Every CVE whose affected-product data names Oracle Oracle10g, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (23)
CVE-2006-0271 — CVSS 10.0 (critical): Unspecified vulnerability in the Upgrade & Downgrade component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4 has…
CVE-2006-0262 — CVSS 10.0 (critical): Unspecified vulnerability in the Net Foundation Layer component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.6, and…
CVE-2004-1371 — CVSS 9.0 (critical): Stack-based buffer overflow in Oracle 9i and 10g allows remote attackers to execute arbitrary code via a long token in the text of a…
CVE-2006-0272 — CVSS 9.0 (critical): Unspecified vulnerability in the XML Database component of Oracle Database server 9.2.0.7 and 10.1.0.4 has unspecified impact and attack…
CVE-2004-1364 — CVSS 8.5 (high): Directory traversal vulnerability in extproc in Oracle 9i and 10g allows remote attackers to access arbitrary libraries outside of the…
CVE-2004-1368 — CVSS 7.8 (high): ISQL*Plus in Oracle 10g Application Server allows remote attackers to execute arbitrary files via an absolute pathname in the file…
CVE-2006-0552 — CVSS 7.5 (high): Unspecified vulnerability in the Net Listener component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, and 9.2.0.7 has…
CVE-2004-1370 — CVSS 7.5 (high): Multiple SQL injection vulnerabilities in PL/SQL procedures that run with definer rights in Oracle 9i and 10g allow remote attackers to…
CVE-2006-0586 — CVSS 7.5 (high): Multiple SQL injection vulnerabilities in Oracle 10g Release 1 before CPU Jan 2006 allow remote attackers to execute arbitrary SQL commands…
CVE-2005-1495 — CVSS 7.5 (high): Oracle Database 9i and 10g disables Fine Grained Audit (FGA) after the SYS user executes a SELECT statement on an FGA object, which makes…
CVE-2004-1362 — CVSS 7.5 (high): The PL/SQL module for the Oracle HTTP Server in Oracle Application Server 10g, when using the WE8ISO8859P1 character set, does not perform…
CVE-2005-3641 — CVSS 7.5 (high): Oracle Databases running on Windows XP with Simple File Sharing enabled, allows remote attackers to bypass authentication by supplying a…
CVE-2005-4832 — CVSS 7.5 (high): SQL injection vulnerability in the Oracle Database Server 10g allows remote authenticated users to execute arbitrary SQL commands with…
CVE-2004-1774 — CVSS 7.2 (high): Buffer overflow in the SDO_CODE_SIZE procedure of the MD2 package (MDSYS.MD2.SDO_CODE_SIZE) in Oracle 10g before 10.1.0.2 Patch 2 allows…
CVE-2006-6703 — CVSS 6.8 (medium): Multiple cross-site scripting (XSS) vulnerabilities in Oracle Portal 9i and 10g allow remote attackers to inject arbitrary JavaScript via…
CVE-2007-3856 — CVSS 6.5 (medium): Unspecified vulnerability in the Oracle Data Mining component for Oracle Database 10g Release 2 10.2.0.2 and 10.2.0.3, 10g 10.1.0.5, and…
CVE-2006-0269 — CVSS 5.5 (medium): Unspecified vulnerability in the Streams Capture component of Oracle Database server 10.1.0.5 and 10.2.0.1 has unspecified impact and…
CVE-2004-1369 — CVSS 5.0 (medium): The TNS Listener in Oracle 10g allows remote attackers to cause a denial of service (listener crash) via a malformed service_register_NSGR…
CVE-2004-1366 — CVSS 4.6 (medium): Oracle 10g Database Server stores the password for the SYSMAN account in cleartext in the world-readable emoms.properties file, which could…
CVE-2005-1496 — CVSS 4.6 (medium): The DBMS_Scheduler in Oracle 10g allows remote attackers with CREATE JOB privileges to gain additional privileges by changing SESSION_USER…
CVE-2004-1365 — CVSS 4.6 (medium): Extproc in Oracle 9i and 10g does not require authentication to load a library or execute a function, which allows local users to execute…
CVE-2004-1367 — CVSS 4.4 (medium): Oracle 10g Database Server, when installed with a password that contains an exclamation point ("!") for the (1) DBSNMP or (2) SYSMAN user…
CVE-2006-1705 — CVSS 2.1 (low): Oracle Database 9.2.0.0 to 10.2.0.3 allows local users with "SELECT" privileges for a base table to insert, update, or delete data by…