Every CVE whose affected-product data names Oracle Oracle9i, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (52)
CVE-2003-1208 — CVSS 10.0 (critical): Multiple buffer overflows in Oracle 9i 9 before 9.2.0.3 allow local users to execute arbitrary code by (1) setting the TIME_ZONE session…
CVE-2003-0095 — CVSS 10.0 (critical): Buffer overflow in ORACLE.EXE for Oracle Database Server 9i, 8i, 8.1.7, and 8.0.6 allows remote attackers to execute arbitrary code via a…
CVE-2006-0271 — CVSS 10.0 (critical): Unspecified vulnerability in the Upgrade & Downgrade component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4 has…
CVE-2006-0262 — CVSS 10.0 (critical): Unspecified vulnerability in the Net Foundation Layer component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.6, and…
CVE-2004-1371 — CVSS 9.0 (critical): Stack-based buffer overflow in Oracle 9i and 10g allows remote attackers to execute arbitrary code via a long token in the text of a…
CVE-2003-0096 — CVSS 9.0 (critical): Multiple buffer overflows in Oracle 9i Database release 2, Release 1, 8i, 8.1.7, and 8.0.6 allow remote attackers to execute arbitrary code…
CVE-2006-0272 — CVSS 9.0 (critical): Unspecified vulnerability in the XML Database component of Oracle Database server 9.2.0.7 and 10.1.0.4 has unspecified impact and attack…
CVE-2003-0222 — CVSS 9.0 (critical): Stack-based buffer overflow in Oracle Net Services for Oracle Database Server 9i release 2 and earlier allows attackers to execute…
CVE-2004-1364 — CVSS 8.5 (high): Directory traversal vulnerability in extproc in Oracle 9i and 10g allows remote attackers to access arbitrary libraries outside of the…
CVE-2004-0638 — CVSS 8.5 (high): Buffer overflow in the KSDWRTB function in the dbms_system package (dbms_system.ksdwrt) for Oracle 9i Database Server Release 2 9.2.0.3 and…
CVE-2004-1368 — CVSS 7.8 (high): ISQL*Plus in Oracle 10g Application Server allows remote attackers to execute arbitrary files via an absolute pathname in the file…
CVE-2004-1370 — CVSS 7.5 (high): Multiple SQL injection vulnerabilities in PL/SQL procedures that run with definer rights in Oracle 9i and 10g allow remote attackers to…
CVE-2002-0559 — CVSS 7.5 (high): Buffer overflows in PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allow remote attackers to cause a denial of service or…
CVE-2002-0561 — CVSS 7.5 (high): The default configuration of the PL/SQL Gateway web administration interface in Oracle 9i Application Server 1.0.2.x uses null…
CVE-2002-0564 — CVSS 7.5 (high): PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to bypass authentication for a Database Access…
CVE-2002-0567 — CVSS 7.5 (high): Oracle 8i and 9i with PL/SQL package for External Procedures (EXTPROC) allows remote attackers to bypass authentication and execute…
CVE-2002-0571 — CVSS 7.5 (high): Oracle Oracle9i database server 9.0.1.x allows local users to access restricted data via a SQL query using ANSI outer join syntax.
CVE-2002-0858 — CVSS 7.5 (high): catsnmp in Oracle 9i and 8i is installed with a dbsnmp user with a default dbsnmp password, which allows attackers to perform restricted…
CVE-2002-0965 — CVSS 7.5 (high): Buffer overflow in TNS Listener for Oracle 9i Database Server on Windows systems, and Oracle 8 on VM, allows local users to execute…
CVE-2002-1264 — CVSS 7.5 (high): Buffer overflow in Oracle iSQL*Plus web application of the Oracle 9 database server allows remote attackers to execute arbitrary code via a…
CVE-2003-0634 — CVSS 7.5 (high): Stack-based buffer overflow in the PL/SQL EXTPROC functionality for Oracle9i Database Release 2 and 1, and Oracle 8i, allows authenticated…
CVE-2003-1193 — CVSS 7.5 (high): Multiple SQL injection vulnerabilities in the Portal DB (1) List of Values (LOVs), (2) Forms, (3) Hierarchy, and (4) XML components…
CVE-2004-1362 — CVSS 7.5 (high): The PL/SQL module for the Oracle HTTP Server in Oracle Application Server 10g, when using the WE8ISO8859P1 character set, does not perform…
CVE-2005-1495 — CVSS 7.5 (high): Oracle Database 9i and 10g disables Fine Grained Audit (FGA) after the SYS user executes a SELECT statement on an FGA object, which makes…
CVE-2005-3641 — CVSS 7.5 (high): Oracle Databases running on Windows XP with Simple File Sharing enabled, allows remote attackers to bypass authentication by supplying a…
