| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2012-3134 |
|
|
|
2012-07-17 |
2012-12-27 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to affect availability via unknown vectors. |
|
2 |
CVE-2012-1708 |
|
|
|
2012-05-03 |
2012-08-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Unspecified vulnerability in the Application Express component in Oracle Database Server 4.0 and 4.1 allows remote attackers to affect integrity via unknown vectors. |
|
3 |
CVE-2012-0534 |
|
|
|
2012-05-03 |
2012-09-28 |
4.0 |
None |
Remote |
Low |
Single system |
None |
Partial |
None |
|
Unspecified vulnerability in the RDBMS Core component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to affect integrity via unknown vectors related to Create Session. |
|
4 |
CVE-2012-0527 |
|
|
|
2012-05-03 |
2012-09-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3, and Oracle Enterprise Manager Grid Control 10.2.0.5, allows remote attackers to affect integrity via unknown vectors related to Schema Management. |
|
5 |
CVE-2012-0526 |
|
|
|
2012-05-03 |
2012-09-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3, and Oracle Enterprise Manager Grid Control 10.2.0.5, allows remote attackers to affect integrity via unknown vectors related to Schema Management. |
|
6 |
CVE-2012-0525 |
|
|
|
2012-05-03 |
2012-09-28 |
4.9 |
None |
Remote |
Medium |
Single system |
Partial |
Partial |
None |
|
Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Database Server 11.1.0.7, 11.2.0.2, and 11.2.0.3, and Oracle Enterprise Manager Grid Control 10.2.0.5 and 11.1.0.1, allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Enterprise Config Management. |
|
7 |
CVE-2012-0520 |
|
|
|
2012-05-03 |
2012-12-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.2, and in Oracle Enterprise Manager Grid Control 10.2.0.5 and 11.1.0.1, allows remote attackers to affect integrity via unknown vectors related to Security Framework. |
|
8 |
CVE-2011-2238 |
|
|
|
2011-07-20 |
2011-10-04 |
4.0 |
None |
Remote |
Low |
Single system |
None |
Partial |
None |
|
Unspecified vulnerability in the Database Vault component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.1 allows remote authenticated users to affect integrity, related to DBMS_SYS_SQL. |
|
9 |
CVE-2011-2231 |
|
|
|
2011-07-20 |
2011-10-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in the XML Developer Kit component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.1, Oracle Fusion Middleware 10.1.3.5, allows remote attackers to affect availability via unknown vectors. |
|
10 |
CVE-2011-0881 |
|
|
|
2011-07-20 |
2011-10-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Unspecified vulnerability in the EMCTL component in Oracle Database Server 10.2.0.3, 10.2.0.4, and 11.1.0.7, and Oracle Enterprise Manager Grid Control 10.1.0.6, allows remote attackers to affect integrity via unknown vectors. |
|
11 |
CVE-2011-0879 |
|
|
|
2011-07-20 |
2011-10-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Unspecified vulnerability in the Instance Management component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2; and Oracle Enterprise Manager Grid Control 10.1.0.6 and 10.2.0.5; allows remote attackers to affect integrity via unknown vectors. |
|
12 |
CVE-2011-0877 |
|
|
|
2011-07-20 |
2011-10-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Unspecified vulnerability in the Instance Management component in Oracle Database Server 10.1.0.5, 10.2.0.3, and 10.2.0.4, and Oracle Enterprise Manager Grid Control 10.1.0.6, allows remote attackers to affect integrity via unknown vectors. |
|
13 |
CVE-2011-0876 |
|
|
|
2011-07-20 |
2011-10-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Unspecified vulnerability in the Enterprise Manager Console component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2; and Oracle Enterprise Manager Grid Control 10.1.0.6 and 10.2.0.5; allows remote attackers to affect integrity via unknown vectors related to Security. |
|
14 |
CVE-2011-0830 |
|
|
|
2011-07-20 |
2011-10-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Unspecified vulnerability in the Event Management component in Oracle Database Server 10.1.0.5, 10.2.0.3, and 10.2.0.4, and Oracle Enterprise Manager Grid Control 10.1.0.6, allows remote attackers to affect integrity via unknown vectors related to Rules Management UI. |
|
15 |
CVE-2011-0811 |
|
|
|
2011-07-20 |
2011-10-04 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
Unspecified vulnerability in the Enterprise Config Management component in Oracle Database Server 10.1.0.5, 10.2.0.3, and 10.2.0.4, and Oracle Enterprise Manager Grid Control 10.1.0.6 and 10.2.0.5, allows local users to affect confidentiality via unknown vectors. |
|
16 |
CVE-2011-0805 |
|
|
|
2011-04-19 |
2011-04-20 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Unspecified vulnerability in the UIX component in Oracle Database Server 10.1.0.5, 10.2.0.4, 11.1.0.7, and 11.2.0.1 allows remote attackers to affect integrity via unknown vectors. |
