Vulnerabilities > Oracle > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-01-14 | CVE-2008-3999 | Multiple vulnerability in Oracle Database 10G and Database 9I Unspecified vulnerability in the Oracle OLAP component in Oracle Database 9.2.0.8, 9.2.0.8DV, and 10.1.0.5 allows remote authenticated users to affect availability, related to SYS.OLAPIMPL_T. | 4.0 |
| 2009-01-14 | CVE-2008-3997 | Multiple vulnerability in Oracle Database 10G 10.1.0.5/10.2.0.3 Unspecified vulnerability in the Oracle OLAP component in Oracle Database 10.1.0.5 and 10.2.0.3 allows remote authenticated users to affect availability, related to SYS.DBMS_XSOQ_ODBO. | 4.0 |
| 2009-01-14 | CVE-2008-3981 | Multiple vulnerability in Oracle Secure Backup 10.1.0.1 Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.1.0.1 allows remote attackers to affect confidentiality via unknown vectors. | 5.0 |
| 2009-01-14 | CVE-2008-3979 | Multiple vulnerability in Oracle January 2009 Critical Patch Update Unspecified vulnerability in the Oracle Spatial component in Oracle Database 10.1.0.5 and 10.2.0.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. | 5.5 |
| 2009-01-14 | CVE-2008-3978 | Multiple vulnerability in Oracle Database 10G 10.1.0.5 Unspecified vulnerability in the Oracle Spatial component in Oracle Database 10.1.0.5 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. | 5.5 |
| 2009-01-14 | CVE-2008-3974 | Multiple vulnerability in Oracle January 2009 Critical Patch Update Unspecified vulnerability in the Oracle OLAP component in Oracle Database 9.0.2.8 and 9.2.0.8DV allows remote authenticated users to affect availability, related to SYS.OLAPIMPL_T. | 4.0 |
| 2008-11-28 | CVE-2008-5266 | Cross-Site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in configuration/httpListenerEdit.jsf in the GlassFish 2 UR2 b04 webadmin interface in Sun Java System Application Server 9.1_01 build b09d-fcs and 9.1_02 build b04-fcs allows remote attackers to inject arbitrary web script or HTML via the name parameter, a different vector than CVE-2008-2751. | 4.3 |
| 2008-10-14 | CVE-2008-4013 | Unspecified vulnerability in Oracle BEA Product Suite Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. network oracle | 6.8 |
| 2008-10-14 | CVE-2008-4012 | Unspecified vulnerability in Oracle Weblogic Workshop 8.1 Unspecified vulnerability in the WebLogic Workshop component in BEA Product Suite WLW 8.1SP5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to "some NetUI pageflows." | 5.1 |
| 2008-10-14 | CVE-2008-4010 | Unspecified vulnerability in Oracle BEA Product Suite Unspecified vulnerability in the WebLogic Workshop component in BEA Product Suite 10.3, 10.2, 10.0 MP1, 9.2 MP3, and 8.1 SP6 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to "some NetUI tags." network oracle | 6.8 |