CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Oracle » Database 10g » 10.1.0.5 * * * : Security Vulnerabilities

Cpe Name:cpe:2.3:a:oracle:database_10g:10.1.0.5:*:*:*:*:*:*:*
CVSS Scores Greater Than: 0   1   2   3   4   5   6   7   8   9  
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2009-0992 Sql 2009-04-15 2018-10-10
5.5
 None Remote Low ??? Partial Partial None
Unspecified vulnerability in the Advanced Queuing component in Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote authenticated users to affect confidentiality and integrity, related to DBMS_AQIN. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is SQL injection in the DEQ_EXEJOB procedure.
2 CVE-2009-0991 2009-04-15 2017-08-17
5.0
 None Remote Low Not required None None Partial
Unspecified vulnerability in the Listener component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote attackers to affect availability via unknown vectors, a different vulnerability than CVE-2009-1970.
3 CVE-2009-0985 2009-04-15 2012-10-23
7.1
 None Remote High ??? Complete Complete Complete
Unspecified vulnerability in the Core RDBMS component in Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.6 allows remote authenticated users with the IMP_FULL_DATABASE role to affect confidentiality, integrity, and availability.
4 CVE-2009-0977 Sql 2009-04-15 2018-10-10
5.5
 None Remote Low ??? Partial Partial None
Unspecified vulnerability in the Advanced Queuing component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to affect confidentiality and integrity, related to DBMS_AQIN. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is SQL injection in the GRANT_TYPE_ACCESS procedure in the DBMS_AQADM_SYS package.
5 CVE-2009-0973 2009-04-15 2012-10-23
5.0
 None Remote Low Not required None None Partial
Unspecified vulnerability in the Cluster Ready Services component in Oracle Database 10.1.0.5 allows remote attackers to affect availability via unknown vectors.
6 CVE-2008-5437 2009-01-14 2012-10-23
5.5
 None Remote Low ??? Partial Partial None
Unspecified vulnerability in the Job Queue component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to DBMS_IJOB.
7 CVE-2008-5436 2009-01-14 2012-10-23
5.5
 None Remote Low ??? None Partial Partial
Unspecified vulnerability in the Oracle OLAP component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.4 allows remote authenticated users to affect integrity and availability via unknown vectors.
8 CVE-2008-4015 2009-01-14 2012-10-23
5.5
 None Remote Low ??? Partial Partial None
Unspecified vulnerability in the Oracle Streams component in Oracle Database 10.1.0.5 allows remote authenticated users to affect confidentiality and integrity, related to SYS.DBMS_STREAMS_AUTH.
9 CVE-2008-3999 2009-01-14 2012-10-23
4.0
 None Remote Low ??? None None Partial
Unspecified vulnerability in the Oracle OLAP component in Oracle Database 9.2.0.8, 9.2.0.8DV, and 10.1.0.5 allows remote authenticated users to affect availability, related to SYS.OLAPIMPL_T.
10 CVE-2008-3997 2009-01-14 2012-10-23
4.0
 None Remote Low ??? None None Partial
Unspecified vulnerability in the Oracle OLAP component in Oracle Database 10.1.0.5 and 10.2.0.3 allows remote authenticated users to affect availability, related to SYS.DBMS_XSOQ_ODBO.
11 CVE-2008-3996 2008-10-14 2017-08-08
5.5
 None Remote Low ??? Partial Partial None
Unspecified vulnerability in the Change Data Capture component in Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to SYS.DBMS_CDC_IPUBLISH.
12 CVE-2008-3995 2008-10-14 2017-08-08
5.5
 None Remote Low ??? Partial Partial None
Unspecified vulnerability in the Change Data Capture component in Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to DBMS_CDC_PUBLISH.
13 CVE-2008-3994 2008-10-14 2017-08-08
5.5
 None Remote Low ??? Partial Partial None
Unspecified vulnerability in the Workspace Manager component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to WMSYS.LTADM.
14 CVE-2008-3991 2008-10-14 2017-08-08
4.0
 None Remote Low ??? None None Partial
Unspecified vulnerability in the Oracle OLAP component in Oracle Database 9.2.08, 9.2.0.8DV, and 10.1.0.5 allows remote authenticated users to affect availability, related to OLAPSYS.CWM2_OLAP_AW_AWUTIL, a different vulnerability than CVE-2008-3990.
