Oracle Database Server — known CVE vulnerabilities
Every CVE whose affected-product data names Oracle Database Server, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (200)
CVE-2006-1867 — CVSS 10.0 (critical): Unspecified vulnerability in Oracle Database Server 9.2.0.6 has unknown impact and attack vectors in the Advanced Replication component…
CVE-2006-1869 — CVSS 10.0 (critical): Unspecified vulnerability in Oracle Database Server 8.1.7.4 and 9.0.1.5 has unknown impact and attack vectors in the Dictionary component…
CVE-2009-1979 — CVSS 10.0 (critical): Unspecified vulnerability in the Network Authentication component in Oracle Database 10.1.0.5 and 10.2.0.4 allows remote attackers to…
CVE-2009-1985 — CVSS 10.0 (critical): Unspecified vulnerability in the Network Authentication component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.4 allows…
CVE-2006-0270 — CVSS 10.0 (critical): Unspecified vulnerability in the Transparent Data Encryption (TDE) Wallet component of Oracle Database server 10.2.0.1 has unspecified…
CVE-2006-0271 — CVSS 10.0 (critical): Unspecified vulnerability in the Upgrade & Downgrade component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4 has…
CVE-2006-0282 — CVSS 10.0 (critical): Unspecified vulnerability in Oracle Database Server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.7, and 10.1.0.5, Application Server 1.0.2.2…
CVE-2006-0283 — CVSS 10.0 (critical): Unspecified vulnerability in Oracle Database Server 10.1.0.4.2, Application Server 10.1.2.0.2, and Collaboration Suite Release 2, version…
CVE-2006-0285 — CVSS 10.0 (critical): Unspecified vulnerability in the Java Net component of Oracle Database Server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.7, and 10.1.0.4, and…
CVE-2006-0286 — CVSS 10.0 (critical): Unspecified vulnerability in the Oracle HTTP Server component of Oracle Database Server 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.7, and 10.1.0.5, and…
CVE-2006-0287 — CVSS 10.0 (critical): Unspecified vulnerability in the Oracle HTTP Server component of Oracle Database Server 10.1.0.5 and Application Server 10.1.2.0.2 has…
CVE-2006-0290 — CVSS 10.0 (critical): Unspecified vulnerability in Oracle Database Server 9.2.0.7, Application Server 9.0.4.2 and 10.1.2.1, Collaboration Suite Release 2…
CVE-2006-0291 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in Oracle Database Server 10.2.0.1, Application Server 9.0.4.2 and 10.1.2.1, Collaboration Suite…
CVE-2006-3705 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB21 for…
CVE-2006-3704 — CVSS 10.0 (critical): Unspecified vulnerability in the Oracle ODBC Driver for Oracle Database 10.1.0.4 has unknown impact and attack vectors, aka Oracle Vuln#…
CVE-2006-3702 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, 10.1.0.5, and 10.2.0.2 have unknown impact and attack…
CVE-2008-0348 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in the PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.22.18…
CVE-2006-3700 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in Oracle Database 9.2.0.6 and 10.1.0.4 have unknown impact and attack vectors, aka Oracle Vuln# (1)…
CVE-2006-1875 — CVSS 10.0 (critical): Unspecified vulnerability in Oracle Database Server 9.0.1.5, 9.2.0.7, and 10.1.0.5 has unknown impact and attack vectors in the Oracle…
CVE-2008-0347 — CVSS 10.0 (critical): Unspecified vulnerability in the Oracle Ultra Search component in Oracle Collaboration Suite 10.1.2; Database 9.2.0.8, 10.1.0.5, and…
CVE-2006-3698 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB01 for…
CVE-2006-1884 — CVSS 10.0 (critical): Unspecified vulnerability in the Oracle Thesaurus Management System component in Oracle E-Business Suite and OPA 4.5.2 Applications has…
CVE-2008-0346 — CVSS 10.0 (critical): Unspecified vulnerability in the Oracle Jinitiator component in Oracle Application Server 1.3.1.27 and E-Business Suite 11.5.10.2 has…
CVE-2008-0345 — CVSS 10.0 (critical): Unspecified vulnerability in the Core RDBMS component in Oracle Database 11.1.0.6 has unknown impact and remote attack vectors, aka DB08.
