Filtered by vendor Oracle
Subscriptions
Total
10433 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-6303 | 3 Mysql, Oracle, Redhat | 3 Mysql, Mysql, Rhel Application Stack | 2026-04-23 | N/A |
| MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered, which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement. | ||||
| CVE-2007-2583 | 4 Canonical, Debian, Oracle and 1 more | 4 Ubuntu Linux, Debian Linux, Mysql and 1 more | 2026-04-23 | N/A |
| The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40, and 5.1 before 5.1.18-beta, allows context-dependent attackers to cause a denial of service (crash) via a crafted IF clause that results in a divide-by-zero error and a NULL pointer dereference. | ||||
| CVE-2007-5970 | 1 Oracle | 1 Mysql | 2026-04-23 | N/A |
| MySQL 5.1.x before 5.1.23 and 6.0.x before 6.0.4 allows remote authenticated users to gain privileges on arbitrary tables via unspecified vectors involving use of table-level DATA DIRECTORY and INDEX DIRECTORY options when creating a partitioned table with the same name as a table on which the user lacks privileges. | ||||
| CVE-2007-2109 | 1 Oracle | 1 Database Server | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in Oracle Database 10.2.0.3 have unknown impact and remote authenticated attack vectors related to (1) Rules Manager and Expression Filter components (DB02) and (2) Oracle Streams (DB06). Note: as of 20070424, Oracle has not disputed reliable claims that DB02 is for a race condition in the RLMGR_TRUNCATE_MAINT trigger in the Rules Manager and Expression Filter components changing the AUTHID of a package from DEFINER to CURRENT_USER after a TRUNCATE call, and DB06 is for SQL injection in the DBMS_APPLY_USER_AGENT.SET_REGISTRATION_HANDLER procedure, which is later passed to the DBMS_APPLY_ADM_INTERNAL.ALTER_APPLY procedure, aka "Oracle Streams". | ||||
| CVE-2007-2111 | 1 Oracle | 1 Database Server | 2026-04-23 | N/A |
| SQL injection vulnerability in the SYS.DBMS_AQADM_SYS package in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.5 allows remote authenticated users to inject arbitrary SQL commands via unknown vectors, aka DB04. NOTE: as of 20070424, Oracle has not disputed reliable claims that DB04 is actually for multiple vulnerabilities. | ||||
| CVE-2007-2127 | 1 Oracle | 1 E-business Suite | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in Oracle E-Business Suite 12.0.0 have unknown impact and remote attack vectors via (1) Application Object Library (APPS04), iStore (2) APPS05 and (3) APPS06, (4) iSupport (APPS07), (5) Trade Management (APPS09), (6) Applications Manager (APPS10), and (7) Oracle Report Manager (APPS03). | ||||
| CVE-2007-2128 | 1 Oracle | 1 E-business Suite | 2026-04-23 | N/A |
| Unspecified vulnerability in the Sales Online component for Oracle E-Business Suite 11.5.10 has unknown impact and remote authenticated attack vectors, aka APPS08. | ||||
| CVE-2007-2129 | 1 Oracle | 1 Enterprise Manager | 2026-04-23 | N/A |
| Unspecified vulnerability in the Agent component in Oracle Enterprise Manager 9.2.0.8 has unknown impact and remote attack vectors, aka EM01. | ||||
| CVE-2007-2130 | 1 Oracle | 4 Application Server, Collaboration Suite, Database Server and 1 more | 2026-04-23 | N/A |
| Unspecified vulnerability in Workflow Cartridge, as used in Oracle Database Server 9.2.0.1, 10.1.0.2, and 10.2.0.1; Application Server 9.0.4.3 and 10.1.2.0.2; Collaboration Suite 10.1.2; and E-Business Suite; has unknown impact and remote authenticated attack vectors, aka OWF01. | ||||
| CVE-2007-2132 | 1 Oracle | 1 Peoplesoft Enterprise | 2026-04-23 | N/A |
| Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise 8.47.12 and 8.48.08 has unknown impact and attack vectors, aka PSE02. | ||||
| CVE-2007-5897 | 1 Oracle | 1 Database Server | 2026-04-23 | N/A |
| Buffer overflow in MDSYS.SDO_CS in Oracle Database Server 8iR3, 9iR1, 9iR2 up to 9.2.0.6, and 10gR1 up to 10.1.0.4 allows remote authenticated users to cause a denial of service (crash) and execute arbitrary code via the TRANSFORM function. NOTE: this issue might already be covered by CVE-2007-5515, CVE-2007-5509, or CVE-2007-5505, but there are insufficient details to be sure. | ||||
| CVE-2007-3856 | 1 Oracle | 2 Database Server, Oracle10g | 2026-04-23 | N/A |
| Unspecified vulnerability in the Oracle Data Mining component for Oracle Database 10g Release 2 10.2.0.2 and 10.2.0.3, 10g 10.1.0.5, and Oracle9i Database Release 2 9.2.0.7, 9.2.0.8, and 9.2.0.8DV has unknown impact and remote authenticated attack vectors related to DMSYS.DMP_SYS, aka DB04. | ||||
| CVE-2007-3865 | 1 Oracle | 1 E-business Suite | 2026-04-23 | N/A |
| Unspecified vulnerability in the Oracle Customer Intelligence component in Oracle E-Business Suite 12.0.1 has unknown impact and remote attack vectors, aka APPS01. | ||||
| CVE-2007-3867 | 1 Oracle | 1 E-business Suite | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10CU2 have unknown impact and attack vectors, related to (1) APPS04, (2) APPS05, and (3) APPS06 in (a) Oracle Application Object Library, (4) APPS07 in Oracle Customer Intelligence, (5) APPS08 in Oracle Payments, (7) APPS10 in Oracle Human Resources, and (8) APPS11 in iRecruitment. | ||||
| CVE-2008-7239 | 1 Oracle | 1 E-business Suite 11i | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10.2 allow remote attackers to affect confidentiality via unknown vectors related to the (1) Oracle Application Object Library (APP02) and (2) Oracle Applications Manager (APP04). | ||||
| CVE-2008-7237 | 1 Oracle | 1 Application Server | 2026-04-23 | N/A |
| Unspecified vulnerability in the Oracle Internet Directory component in Oracle Application Server 9.0.4.3 and 10.1.2.2 allows remote authenticated users to affect confidentiality via unknown vectors, aka AS06. | ||||
| CVE-2008-7235 | 1 Oracle | 2 Application Server, E-business Suite | 2026-04-23 | N/A |
| Unspecified vulnerability in the Oracle Forms component in Oracle Application Server 10.1.2.2 and E-Business Suite 12.0.3 allows remote attackers to affect integrity via unknown vectors, aka AS04. | ||||
| CVE-2007-1506 | 1 Oracle | 1 Application Server Portal | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in PORTAL.wwv_main.render_warning_screen in the Oracle Portal 10g allows remote attackers to inject arbitrary web script or HTML via the (1) p_oldurl and (2) p_newurl parameters. | ||||
| CVE-2007-5554 | 1 Oracle | 1 Database Server | 2026-04-23 | N/A |
| Oracle allows remote attackers to obtain server memory contents via crafted packets, aka Oracle reference number 7892711. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. | ||||
| CVE-2008-0339 | 1 Oracle | 1 Database Server | 2026-04-23 | N/A |
| Unspecified vulnerability in the XML DB component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 has unknown impact and remote attack vectors, aka DB01. | ||||