| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unknown impact and attack vectors related to (1) the Advanced Queuing component and sys.dbms_aqsys.dbms_aq privileges (DB01), (2) Advanced Replication and sys.dbms_repcat_untrusted (DB07), and (3) Oracle Text and ctxload (DB15). NOTE: Oracle has not publicly claims by reliable researchers that DB01 is for SQL injection in the SYS.DBMS_AQ_INV package, and DB07 is for a buffer overflow in the UNREGISTER_SNAPSHOT procedure in the DBMS_REPCAT_UNTRUSTED package. |
| Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack." |
| The "decode as" feature in packet-bssap.c in the SCCP dissector in Wireshark (formerly Ethereal) 0.99.6 through 0.99.8 allows remote attackers to cause a denial of service (application crash) via a malformed packet. |
| Dbgv.sys in Microsoft Sysinternals DebugView before 4.72 provides an unspecified mechanism for copying data into kernel memory, which allows local users to gain privileges via unspecified vectors. |
| Unspecified vulnerability in the BI Publisher component in Oracle Application Server 5.6.2, 10.1.3.2.1, 10.1.3.3.3, and 10.1.3.4 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2009-0994. |
| Unspecified vulnerability in Oracle BEA WebLogic Portal 8.1 Gold through SP6 allows remote authenticated users to gain privileges via unknown vectors. |
| Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.0.6 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. |
| Unspecified vulnerability in the OPMN component in Oracle Application Server 10.1.2.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is a format string vulnerability that allows remote attackers to execute arbitrary code via format string specifiers in an HTTP POST URI, which are not properly handled when logging to opmn/logs/opmn.log. |
| Unspecified vulnerability in the SQLX Functions component in Oracle Database 10.2.0.3 and 11.1.0.6 allows remote authenticated users to affect integrity and availability, related to AGGXQIMP. |
| Multiple unspecified vulnerabilities in Oracle Application Express (formerly Oracle HTML DB) 1.5 up to 2.0 have unknown impact and remote attack vectors, aka Vuln# (1) APEX01, (2) APEX02, (3) APEX03, (4) APEX05, (5) APEX06, (6) APEX07, (7) APEX08, (8) APEX09, (9) APEX10, (10) APEX11, (11) APEX12, (12) APEX13, (13) APEX14, (14) APEX15, (15) APEX16, (16) APEX17, (17) APEX18, (18) APEX19, (19) APEX22, (20) APEX23, (21) APEX24, (22) APEX25, (23) APEX26, (24) APEX27, (25) APEX28, (26) APEX29, (27) APEX30, (28) APEX31, (29) APEX32, (30) APEX33, (31) APEX34, and (32) APEX35. NOTE: as of 20061027, it is likely that some of these identifiers are associated with cross-site scripting (XSS) in WWV_FLOW_ITEM_HELP and NOTIFICATION_MSG, but these have been provided separate identifiers. |
| Unspecified vulnerability in Oracle Spatial component in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.4 has unknown impact and remote authenticated attack vectors related to mdsys.sdo_geom, aka Vuln# DB22. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB22 is related to "length checking" in the RELATE function before MD2.RELATE is called. |
| Unspecified vulnerability in the PD tools component in IBM WebSphere Application Server (WAS) 6.1 before Fix Pack 11 (6.1.0.11) has unknown impact and attack vectors, aka PK33803. |
| Multiple unspecified vulnerabilities in the Innovasys DockStudioXP InnovaDSXP2.OCX ActiveX Control have unspecified attack vectors and impact, including a denial of service via "improper use" of the SaveToFile function. |
| Unspecified vulnerability in ClamAV before 0.95 allows remote attackers to bypass detection of malware via a modified RAR archive. |
| Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3 allows remote attackers to affect confidentiality, integrity, and availability, related to the WLS Console Package. |
| Unspecified vulnerability in phpScheduleIt 1.2.0 through 1.2.9, when useLogonName is enabled, allows remote attackers with administrator email address knowledge to bypass restrictions and gain privileges via unspecified vectors related to login names. NOTE: some of these details are obtained from third party information. |
| Unspecified vulnerability in OXID eShop Professional, Enterprise, and Community Edition before 4.1.0 allows remote attackers to gain administrator privileges and access the shop backend via a crafted parameter. |
| Unspecified vulnerability in the Workspace Manager component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to SYS.LT and WMSYS.LT, a different vulnerability than CVE-2008-3982 and CVE-2008-3983. |
| Unspecified vulnerability in the Workspace Manager component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to SYS.LT and WMSYS.LT, a different vulnerability than CVE-2008-3982 and CVE-2008-3984. |
| imlib2 before 1.4.2 allows context-dependent attackers to have an unspecified impact via a crafted (1) ARGB, (2) BMP, (3) JPEG, (4) LBM, (5) PNM, (6) TGA, or (7) XPM file, related to "several heap and stack based buffer overflows - partly due to integer overflows." |
