Every CVE whose affected-product data names Oracle Oracle8i, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (46)
CVE-2001-0499 — CVSS 10.0 (critical): Buffer overflow in Transparent Network Substrate (TNS) Listener in Oracle 8i 8.1.7 and earlier allows remote attackers to gain privileges…
CVE-2006-0262 — CVSS 10.0 (critical): Unspecified vulnerability in the Net Foundation Layer component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.6, and…
CVE-2006-0271 — CVSS 10.0 (critical): Unspecified vulnerability in the Upgrade & Downgrade component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4 has…
CVE-2003-0095 — CVSS 10.0 (critical): Buffer overflow in ORACLE.EXE for Oracle Database Server 9i, 8i, 8.1.7, and 8.0.6 allows remote attackers to execute arbitrary code via a…
CVE-2003-0222 — CVSS 9.0 (critical): Stack-based buffer overflow in Oracle Net Services for Oracle Database Server 9i release 2 and earlier allows attackers to execute…
CVE-2003-0096 — CVSS 9.0 (critical): Multiple buffer overflows in Oracle 9i Database release 2, Release 1, 8i, 8.1.7, and 8.0.6 allow remote attackers to execute arbitrary code…
CVE-2004-1371 — CVSS 9.0 (critical): Stack-based buffer overflow in Oracle 9i and 10g allows remote attackers to execute arbitrary code via a long token in the text of a…
CVE-2004-1364 — CVSS 8.5 (high): Directory traversal vulnerability in extproc in Oracle 9i and 10g allows remote attackers to access arbitrary libraries outside of the…
CVE-2004-0638 — CVSS 8.5 (high): Buffer overflow in the KSDWRTB function in the dbms_system package (dbms_system.ksdwrt) for Oracle 9i Database Server Release 2 9.2.0.3 and…
CVE-2004-1368 — CVSS 7.8 (high): ISQL*Plus in Oracle 10g Application Server allows remote attackers to execute arbitrary files via an absolute pathname in the file…
CVE-2006-0552 — CVSS 7.5 (high): Unspecified vulnerability in the Net Listener component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, and 9.2.0.7 has…
CVE-2001-0126 — CVSS 7.5 (high): Oracle XSQL servlet 1.0.3.0 and earlier allows remote attackers to execute arbitrary Java code by redirecting the XSQL server to another…
CVE-2001-0326 — CVSS 7.5 (high): Oracle Java Virtual Machine (JVM ) for Oracle 8.1.7 and Oracle Application Server 9iAS Release 1.0.2.0.1 allows remote attackers to read…
CVE-2002-0559 — CVSS 7.5 (high): Buffer overflows in PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allow remote attackers to cause a denial of service or…
CVE-2002-0561 — CVSS 7.5 (high): The default configuration of the PL/SQL Gateway web administration interface in Oracle 9i Application Server 1.0.2.x uses null…
CVE-2002-0564 — CVSS 7.5 (high): PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to bypass authentication for a Database Access…
CVE-2002-0567 — CVSS 7.5 (high): Oracle 8i and 9i with PL/SQL package for External Procedures (EXTPROC) allows remote attackers to bypass authentication and execute…
CVE-2002-0843 — CVSS 7.5 (high): Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a…
CVE-2002-0857 — CVSS 7.5 (high): Format string vulnerabilities in Oracle Listener Control utility (lsnrctl) for Oracle 9.2 and 9.0, 8.1, and 7.3.4, allow remote attackers…
CVE-2002-0858 — CVSS 7.5 (high): catsnmp in Oracle 9i and 8i is installed with a dbsnmp user with a default dbsnmp password, which allows attackers to perform restricted…
CVE-2003-0634 — CVSS 7.5 (high): Stack-based buffer overflow in the PL/SQL EXTPROC functionality for Oracle9i Database Release 2 and 1, and Oracle 8i, allows authenticated…
CVE-2004-1362 — CVSS 7.5 (high): The PL/SQL module for the Oracle HTTP Server in Oracle Application Server 10g, when using the WE8ISO8859P1 character set, does not perform…
CVE-2004-1370 — CVSS 7.5 (high): Multiple SQL injection vulnerabilities in PL/SQL procedures that run with definer rights in Oracle 9i and 10g allow remote attackers to…