15 CVE-2008-3990 2008-10-14 2017-08-08
4.0
 None Remote Low ??? None None Partial
Unspecified vulnerability in the Oracle OLAP component in Oracle Database 9.2.08, 9.2.0.8DV, and 10.1.0.5 allows remote authenticated users to affect availability, related to OLAPSYS.CWM2_OLAP_AW_AWUTIL, a different vulnerability than CVE-2008-3991.
16 CVE-2008-3984 2008-10-14 2017-08-08
5.5
 None Remote Low ??? Partial Partial None
Unspecified vulnerability in the Workspace Manager component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to SYS.LT and WMSYS.LT, a different vulnerability than CVE-2008-3982 and CVE-2008-3983.
17 CVE-2008-3983 2008-10-14 2017-08-08
5.5
 None Remote Low ??? Partial Partial None
Unspecified vulnerability in the Workspace Manager component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to SYS.LT and WMSYS.LT, a different vulnerability than CVE-2008-3982 and CVE-2008-3984.
18 CVE-2008-3982 2008-10-14 2017-08-08
5.5
 None Remote Low ??? Partial Partial None
Unspecified vulnerability in the Workspace Manager component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to SYS.LT and WMSYS.LT, a different vulnerability than CVE-2008-3983 and CVE-2008-3984.
19 CVE-2008-3980 2008-10-14 2017-08-08
4.9
 None Remote Medium ??? Partial Partial None
Unspecified vulnerability in the Upgrade component in Oracle Database 10.1.0.5 and 10.2.0.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
20 CVE-2008-3979 +Priv Sql 2009-01-14 2018-10-11
5.5
 None Remote Low ??? Partial Partial None
Unspecified vulnerability in the Oracle Spatial component in Oracle Database 10.1.0.5 and 10.2.0.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. NOTE: the previous information was obtained from the January 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is a SQL injection vulnerability that allows remote authenticated users to gain MDSYS privileges via the MDSYS.SDO_TOPO_DROP_FTBL trigger.
21 CVE-2008-3978 2009-01-14 2012-10-23
5.5
 None Remote Low ??? Partial Partial None
Unspecified vulnerability in the Oracle Spatial component in Oracle Database 10.1.0.5 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
22 CVE-2008-3976 2008-10-14 2017-08-08
5.5
 None Remote Low ??? Partial Partial None
Unspecified vulnerability in the Oracle Spatial component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2009-3413 and CVE-2009-3414.
23 CVE-2008-3973 2009-01-14 2012-10-23
1.7
 None Local Low ??? Partial None None
Unspecified vulnerability in the SQL*Plus Windows GUI component in Oracle Database allows local users to affect confidentiality via unknown vectors.
24 CVE-2008-2625 Bypass 2008-10-14 2018-10-11
4.0
 None Remote High Not required Partial Partial None
Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.2 allows remote attackers to affect confidentiality and integrity via unknown vectors. NOTE: the previous information was obtained from the Oracle October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue involves an authentication bypass by establishing a TNS connection and impersonating a user session via a crafted authentication message during proxy authentication mode.
25 CVE-2008-2624 2008-10-14 2017-08-08
6.5
 None Remote Low ??? Partial Partial Partial
Unspecified vulnerability in the Oracle OLAP component in Oracle Database 10.1.0.5 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.
26 CVE-2008-1820 Overflow 2008-04-16 2018-10-11
4.0
 None Remote Low ??? None None Partial
Unspecified vulnerability in the Data Pump component in Oracle Database 9.2.0.8, 10.1.0.5, 10.2.0.3, and 11.1.0.6 has unknown impact and remote attack vectors related to KUPF$FILE_INT, aka DB11. NOTE: the previous information was obtained from the April 2008 CPU. Oracle has not commented on reliable researcher claims that DB11 is for a buffer overflow in the SYS.KUPF$FILE_INT.GET_FULL_FILENAME procedure.
27 CVE-2008-1815 Sql 2008-04-16 2018-10-11
5.5
 None Remote Low ??? Partial Partial None
Unspecified vulnerability in the Change Data Capture component in Oracle Database 10.1.0.5, 10.2.0.3, and 11.1.0.6 has unknown impact and remote authenticated attack vectors related to DBMS_CDC_UTILITY, aka DB02. NOTE: the previous information was obtained from the April 2008 CPU. Oracle has not commented on reliable researcher claims that DB02 is for SQL injection in LOCK_CHANGE_SET.
Total number of vulnerabilities : 27   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.