Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2006-3699

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-19 Jul, 2006 | 10:00
Updated At-07 Aug, 2024 | 18:39
Rejected At-
Credits

Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.0.1.5 and 9.2.0.6 has unknown impact and attack vectors, aka Oracle Vuln# DB02.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:19 Jul, 2006 | 10:00
Updated At:07 Aug, 2024 | 18:39
Rejected At:
▼CVE Numbering Authority (CNA)

Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.0.1.5 and 9.2.0.6 has unknown impact and attack vectors, aka Oracle Vuln# DB02.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://securitytracker.com/id?1016529
vdb-entry
x_refsource_SECTRACK
http://www.securityfocus.com/bid/19054
vdb-entry
x_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilities/27897
vdb-entry
x_refsource_XF
http://secunia.com/advisories/21165
third-party-advisory
x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/440758/100/100/threaded
vendor-advisory
x_refsource_HP
http://www.vupen.com/english/advisories/2006/2947
vdb-entry
x_refsource_VUPEN
http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html
x_refsource_MISC
http://www.securityfocus.com/archive/1/440758/100/100/threaded
vendor-advisory
x_refsource_HP
http://www.us-cert.gov/cas/techalerts/TA06-200A.html
third-party-advisory
x_refsource_CERT
http://secunia.com/advisories/21111
third-party-advisory
x_refsource_SECUNIA
http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html
x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2006/2863
vdb-entry
x_refsource_VUPEN
Hyperlink: http://securitytracker.com/id?1016529
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://www.securityfocus.com/bid/19054
Resource:
vdb-entry
x_refsource_BID
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/27897
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://secunia.com/advisories/21165
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.securityfocus.com/archive/1/440758/100/100/threaded
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://www.vupen.com/english/advisories/2006/2947
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html
Resource:
x_refsource_MISC
Hyperlink: http://www.securityfocus.com/archive/1/440758/100/100/threaded
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA06-200A.html
Resource:
third-party-advisory
x_refsource_CERT
Hyperlink: http://secunia.com/advisories/21111
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.vupen.com/english/advisories/2006/2863
Resource:
vdb-entry
x_refsource_VUPEN
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://securitytracker.com/id?1016529
vdb-entry
x_refsource_SECTRACK
x_transferred
http://www.securityfocus.com/bid/19054
vdb-entry
x_refsource_BID
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/27897
vdb-entry
x_refsource_XF
x_transferred
http://secunia.com/advisories/21165
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.securityfocus.com/archive/1/440758/100/100/threaded
vendor-advisory
x_refsource_HP
x_transferred
http://www.vupen.com/english/advisories/2006/2947
vdb-entry
x_refsource_VUPEN
x_transferred
http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html
x_refsource_MISC
x_transferred
http://www.securityfocus.com/archive/1/440758/100/100/threaded
vendor-advisory
x_refsource_HP
x_transferred
http://www.us-cert.gov/cas/techalerts/TA06-200A.html
third-party-advisory
x_refsource_CERT
x_transferred
http://secunia.com/advisories/21111
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html
x_refsource_CONFIRM
x_transferred
http://www.vupen.com/english/advisories/2006/2863
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://securitytracker.com/id?1016529
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://www.securityfocus.com/bid/19054
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/27897
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://secunia.com/advisories/21165
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/440758/100/100/threaded
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2006/2947
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/440758/100/100/threaded
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA06-200A.html
Resource:
third-party-advisory
x_refsource_CERT
x_transferred
Hyperlink: http://secunia.com/advisories/21111
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2006/2863
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:21 Jul, 2006 | 14:03
Updated At:03 Apr, 2025 | 01:03

Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.0.1.5 and 9.2.0.6 has unknown impact and attack vectors, aka Oracle Vuln# DB02.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.09.0HIGH
AV:N/AC:L/Au:S/C:C/I:C/A:C
Type: Primary
Version: 2.0
Base score: 9.0
Base severity: HIGH
Vector:
AV:N/AC:L/Au:S/C:C/I:C/A:C
CPE Matches
Oracle Corporation
oracle
>>database_server>>9.0.1.5
cpe:2.3:a:oracle:database_server:9.0.1.5:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>database_server>>9.2.0.6
cpe:2.3:a:oracle:database_server:9.2.0.6:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://secunia.com/advisories/21111cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/21165cve@mitre.org
Vendor Advisory
http://securitytracker.com/id?1016529cve@mitre.org
N/A
http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.htmlcve@mitre.org
N/A
http://www.red-database-security.com/advisory/oracle_cpu_july_2006.htmlcve@mitre.org
Patch
Vendor Advisory
http://www.securityfocus.com/archive/1/440758/100/100/threadedcve@mitre.org
N/A
http://www.securityfocus.com/archive/1/440758/100/100/threadedcve@mitre.org
N/A
http://www.securityfocus.com/bid/19054cve@mitre.org
Patch
http://www.us-cert.gov/cas/techalerts/TA06-200A.htmlcve@mitre.org
US Government Resource
http://www.vupen.com/english/advisories/2006/2863cve@mitre.org
N/A
http://www.vupen.com/english/advisories/2006/2947cve@mitre.org
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/27897cve@mitre.org
N/A
http://secunia.com/advisories/21111af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/21165af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://securitytracker.com/id?1016529af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.red-database-security.com/advisory/oracle_cpu_july_2006.htmlaf854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
http://www.securityfocus.com/archive/1/440758/100/100/threadedaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/archive/1/440758/100/100/threadedaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/19054af854a3a-2127-422b-91ae-364da2661108
Patch
http://www.us-cert.gov/cas/techalerts/TA06-200A.htmlaf854a3a-2127-422b-91ae-364da2661108
US Government Resource
http://www.vupen.com/english/advisories/2006/2863af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vupen.com/english/advisories/2006/2947af854a3a-2127-422b-91ae-364da2661108
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/27897af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://secunia.com/advisories/21111
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/21165
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://securitytracker.com/id?1016529
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.securityfocus.com/archive/1/440758/100/100/threaded
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/440758/100/100/threaded
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/19054
Source: cve@mitre.org
Resource:
Patch
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA06-200A.html
Source: cve@mitre.org
Resource:
US Government Resource
Hyperlink: http://www.vupen.com/english/advisories/2006/2863
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2006/2947
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/27897
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/21111
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/21165
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://securitytracker.com/id?1016529
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.securityfocus.com/archive/1/440758/100/100/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/440758/100/100/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/19054
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA06-200A.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
US Government Resource
Hyperlink: http://www.vupen.com/english/advisories/2006/2863
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2006/2947
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/27897
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

87Records found
CVE-2014-6453
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-9||HIGH
EPSS-0.56% / 67.43%
||
7 Day CHG~0.00%
Published-15 Oct, 2014 | 15:15
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2014-6467, CVE-2014-6545, and CVE-2014-6560.

Action-Not Available
Vendor-n/aOracle Corporation
Product-database_servern/a
CVE-2014-6545
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-9||HIGH
EPSS-0.56% / 67.43%
||
7 Day CHG~0.00%
Published-15 Oct, 2014 | 22:03
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2014-6453, CVE-2014-6467, and CVE-2014-6560.

Action-Not Available
Vendor-n/aOracle Corporation
Product-database_servern/a
CVE-2006-3701
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9||HIGH
EPSS-2.48% / 84.70%
||
7 Day CHG~0.00%
Published-19 Jul, 2006 | 10:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Dictionary component in Oracle Database 8.1.7.4, 9.0.1.5, and 9.2.0.6 has unknown impact and attack vectors, aka Oracle Vuln# DB05.

Action-Not Available
Vendor-n/aOracle Corporation
Product-database_servern/a
CVE-2014-6560
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-9||HIGH
EPSS-0.56% / 67.43%
||
7 Day CHG~0.00%
Published-15 Oct, 2014 | 22:03
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2014-6453, CVE-2014-6467, and CVE-2014-6545.

Action-Not Available
Vendor-n/aOracle Corporation
Product-database_servern/a
CVE-2014-4259
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-9||HIGH
EPSS-0.53% / 66.39%
||
7 Day CHG~0.00%
Published-21 Jan, 2015 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Systems Products Suite 3.3 and 4.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to System management.

