CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Oracle : Security Vulnerabilities (CVSS score between 4 and 4.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
2301 CVE-2010-0876 2010-04-13 2012-10-23
4.3
None Remote Medium Not required None Partial None
Unspecified vulnerability in the Life Sciences - Oracle Clinical Remote Data Capture Option component in Oracle Industry Product Suite 4.5.3 and 4.6 allows remote attackers to affect integrity, related to RDC Onsite.
2302 CVE-2010-0875 2010-04-13 2012-10-23
4.3
None Remote Medium Not required None Partial None
Unspecified vulnerability in the Life Sciences - Oracle Thesaurus Management System component in Oracle Industry Product Suite 4.5.2, 4.6, and 4.6.1 allows remote attackers to affect integrity, related to TMS Browser.
2303 CVE-2010-0874 2010-04-13 2012-10-23
4.3
None Remote Medium Not required None Partial None
Unspecified vulnerability in the Communications - Oracle Communications Unified Inventory Management component in Oracle Industry Product Suite 7.1 allows remote attackers to affect integrity via unknown vectors.
2304 CVE-2010-0871 2010-04-13 2012-10-23
4.3
None Remote Medium Not required None Partial None
Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.2 allows remote attackers to affect integrity via unknown vectors.
2305 CVE-2010-0869 2010-04-13 2012-10-23
4.3
None Remote Medium Not required Partial None None
Unspecified vulnerability in the Oracle Transportation Management component in Oracle E-Business Suite 5.5.05.07, 5.5.06.00, and 6.0.03 allows remote attackers to affect confidentiality via unknown vectors.
2306 CVE-2010-0867 2010-04-13 2012-10-23
4.0
None Remote Low ??? None Partial None
Unspecified vulnerability in the JavaVM component in Oracle Database 10.2.0.4, 11.1.0.7, and 11.2.0.1.0 allows remote authenticated users to affect integrity via unknown vectors.
2307 CVE-2010-0865 2010-04-13 2012-10-23
4.3
None Remote Medium Not required Partial None None
Unspecified vulnerability in the Oracle Agile Engineering Data Management component in Oracle E-Business Suite 6.1.1.0 allows remote attackers to affect confidentiality via unknown vectors.
2308 CVE-2010-0864 2010-04-13 2017-08-17
4.3
None Remote Medium Not required None Partial None
Unspecified vulnerability in the Retail - Oracle Retail Place In-Season component in Oracle Industry Product Suite 12.2 allows remote attackers to affect integrity via unknown vectors related to Online Help.
2309 CVE-2010-0863 2010-04-13 2017-08-17
4.3
None Remote Medium Not required None Partial None
Unspecified vulnerability in the Retail - Oracle Retail Plan In-Season component in Oracle Industry Product Suite 12.2 allows remote attackers to affect integrity via unknown vectors related to Online Help.
2310 CVE-2010-0862 2010-04-13 2017-08-17
4.3
None Remote Medium Not required None Partial None
Unspecified vulnerability in the Retail - Oracle Retail Markdown Optimization component in Oracle Industry Product Suite 13.1 allows remote attackers to affect integrity via unknown vectors related to Online Help.
2311 CVE-2010-0855 2010-04-13 2016-11-19
4.3
None Remote Medium Not required None Partial None
Unspecified vulnerability in the Portal component in Oracle Fusion Middleware 10.1.2.3 allows remote attackers to affect integrity via unknown vectors, a different vulnerability than CVE-2010-0086.
2312 CVE-2010-0851 2010-04-13 2012-10-23
4.0
None Remote Low ??? Partial None None
Unspecified vulnerability in the XML DB component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to affect confidentiality via unknown vectors.
2313 CVE-2010-0835 2010-07-13 2012-10-23
4.3
None Remote Medium Not required None Partial None
Unspecified vulnerability in the Wireless component in Oracle Fusion Middleware 10.1.2.3 allows remote attackers to affect integrity via unknown vectors.
2314 CVE-2010-0086 2010-04-13 2016-11-19
4.3
None Remote Medium Not required None Partial None
Unspecified vulnerability in the Portal component in Oracle Fusion Middleware 10.1.2.3 allows remote attackers to affect integrity via unknown vectors, a different vulnerability than CVE-2010-0855.
2315 CVE-2010-0080 2010-01-13 2012-10-23
4.9
None Remote Medium ??? Partial Partial None
Unspecified vulnerability in the PeopleSoft Enterprise HCM - eProfile component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.9 Bundle, #21 and 9.0 Bundle #11 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
2316 CVE-2010-0070 2010-01-13 2012-10-23
4.3
None Remote Medium Not required None Partial None
Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Application Server 10.1.2.3 and 10.1.3.4 allows remote attackers to affect integrity via unknown vectors.
