Vulnerabilities > Oracle > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-01-13 | CVE-2009-3411 | Remote Oracle Data Pump vulnerability in Oracle Database Unspecified vulnerability in the Oracle Data Pump component in Oracle Database 11.1.0.7, 10.2.0.3, 10.2.0.4, 10.1.0.5, 9.2.0.8, and 9.2.0.8DV allows remote authenticated users to affect confidentiality and integrity via unknown vectors. network oracle | 4.9 |
| 2010-01-13 | CVE-2009-1996 | Remote Logical Standby vulnerability in Oracle Database Unspecified vulnerability in the Logical Standby component in Oracle Database allows remote authenticated users to affect integrity via unknown vectors. | 4.0 |
| 2009-11-30 | CVE-2009-4028 | Improper Input Validation vulnerability in multiple products The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41, when OpenSSL is used, accepts a value of zero for the depth of X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificate, as demonstrated by a certificate presented by a server linked against the yaSSL library. | 6.8 |
| 2009-11-30 | CVE-2009-4019 | mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not (1) properly handle errors during execution of certain SELECT statements with subqueries, and does not (2) preserve certain null_value flags during execution of statements that use the GeomFromWKB function, which allows remote authenticated users to cause a denial of service (daemon crash) via a crafted statement. | 4.0 |
| 2009-11-30 | CVE-2008-7247 | Link Following vulnerability in multiple products sql/sql_table.cc in MySQL 5.0.x through 5.0.88, 5.1.x through 5.1.41, and 6.0 before 6.0.9-alpha, when the data home directory contains a symlink to a different filesystem, allows remote authenticated users to bypass intended access restrictions by calling CREATE TABLE with a (1) DATA DIRECTORY or (2) INDEX DIRECTORY argument referring to a subdirectory that requires following this symlink. | 6.0 |
| 2009-10-22 | CVE-2009-3408 | Remote Oracle Application Object Library vulnerability in Oracle E-Business Suite 11.5.10 Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 5.1 |
| 2009-10-22 | CVE-2009-3407 | Remote Portal vulnerability in Oracle Application Server 10.1.2.3/10.1.4.2 Unspecified vulnerability in the Portal component in Oracle Application Server 10.1.2.3 and 10.1.4.2 allows remote attackers to affect integrity via unknown vectors, a different vulnerability than CVE-2009-0974 and CVE-2009-0983. network oracle | 4.3 |
| 2009-10-22 | CVE-2009-3405 | Remote JD Edwards Tools vulnerability in Oracle JD Edwards Tools Unspecified vulnerability in the JD Edwards Tools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.98.1.4 allows remote authenticated users to affect integrity and availability via unknown vectors. low complexity oracle | 4.1 |
| 2009-10-22 | CVE-2009-3404 | Remote vulnerability in Oracle PeopleSoft PeopleTools & Enterprise Portal Unspecified vulnerability in the PeopleSoft PeopleTools & Enterprise Portal component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.49.23 allows remote authenticated users to affect integrity via unknown vectors. | 4.0 |
| 2009-10-22 | CVE-2009-3400 | Oracle Advanced Benefits Unspecified vulnerability in Oracle E-Business Suite 11.5.10.2/12.0.6/12.1.1 Unspecified vulnerability in the Oracle Advanced Benefits component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. | 5.5 |