Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:oracle:database_server:10.2.0.3:r2:*:*:*:*:*:*
There are 100 matching records.
Displaying matches 81 through 100.
Vuln ID Summary CVSS Severity
CVE-2008-0349

Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.15 and 8.49.07 has unknown impact and remote attack vectors, aka PSE02.

Published: January 17, 2008; 6:00:00 PM -0500
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2007-5505

Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 have unknown impact and remote attack vectors, related to (1) the Export component (DB02), (2) Oracle Text (DB04), (3) Oracle Text (DB05), (4) Spatial component (DB07), and (5) Advanced Security Option (DB19).

Published: October 17, 2007; 7:17:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2007-5506

The Core RDBMS component in Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote attackers to cause a denial of service (CPU consumption) via a crafted type 6 Data packet, aka DB20.

Published: October 17, 2007; 7:17:00 PM -0400
V3.x:(not available)
V2.0: 7.8 HIGH
CVE-2007-5507

The GIOP service in TNS Listener in the Oracle Net Services component in Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote attackers to cause a denial of service (crash) or read potentially sensitive memory via a connect GIOP packet with an invalid data size, which triggers a buffer over-read, aka DB22.

Published: October 17, 2007; 7:17:00 PM -0400
V3.x:(not available)
V2.0: 6.4 MEDIUM
CVE-2007-5508

Multiple SQL injection vulnerabilities in the CTXSYS Intermedia application for the Oracle Text component (CTX_DOC) in Oracle Database 10.1.0.5 and 10.2.0.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) THEMES, (2) GIST, (3) TOKENS, (4) FILTER, (5) HIGHLIGHT, and (6) MARKUP procedures, aka DB03. NOTE: remote unauthenticated attack vectors exist when CTXSYS is used with oracle Application Server.

Published: October 17, 2007; 7:17:00 PM -0400
V3.x:(not available)
V2.0: 6.5 MEDIUM
CVE-2007-5512

Unspecified vulnerability in the Oracle Database Vault component in Oracle Database 9.2.0.8DV and 10.2.0.3 has unknown impact and remote attack vectors, aka DB21.

Published: October 17, 2007; 7:17:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2007-5514

Multiple unspecified vulnerabilities in Oracle Database 10.2.0.3 have unknown impact and attack vectors related to (1) Database Vault component (DB24) and (2) SQL Execution component (DB26).

Published: October 17, 2007; 7:17:00 PM -0400
V3.x:(not available)
V2.0: 6.5 MEDIUM
CVE-2007-5515

Unspecified vulnerability in the Spatial component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.2, and 10.2.0.3 has unknown impact and remote attack vectors, aka DB27.

Published: October 17, 2007; 7:17:00 PM -0400
V3.x:(not available)
V2.0: 6.5 MEDIUM
CVE-2007-5530

Unspecified vulnerability in the Database Control component in Oracle Database 10.1.0.5 and 10.2.0.3, and Enterprise Manager, has unknown impact and remote attack vectors, aka EM01.

Published: October 17, 2007; 7:17:00 PM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2007-5531

Unspecified vulnerability in Oracle Help for Web, as used in Oracle Application Server, Oracle Database 10.2.0.3, and Enterprise Manager 10.1.0.6, has unknown impact and remote attack vectors, aka EM02.

Published: October 17, 2007; 7:17:00 PM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2007-3853

Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and 10.2.0.3 allow remote authenticated users to have unknown impact via (1) DBMS_JAVA_TEST in the JavaVM component (DB01), (2) Oracle Text component (DB09), and (3) MDSYS.SDO_GEOR_INT in the Spatial component (DB15). NOTE: a reliable researcher claims that DB01 is SQL injection in DBMS_PRVTAQIS.

Published: July 18, 2007; 3:30:00 PM -0400
V3.x:(not available)
V2.0: 6.5 MEDIUM
CVE-2007-3854

Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.5 allow remote authenticated users to have unknown impact via (1) SYS.DBMS_PRVTAQIS in the Advanced Queuing component (DB02) and (2) MDSYS.MD in the Spatial component (DB12). NOTE: Oracle has not disputed reliable researcher claims that DB02 is for SQL injection and DB12 is for a buffer overflow.

