Product:

Database_server

(Oracle)
Date Id Summary Products Score Patch Annotated
2004-08-04 CVE-2004-1363 Buffer overflow in extproc in Oracle 10g allows remote attackers to execute arbitrary code via environment variables in the library name, which are expanded after the length check is performed. Application_server, Collaboration_suite, Database_server, E\-Business_suite, Enterprise_manager, Enterprise_manager_database_control, Enterprise_manager_grid_control 9.8
2023-10-17 CVE-2023-22074 Vulnerability in the Oracle Database Sharding component of Oracle Database Server. Supported versions that are affected are 19.3-19.20 and 21.3-21.11. Easily exploitable vulnerability allows high privileged attacker having Create Session, Select Any Dictionary privilege with network access via Oracle Net to compromise Oracle Database Sharding. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in... Database_server 2.4
2002-10-11 CVE-2002-0840 Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157. Http_server, Application_server, Database_server, Oracle8i, Oracle9i N/A
2002-10-11 CVE-2002-0843 Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response. Http_server, Application_server, Database_server, Oracle8i N/A
2006-07-21 CVE-2006-3698 Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB01 for Change Data Capture (CDC) component and (2) DB03 for Data Pump Metadata API. NOTE: as of 20060719, Oracle has not disputed a claim by a reliable researcher that DB01 is related to multiple SQL injection vulnerabilities in SYS.DBMS_CDC_IMPDP using the (a) IMPORT_CHANGE_SET, (b) IMPORT_CHANGE_TABLE, (c) IMPORT_CHANGE_COLUMN, (d) IMPORT_SUBSCRIBER, (e)... Database_server N/A
2017-05-23 CVE-2016-9840 inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. Iphone_os, Mac_os_x, Tvos, Watchos, Ubuntu_linux, Debian_linux, Node\.js, Leap, Opensuse, Database_server, Jdk, Jre, Mysql, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_workstation, Satellite, Zlib 8.8
2017-05-23 CVE-2016-9841 inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. Iphone_os, Mac_os_x, Tvos, Watchos, Ubuntu_linux, Debian_linux, Active_iq_unified_manager, Cloud_backup, E\-Series_santricity_management, E\-Series_santricity_os_controller, E\-Series_santricity_storage_manager, E\-Series_santricity_web_services, Hci_storage_node, Oncommand_balance, Oncommand_insight, Oncommand_performance_manager, Oncommand_shift, Oncommand_unified_manager, Oncommand_workflow_automation, Snapmanager, Solidfire, Steelstore_cloud_integrated_storage, Storage_replication_adapter_for_clustered_data_ontap, Symantec_netbackup, Vasa_provider_for_clustered_data_ontap, Virtual_storage_console, Node\.js, Leap, Opensuse, Database_server, Jdk, Jre, Mysql, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_workstation, Satellite, Zlib 9.8
2017-05-23 CVE-2016-9842 The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers. Iphone_os, Mac_os_x, Tvos, Watchos, Ubuntu_linux, Debian_linux, Zlib, Node\.js, Leap, Opensuse, Database_server, Jdk, Jre, Mysql, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_workstation, Satellite 8.8
2017-05-23 CVE-2016-9843 The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation. Iphone_os, Mac_os_x, Tvos, Watchos, Ubuntu_linux, Debian_linux, Mariadb, Active_iq_unified_manager, Oncommand_insight, Oncommand_workflow_automation, Snapcenter, Node\.js, Leap, Opensuse, Database_server, Jdk, Jre, Mysql, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_workstation, Satellite, Zlib 9.8
2018-02-06 CVE-2017-15095 A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously. Debian_linux, Jackson\-Databind, Oncommand_balance, Oncommand_performance_manager, Oncommand_shift, Snapcenter, Banking_platform, Clusterware, Communications_billing_and_revenue_management, Communications_diameter_signaling_router, Communications_instant_messaging_server, Database_server, Enterprise_manager_for_virtualization, Financial_services_analytical_applications_infrastructure, Global_lifecycle_management_opatchauto, Identity_manager, Jd_edwards_enterpriseone_tools, Primavera_unifier, Utilities_advanced_spatial_and_operational_analytics, Webcenter_portal, Jboss_enterprise_application_platform, Openshift_container_platform, Satellite, Satellite_capsule 9.8