Export limit exceeded: 339475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10330 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2004-0837 | 4 Debian, Mysql, Oracle and 1 more | 5 Debian Linux, Mysql, Mysql and 2 more | 2025-04-03 | N/A |
| MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows attackers to cause a denial of service (crash or hang) via multiple threads that simultaneously alter MERGE table UNIONs. | ||||
| CVE-2000-0206 | 1 Oracle | 1 Oracle8i | 2025-04-03 | N/A |
| The installation of Oracle 8.1.5.x on Linux follows symlinks and creates the orainstRoot.sh file with world-writeable permissions, which allows local users to gain privileges. | ||||
| CVE-2006-0273 | 1 Oracle | 1 Application Server | 2025-04-03 | N/A |
| Unspecified vulnerability in the Portal component of Oracle Application Server 9.0.4.2 and 10.1.2.0 has unspecified impact and attack vectors, as identified by Oracle Vuln# AS01. | ||||
| CVE-1999-1188 | 1 Oracle | 1 Mysql | 2025-04-03 | N/A |
| mysqld in MySQL 3.21 creates log files with world-readable permissions, which allows local users to obtain passwords for users who are added to the user database. | ||||
| CVE-2006-0274 | 1 Oracle | 1 Application Server | 2025-04-03 | N/A |
| Unspecified vulnerability in the Oracle Reports Developer component of Oracle Application Server 9.0.4.2 and 10.1.2.0.2 has unspecified impact and attack vectors, as identified by Oracle Vuln# REP03. | ||||
| CVE-2006-1866 | 1 Oracle | 1 Database Server | 2025-04-03 | N/A |
| Multiple unspecified vulnerabilities in Oracle Database Server 8.1.7.4, 9.0.1.5, 9.2.0.7, 10.1.0.5, and other versions have unknown impact and attack vectors in the (1) Advanced Replication component, as identified by Vuln# DB01, and (2) Oracle Spatial component, as identified by Vuln# DB10. NOTE: details are unavailable from Oracle, but as of 20060421, they have not publicly disputed a claim by a reliable independent researcher that states that DB01 is an unknown issue in the DBMS_REPUTIL package, and DB10 is SQL injection in the INSERT_CATALOG, UPDATE_CATALOG, and DELETE_CATALOG functions of the SDO_CATALOG package. | ||||
| CVE-2006-1884 | 3 Jdedwards, Oneworld, Oracle | 12 Enterpriseone Tools, Oneworld Tools, Application Server and 9 more | 2025-04-03 | N/A |
| Unspecified vulnerability in the Oracle Thesaurus Management System component in Oracle E-Business Suite and OPA 4.5.2 Applications has unknown impact and attack vectors, aka Vuln# OPA01. | ||||
| CVE-2006-0423 | 1 Oracle | 1 Weblogic Portal | 2025-04-03 | N/A |
| BEA WebLogic Portal 8.1 through SP3 stores the password for the RDBMS Authentication provider in cleartext in the config.xml file, which allows attackers to gain privileges. | ||||
| CVE-2006-0425 | 1 Oracle | 1 Weblogic Portal | 2025-04-03 | N/A |
| BEA WebLogic Portal 8.1 through SP4 allows remote attackers to obtain the source for a deployment descriptor file via unknown vectors. | ||||
| CVE-2006-0428 | 1 Oracle | 1 Weblogic Portal | 2025-04-03 | N/A |
| Unspecified vulnerability in BEA WebLogic Portal 8.1 SP3 through SP5, when using Web Services Remote Portlets (WSRP), allows remote attackers to access restricted web resources via crafted URLs. | ||||
| CVE-2006-3701 | 1 Oracle | 1 Database Server | 2025-04-03 | N/A |
| Unspecified vulnerability in the Dictionary component in Oracle Database 8.1.7.4, 9.0.1.5, and 9.2.0.6 has unknown impact and attack vectors, aka Oracle Vuln# DB05. | ||||
| CVE-1999-1256 | 1 Oracle | 1 Database Assistant | 2025-04-03 | N/A |
| Oracle Database Assistant 1.0 in Oracle 8.0.3 Enterprise Edition stores the database master password in plaintext in the spoolmain.log file when a new database is created, which allows local users to obtain the password from that file. | ||||
| CVE-2006-1874 | 1 Oracle | 1 Database Server | 2025-04-03 | N/A |
| Unspecified vulnerability in Oracle Database Server 8.1.7.4, 9.0.1.5, and 9.2.0.6 has unknown impact and attack vectors in the Oracle Spatial component, aka Vuln# DB09. NOTE: Oracle has not disputed reliable claims that this issue is SQL injection in MDSYS.PRVT_IDX using the (1) EXECUTE_INSERT, (2) EXECUTE_DELETE, (3) EXECUTE_UPDATE, (4) EXECUTE UPDATE, and (5) CRT_DUMMY functions. | ||||
| CVE-2006-3705 | 1 Oracle | 1 Database Server | 2025-04-03 | N/A |
| Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB21 for Statistics and (2) DB22 for Upgrade & Downgrade. NOTE: as of 20060719, Oracle has not disputed a claim by a reliable researcher that DB21 is for a local SQL injection vulnerability in SYS.DBMS_STATS, and that DB22 is for SQL injection in SYS.DBMS_UPGRADE. | ||||
| CVE-2005-2291 | 1 Oracle | 1 Jdeveloper | 2025-04-03 | N/A |
| Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 passes the cleartext password as a parameter when starting sqlplus, which allows local users to gain sensitive information. | ||||
| CVE-2004-2229 | 1 Oracle | 1 Database Server Lite | 2025-04-03 | N/A |
| Multiple unknown vulnerabilities in Oracle 9i Lite Mobile Server 5.0.0.0.0 through 5.0.2.9.0 allow remote authenticated users to gain privileges. | ||||
| CVE-2001-1371 | 1 Oracle | 1 Application Server | 2025-04-03 | N/A |
| The default configuration of Oracle Application Server 9iAS 1.0.2.2 enables SOAP and allows anonymous users to deploy applications by default via urn:soap-service-manager and urn:soap-provider-manager. | ||||
| CVE-2006-3699 | 1 Oracle | 1 Database Server | 2025-04-03 | N/A |
| Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.0.1.5 and 9.2.0.6 has unknown impact and attack vectors, aka Oracle Vuln# DB02. | ||||
| CVE-2005-1747 | 2 Bea, Oracle | 2 Weblogic Server, Weblogic Portal | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and Express 8.1 through Service Pack 4, and 7.0 through Service Pack 6, allow remote attackers to inject arbitrary web script or HTML, and possibly gain administrative privileges, via the (1) j_username or (2) j_password parameters in the login page (LoginForm.jsp), (3) parameters to the error page in the Administration Console, (4) unknown vectors in the Server Console while the administrator has an active session to obtain the ADMINCONSOLESESSION cookie, or (5) an alternate vector in the Server Console that does not require an active session but also leaks the username and password. | ||||
| CVE-2006-1516 | 3 Mysql, Oracle, Redhat | 3 Mysql, Mysql, Enterprise Linux | 2025-04-03 | N/A |
| The check_connection function in sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to read portions of memory via a username without a trailing null byte, which causes a buffer over-read. | ||||