Action-Not Available
Vendor-n/aOracle Corporation
Product-oracle_and_sun_systems_product_suiten/a
CVE-2006-1873
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9||HIGH
EPSS-2.18% / 83.69%
||
7 Day CHG~0.00%
Published-20 Apr, 2006 | 10:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Database Server 9.2.0.7, 10.1.0.4, and 10.2.0.1 has unknown impact and attack vectors in the Oracle Spatial component, aka Vuln# DB08.

Action-Not Available
Vendor-n/aOracle Corporation
Product-database_servern/a
CVE-2006-1876
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9||HIGH
EPSS-1.69% / 81.51%
||
7 Day CHG~0.00%
Published-20 Apr, 2006 | 10:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Database Server 9.2.0.7 and 10.1.0.4 has unknown impact and attack vectors in the Oracle Spatial component, aka Vuln# DB12. NOTE: details are unavailable from Oracle, but as of 20060421, they have not publicly disputed a claim by a reliable independent researcher that states that the problem is SQL injection in the (1) GEN_RID_RANGE_BY_AREA and (2) GEN_RID_RANGE functions in the MDSYS.SDO_PRIDX package.

Action-Not Available
Vendor-n/aOracle Corporation
Product-database_servern/a
CVE-2006-1870
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9||HIGH
EPSS-3.38% / 86.88%
||
7 Day CHG~0.00%
Published-20 Apr, 2006 | 10:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Database Server 8.1.7.4, 9.0.1.5, 9.2.0.7, 10.1.0.5, and 10.2.0.2 has unknown impact and attack vectors in the Export component, aka Vuln# DB05. NOTE: details are unavailable from Oracle, but as of 20060427, they have not publicly commented on whether DB05 is the same issue as CVE-2006-2081.

Action-Not Available
Vendor-n/aOracle Corporation
Product-database_servern/a
CVE-2020-14883
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.2||HIGH
EPSS-94.44% / 99.99%
||
7 Day CHG~0.00%
Published-21 Oct, 2020 | 14:04
Updated-30 Jul, 2025 | 01:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-05-03||Apply updates per vendor instructions.

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-weblogic_serverWebLogic ServerWebLogic Server
CVE-2006-0267
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9||HIGH
EPSS-1.33% / 79.11%
||
7 Day CHG~0.00%
Published-18 Jan, 2006 | 11:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Query Optimizer component of Oracle Database server 9.2.0.6 and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB20.

Action-Not Available
Vendor-n/aOracle Corporation
Product-database_servern/a
CVE-2006-0266
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9||HIGH
EPSS-1.33% / 79.11%
||
7 Day CHG~0.00%
Published-18 Jan, 2006 | 11:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Query Optimizer component of Oracle Database server 9.0.1.5, 9.2.0.7, and 10.1.0.5 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB19.

Action-Not Available
Vendor-n/aOracle Corporation
Product-database_servern/a
CVE-2006-0272
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9||HIGH
EPSS-39.74% / 97.21%
||
7 Day CHG~0.00%
Published-18 Jan, 2006 | 11:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the XML Database component of Oracle Database server 9.2.0.7 and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB29. NOTE: based on mutual credits by the relevant sources, it is highly likely that this issue is a buffer overflow in the (a) DBMS_XMLSCHEMA and (b) DBMS_XMLSCHEMA_INT packages, as exploitable via long arguments to (1) XDB.DBMS_XMLSCHEMA.GENERATESCHEMA or (2) XDB.DBMS_XMLSCHEMA.GENERATESCHEMAS.

Action-Not Available
Vendor-n/aOracle Corporation
Product-oracle9ioracle10gn/a
CVE-2020-14862
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-8.8||HIGH
EPSS-4.42% / 88.60%
||
7 Day CHG~0.00%
Published-21 Oct, 2020 | 14:04
Updated-26 Sep, 2024 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3 - 12.2.9. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Universal Work Queue. Successful attacks of this vulnerability can result in takeover of Oracle Universal Work Queue. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-universal_work_queueUniversal Work Queue
CVE-2020-13936
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-8.8||HIGH
EPSS-10.63% / 93.00%
||
7 Day CHG~0.00%
Published-10 Mar, 2021 | 08:00
Updated-13 Feb, 2025 | 16:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Velocity Sandbox Bypass

An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache Velocity Engine versions up to 2.2.

