Vulnerabilities > Oracle > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-04-15 | CVE-2009-0974 | Unspecified vulnerability in Oracle Application Server 10.1.2.3.0/10.1.4.2.0 Unspecified vulnerability in the Portal component in Oracle Application Server 10.1.2.3 and 10.1.4.2 allows remote attackers to affect integrity via unknown vectors, a different vulnerability than CVE-2009-0983 and CVE-2009-3407. network oracle | 4.3 |
| 2009-04-15 | CVE-2009-0973 | Multiple vulnerability in Oracle Database 10G 10.1.0.5 Unspecified vulnerability in the Cluster Ready Services component in Oracle Database 10.1.0.5 allows remote attackers to affect availability via unknown vectors. | 5.0 |
| 2009-04-15 | CVE-2009-0972 | Multiple vulnerability in Oracle April 2009 Critical Patch Update Unspecified vulnerability in the Workspace Manager component in Oracle Database 11.1.0.6, 11.1.0.7, 10.2.0.3, 10.2.0.4, 10.1.0.5, 9.2.0.8, and 9.2.0.8DV allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. | 6.5 |
| 2009-03-25 | CVE-2009-0207 | Local Privilege Escalation vulnerability in HP Hp-Ux B.11.11/B.11.23/B.11.31 Unspecified vulnerability in HP-UX B.11.11 running VERITAS Oracle Disk Manager (VRTSodm) 3.5, B.11.23 running VRTSodm 4.1 or VERITAS File System (VRTSvxfs) 4.1, B.11.23 running VRTSodm 5.0 or VRTSvxfs 5.0, and B.11.31 running VRTSodm 5.0 allows local users to gain root privileges via unknown vectors. | 6.8 |
| 2009-03-05 | CVE-2009-0819 | Remote Denial Of Service vulnerability in MySQL XPath Expression sql/item_xmlfunc.cc in MySQL 5.1 before 5.1.32 and 6.0 before 6.0.10 allows remote authenticated users to cause a denial of service (crash) via "an XPath expression employing a scalar expression as a FilterExpr with ExtractValue() or UpdateXML()," which triggers an assertion failure. | 4.0 |
| 2009-02-05 | CVE-2008-6065 | Permissions, Privileges, and Access Controls vulnerability in Oracle Database Server 10.1/10.2/11 Oracle Database Server 10.1, 10.2, and 11g grants directory WRITE permissions for arbitrary pathnames that are aliased in a CREATE OR REPLACE DIRECTORY statement, which allows remote authenticated users with CREATE ANY DIRECTORY privileges to gain SYSDBA privileges by aliasing the pathname of the password directory, and then overwriting the password file through UTL_FILE operations, a related issue to CVE-2006-7141. | 5.1 |
| 2009-01-14 | CVE-2008-5463 | Multiple vulnerability in Oracle January 2009 Critical Patch Update Unspecified vulnerability in the PeopleSoft Enterprise Campus Solutions component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.9.18 and 9.0.8 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. network oracle | 4.9 |
| 2009-01-14 | CVE-2008-5462 | Permissions, Privileges, and Access Controls vulnerability in Oracle BEA Product Suite Unspecified vulnerability in the WebLogic Portal component in BEA Product Suite 10.3, 10.2, 10.0 MP1, 9.2 MP3, and 8.1 SP6 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 6.8 |
| 2009-01-14 | CVE-2008-5461 | Permissions, Privileges, and Access Controls vulnerability in Oracle BEA Product Suite Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0, and SP7 allows remote attackers to affect confidentiality, integrity, and availability, related to WLS. | 6.8 |
| 2009-01-14 | CVE-2008-5459 | Permissions, Privileges, and Access Controls vulnerability in Oracle BEA Product Suite 10.3 Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3 allows remote attackers to affect confidentiality via unknown vectors. | 5.0 |