Published: July 18, 2007; 3:30:00 PM -0400
V3.x:(not available)
V2.0: 5.5 MEDIUM
CVE-2007-3855

Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to have an unknown impact via (1) SYS.DBMS_DRS in the DataGuard component (DB03), (2) SYS.DBMS_STANDARD in the PL/SQL component (DB10), (3) MDSYS.RTREE_IDX in the Spatial component (DB16), and (4) SQL Compiler (DB17). NOTE: a reliable researcher claims that DB17 is for using Views to perform unauthorized insert, update, or delete actions.

Published: July 18, 2007; 3:30:00 PM -0400
V3.x:(not available)
V2.0: 6.5 MEDIUM
CVE-2007-3856

Unspecified vulnerability in the Oracle Data Mining component for Oracle Database 10g Release 2 10.2.0.2 and 10.2.0.3, 10g 10.1.0.5, and Oracle9i Database Release 2 9.2.0.7, 9.2.0.8, and 9.2.0.8DV has unknown impact and remote authenticated attack vectors related to DMSYS.DMP_SYS, aka DB04.

Published: July 18, 2007; 3:30:00 PM -0400
V3.x:(not available)
V2.0: 6.5 MEDIUM
CVE-2007-3858

Multiple unspecified vulnerabilities in Oracle Database 10.2.0.3 allow remote authenticated users to have an unknown impact via (1) EXFSYS.DBMS_RLMGR_UTL in Rules Manager (DB11) and (2) Program Interface (DB13).

Published: July 18, 2007; 3:30:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2007-2109

Multiple unspecified vulnerabilities in Oracle Database 10.2.0.3 have unknown impact and remote authenticated attack vectors related to (1) Rules Manager and Expression Filter components (DB02) and (2) Oracle Streams (DB06). Note: as of 20070424, Oracle has not disputed reliable claims that DB02 is for a race condition in the RLMGR_TRUNCATE_MAINT trigger in the Rules Manager and Expression Filter components changing the AUTHID of a package from DEFINER to CURRENT_USER after a TRUNCATE call, and DB06 is for SQL injection in the DBMS_APPLY_USER_AGENT.SET_REGISTRATION_HANDLER procedure, which is later passed to the DBMS_APPLY_ADM_INTERNAL.ALTER_APPLY procedure, aka "Oracle Streams".

Published: April 18, 2007; 2:19:00 PM -0400
V3.x:(not available)
V2.0: 6.0 MEDIUM
CVE-2007-2112

Unspecified vulnerability in the Authentication component for Oracle Database 10.1.0.5 and 10.2.0.3 has unknown impact and attack vectors, aka DB05. NOTE: as of 20070424, Oracle has not disputed reliable claims that this issue allows remote authenticated users to bypass the AUTH_ALTER_SESSION security policies via a logon trigger ("AFTER LOGON ON DATABASE" trigger directive), a related issue to CVE-2006-0547.

Published: April 18, 2007; 2:19:00 PM -0400
V3.x:(not available)
V2.0: 6.0 MEDIUM
CVE-2007-0269

Unspecified vulnerability in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3 has unknown impact and attack vectors related to the Change Data Capture and sys.dbms_cdc_subscribe privileges, aka DB02.

Published: January 16, 2007; 9:28:00 PM -0500
V3.x:(not available)
V2.0: 5.5 MEDIUM
CVE-2007-0273

Unspecified vulnerability in Oracle Database 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.3 has unknown impact and attack vectors related to XMLDB, aka DB06. NOTE: as of 20070123, Oracle has not disputed claims by a reliable researcher that DB06 is for multiple cross-site scripting (XSS) vulnerabilities.

Published: January 16, 2007; 9:28:00 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2007-0275

Cross-site scripting (XSS) vulnerability in Oracle Reports Web Cartridge (RWCGI60) in the Workflow Cartridge component, as used in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3; Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2; Collaboration Suite 10.1.2; and Oracle E-Business Suite and Applications 11.5.10CU2; allows remote authenticated users to inject arbitrary HTML or web script via the genuser parameter to rwcgi60, aka OWF01.

Published: January 16, 2007; 9:28:00 PM -0500
V3.x:(not available)
V2.0: 3.5 LOW