Action-Not Available
Vendor-Debian GNU/LinuxOracle CorporationThe Apache Software Foundation
Product-utilities_testing_acceleratorcommunications_network_integrityretail_service_backboneretail_xstore_office_cloud_serviceretail_integration_busvelocity_enginebanking_platformcommunications_cloud_native_core_policyhospitality_token_proxy_servicebanking_party_managementbanking_deposits_and_lines_of_credit_servicingbanking_loans_servicingdebian_linuxbanking_enterprise_default_managementretail_order_brokerwss4jApache Velocity Engine
CVE-2006-5335
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9||HIGH
EPSS-4.75% / 89.02%
||
7 Day CHG~0.00%
Published-18 Oct, 2006 | 01:00
Updated-07 Aug, 2024 | 19:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and 10.2.0.2 have unknown impact and remote authenticated attack vectors related to (1) Vuln# DB04 and sys.dbms_cdc_impdp in the (a) Change Data Capture (CDC) component; (2) Vuln# DB07, (3) DB08, and (4) DB16 in sys.dbms_cdc_isubscribe in CDC; and (5) mdsys.sdo_geor_int in the (b) Oracle Spatial component, aka DB12. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that these issues are related to SQL injection in the BUMP_SEQUENCE function (DB04), CREATE_SUBSCRIPTION (DB07), EXTEND_WINDOW_LIST (DB08), SUBSCRIBE (DB16), and COMPRESSDATA (DB12).

Action-Not Available
Vendor-n/aOracle Corporation
Product-database_servern/a
CVE-2003-0150
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9||HIGH
EPSS-12.81% / 93.77%
||
7 Day CHG~0.00%
Published-21 Mar, 2003 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MySQL 3.23.55 and earlier creates world-writeable files and allows mysql users to gain root privileges by using the "SELECT * INFO OUTFILE" operator to overwrite a configuration file and cause mysql to run as root upon restart, as demonstrated by modifying my.cnf.

Action-Not Available
Vendor-n/aOracle Corporation
Product-mysqln/a
CVE-2019-4728
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-18.36% / 94.98%
||
7 Day CHG~0.00%
Published-05 Jan, 2021 | 15:10
Updated-17 Sep, 2024 | 03:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_2, 6.0.0.0 through 6.0.3.2, and 6.1.0.0 could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code with SYSTEM privileges. IBM X-Force ID: 172452.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-sterling_b2b_integratorsolarislinux_kernelihp-uxwindowsaixSterling B2B Integrator
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2003-0780
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9||HIGH
EPSS-70.05% / 98.61%
||
7 Day CHG~0.00%
Published-12 Sep, 2003 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in get_salt_from_password from sql_acl.cc for MySQL 4.0.14 and earlier, and 3.23.x, allows attackers with ALTER TABLE privileges to execute arbitrary code via a long Password field.

Action-Not Available
Vendor-conectivamysqln/aOracle Corporation
Product-mysqllinuxn/a
CVE-2004-1371
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9||HIGH
EPSS-32.44% / 96.70%
||
7 Day CHG~0.00%
Published-19 Jan, 2005 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in Oracle 9i and 10g allows remote attackers to execute arbitrary code via a long token in the text of a wrapped procedure.

Action-Not Available
Vendor-n/aOracle Corporation
Product-database_serverenterprise_manager_database_controloracle8ioracle10genterprise_managere-business_suitecollaboration_suiteapplication_serverenterprise_manager_grid_controloracle9in/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2003-0096
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9||HIGH
EPSS-46.32% / 97.57%
||
7 Day CHG~0.00%
Published-21 Feb, 2003 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in Oracle 9i Database release 2, Release 1, 8i, 8.1.7, and 8.0.6 allow remote attackers to execute arbitrary code via (1) a long conversion string argument to the TO_TIMESTAMP_TZ function, (2) a long time zone argument to the TZ_OFFSET function, or (3) a long DIRECTORY parameter to the BFILENAME function.