CVE-2005-3641 — CVSS 7.5 (high): Oracle Databases running on Windows XP with Simple File Sharing enabled, allows remote attackers to bypass authentication by supplying a…
CVE-2004-1707 — CVSS 7.2 (high): The (1) dbsnmp and (2) nmo programs in Oracle 8i, Oracle 9i, and Oracle IAS 9.0.2.0.1, on Unix systems, use a default path to find and…
CVE-2002-0840 — CVSS 6.8 (medium): Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when…
CVE-2004-0637 — CVSS 6.5 (medium): Oracle Database Server 8.1.7.4 through 9.2.0.4 allows local users to execute commands with additional privileges via the ctxsys.driload…
CVE-2000-0206 — CVSS 6.2 (medium): The installation of Oracle 8.1.5.x on Linux follows symlinks and creates the orainstRoot.sh file with world-writeable permissions, which…
CVE-2004-1369 — CVSS 5.0 (medium): The TNS Listener in Oracle 10g allows remote attackers to cause a denial of service (listener crash) via a malformed service_register_NSGR…
CVE-2002-1118 — CVSS 5.0 (medium): TNS Listener in Oracle Net Services for Oracle 9i 9.2.x and 9.0.x, and Oracle 8i 8.1.x, allows remote attackers to cause a denial of…
CVE-2002-0563 — CVSS 5.0 (medium): The default configuration of Oracle 9i Application Server 1.0.2.x allows remote anonymous users to access sensitive services without…
CVE-2001-0498 — CVSS 5.0 (medium): Transparent Network Substrate (TNS) over Net8 (SQLNet) in Oracle 8i 8.1.7 and earlier allows remote attackers to cause a denial of service…
CVE-2001-0517 — CVSS 5.0 (medium): Oracle listener in Oracle 8i on Solaris allows remote attackers to cause a denial of service via a malformed connection packet with a…
CVE-2001-0516 — CVSS 5.0 (medium): Oracle listener between Oracle 9i and Oracle 8.0 allows remote attackers to cause a denial of service via a malformed connection packet…
CVE-2001-0515 — CVSS 5.0 (medium): Oracle Listener in Oracle 7.3 and 8i allows remote attackers to cause a denial of service via a malformed connection packet with a large…
CVE-2002-0566 — CVSS 5.0 (medium): PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to cause a denial of service (crash) via an HTTP…
CVE-2002-0560 — CVSS 5.0 (medium): PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to obtain sensitive information via the OWA_UTIL…
CVE-2000-0986 — CVSS 4.6 (medium): Buffer overflow in Oracle 8.1.5 applications such as names, namesctl, onrsd, osslogin, tnslsnr, tnsping, trcasst, and trcroute possibly…
CVE-1999-0711 — CVSS 4.6 (medium): The oratclsh interpreter in Oracle 8.x Intelligent Agent for Unix allows local users to execute Tcl commands as root.
CVE-2000-1180 — CVSS 4.6 (medium): Buffer overflow in cmctl program in Oracle 8.1.5 Connection Manager Control allows local users to gain privileges via a long command line…
CVE-2004-1365 — CVSS 4.6 (medium): Extproc in Oracle 9i and 10g does not require authentication to load a library or execute a function, which allows local users to execute…
CVE-2004-1366 — CVSS 4.6 (medium): Oracle 10g Database Server stores the password for the SYSMAN account in cleartext in the world-readable emoms.properties file, which could…
CVE-2000-0987 — CVSS 4.6 (medium): Buffer overflow in oidldapd in Oracle 8.1.6 allow local users to gain privileges via a long "connect" command line parameter.
CVE-1999-0888 — CVSS 4.6 (medium): dbsnmp in Oracle Intelligent Agent allows local users to gain privileges by setting the ORACLE_HOME environmental variable, which dbsnmp…
CVE-2004-1367 — CVSS 4.4 (medium): Oracle 10g Database Server, when installed with a password that contains an exclamation point ("!") for the (1) DBSNMP or (2) SYSMAN user…
CVE-2002-0568 — CVSS 2.1 (low): Oracle 9i Application Server stores XSQL and SOAP configuration files insecurely, which allows local users to obtain sensitive information…