Vulnerabilities > Oracle > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-06-08 | CVE-2009-1955 | XML Entity Expansion vulnerability in multiple products The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564. | 7.5 |
| 2009-04-15 | CVE-2009-1016 | Multiple vulnerability in Oracle April 2009 Critical Patch Update Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote authenticated users to affect confidentiality, integrity, and availability, related to IIS. network oracle | 8.5 |
| 2009-04-15 | CVE-2009-1000 | Credentials Management vulnerability in Oracle E-Business Suite 11I10Cu2/12.0.6 The Oracle Applications Framework component in Oracle E-Business Suite 12.0.6 and 11i10CU2 uses default passwords for unspecified "FND Applications Users (not DB users)," which has unknown impact and attack vectors. | 7.5 |
| 2009-04-15 | CVE-2009-0993 | Unspecified vulnerability in Oracle Application Server 10.1.2.3.0 Unspecified vulnerability in the OPMN component in Oracle Application Server 10.1.2.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 7.5 |
| 2009-04-15 | CVE-2009-0985 | Multiple vulnerability in Oracle Database 10G and Database 11G Unspecified vulnerability in the Core RDBMS component in Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.6 allows remote authenticated users with the IMP_FULL_DATABASE role to affect confidentiality, integrity, and availability. | 7.1 |
| 2009-01-14 | CVE-2008-5440 | Multiple vulnerability in Oracle Timesten In-Memory Database 7.0.5.0.0 Unspecified vulnerability in the TimesTen Data Server component in Oracle Database 7.0.5.0.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 7.5 |
| 2008-07-15 | CVE-2008-2599 | Unspecified vulnerability in Oracle products Unspecified vulnerability in the TimesTen Client/Server component in Oracle Times Ten In-Memory Database 7.0.3.0.0 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-2597 and CVE-2008-2598. | 7.5 |
| 2008-07-15 | CVE-2008-2598 | Unspecified vulnerability in Oracle products Unspecified vulnerability in the TimesTen Client/Server component in Oracle Times Ten In-Memory Database 7.0.3.0.0 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-2597 and CVE-2008-2599. | 7.5 |
| 2008-07-15 | CVE-2008-2597 | Unspecified vulnerability in Oracle products Unspecified vulnerability in the TimesTen Client/Server component in Oracle Times Ten In-Memory Database 7.0.3.0.0 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-2598 and CVE-2008-2599. | 7.5 |
| 2008-04-16 | CVE-2008-1819 | Unspecified vulnerability in Oracle Database 9I and Database Server Unspecified vulnerability in the Oracle Net Services component in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3 has unknown impact and local attack vectors, aka DB09. | 7.2 |