2317 CVE-2010-0069 2010-01-13 2012-10-23
4.3
None Remote Medium Not required None Partial None
Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 7.0, SP7, 8.1SP6, 9.0, 9.1, 9.2MP3, 10.0MP1, and 10.3.0 allows remote attackers to affect integrity via unknown vectors.
2318 CVE-2009-4030 59 Bypass 2009-11-30 2019-12-17
4.4
None Local Medium Not required Partial Partial Partial
MySQL 5.1.x before 5.1.41 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory, related to incorrect calculation of the mysql_unpacked_real_data_home value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4098 and CVE-2008-2079.
2319 CVE-2009-4019 DoS 2009-11-30 2019-12-17
4.0
None Remote Low ??? None None Partial
mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not (1) properly handle errors during execution of certain SELECT statements with subqueries, and does not (2) preserve certain null_value flags during execution of statements that use the GeomFromWKB function, which allows remote authenticated users to cause a denial of service (daemon crash) via a crafted statement.
2320 CVE-2009-3764 2010-07-13 2012-10-23
4.3
None Remote Medium Not required None Partial None
Unspecified vulnerability in the OpenSSO component in Oracle OpenSSO Enterprise 8.0 allows remote attackers to affect integrity via unknown vectors.
2321 CVE-2009-3763 2010-07-13 2012-10-23
4.3
None Remote Medium Not required None Partial None
Unspecified vulnerability in the Access Manager / OpenSSO component in Oracle OpenSSO Enterprise 7.1, 7, 2005Q4, and 8.0 allows remote attackers to affect integrity via unknown vectors.
2322 CVE-2009-3762 2010-07-13 2012-10-23
4.3
None Remote Medium Not required None Partial None
Unspecified vulnerability in Oracle OpenSSO Enterprise 8.0 allows remote attackers to affect integrity via unknown vectors.
2323 CVE-2009-3519 772 DoS 2009-10-01 2021-11-15
4.9
None Local Low Not required None None Complete
Multiple memory leaks in the IP module in the kernel in Sun Solaris 8 through 10, and OpenSolaris before snv_109, allow local users to cause a denial of service (memory consumption) via vectors related to (1) M_DATA, (2) M_PROTO, (3) M_PCPROTO, and (4) M_SIG STREAMS messages.
2324 CVE-2009-3416 2010-01-13 2012-10-23
4.3
None Remote Medium Not required None Partial None
Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.1 allows remote attackers to affect integrity via unknown vectors.
2325 CVE-2009-3414 2010-01-13 2016-11-23
4.9
None Remote Medium ??? Partial Partial None
Unspecified vulnerability in the Oracle Spatial component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2008-3976 and CVE-2009-3413.
2326 CVE-2009-3411 2010-01-13 2012-10-23
4.9
None Remote Medium ??? Partial Partial None
Unspecified vulnerability in the Oracle Data Pump component in Oracle Database 11.1.0.7, 10.2.0.3, 10.2.0.4, 10.1.0.5, 9.2.0.8, and 9.2.0.8DV allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
2327 CVE-2009-3407 2009-10-22 2016-11-28
4.3
None Remote Medium Not required None Partial None
Unspecified vulnerability in the Portal component in Oracle Application Server 10.1.2.3 and 10.1.4.2 allows remote attackers to affect integrity via unknown vectors, a different vulnerability than CVE-2009-0974 and CVE-2009-0983.
2328 CVE-2009-3405 2009-10-22 2012-10-23
4.1
None Local Network Low ??? None Partial Partial
Unspecified vulnerability in the JD Edwards Tools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.98.1.4 allows remote authenticated users to affect integrity and availability via unknown vectors.
2329 CVE-2009-3404 2009-10-22 2012-10-23
4.0
None Remote Low ??? None Partial None
Unspecified vulnerability in the PeopleSoft PeopleTools & Enterprise Portal component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.49.23 allows remote authenticated users to affect integrity via unknown vectors.
2330 CVE-2009-3399 2009-10-22 2012-10-23
4.3
None Remote Medium Not required None Partial None
Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 7.0.6 and 8.1.5 allows remote attackers to affect integrity, related to WLS Console.
2331 CVE-2009-3397 2009-10-22 2012-10-23
4.3
None Remote Medium Not required Partial None None
Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.0.6 and 12.1.1 allows remote attackers to affect confidentiality via unknown vectors.
2332 CVE-2009-3396 2009-10-22 2012-10-23
4.3
None Remote Medium Not required None Partial None
Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 9.0, 9.1, 9.2.3, 10.0.1, and 10.3 allows remote attackers to affect integrity, related to WLS Console.
2333 CVE-2009-3393 2009-10-22 2012-10-23
4.3
None Remote Medium Not required None Partial None
Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via unknown vectors.
2334 CVE-2009-2002 2009-10-22 2012-10-23
4.3
None Remote Medium Not required None Partial None
Unspecified vulnerability in the WebLogic Portal component in BEA Product Suite 8.1.6, 9.2.3, 10.0.1, 10.2.1, and 10.3.1.0.0 allows remote attackers to affect integrity via unknown vectors.