CVE-2008-0344 — CVSS 10.0 (critical): Unspecified vulnerability in the Oracle Spatial component in Oracle Database 10.1.0.5 and 10.2.0.3 has unknown impact and remote attack…
CVE-2008-0343 — CVSS 10.0 (critical): Unspecified vulnerability in the Oracle Spatial component in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, and 10.1.0.5 has unknown…
CVE-2003-0095 — CVSS 10.0 (critical): Buffer overflow in ORACLE.EXE for Oracle Database Server 9i, 8i, 8.1.7, and 8.0.6 allows remote attackers to execute arbitrary code via a…
CVE-2013-1534 — CVSS 10.0 (critical): Unspecified vulnerability in the Workload Manager component in Oracle Database Server 11.2.0.2 and 11.2.0.3, when used in RAC…
CVE-2008-1818 — CVSS 10.0 (critical): Unspecified vulnerability in the Authentication component in Oracle Database 11.1.0.6 has unknown impact and remote attack vectors, aka…
CVE-2008-0342 — CVSS 10.0 (critical): Unspecified vulnerability in the Upgrade/Downgrade component in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3 has unknown impact and…
CVE-2008-0341 — CVSS 10.0 (critical): Unspecified vulnerability in the Advanced Queuing component in Oracle Database 9.0.1.5 FIPS+ and 10.1.0.5 has unknown impact and remote…
CVE-2008-0340 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 have unknown impact and…
CVE-2010-0071 — CVSS 10.0 (critical): Unspecified vulnerability in the Listener component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote…
CVE-2008-0339 — CVSS 10.0 (critical): Unspecified vulnerability in the XML DB component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 has unknown impact and…
CVE-2007-5531 — CVSS 10.0 (critical): Unspecified vulnerability in Oracle Help for Web, as used in Oracle Application Server, Oracle Database 10.2.0.3, and Enterprise Manager…
CVE-2020-1953 — CVSS 10.0 (critical): Apache Commons Configuration uses a third-party library to parse YAML files which by default allows the instantiation of classes if the…
CVE-2007-5530 — CVSS 10.0 (critical): Unspecified vulnerability in the Database Control component in Oracle Database 10.1.0.5 and 10.2.0.3, and Enterprise Manager, has unknown…
CVE-2015-4863 — CVSS 10.0 (critical): Unspecified vulnerability in the Portable Clusterware component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote…
CVE-2005-3437 — CVSS 10.0 (critical): Unspecified vulnerability in the PL/SQL component in Oracle Database Server 9i up to 10.1.0.4 has unknown impact and attack vectors, aka…
CVE-2005-3438 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in Oracle Database Server 9i up to 10.1.0.4.2 have unknown impact and attack vectors, aka Oracle Vuln#…
CVE-2005-3440 — CVSS 10.0 (critical): Unspecified vulnerability in Database Scheduler in Oracle Database Server 10g up to 10.1.0.3 has unknown impact and attack vectors, aka…
CVE-2005-3443 — CVSS 10.0 (critical): Unspecified vulnerability in the Spatial component in Oracle Database Server from 9i up to 10.1.0.3 has unknown impact and attack vectors…
CVE-2005-3444 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in the Programmatic Interface in Oracle Database Server from 8i up to 9.2.0.5 have unknown impact and…
CVE-2005-3445 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in HTTP Server in Oracle Database Server 8i up to 10.1.0.4.2 and Application Server 1.0.2.2 up to…
CVE-2005-3446 — CVSS 10.0 (critical): Unspecified vulnerability in Internet Directory in Oracle Database Server 9i up to 9.2.0.6 and Application Server 9.0.2.3 up to 10.1.2.0…
CVE-2006-0256 — CVSS 10.0 (critical): Unspecified vulnerability in the Advanced Queuing component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.2.0.6, 10.1.0.3 has unspecified…