|
17 |
CVE-2011-0785 |
|
|
|
2011-04-19 |
2011-04-20 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Unspecified vulnerability in the Oracle Help component in Oracle Database Server 11.1.0.7, 11.2.0.1, 11.2.0.2, 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, and 10.1.0.5; and Oracle Fusion Middleware 11.1.1.2.0, 11.1.1.3.0, and 11.1.1.4.0 allows remote attackers to affect integrity via unknown vectors. |
|
18 |
CVE-2010-4413 |
|
|
|
2011-01-19 |
2011-01-26 |
4.3 |
None |
Remote |
High |
Multiple systems |
Partial |
Partial |
Partial |
|
Unspecified vulnerability in the Scheduler Agent component in Oracle Database Server 11.1.0.7 and 11.2.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. |
|
19 |
CVE-2010-3590 |
|
|
|
2011-01-19 |
2011-01-26 |
4.9 |
None |
Remote |
Medium |
Single system |
Partial |
Partial |
None |
|
Unspecified vulnerability in the Oracle Spatial component in Oracle Database Server 10.2.0.4, 11.1.0.7, and 11.2.0.1 allows remote authenticated users to affect confidentiality and integrity, related to MDSYS. |
|
20 |
CVE-2010-2415 |
|
|
|
2010-10-13 |
2010-11-11 |
4.9 |
None |
Remote |
Medium |
Single system |
Partial |
Partial |
None |
|
Unspecified vulnerability in the Change Data Capture component in Oracle Database Server 10.1.0.5, 10.2.0.4, 11.1.0.7, and 11.2.0.1 allows remote authenticated users to affect confidentiality and integrity, related to DBMS_CDC_PUBLISH. |
|
21 |
CVE-2010-2411 |
|
|
|
2010-10-13 |
2010-11-11 |
4.6 |
None |
Remote |
High |
Single system |
Partial |
Partial |
Partial |
|
Unspecified vulnerability in the Job Queue component in Oracle Database Server 11.2.0.1, 11.1.0.7, 10.2.0.3, 10.2.0.4, and 10.1.0.5 allows remote authenticated users to affect confidentiality, integrity, and availability, related to SYS.DBMS_IJOB. |
|
22 |
CVE-2010-2407 |
|
|
|
2010-10-13 |
2010-11-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Unspecified vulnerability in the XDK component in Oracle Database Server 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote attackers to affect integrity via unknown vectors. |
|
23 |
CVE-2010-0892 |
|
|
|
2010-07-13 |
2012-10-22 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Unspecified vulnerability in the Application Express component in Oracle Database Server 3.2.0.00.27 allows remote attackers to affect integrity via unknown vectors. |
|
24 |
CVE-2010-0867 |
|
|
|
2010-04-13 |
2012-10-22 |
4.0 |
None |
Remote |
Low |
Single system |
None |
Partial |
None |
|
Unspecified vulnerability in the JavaVM component in Oracle Database 10.2.0.4, 11.1.0.7, and 11.2.0.1.0 allows remote authenticated users to affect integrity via unknown vectors. |
|
25 |
CVE-2010-0851 |
|
|
|
2010-04-13 |
2012-10-22 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
Unspecified vulnerability in the XML DB component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to affect confidentiality via unknown vectors. |
|
26 |
CVE-2009-3414 |
|
|
|
2010-01-12 |
2012-10-22 |
4.9 |
None |
Remote |
Medium |
Single system |
Partial |
Partial |
None |
|
Unspecified vulnerability in the Oracle Spatial component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. |
|
27 |
CVE-2009-3411 |
|
|
|
2010-01-12 |
2012-10-22 |
4.9 |
None |
Remote |
Medium |
Single system |
Partial |
Partial |
None |
|
Unspecified vulnerability in the Oracle Data Pump component in Oracle Database 11.1.0.7, 10.2.0.3, 10.2.0.4, 10.1.0.5, 9.2.0.8, and 9.2.0.8DV allows remote authenticated users to affect confidentiality and integrity via unknown vectors. |
|
28 |
CVE-2009-1996 |
|
|
|
2010-01-12 |
2012-10-22 |
4.0 |
None |
Remote |
Low |
Single system |
None |
Partial |
None |
|
Unspecified vulnerability in the Logical Standby component in Oracle Database allows remote authenticated users to affect integrity via unknown vectors. |
|
29 |
CVE-2009-1995 |
|
|
|
2009-10-22 |
2012-10-22 |
4.9 |
None |
Remote |
Medium |
Single system |
Partial |
Partial |
None |
|
Unspecified vulnerability in the Advanced Queuing component in Oracle Database 10.2.0.4 and 11.1.0.7 allows remote authenticated users to affect confidentiality and integrity, related to SYS.DBMS_AQ_INV. |
|
30 |
CVE-2009-1968 |
|
|
XSS |
2009-07-14 |
2012-10-22 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Unspecified vulnerability in the Secure Enterprise Search component in Oracle Database 10.1.8.3 allows remote attackers to affect integrity via unknown vectors. NOTE: the previous information was obtained from the July 2009 CPU. Oracle has not commented on claims from an established researcher that this is cross-site scripting (XSS) via the search_p_groups parameter in search/query/search. |
|
31 |
CVE-2009-1015 |
|
|
|
2009-07-14 |
2012-10-22 |
4.0 |
None |
Remote |
Low |
Single system |
None |
Partial |