2335 CVE-2009-1999 2009-10-22 2012-10-23
4.3
None Remote Medium Not required None Partial None
Unspecified vulnerability in the Business Intelligence Enterprise Edition component in unspecified Oracle Application Server versions allows remote attackers to affect integrity via unknown vectors.
2336 CVE-2009-1998 2009-10-22 2012-10-23
4.9
None Remote Medium ??? Partial Partial None
Unspecified vulnerability in the Oracle Communications Order and Service Management component in Oracle Industry Applications 2.8.0, 6.2.0, 6.3.0, and 6.3.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
2337 CVE-2009-1996 2010-01-13 2012-10-23
4.0
None Remote Low ??? None Partial None
Unspecified vulnerability in the Logical Standby component in Oracle Database allows remote authenticated users to affect integrity via unknown vectors.
2338 CVE-2009-1995 2009-10-22 2012-10-23
4.9
None Remote Medium ??? Partial Partial None
Unspecified vulnerability in the Advanced Queuing component in Oracle Database 10.2.0.4 and 11.1.0.7 allows remote authenticated users to affect confidentiality and integrity, related to SYS.DBMS_AQ_INV.
2339 CVE-2009-1988 2009-07-14 2017-08-17
4.0
None Remote Low ??? Partial None None
Unspecified vulnerability in the PeopleSoft Enterprise HRMS eProfile Manager component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.8 SP1, 8.9 Bundle 19, and 9.0 Bundle 9 allows remote authenticated users to affect confidentiality via unknown vectors.
2340 CVE-2009-1984 2009-07-14 2017-08-17
4.4
None Local Medium Not required Partial Partial Partial
Unspecified vulnerability in the Application Install component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to the Patch Administrator.
2341 CVE-2009-1983 2009-07-14 2017-08-17
4.3
None Remote Medium Not required None Partial None
Unspecified vulnerability in the Oracle iStore component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1 allows remote attackers to affect integrity via unknown vectors.
2342 CVE-2009-1982 2009-07-14 2017-08-17
4.3
None Remote Medium Not required None Partial None
Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2 and 12.0.6 allows remote attackers to affect integrity via unknown vectors.
2343 CVE-2009-1976 2009-07-14 2017-08-17
4.3
None Remote Medium Not required None Partial None
Unspecified vulnerability in the HTTP Server component in Oracle Application Server 10.1.2.3 allows remote attackers to affect integrity via unknown vectors.
2344 CVE-2009-1968 XSS 2009-07-14 2017-08-17
4.3
None Remote Medium Not required None Partial None
Unspecified vulnerability in the Secure Enterprise Search component in Oracle Database 10.1.8.3 allows remote attackers to affect integrity via unknown vectors. NOTE: the previous information was obtained from the July 2009 CPU. Oracle has not commented on claims from an established researcher that this is cross-site scripting (XSS) via the search_p_groups parameter in search/query/search.
2345 CVE-2009-1553 79 XSS 2009-05-06 2018-10-10
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the Admin Console in Sun GlassFish Enterprise Server 2.1 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) applications/applications.jsf, (2) configuration/configuration.jsf, (3) customMBeans/customMBeans.jsf, (4) resourceNode/resources.jsf, (5) sysnet/registration.jsf, or (6) webService/webServicesGeneral.jsf; or the name parameter to (7) configuration/auditModuleEdit.jsf, (8) configuration/httpListenerEdit.jsf, or (9) resourceNode/jdbcResourceEdit.jsf.
2346 CVE-2009-1017 2009-04-15 2021-07-28
4.0
None Remote Low ??? Partial None None
Unspecified vulnerability in the BI Publisher component in Oracle Application Server 5.6.2, 10.1.3.2.1, 10.1.3.3.3, and 10.1.3.4 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2009-0994.
2347 CVE-2009-1015 2009-07-14 2017-08-17
4.0
None Remote Low ??? None Partial None
Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.05, and 10.2.04 allows remote authenticated users to affect integrity via unknown vectors.
2348 CVE-2009-1011 Overflow 2009-04-15 2014-01-14
4.4
None Local Medium Not required Partial Partial Partial
Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality, integrity, and availability, related to HTML. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is for multiple integer overflows in a function that parses an optional data stream within a Microsoft Office file, leading to a heap-based buffer overflow.
2349 CVE-2009-1010 2009-04-15 2016-11-22
4.4
None Local Medium Not required Partial Partial Partial
Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality, integrity, and availability, related to HTML, a different vulnerability than CVE-2009-1008.
2350 CVE-2009-1009 2009-04-15 2016-11-18
4.4
None Local Medium Not required Partial Partial Partial
Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.1.9 allows local users to affect confidentiality, integrity, and availability, related to HTML.
Total number of vulnerabilities : 2425   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 (This Page)48 49
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.