CVE-2006-0257 — CVSS 10.0 (critical): Unspecified vulnerability in the Change Data Capture component of Oracle Database server 9.2.0.7, 10.1.0.5, and 10.2.0.1 has unspecified…
CVE-2006-0258 — CVSS 10.0 (critical): Unspecified vulnerability in the Connection Manager component of Oracle Database server 8.1.7.4 and 9.0.1.5 has unspecified impact and…
CVE-2006-0259 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in Oracle Database server 10.1.0.5 have unspecified impact and attack vectors, as identified by Oracle…
CVE-2006-0260 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in Oracle Database server 9.2.0.7 and 10.1.0.5 have unspecified impact and attack vectors, as…
CVE-2006-0261 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in Oracle Database server 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unspecified impact and attack…
CVE-2006-0262 — CVSS 10.0 (critical): Unspecified vulnerability in the Net Foundation Layer component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.6, and…
CVE-2006-0263 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in Oracle Database server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.7, 10.1.0.5, and 10.2.0.1 have…
CVE-2006-0265 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in Oracle Database server 8.1.7.4, 9.0.1.5, 9.2.0.7, 10.1.0.5, and 10.2.0.1 have unspecified impact…
CVE-2009-1992 — CVSS 10.0 (critical): Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.4 allows remote attackers to affect…
CVE-2008-0349 — CVSS 10.0 (critical): Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.15 and 8.49.07 has…
CVE-2018-3110 — CVSS 9.9 (critical): A vulnerability was discovered in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4…
CVE-2017-15095 — CVSS 9.8 (critical): A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated…
CVE-2018-14719 — CVSS 9.8 (critical): FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the…
CVE-2018-3259 — CVSS 9.8 (critical): Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and…
CVE-2004-1363 — CVSS 9.8 (critical): Buffer overflow in extproc in Oracle 10g allows remote attackers to execute arbitrary code via environment variables in the library name…
CVE-2016-9841 — CVSS 9.8 (critical): inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
CVE-2019-16942 — CVSS 9.8 (critical): A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either…
CVE-2016-9843 — CVSS 9.8 (critical): The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving…
CVE-2006-1866 — CVSS 9.7 (critical): Multiple unspecified vulnerabilities in Oracle Database Server 8.1.7.4, 9.0.1.5, 9.2.0.7, 10.1.0.5, and other versions have unknown impact…
CVE-2016-5555 — CVSS 9.1 (critical): Unspecified vulnerability in the OJVM component in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows remote administrators to affect…
CVE-2017-10282 — CVSS 9.1 (critical): Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2 and 12.2.0.1. Easily…
CVE-2019-2517 — CVSS 9.1 (critical): Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.2.0.1 and 18c. Easily…
CVE-2014-6567 — CVSS 9.0 (critical): Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows…
CVE-2009-3415 — CVSS 9.0 (critical): Unspecified vulnerability in the Oracle OLAP component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote…
CVE-2009-1020 — CVSS 9.0 (critical): Unspecified vulnerability in the Network Foundation component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7…
CVE-2003-0096 — CVSS 9.0 (critical): Multiple buffer overflows in Oracle 9i Database release 2, Release 1, 8i, 8.1.7, and 8.0.6 allow remote attackers to execute arbitrary code…
CVE-2003-0222 — CVSS 9.0 (critical): Stack-based buffer overflow in Oracle Net Services for Oracle Database Server 9i release 2 and earlier allows attackers to execute…