CVE-2006-0552 — CVSS 7.5 (high): Unspecified vulnerability in the Net Listener component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, and 9.2.0.7 has…
CVE-2004-1707 — CVSS 7.2 (high): The (1) dbsnmp and (2) nmo programs in Oracle 8i, Oracle 9i, and Oracle IAS 9.0.2.0.1, on Unix systems, use a default path to find and…
CVE-2006-6703 — CVSS 6.8 (medium): Multiple cross-site scripting (XSS) vulnerabilities in Oracle Portal 9i and 10g allow remote attackers to inject arbitrary JavaScript via…
CVE-2002-0840 — CVSS 6.8 (medium): Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when…
CVE-2004-1339 — CVSS 6.5 (medium): SQL injection vulnerability in the (1) MDSYS.SDO_GEOM_TRIG_INS1 and (2) MDSYS.SDO_LRS_TRIG_INS default triggers in Oracle 9i and 10g allows…
CVE-2004-0637 — CVSS 6.5 (medium): Oracle Database Server 8.1.7.4 through 9.2.0.4 allows local users to execute commands with additional privileges via the ctxsys.driload…
CVE-2004-1338 — CVSS 6.5 (medium): The triggers in Oracle 9i and 10g allow local users to gain privileges by using a sequence of partially privileged actions: using…
CVE-2004-1369 — CVSS 5.0 (medium): The TNS Listener in Oracle 10g allows remote attackers to cause a denial of service (listener crash) via a malformed service_register_NSGR…
CVE-2001-0513 — CVSS 5.0 (medium): Oracle listener process on Windows NT redirects connection requests to another port and creates a separate thread to process the request…
CVE-2002-0560 — CVSS 5.0 (medium): PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to obtain sensitive information via the OWA_UTIL…
CVE-2001-0518 — CVSS 5.0 (medium): Oracle listener before Oracle 9i allows attackers to cause a denial of service by repeatedly sending the first portion of a fragmented…
CVE-2002-0566 — CVSS 5.0 (medium): PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to cause a denial of service (crash) via an HTTP…
CVE-2002-0565 — CVSS 5.0 (medium): Oracle 9iAS 1.0.2.x compiles JSP files in the _pages directory with world-readable permissions under the web root, which allows remote…
CVE-2001-0516 — CVSS 5.0 (medium): Oracle listener between Oracle 9i and Oracle 8.0 allows remote attackers to cause a denial of service via a malformed connection packet…
CVE-2002-0563 — CVSS 5.0 (medium): The default configuration of Oracle 9i Application Server 1.0.2.x allows remote anonymous users to access sensitive services without…
CVE-2002-0562 — CVSS 5.0 (medium): The default configuration of Oracle 9i Application Server 1.0.2.x running Oracle JSP or SQLJSP stores globals.jsa under the web root, which…
CVE-2004-2244 — CVSS 5.0 (medium): The XML parser in Oracle 9i Application Server Release 2 9.0.3.0 and 9.0.3.1, 9.0.2.3 and earlier, and Release 1 1.0.2.2 and 1.0.2.2.2, and…
CVE-2002-1118 — CVSS 5.0 (medium): TNS Listener in Oracle Net Services for Oracle 9i 9.2.x and 9.0.x, and Oracle 8i 8.1.x, allows remote attackers to cause a denial of…
CVE-2002-0856 — CVSS 5.0 (medium): SQL*NET listener for Oracle Net Oracle9i 9.0.x and 9.2 allows remote attackers to cause a denial of service (crash) via certain debug…
CVE-2002-0509 — CVSS 5.0 (medium): Transparent Network Substrate (TNS) Listener in Oracle 9i 9.0.1.1 allows remote attackers to cause a denial of service (CPU consumption)…
CVE-2004-1365 — CVSS 4.6 (medium): Extproc in Oracle 9i and 10g does not require authentication to load a library or execute a function, which allows local users to execute…
CVE-2004-1366 — CVSS 4.6 (medium): Oracle 10g Database Server stores the password for the SYSMAN account in cleartext in the world-readable emoms.properties file, which could…
CVE-2003-0894 — CVSS 4.6 (medium): Buffer overflow in the (1) oracle and (2) oracleO programs in Oracle 9i Database 9.0.x and 9.2.x before 9.2.0.4 allows local users to…
CVE-2004-1367 — CVSS 4.4 (medium): Oracle 10g Database Server, when installed with a password that contains an exclamation point ("!") for the (1) DBSNMP or (2) SYSMAN user…
CVE-2005-3204 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Oracle XML DB 9iR2 allows remote attackers to inject arbitrary web script or HTML via the query…
CVE-2002-0568 — CVSS 2.1 (low): Oracle 9i Application Server stores XSQL and SOAP configuration files insecurely, which allows local users to obtain sensitive information…
CVE-2006-1705 — CVSS 2.1 (low): Oracle Database 9.2.0.0 to 10.2.0.3 allows local users with "SELECT" privileges for a base table to insert, update, or delete data by…