Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Database_server
(Oracle)| Repositories |
• https://github.com/madler/zlib
• https://github.com/FasterXML/jackson-databind |
| #Vulnerabilities | 509 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2005-11-02 | CVE-2005-3439 | Multiple unspecified vulnerabilities in Oracle Database Server 10g up to 10.1.0.4.2 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB02, (2) DB03, and (3) DB05 in Change Data Capture; (4) DB07 in Data Pump Export; and (5) DB18, (6) DB19, (7) DB20, (8) DB21, (9) DB22, (10) DB23, (11) DB24, and (12) DB25 in the Spatial component. | Database_server | N/A | ||
| 2005-11-02 | CVE-2005-3438 | Multiple unspecified vulnerabilities in Oracle Database Server 9i up to 10.1.0.4.2 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB04 in Change Data Capture; (2) DB06 in Data Guard Logical Standby; (3) DB10 in Locale; (4) DB12 in Materialized Views; (5) DB13 in Objects Extension; (6) DB15 in Oracle Label Security; (7) DB27 in Security, possibly due to a buffer overflow in sys.pbsde.init; and (8) DB28 and (9) DB29 in Workspace Manager. | Database_server | N/A | ||
| 2005-11-02 | CVE-2005-3437 | Unspecified vulnerability in the PL/SQL component in Oracle Database Server 9i up to 10.1.0.4 has unknown impact and attack vectors, aka Oracle Vuln# DB01. | Database_server | N/A | ||
| 2005-10-14 | CVE-2005-3206 | iSQL*Plus (isqlplus) for Oracle9i Database Server Release 2 9.0.2.4 allows remote attackers to cause a denial of service (TNS listener stop) via an HTTP request with an sid parameter that contains a STOP command. | Database_server | N/A | ||
| 2005-10-14 | CVE-2005-3205 | Cross-site scripting (XSS) vulnerability in iSQL*Plus (iSQLPlus) in Oracle9i Database Server Release 2 9.0.2.4 allows remote attackers to inject arbitrary web script or HTML via script in the "set markup HTML TABLE" command, which is executed when the user selects a table. | Database_server | N/A | ||
| 2005-05-02 | CVE-2005-1197 | SQL injection vulnerability in the SYS.DBMS_CDC_IPUBLISH.CREATE_SCN_CHANGE_SET procedure in Oracle Database Server 10g allows remote attackers to execute arbitrary SQL commands via the CHANGE_SET_NAME parameter. | Database_server | N/A | ||
| 2005-03-07 | CVE-2005-0701 | Directory traversal vulnerability in Oracle Database Server 8i and 9i allows remote attackers to read or rename arbitrary files via "\\.\\.." (modified dot dot backslash) sequences to UTL_FILE functions such as (1) UTL_FILE.FOPEN or (2) UTL_FILE.frename. | Database_server | N/A | ||
| 2005-05-02 | CVE-2005-0298 | The DIRECTORY objects in Oracle 8i through Oracle 10g contain the location of a specific operating system directory, which allows users with read privileges to a DIRECTORY object to obtain sensitive information. | Database_server | N/A | ||
| 2005-01-18 | CVE-2005-0297 | SQL injection vulnerability in Oracle Database 9i and 10g allows remote attackers to execute arbitrary SQL commands and gain privileges. | Database_server | N/A | ||
| 2004-12-31 | CVE-2004-2345 | Unknown multiple vulnerabilities in Oracle9i Database Server 9.0.1.4, 9.0.1.5, 9.2.0.3, and 9.2.0.4 allow local users with the ability to invoke SQL to cause a denial of service or obtain sensitive information. | Database_server | N/A |