CVE-2004-1371 — CVSS 9.0 (critical): Stack-based buffer overflow in Oracle 9i and 10g allows remote attackers to execute arbitrary code via a long token in the text of a…
CVE-2006-0266 — CVSS 9.0 (critical): Unspecified vulnerability in the Query Optimizer component of Oracle Database server 9.0.1.5, 9.2.0.7, and 10.1.0.5 has unspecified impact…
CVE-2006-0267 — CVSS 9.0 (critical): Unspecified vulnerability in the Query Optimizer component of Oracle Database server 9.2.0.6 and 10.1.0.4 has unspecified impact and attack…
CVE-2006-0268 — CVSS 9.0 (critical): Unspecified vulnerability in the Security component of Oracle Database server 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.6, and 10.1.0.4 has unspecified…
CVE-2006-1870 — CVSS 9.0 (critical): Unspecified vulnerability in Oracle Database Server 8.1.7.4, 9.0.1.5, 9.2.0.7, 10.1.0.5, and 10.2.0.2 has unknown impact and attack vectors…
CVE-2006-1873 — CVSS 9.0 (critical): Unspecified vulnerability in Oracle Database Server 9.2.0.7, 10.1.0.4, and 10.2.0.1 has unknown impact and attack vectors in the Oracle…
CVE-2006-1876 — CVSS 9.0 (critical): Unspecified vulnerability in Oracle Database Server 9.2.0.7 and 10.1.0.4 has unknown impact and attack vectors in the Oracle Spatial…
CVE-2006-3699 — CVSS 9.0 (critical): Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.0.1.5 and 9.2.0.6 has unknown impact and attack vectors, aka…
CVE-2006-3701 — CVSS 9.0 (critical): Unspecified vulnerability in the Dictionary component in Oracle Database 8.1.7.4, 9.0.1.5, and 9.2.0.6 has unknown impact and attack…
CVE-2006-3703 — CVSS 9.0 (critical): Unspecified vulnerability in InterMedia for Oracle Database 9.0.1.5, 9.2.0.6, and 10.1.0.4 has unknown impact and attack vectors, aka…
CVE-2006-5332 — CVSS 9.0 (critical): Unspecified vulnerability in xdb.dbms_xdbz in the XMLDB component for Oracle Database 9.2.0.6 and 10.1.0.4 has unknown impact and remote…
CVE-2006-5335 — CVSS 9.0 (critical): Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and 10.2.0.2 have unknown impact and remote authenticated attack vectors…
CVE-2006-5336 — CVSS 9.0 (critical): Multiple unspecified vulnerabilities in the Change Data Capture (CDC) component in Oracle Database 9.2.0.7, 10.1.0.5, and have unknown…
CVE-2006-5337 — CVSS 9.0 (critical): Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.2 has unknown impact and…
CVE-2006-5338 — CVSS 9.0 (critical): Unspecified vulnerability in the Core RDBMS component in Oracle Database 10.1.0.5 has unknown impact and remote authenticated attack…
CVE-2006-5339 — CVSS 9.0 (critical): Unspecified vulnerability in Oracle Spatial component in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4 has unknown impact and…
CVE-2006-5341 — CVSS 9.0 (critical): Multiple unspecified vulnerabilities in XMLDB component in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.2 have unknown impact and remote…
CVE-2006-5343 — CVSS 9.0 (critical): Unspecified vulnerability in Database Scheduler component in Oracle Database 10.1.0.3 has unknown impact and remote authenticated attack…
CVE-2006-5344 — CVSS 9.0 (critical): Multiple unspecified vulnerabilities in Oracle Spatial component in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4 have unknown…
CVE-2006-5345 — CVSS 9.0 (critical): Unspecified vulnerability in Oracle Spatial component in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.4 has unknown impact and remote…
CVE-2026-46833 — CVSS 9.0 (critical): Vulnerability in the Net Service component of Oracle Database Server. Supported versions that are affected are 23.4.0-23.26.2. Difficult to…
CVE-2007-2114 — CVSS 9.0 (critical): Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and 10.2.0.2 have unknown impact and remote authenticated attack vectors…
