Vulnerabilities > Oracle > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2010-06-08 | CVE-2010-1850 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Buffer overflow in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to execute arbitrary code via a COM_FIELD_LIST command with a long table name. | 6.0 |
2010-06-08 | CVE-2010-1849 | The my_net_skip_rest function in sql/net_serv.cc in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by sending a large number of packets that exceed the maximum length. | 5.0 |
2010-06-08 | CVE-2010-1848 | Path Traversal vulnerability in multiple products Directory traversal vulnerability in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to bypass intended table grants to read field definitions of arbitrary tables, and on 5.1 to read or delete content of arbitrary tables, via a .. | 6.5 |
2010-05-27 | CVE-2010-2087 | Cross-Site Scripting vulnerability in Oracle Mojarra 1.214/2.0.2 Oracle Mojarra 1.2_14 and 2.0.2, as used in IBM WebSphere Application Server, Caucho Resin, and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object. | 4.3 |
2010-05-19 | CVE-2010-1321 | Null Pointer Dereference vulnerability in multiple products The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator's checksum field is missing. | 6.8 |
2010-04-29 | CVE-2009-4833 | Improper Input Validation vulnerability in Oracle Mysql Connector/Net MySQL Connector/NET before 6.0.4, when using encryption, does not verify SSL certificates during connection, which allows remote attackers to perform a man-in-the-middle attack with a spoofed SSL certificate. | 5.8 |
2010-04-14 | CVE-2010-0881 | Remote User Interface Components vulnerability in Oracle Collaboration Suite 10.1.2.4 Unspecified vulnerability in the User Interface Components in Oracle Collaboration Suite 10.1.2.4 allows remote attackers to affect integrity via unknown vectors. network oracle | 4.3 |
2010-04-13 | CVE-2010-0894 | Remote vulnerability in Oracle Opensso Enterprise and SUN products Suite Unspecified vulnerability in the Sun Java System Access Manager component in Oracle Sun Product Suite 7.1, 7 2005Q4, and OpenSSO Enterprise 8.0 allows remote attackers to affect confidentiality and integrity via unknown vectors. network oracle | 5.8 |
2010-04-13 | CVE-2010-0893 | Remote vulnerability in Oracle SUN products Suite 1.0 Unspecified vulnerability in the Sun Convergence component in Oracle Sun Product Suite 1.0 allows remote attackers to affect confidentiality via unknown vectors related to Mail. network oracle | 4.3 |
2010-04-13 | CVE-2010-0891 | Remote vulnerability in Oracle SUN products Suite 3.6.1/4.0 Unspecified vulnerability in the Sun Management Center component in Oracle Sun Product Suite 3.6.1 and 4.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Solaris Container Manager. network oracle | 5.8 |