Action-Not Available
Vendor-n/aOracle Corporation
Product-oracle8ioracle9idatabase_servern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2003-0222
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9||HIGH
EPSS-12.51% / 93.68%
||
7 Day CHG~0.00%
Published-30 Apr, 2003 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in Oracle Net Services for Oracle Database Server 9i release 2 and earlier allows attackers to execute arbitrary code via a "CREATE DATABASE LINK" query containing a connect string with a long USING parameter.

Action-Not Available
Vendor-n/aOracle Corporation
Product-oracle8ioracle9idatabase_servern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2022-23307
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-8.8||HIGH
EPSS-0.75% / 72.22%
||
7 Day CHG~0.00%
Published-18 Jan, 2022 | 15:25
Updated-03 Aug, 2024 | 03:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
A deserialization flaw in the Chainsaw component of Log4j 1 can lead to malicious code execution.

CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists.

Action-Not Available
Vendor-qosThe Apache Software FoundationOracle Corporation
Product-tuxedoe-business_suite_cloud_manager_and_cloud_backup_modulereload4jcommunications_messaging_servercommunications_offline_mediation_controllercommunications_network_integrityidentity_manager_connectorbusiness_intelligencecommunications_instant_messaging_serveridentity_management_suitefinancial_services_revenue_management_and_billing_analyticscommunications_eagle_ftp_table_base_retrievalweblogic_serverhealthcare_foundationhyperion_data_relationship_managementmiddleware_common_libraries_and_toolsmysql_enterprise_monitorjdeveloperlog4jadvanced_supply_chain_planningretail_extract_transform_and_loadcommunications_unified_inventory_managementhyperion_infrastructure_technologyenterprise_manager_base_platformchainsawbusiness_process_management_suiteApache Log4j 1.x
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2016-5474
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-8.8||HIGH
EPSS-2.43% / 84.56%
||
7 Day CHG~0.00%
Published-21 Jul, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Retail Service Backbone component in Oracle Retail Applications 14.0, 14.1, and 15.0 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to RSB Kernel.

Action-Not Available
Vendor-n/aOracle Corporation
Product-retail_service_backbonen/a
CVE-2016-5457
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-8.8||HIGH
EPSS-1.45% / 80.01%
||
7 Day CHG~0.00%
Published-21 Jul, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to LUMAIN.

Action-Not Available
Vendor-n/aOracle Corporation
Product-integrated_lights_out_manager_firmwaren/a
CVE-2016-3505
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-8.8||HIGH
EPSS-1.99% / 82.87%
||
7 Day CHG~0.00%
Published-25 Oct, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.3.0, and 12.2.1.0 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to JavaServer Faces.

Action-Not Available
Vendor-n/aOracle Corporation
Product-weblogic_servern/a
CVE-2016-3554
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-8.8||HIGH
EPSS-1.45% / 80.01%
||
7 Day CHG~0.00%
Published-21 Jul, 2016 | 10:00
Updated-08 May, 2025 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to PC / BOM, MCAD, and Design.

Action-Not Available
Vendor-n/aOracle Corporation
Product-agile_product_lifecycle_managementn/a
CVE-2012-3220
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-9||HIGH
EPSS-0.61% / 68.84%
||
7 Day CHG~0.00%
Published-17 Jan, 2013 | 01:30
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Spatial component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users with Create Session privileges to affect confidentiality, integrity, and availability via unknown vectors.

Action-Not Available
Vendor-n/aOracle Corporation
Product-database_servern/a
CVE-2012-3163
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-9||HIGH
EPSS-1.02% / 76.36%
||
7 Day CHG~0.00%
Published-17 Oct, 2012 | 00:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Information Schema.