CVE-2007-2116 — CVSS 9.0 (critical): Unspecified vulnerability in the Advanced Replication component in Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.5 has unknown impact and…
CVE-2007-2130 — CVSS 9.0 (critical): Unspecified vulnerability in Workflow Cartridge, as used in Oracle Database Server 9.2.0.1, 10.1.0.2, and 10.2.0.1; Application Server…
CVE-2016-0499 — CVSS 9.0 (critical): Unspecified vulnerability in the Java VM component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated…
CVE-2015-4796 — CVSS 9.0 (critical): Unspecified vulnerability in the Java VM component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2, when running on Windows…
CVE-2015-4794 — CVSS 9.0 (critical): Unspecified vulnerability in the Java VM component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated…
CVE-2015-2629 — CVSS 9.0 (critical): Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows…
CVE-2015-0457 — CVSS 9.0 (critical): Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows…
CVE-2014-6560 — CVSS 9.0 (critical): Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows…
CVE-2014-6546 — CVSS 9.0 (critical): Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows…
CVE-2014-6545 — CVSS 9.0 (critical): Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows…
CVE-2014-6467 — CVSS 9.0 (critical): Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows…
CVE-2014-6455 — CVSS 9.0 (critical): Unspecified vulnerability in the SQLJ component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows…
CVE-2014-6453 — CVSS 9.0 (critical): Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows…
CVE-2008-1817 — CVSS 9.0 (critical): Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3, and 11.1.0.6 have unknown…
CVE-2008-1821 — CVSS 9.0 (critical): Unspecified vulnerability in the Advanced Queuing component in Oracle Database 9.0.1.5 FIPS+, and 10.1.0.5 has unknown impact and remote…
CVE-2013-3751 — CVSS 9.0 (critical): Unspecified vulnerability in the XML Parser component in Oracle Database Server 11.2.0.2, 11.2.0.3, and 12.1.0.1 allows remote…
CVE-2012-3220 — CVSS 9.0 (critical): Unspecified vulnerability in the Spatial component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3…
CVE-2012-0552 — CVSS 9.0 (critical): Unspecified vulnerability in the Oracle Spatial component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and…
CVE-2016-9840 — CVSS 8.8 (high): inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
CVE-2016-9842 — CVSS 8.8 (high): The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors…
CVE-2025-30751 — CVSS 8.8 (high): Vulnerability in the Oracle Database component of Oracle Database Server. Supported versions that are affected are 19.27 and 23.4-23.8…
CVE-2007-5897 — CVSS 8.5 (high): Buffer overflow in MDSYS.SDO_CS in Oracle Database Server 8iR3, 9iR1, 9iR2 up to 9.2.0.6, and 10gR1 up to 10.1.0.4 allows remote…
CVE-2018-2841 — CVSS 8.5 (high): Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1…
CVE-2014-2406 — CVSS 8.5 (high): Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote…
CVE-2011-2301 — CVSS 8.5 (high): Unspecified vulnerability in the Oracle Text component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, and 11.1.0.7 allows remote…
CVE-2007-0272 — CVSS 8.5 (high): Multiple buffer overflows in MDSYS.MD in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4 allows remote authenticated users to cause…
CVE-2018-2939 — CVSS 8.4 (high): Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1…
CVE-2018-2680 — CVSS 8.3 (high): Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1…
CVE-2019-2516 — CVSS 8.2 (high): Vulnerability in the Portable Clusterware component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2…
CVE-2020-2968 — CVSS 8.0 (high): Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1…
