Vulnerabilities > Oracle > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-02-21 | CVE-2008-0870 | Link Following vulnerability in multiple products BEA WebLogic Portal 10.0 and 9.2 through Maintenance Pack 2, under certain circumstances, can redirect a user from the https:// URI for the Portal Administration Console to an http URI, which allows remote attackers to sniff the session. | 7.5 |
| 2008-01-10 | CVE-2008-0226 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) "input_buffer& operator>>" in yassl_imp.cpp. | 7.5 |
| 2007-11-08 | CVE-2007-5897 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Oracle Database Server Buffer overflow in MDSYS.SDO_CS in Oracle Database Server 8iR3, 9iR1, 9iR2 up to 9.2.0.6, and 10gR1 up to 10.1.0.4 allows remote authenticated users to cause a denial of service (crash) and execute arbitrary code via the TRANSFORM function. | 8.5 |
| 2007-11-08 | CVE-2007-5766 | SQL Injection vulnerability in Oracle E-Business Suite 11I/12 SQL injection vulnerability in okxLOV.jsp in Oracle E-Business Suite 11 and 12 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | 7.5 |
| 2007-10-18 | CVE-2007-5554 | Information Exposure vulnerability in Oracle Database Server Oracle allows remote attackers to obtain server memory contents via crafted packets, aka Oracle reference number 7892711. | 7.1 |
| 2007-10-17 | CVE-2007-5532 | Unspecified vulnerability in Oracle Peoplesoft Enterprise Unspecified vulnerability in the People Tools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.22.17, 8.47.14, 8.48.13, 8.49.05 has unknown impact and remote attack vectors, aka PSE01. | 7.5 |
| 2007-10-17 | CVE-2007-5529 | Unspecified vulnerability in Oracle E-Business Suite 11.5.10.2 Unspecified vulnerability in the Oracle Self-Service Web Applications component in client-only installations of Oracle E-Business Suite 11.5.10.2 has unknown impact and remote attack vectors, aka APP08. | 7.5 |
| 2007-10-17 | CVE-2007-5527 | Unspecified vulnerability in Oracle E-Business Suite 11.5.10.2 Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10.2 have unknown impact and remote attack vectors, related to (1) Application Object Library component (APP01), (2) Contracts Integration (APP02), (3) Applications Manager (APP04), (4) Marketing component (APP05), and (5) Exchange component (APP07). | 7.5 |
| 2007-10-17 | CVE-2007-5525 | Unspecified vulnerability in Oracle Application Server and Collaboration Suite Unspecified vulnerability in the Oracle Single Sign-On component in Oracle Application Server 9.0.4.3, 10.1.2.0.2, 10.1.2.2, and 10.1.4.0.1; Collaboration Suite 10.1.2; and Enterprise Manager 10.1.2 has unknown impact and remote attack vectors, aka AS10. | 7.5 |
| 2007-10-17 | CVE-2007-5524 | Unspecified vulnerability in Oracle Application Server and Collaboration Suite Unspecified vulnerability in the Oracle Single Sign-On component in Oracle Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2, and Collaboration Suite 10.1.2, has unknown impact and remote attack vectors, aka AS09 or AS9. | 7.5 |