| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Unspecified vulnerability in the Connection Manager component of Oracle Database server 8.1.7.4 and 9.0.1.5 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB03. |
| Multiple unspecified vulnerabilities in Oracle Database Server 9i up to 10.1.0.4.2 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB04 in Change Data Capture; (2) DB06 in Data Guard Logical Standby; (3) DB10 in Locale; (4) DB12 in Materialized Views; (5) DB13 in Objects Extension; (6) DB15 in Oracle Label Security; (7) DB27 in Security, possibly due to a buffer overflow in sys.pbsde.init; and (8) DB28 and (9) DB29 in Workspace Manager. |
| iSQL*Plus (isqlplus) for Oracle9i Database Server Release 2 9.0.2.4 allows remote attackers to cause a denial of service (TNS listener stop) via an HTTP request with an sid parameter that contains a STOP command. |
| Multiple unspecified vulnerabilities in the Programmatic Interface in Oracle Database Server from 8i up to 9.2.0.5 have unknown impact and attack vectors, aka Oracle Vuln# DB26. |
| Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157. |
| Unspecified vulnerability in the Dictionary component in Oracle Database 8.1.7.4, 9.0.1.5, and 9.2.0.6 has unknown impact and attack vectors, aka Oracle Vuln# DB05. |
| SQL injection vulnerability in the SYS.DBMS_CDC_IPUBLISH.CREATE_SCN_CHANGE_SET procedure in Oracle Database Server 10g allows remote attackers to execute arbitrary SQL commands via the CHANGE_SET_NAME parameter. |
| Unspecified vulnerability in InterMedia for Oracle Database 9.0.1.5, 9.2.0.6, and 10.1.0.4 has unknown impact and attack vectors, aka oracle Vuln# DB07. |
| Oracle 8i and 9i with PL/SQL package for External Procedures (EXTPROC) allows remote attackers to bypass authentication and execute arbitrary functions by using the TNS Listener to directly connect to the EXTPROC process. |
| Unspecified vulnerability in the Advanced Queuing component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.2.0.6, 10.1.0.3 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB01. |
| Unspecified vulnerability in the Change Data Capture component of Oracle Database server 9.2.0.7, 10.1.0.5, and 10.2.0.1 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB02. NOTE: details are unavailable from Oracle, but they have not publicly disputed a claim by a reliable independent researcher that states that the problem is SQL injection in the CDC_ALLOCATE_LOCK function of the DBMS_CDC_UTILITY package. |
| Multiple unspecified vulnerabilities in Oracle Database server 10.1.0.5 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) DB04 and (2) DB06 in the (a) Data Pump component; (3) DB10 in the (b) Net Listener component; and (4) DB16 in the (c) Oracle Text component. NOTE: details are unavailable from Oracle, but they have not publicly disputed a claim by a reliable independent researcher that states that DB06 is SQL injection in the GENERATE_JOB_NAME, GET_WORKERSTATUSLIST1010, GET_PARAMVALUES1010, GET_DUMPFILESET1010, GET_JOBSTATUS1010, ATTACH, and ESTABLISH_REMOTE_CONTEXT functions in DBMS_DATAPUMP. |
| Multiple unspecified vulnerabilities in Oracle Database server 9.2.0.7 and 10.1.0.5 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) DB05 in the (a) Data Pump component; (2) DB15 in the (b) Oracle Text component; (3) DB22 in the (c) Streams Apply component; (4) DB23 and (5) DB24 in the (d) Streams Capture component; and (6) DB26 in the (e) Streams Subcomponent. NOTE: details are unavailable from Oracle, but they have not publicly disputed a claim by a reliable independent researcher that states that DB05 involves SQL injection in the (f) LONG2VARCHAR, LONG2VCMAX, LONG2VCNT, and LONG2CLOB functions in the DBMS_METADATA_UTIL package; (g) MAKE_FILTER, FETCH_VIEWS_ERROR, FETCH_FILTERS, FETCH_VIEWS, SET_FILTER_COMMON, DO_FILTER_SCRIPT, SET_TABLE_FILTERS, and MAKE_FILTER_TEXT functions in the DBMS_METADATA_INT package; and (h) GET_PREPOST_TABLE_ACT function in the DBMS_METADATA package. |
| Unspecified vulnerability in the Net Foundation Layer component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.6, and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB08. |
| Multiple unspecified vulnerabilities in Oracle Database server 8.1.7.4, 9.0.1.5, 9.2.0.7, 10.1.0.5, and 10.2.0.1 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) DB17 in the Oracle Text component and (2) DB18 in the Program Interface Network component. NOTE: details are unavailable from Oracle, but they have not publicly disputed a claim by a reliable independent researcher that states that DB17 involves SQL injection in the (a) VALIDATE_STATEMENT and BUILD_DML functions in CTXSYS.DRILOAD; (b) CLEAN_DML function in CTXSYS.DRIDML; (c) GET_ROWID function in CTXSYS.CTX_DOC; (d) BROWSE_WORDS function in CTXSYS.CTX_QUERY; and (e) ODCIINDEXTRUNCATE, ODCIINDEXDROP, and ODCIINDEXDELETE functions in CATINDEXMETHODS. |
| Unspecified vulnerability in the Query Optimizer component of Oracle Database server 9.0.1.5, 9.2.0.7, and 10.1.0.5 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB19. |
| Unspecified vulnerability in the Query Optimizer component of Oracle Database server 9.2.0.6 and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB20. |
| Unspecified vulnerability in the Security component of Oracle Database server 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.6, and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB21. |
| Unspecified vulnerability in the Transparent Data Encryption (TDE) Wallet component of Oracle Database server 10.2.0.1 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB27. NOTE: Oracle has not disputed a reliable researcher report that TDA stores the master key without encryption, which allows local users to obtain the key via the SGA. |
| Unspecified vulnerability in Oracle Database Server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.7, and 10.1.0.5, Application Server 1.0.2.2, 9.0.4.2, and 10.1.2.0.2, and Collaboration Suite Release 2, version 9.0.4.2 (Oracle9i) has unspecified impact and attack vectors, as identified by Oracle Vuln# DBC01 in the Protocol Support component. |