Action-Not Available
Vendor-n/aCanonical Ltd.F5, Inc.Red Hat, Inc.Oracle CorporationMariaDB FoundationDebian GNU/Linux
Product-big-ip_analyticsenterprise_linux_eusbig-ip_global_traffic_managerenterprise_linux_workstationbig-ip_webacceleratormariadbbig-ip_link_controllerbig-ip_wan_optimization_managerbig-ip_access_policy_managerbig-ip_policy_enforcement_managermysqlbig-ip_advanced_firewall_managerbig-ip_protocol_security_moduleenterprise_linux_desktopubuntu_linuxbig-ip_application_security_managerenterprise_linux_serverbig-ip_local_traffic_managerbig-ip_enterprise_managerdebian_linuxbig-ip_edge_gatewayn/a
CVE-2012-0552
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-9||HIGH
EPSS-0.75% / 72.22%
||
7 Day CHG~0.00%
Published-03 May, 2012 | 18:17
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Spatial component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.

Action-Not Available
Vendor-n/aOracle Corporation
Product-database_servern/a
CVE-2012-0208
Matching Score-8
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-8
Assigner-Debian GNU/Linux
CVSS Score-9||HIGH
EPSS-0.67% / 70.46%
||
7 Day CHG~0.00%
Published-03 May, 2012 | 17:18
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Grid Engine component in Oracle Sun Products Suite 6.1 and 6.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to qrsh.

Action-Not Available
Vendor-n/aOracle Corporation
Product-sun_products_suiten/a
CVE-2010-3582
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-9||HIGH
EPSS-0.37% / 57.85%
||
7 Day CHG~0.00%
Published-14 Oct, 2010 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the OracleVM component in Oracle VM 2.2.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to ovs-agent.

Action-Not Available
Vendor-n/aOracle Corporation
Product-vmn/a
CVE-2010-3583
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-9||HIGH
EPSS-1.21% / 78.16%
||
7 Day CHG~0.00%
Published-14 Oct, 2010 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the OracleVM component in Oracle VM 2.2.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to ovs-agent. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a third party researcher that this is related to the exposure of multiple unspecified functions through XML-RPC that allow execution of arbitrary OS commands.

Action-Not Available
Vendor-n/aOracle Corporation
Product-vmn/a
CVE-2010-3585
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-9||HIGH
EPSS-63.70% / 98.35%
||
7 Day CHG-2.26%
Published-14 Oct, 2010 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the OracleVM component in Oracle VM 2.2.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to ovs-agent. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a third party researcher that this is related to the exposure of unspecified functions using XML-RPC.

Action-Not Available
Vendor-n/aOracle Corporation
Product-vmn/a
CVE-2013-3751
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-9||HIGH
EPSS-4.88% / 89.17%
||
7 Day CHG~0.00%
Published-17 Jul, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the XML Parser component in Oracle Database Server 11.2.0.2, 11.2.0.3, and 12.1.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.

Action-Not Available
Vendor-n/aOracle Corporation
Product-database_servern/a
CVE-2010-0906
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-9||HIGH
EPSS-0.57% / 67.80%
||
7 Day CHG~0.00%
Published-13 Jul, 2010 | 22:07
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Secure Backup 10.3.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.

Action-Not Available
Vendor-n/aOracle Corporation
Product-secure_backupn/a
CVE-2009-1978
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-9||HIGH
EPSS-85.08% / 99.30%
||
7 Day CHG~0.00%
Published-14 Jul, 2009 | 23:00
Updated-07 Aug, 2024 | 05:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the July 2009 Oracle CPU. Oracle has not commented on claims from an independent researcher that this vulnerability allows remote authenticated users to execute arbitrary code with SYSTEM privileges via vectors involving property_box.php.

Action-Not Available
Vendor-n/aOracle Corporation
Product-secure_backupn/a
CVE-2020-5245
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-7.9||HIGH
EPSS-4.86% / 89.14%
||
7 Day CHG~0.00%
Published-24 Feb, 2020 | 17:35
Updated-04 Aug, 2024 | 08:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote Code Execution (RCE) vulnerability in dropwizard-validation

Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. The issue has been fixed in dropwizard-validation 1.3.19 and 2.0.2.

Action-Not Available
Vendor-dropwizarddropwizardOracle Corporation
Product-dropwizard_validationblockchain_platformdropwizard-validation
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
  • Previous
  • 1
  • 2
  • Next
Details not found