Oracle : Security Vulnerabilities, CVEs, (Denial of service)
Denial of service in Oracle TNSLSNR SQL*Net Listener via a malformed string to the listener port, aka NERP.
Max CVSS
5.0
EPSS Score
0.25%
Published
2001-03-12
Updated
2008-09-05
Oracle Webserver 2.1, when serving PL/SQL stored procedures, allows remote attackers to cause a denial of service via a long HTTP GET request.
Max CVSS
5.0
EPSS Score
0.22%
Published
1997-07-23
Updated
2016-10-18
Oracle Web Listener for AIX versions 4.0.7.0.0 and 4.0.8.1.0 allows remote attackers to cause a denial of service via a malformed URL.
Max CVSS
5.0
EPSS Score
0.24%
Published
2000-07-05
Updated
2008-09-10
Transparent Network Substrate (TNS) over Net8 (SQLNet) in Oracle 8i 8.1.7 and earlier allows remote attackers to cause a denial of service via a malformed SQLNet connection request with a large offset in the header extension.
Max CVSS
5.0
EPSS Score
0.22%
Published
2001-07-21
Updated
2008-09-10
Oracle listener process on Windows NT redirects connection requests to another port and creates a separate thread to process the request, which allows remote attackers to cause a denial of service by repeatedly connecting to the Oracle listener but not connecting to the redirected port.
Max CVSS
5.0
EPSS Score
2.76%
Published
2001-07-21
Updated
2017-10-10
Oracle Listener in Oracle 7.3 and 8i allows remote attackers to cause a denial of service via a malformed connection packet with a large offset_to_data value.
Max CVSS
5.0
EPSS Score
0.27%
Published
2001-07-21
Updated
2008-09-10
Oracle listener between Oracle 9i and Oracle 8.0 allows remote attackers to cause a denial of service via a malformed connection packet that contains an incorrect requester_version value that does not match an expected offset to the data.
Max CVSS
5.0
EPSS Score
0.27%
Published
2001-07-21
Updated
2008-09-10
Oracle listener in Oracle 8i on Solaris allows remote attackers to cause a denial of service via a malformed connection packet with a maximum transport data size that is set to 0.
Max CVSS
5.0
EPSS Score
2.06%
Published
2001-07-21
Updated
2017-10-10
Oracle listener before Oracle 9i allows attackers to cause a denial of service by repeatedly sending the first portion of a fragmented Oracle command without sending the remainder of the command, which causes the listener to hang.
Max CVSS
5.0
EPSS Score
0.54%
Published
2001-07-21
Updated
2017-10-10
Buffer overflow in MySQL before 3.23.31 allows attackers to cause a denial of service and possibly gain privileges.
Max CVSS
7.5
EPSS Score
0.91%
Published
2001-01-23
Updated
2019-10-07
Oracle Internet Directory Server 2.1.1.x and 3.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via invalid encodings of BER OBJECT-IDENTIFIER values, as demonstrated by the PROTOS LDAPv3 test suite.
Max CVSS
7.5
EPSS Score
0.71%
Published
2001-07-16
Updated
2008-09-05
Oracle9iAS Web Cache 2.0.0.x allows remote attackers to cause a denial of service via (1) a request to TCP ports 1100, 4000, 4001, and 4002 with a large number of null characters, and (2) a request to TCP port 4000 with a large number of "." characters.
Max CVSS
5.0
EPSS Score
2.06%
Published
2002-03-25
Updated
2017-12-19
The administration module for Oracle Web Cache in Oracle9iAS (9i Application Suite) 9.0.2 allows remote attackers to cause a denial of service (crash) via (1) an HTTP GET request containing a ".." (dot dot) sequence, or (2) a malformed HTTP GET request with a chunked Transfer-Encoding with missing data.
Max CVSS
5.0
EPSS Score
90.22%
Published
2002-11-04
Updated
2008-09-10
Transparent Network Substrate (TNS) Listener in Oracle 9i 9.0.1.1 allows remote attackers to cause a denial of service (CPU consumption) via a single malformed TCP packet to port 1521.
Max CVSS
5.0
EPSS Score
2.61%
Published
2002-08-12
Updated
2008-09-05
Buffer overflows in PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allow remote attackers to cause a denial of service or execute arbitrary code via (1) a long help page request without a dadname, which overflows the resulting HTTP Location header, (2) a long HTTP request to the plsql module, (3) a long password in the HTTP Authorization, (4) a long Access Descriptor (DAD) password in the addadd form, or (5) a long cache directory name.
Max CVSS
7.5
EPSS Score
3.17%
Published
2002-07-03
Updated
2017-12-19
PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to cause a denial of service (crash) via an HTTP Authorization header without an authentication type.
Max CVSS
5.0
EPSS Score
1.39%
Published
2002-07-03
Updated
2018-05-03
OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, does not properly handle ASCII representations of integers on 64 bit platforms, which could allow attackers to cause a denial of service and possibly execute arbitrary code.
Max CVSS
7.5
EPSS Score
1.87%
Published
2002-08-12
Updated
2008-09-10
The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allows remote attackers to cause a denial of service via invalid encodings.
Max CVSS
5.0
EPSS Score
6.61%
Published
2002-08-12
Updated
2008-09-10
Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
Max CVSS
7.5
EPSS Score
0.51%
Published
2002-10-11
Updated
2021-06-06
SQL*NET listener for Oracle Net Oracle9i 9.0.x and 9.2 allows remote attackers to cause a denial of service (crash) via certain debug requests that are not properly handled by the debugging feature.
Max CVSS
5.0
EPSS Score
0.52%
Published
2002-09-05
Updated
2008-09-10
TNS Listener in Oracle Net Services for Oracle 9i 9.2.x and 9.0.x, and Oracle 8i 8.1.x, allows remote attackers to cause a denial of service (hang or crash) via a SERVICE_CURLOAD command.
Max CVSS
5.0
EPSS Score
10.70%
Published
2002-10-28
Updated
2008-09-11
Signed integer vulnerability in the COM_TABLE_DUMP package for MySQL 3.23.x before 3.23.54 allows remote attackers to cause a denial of service (crash or hang) in mysqld by causing large negative integers to be provided to a memcpy call.
Max CVSS
5.0
EPSS Score
4.04%
Published
2002-12-23
Updated
2019-10-07
libmysqlclient client library in MySQL 3.x to 3.23.54, and 4.x to 4.0.6, does not properly verify length fields for certain responses in the (1) read_rows or (2) read_one_row routines, which allows remote attackers to cause a denial of service and possibly execute arbitrary code.
Max CVSS
7.5
EPSS Score
1.14%
Published
2002-12-23
Updated
2019-10-07
Double-free vulnerability in mysqld for MySQL before 3.23.55 allows attackers with MySQL access to cause a denial of service (crash) via mysql_change_user.
Max CVSS
5.0
EPSS Score
1.55%
Published
2003-02-19
Updated
2019-10-07
CVE-2003-0727
Public exploit
Multiple buffer overflows in the XML Database (XDB) functionality for Oracle 9i Database Release 2 allow local users to cause a denial of service or hijack user sessions.
Max CVSS
2.1
EPSS Score
93.21%
Published
2003-10-20
Updated
2017-09-28