CVE-2020-2735 — CVSS 8.0 (high): Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1…
CVE-2007-5506 — CVSS 7.8 (high): The Core RDBMS component in Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote attackers to cause a denial…
CVE-2010-0903 — CVSS 7.8 (high): Unspecified vulnerability in the Net Foundation Layer component in Oracle Database Server 9.2.0.8, 10.1.0.5, 10.2.0.4, 11.1.0.7, and…
CVE-2010-0911 — CVSS 7.8 (high): Unspecified vulnerability in the Listener component in Oracle Database Server 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, 11.1.0.7, and…
CVE-2020-2511 — CVSS 7.7 (high): Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and…
CVE-2013-3774 — CVSS 7.6 (high): Unspecified vulnerability in the Network Layer component in Oracle Database Server 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, 11.2.0.3, and…
CVE-2019-2776 — CVSS 7.6 (high): Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and…
CVE-2005-3641 — CVSS 7.5 (high): Oracle Databases running on Windows XP with Simple File Sharing enabled, allows remote attackers to bypass authentication by supplying a…
CVE-2019-2518 — CVSS 7.5 (high): Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1…
CVE-2007-2113 — CVSS 7.5 (high): SQL injection vulnerability in the Upgrade/Downgrade component (DBMS_UPGRADE_INTERNAL) for Oracle Database 10.1.0.5 allows remote…
CVE-2009-1019 — CVSS 7.5 (high): Unspecified vulnerability in the Network Authentication component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7…
CVE-2007-2118 — CVSS 7.5 (high): Unspecified vulnerability in the Upgrade/Downgrade component of Oracle Database 9.0.1.5 and 9.2.0.7 has unknown impact and attack vectors…
CVE-2016-2381 — CVSS 7.5 (high): Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment…
CVE-2010-3600 — CVSS 7.5 (high): Unspecified vulnerability in the Client System Analyzer component in Oracle Database Server 11.1.0.7 and 11.2.0.1 and Enterprise Manager…
CVE-2005-1197 — CVSS 7.5 (high): SQL injection vulnerability in the SYS.DBMS_CDC_IPUBLISH.CREATE_SCN_CHANGE_SET procedure in Oracle Database Server 10g allows remote…
CVE-2010-2390 — CVSS 7.5 (high): Unspecified vulnerability in the Database Control component in EM Console in Oracle Database Server 10.1.0.5 and 10.2.0.3, Oracle Fusion…
CVE-2007-3858 — CVSS 7.5 (high): Multiple unspecified vulnerabilities in Oracle Database 10.2.0.3 allow remote authenticated users to have an unknown impact via (1)…
CVE-2007-3859 — CVSS 7.5 (high): Unspecified vulnerability in the Oracle Internet Directory component for Oracle Database 9.2.0.8 and 9.2.0.8DV; Application Server 9.0.4.3…
CVE-2010-0853 — CVSS 7.5 (high): Unspecified vulnerability in the Oracle Internet Directory component in Oracle Database 9.2.0.8, 9.2.0.8, and DV; and Oracle Fusion…
CVE-2007-5505 — CVSS 7.5 (high): Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 have unknown impact and remote…
CVE-2012-1675 — CVSS 7.5 (high): The TNS Listener, as used in Oracle Database 11g 11.1.0.7, 11.2.0.2, and 11.2.0.3, and 10g 10.2.0.3, 10.2.0.4, and 10.2.0.5, as used in…
CVE-2007-5512 — CVSS 7.5 (high): Unspecified vulnerability in the Oracle Database Vault component in Oracle Database 9.2.0.8DV and 10.2.0.3 has unknown impact and remote…
CVE-2007-5520 — CVSS 7.5 (high): Unspecified vulnerability in the Oracle Internet Directory component in Oracle Database 9.2.0.8 and 9.2.0.8DV, and Oracle Application…
CVE-2019-2799 — CVSS 7.5 (high): Vulnerability in the Oracle ODBC Driver component of Oracle Database Server<span class=font-red><b> ***PRIVILEGE CANNOT BE NONE FOR…
CVE-2005-0297 — CVSS 7.5 (high): SQL injection vulnerability in Oracle Database 9i and 10g allows remote attackers to execute arbitrary SQL commands and gain privileges.