None |
|
Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.05, and 10.2.04 allows remote authenticated users to affect integrity via unknown vectors. |
|
32 |
CVE-2009-0997 |
|
|
|
2009-04-15 |
2012-10-22 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
Unspecified vulnerability in the Database Vault component in Oracle Database 11.1.0.6 allows remote authenticated users to affect confidentiality, related to DBMS_SYS_SQL. |
|
33 |
CVE-2008-2611 |
|
|
|
2008-07-15 |
2012-10-22 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.6 has unknown impact and remote authenticated attack vectors. |
|
34 |
CVE-2008-2608 |
|
|
|
2008-07-15 |
2012-10-22 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
Unspecified vulnerability in the Data Pump component in Oracle Database 10.1.0.5 and 10.2.0.3 has unknown impact and remote authenticated attack vectors related to SYS.KUPF$FILE_INT. |
|
35 |
CVE-2008-2605 |
|
|
|
2008-07-15 |
2012-10-22 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
Unspecified vulnerability in the Authentication component in Oracle Database 11.1.0.6 has unknown impact and remote authenticated attack vectors. |
|
36 |
CVE-2008-2602 |
|
|
|
2008-07-15 |
2012-10-22 |
4.6 |
None |
Remote |
High |
Single system |
Partial |
Partial |
Partial |
|
Unspecified vulnerability in the Data Pump component in Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.6 has unknown impact and remote authenticated attack vectors related to the IMP_FULL_DATABASE role. |
|
37 |
CVE-2007-4822 |
352 |
|
CSRF |
2007-09-11 |
2011-04-25 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site request forgery (CSRF) vulnerability in the device management interface in Buffalo AirStation WHR-G54S 1.20 allows remote attackers to make configuration changes as an administrator via HTTP requests to certain HTML pages in the res parameter with an inp req parameter to cgi-bin/cgi, as demonstrated by accessing (1) ap.html and (2) filter_ip.html. |
|
38 |
CVE-2007-2110 |
|
|
Exec Code |
2007-04-18 |
2012-10-22 |
4.4 |
User |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Unspecified vulnerability in the Core RDBMS component for Oracle Database 9.0.1.5 and 10.1.0.4 on Windows systems has unknown impact and attack vectors, aka DB03. NOTE: as of 20070424, Oracle has not disputed reliable claims that DB03 occurs because RDBMS uses a NULL Discretionary Access Control List (DACL) for the Oracle process and certain shared memory sections, which allows local users to inject threads and execute arbitrary code via the OpenProcess, OpenThread, and SetThreadContext functions (DB03). |
|
39 |
CVE-2007-0273 |
|
|
XSS |
2007-01-16 |
2012-10-22 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Unspecified vulnerability in Oracle Database 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.3 has unknown impact and attack vectors related to XMLDB, aka DB06. NOTE: as of 20070123, Oracle has not disputed claims by a reliable researcher that DB06 is for multiple cross-site scripting (XSS) vulnerabilities. |
|
40 |
CVE-2006-2081 |
|
|
Sql |
2006-04-27 |
2008-09-05 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Oracle Database Server 10g Release 2 allows local users to execute arbitrary SQL queries via the GET_DOMAIN_INDEX_METADATA function in the DBMS_EXPORT_EXTENSION package. NOTE: this issue was originally linked to DB05 (CVE-2006-1870), but a reliable third party has claimed that it is not the same issue. Based on details of the problem, the primary issue appears to be insecure privileges that facilitate the introduction of SQL in a way that is not releated to special characters, so this is not "SQL injection" per se. |
|
41 |
CVE-2001-0942 |
|
|
|
2001-11-29 |
2008-09-10 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
dbsnmp in Oracle 8.1.6 and 8.1.7 uses the ORACLE_HOME environment variable to find and execute the dbsnmp program, which allows local users to execute arbitrary programs by pointing the ORACLE_HOME to an alternate directory that contains a malicious version of dbsnmp. |
|
42 |
CVE-2001-0941 |
|
|
Exec Code Overflow |
2001-11-30 |
2008-09-10 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in dbsnmp in Oracle 8.0.6 through 9.0.1 allows local users to execute arbitrary code via a long ORACLE_HOME environment variable. |
|
43 |
CVE-2001-0831 |
|
|
|
2001-12-06 |
2008-09-05 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Unknown vulnerability in Oracle Label Security in Oracle 8.1.7 and 9.0.1, when audit functionality, SET_LABEL, or SQL*Predicate is being used, allows local users to gain additional access. |
|
44 |
CVE-1999-0888 |
|
|
+Priv |
1999-08-16 |
2008-09-09 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
dbsnmp in Oracle Intelligent Agent allows local users to gain privileges by setting the ORACLE_HOME environmental variable, which dbsnmp uses to find the nmiconf.tcl script. |
