| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Multiple unspecified vulnerabilities in Oracle Database 10.2.0.3 have unknown impact and attack vectors related to (1) Database Vault component (DB24) and (2) SQL Execution component (DB26). |
| The XML DB (XMLDB) component in Oracle Database 9.2.0.8, 9.2.0.8DV, and 10.1.0.5 generates incorrect audit entries in the USERID column in which (1) long usernames are trimmed to 5 characters, or (2) short entries contain any extra characters from usernames in previous entries, aka DB23. |
| Unspecified vulnerability in the Oracle Database Vault component in Oracle Database 9.2.0.8DV and 10.2.0.3 has unknown impact and remote attack vectors, aka DB21. |
| SQL injection vulnerability in Workspace Manager for Oracle Database before OWM 10.2.0.4.1, OWM 10.1.0.8.0, and OWM 9.2.0.8.0 allows attackers to execute arbitrary SQL commands via the FINDRICSET procedure in the LT package. NOTE: this is probably covered by CVE-2007-5510, but there are insufficient details to be certain. |
| Unspecified vulnerability in the Oracle Advanced Benefits component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. |
| Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 7.0.6 and 8.1.5 allows remote attackers to affect integrity, related to WLS Console. |
| Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.0.6 and 12.1.1 allows remote attackers to affect confidentiality via unknown vectors. |
| Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 9.0, 9.1, 9.2.3, 10.0.1, and 10.3 allows remote attackers to affect integrity, related to WLS Console. |
| Unspecified vulnerability in the AutoVue component in Oracle E-Business Suite 19.3.2 allows remote attackers to affect availability via unknown vectors. |
| Unspecified vulnerability in the Agile Engineering Data Management (EDM) component in Oracle E-Business Suite 6.1.0.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. |
| Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via unknown vectors. |
| The kernel in Sun Solaris 8, 9, and 10, and OpenSolaris before snv_103, does not properly handle interaction between the filesystem and virtual-memory implementations, which allows local users to cause a denial of service (deadlock and system halt) via vectors involving mmap and write operations on the same file. |
| XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework. |
| Multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in a database name in a (1) COM_CREATE_DB or (2) COM_DROP_DB request. NOTE: some of these details are obtained from third party information. |
| Unspecified vulnerability in the WebLogic Portal component in BEA Product Suite 8.1.6, 9.2.3, 10.0.1, 10.2.1, and 10.3.1.0.0 allows remote attackers to affect integrity via unknown vectors. |
| The Virtual Network Terminal Server daemon (vntsd) for Logical Domains (aka LDoms) in Sun Solaris 10, and OpenSolaris snv_41 through snv_108, on SPARC platforms does not check authorization for guest console access, which allows local control-domain users to gain guest-domain privileges via unknown vectors. |
| Unspecified vulnerability in the JRockit component in BEA Product Suite R27.6.4: JRE/JDK, 1.4.2, 5, and, and 6 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: this issue subsumes CVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2674, CVE-2009-2675, and CVE-2009-2676. |
| Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.1 allows remote authenticated users to affect confidentiality via unknown vectors. |
| Unspecified vulnerability in the Advanced Queuing component in Oracle Database 10.2.0.4 and 11.1.0.7 allows remote authenticated users to affect confidentiality and integrity, related to SYS.DBMS_AQ_INV. |
| Unspecified vulnerability in the Oracle Spatial component in Oracle Database 10.1.0.5 allows remote authenticated users to affect confidentiality, integrity, and availability, related to MDSYS.PRVT_CMT_CBK. |