CVE-2023-21893 — CVSS 7.5 (high): Vulnerability in the Oracle Data Provider for .NET component of Oracle Database Server. Supported versions that are affected are 19c and…
CVE-2006-1874 — CVSS 7.5 (high): Unspecified vulnerability in Oracle Database Server 8.1.7.4, 9.0.1.5, and 9.2.0.6 has unknown impact and attack vectors in the Oracle…
CVE-2020-2510 — CVSS 7.5 (high): Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1…
CVE-2006-1872 — CVSS 7.5 (high): Unspecified vulnerability in Oracle Database Server 9.0.1.5 and 9.2.0.7 has unknown impact and attack vectors in the Oracle Enterprise…
CVE-2006-1868 — CVSS 7.5 (high): Buffer overflow in the Advanced Replication component in Oracle Database Server 10.1.0.4 allows database users to execute arbitrary code…
CVE-2006-0552 — CVSS 7.5 (high): Unspecified vulnerability in the Net Listener component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, and 9.2.0.7 has…
CVE-2020-2518 — CVSS 7.5 (high): Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1…
CVE-2002-0857 — CVSS 7.5 (high): Format string vulnerabilities in Oracle Listener Control utility (lsnrctl) for Oracle 9.2 and 9.0, 8.1, and 7.3.4, allow remote attackers…
CVE-2002-0843 — CVSS 7.5 (high): Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a…
CVE-2026-46835 — CVSS 7.5 (high): Vulnerability in the Net Service component of Oracle Database Server. Supported versions that are affected are 23.4.0-23.26.2. Easily…
CVE-2002-0567 — CVSS 7.5 (high): Oracle 8i and 9i with PL/SQL package for External Procedures (EXTPROC) allows remote attackers to bypass authentication and execute…
CVE-2009-1963 — CVSS 7.5 (high): Unspecified vulnerability in the Network Foundation component in Oracle Database 11.1.0.6 allows remote authenticated users to affect…
CVE-2006-0551 — CVSS 7.5 (high): SQL injection vulnerability in the Data Pump Metadata API in Oracle Database 10g and possibly earlier might allow remote attackers to…
CVE-2006-0549 — CVSS 7.5 (high): SQL injection vulnerability in the SYS.DBMS_METADATA_UTIL package in Oracle Database 10g, and possibly earlier versions, might allow remote…
CVE-2006-0548 — CVSS 7.5 (high): SQL injection vulnerability in the Oracle Text component of Oracle Database 10g, and possibly earlier versions, might allow remote…
CVE-2006-0547 — CVSS 7.5 (high): Oracle Database 8i, 9i, and 10g allow remote authenticated users to execute arbitrary SQL statements in the context of the SYS user and…
CVE-2026-46834 — CVSS 7.5 (high): Vulnerability in the Net Service component of Oracle Database Server. Supported versions that are affected are 23.4.0-23.26.2. Easily…
CVE-2008-1819 — CVSS 7.2 (high): Unspecified vulnerability in the Oracle Net Services component in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3 has unknown impact and…
CVE-2002-1767 — CVSS 7.2 (high): Buffer overflow in tnslsnr of Oracle 8i Database Server 8.1.5 for Linux allows local users to execute arbitrary code as the oracle user via…
CVE-2013-3771 — CVSS 7.2 (high): Unspecified vulnerability in the Oracle executable component in Oracle Database Server 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3…
CVE-2001-0943 — CVSS 7.2 (high): dbsnmp in Oracle 8.0.5 and 8.1.5, under certain conditions, trusts the PATH environment variable to find and execute the (1) chown or (2)…
CVE-2013-3760 — CVSS 7.2 (high): Unspecified vulnerability in the Oracle executable component in Oracle Database Server 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3…
CVE-2006-1877 — CVSS 7.2 (high): Unspecified vulnerability in Oracle Database Server 8.1.7.4, 9.0.1.5, and 9.2.0.7 has unknown impact and attack vectors in the Oracle…
CVE-2015-4873 — CVSS 7.2 (high): Unspecified vulnerability in the Database Scheduler component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows local users…
