procedure. | 9.0 |
| 2004-08-04 | CVE-2004-1363 | Incorrect Calculation of Buffer Size vulnerability in Oracle products Buffer overflow in extproc in Oracle 10g allows remote attackers to execute arbitrary code via environment variables in the library name, which are expanded after the length check is performed. | 9.8 |
| 2004-06-01 | CVE-2004-0385 | Unspecified vulnerability in Oracle Application Server web Cache and E-Business Suite Heap-based buffer overflow in Oracle 9i Application Server Web Cache 9.0.4.0.0, 9.0.3.1.0, 9.0.2.3.0, and 9.0.0.4.0 allows remote attackers to execute arbitrary code via a long HTTP request method header to the Web Cache listener. | 10.0 |
| 2003-09-22 | CVE-2003-0780 | Buffer overflow in get_salt_from_password from sql_acl.cc for MySQL 4.0.14 and earlier, and 3.23.x, allows attackers with ALTER TABLE privileges to execute arbitrary code via a long Password field. | 9.0 |
| 2003-05-12 | CVE-2003-0222 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Oracle Database Server, Oracle8I and Oracle9I Stack-based buffer overflow in Oracle Net Services for Oracle Database Server 9i release 2 and earlier allows attackers to execute arbitrary code via a "CREATE DATABASE LINK" query containing a connect string with a long USING parameter. | 9.0 |
| 2003-03-24 | CVE-2003-0150 | Privilege Escalation vulnerability in MySQL mysqld MySQL 3.23.55 and earlier creates world-writeable files and allows mysql users to gain root privileges by using the "SELECT * INFO OUTFILE" operator to overwrite a configuration file and cause mysql to run as root upon restart, as demonstrated by modifying my.cnf. | 9.0 |
| 2003-03-03 | CVE-2003-0096 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Oracle Database Server, Oracle8I and Oracle9I Multiple buffer overflows in Oracle 9i Database release 2, Release 1, 8i, 8.1.7, and 8.0.6 allow remote attackers to execute arbitrary code via (1) a long conversion string argument to the TO_TIMESTAMP_TZ function, (2) a long time zone argument to the TZ_OFFSET function, or (3) a long DIRECTORY parameter to the BFILENAME function. | 9.0 |