CVE-2007-1442 — CVSS 7.2 (high): Oracle Database 10g uses a NULL pDacl parameter when calling the SetSecurityDescriptorDacl function to create discretionary access control…
CVE-2001-0833 — CVSS 7.2 (high): Buffer overflow in otrcrep in Oracle 8.0.x through 9.0.1 allows local users to execute arbitrary code via a long ORACLE_HOME environment…
CVE-2024-21184 — CVSS 7.2 (high): Vulnerability in the Oracle Database RDBMS Security component of Oracle Database Server. Supported versions that are affected are…
CVE-2006-5333 — CVSS 7.1 (high): Unspecified vulnerability in Oracle Spatial component in Oracle Database 10.2.0.2 has unknown impact and remote authenticated attack…
CVE-2010-0860 — CVSS 7.1 (high): Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote…
CVE-2006-5334 — CVSS 7.1 (high): Unspecified vulnerability in Oracle Spatial component in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.5 has unknown impact and remote…
CVE-2011-2253 — CVSS 7.1 (high): Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and…
CVE-2011-2239 — CVSS 7.1 (high): Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and…
CVE-2012-0519 — CVSS 7.1 (high): Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.2.0.2, when running on Windows, allows remote…
CVE-2006-5340 — CVSS 7.1 (high): Multiple unspecified vulnerabilities in Oracle Spatial component in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.2 have…
CVE-2006-5342 — CVSS 7.1 (high): Unspecified vulnerability in Oracle Spatial component in Oracle Database 9.0.1.5, 9.2.0.6, and 10.1.0.3 has unknown impact and remote…
CVE-2007-5554 — CVSS 7.1 (high): Oracle allows remote attackers to obtain server memory contents via crafted packets, aka Oracle reference number 7892711. NOTE: as of…
CVE-2026-21939 — CVSS 7.0 (high): Vulnerability in the SQLcl component of Oracle Database Server. Supported versions that are affected are 23.4.0-23.26.0. Difficult to…
CVE-2010-4423 — CVSS 6.9 (medium): Unspecified vulnerability in the Cluster Verify Utility component in Oracle Database Server 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.1…
CVE-2007-2119 — CVSS 6.8 (medium): Cross-site scripting (XSS) vulnerability in boundary_rules.jsp in the Administration Front End for Oracle Enterprise (Ultra) Search, as…
CVE-2002-0840 — CVSS 6.8 (medium): Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when…
CVE-2005-4884 — CVSS 6.8 (medium): Unspecified vulnerability in the Oracle OLAP component in Oracle Database Server 10.1.0.4 (10g) allows remote authenticated attackers to…
CVE-2007-0276 — CVSS 6.8 (medium): Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4 and 9.0.1.5 have unknown impact and attack vectors related to (1) Advanced…
CVE-2007-0277 — CVSS 6.8 (medium): Unspecified vulnerability in Oracle Database client-only 10.1.0.4 has unknown impact and attack vectors related to the Export component and…
CVE-2007-0278 — CVSS 6.8 (medium): Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unknown impact and attack vectors…
CVE-2007-2108 — CVSS 6.8 (medium): Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.2 on Windows allows remote…
CVE-2007-2115 — CVSS 6.8 (medium): Unspecified vulnerability in the Change Data Capture (CDC) component in Oracle Database 9.2.0.7, 10.1.0.5, and 10.2.0.2 has unknown impact…
CVE-2007-2117 — CVSS 6.8 (medium): Unspecified vulnerability in the Oracle Text component in Oracle Database 9.0.1.5+ and 9.2.0.5 has unknown impact and attack vectors, aka…
CVE-2007-6260 — CVSS 6.8 (medium): The installation process for Oracle 10g and llg uses accounts with default passwords, which allows remote attackers to obtain login access…
CVE-2010-1321 — CVSS 6.8 (medium): The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before…
CVE-2010-4421 — CVSS 6.8 (medium): Unspecified vulnerability in the Database Vault component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.1…