Software Detail

Software Informaton Top

Database

Software Detail

Oracle Database

Number Of NVD

492

CRITICAL

HIGH

171

MEDIUM

245

LOW

URL	https://www.oracle.com/database/
Explanation	It is a commercial relational database management system (RDBMS) developed and marketed by Oracle (USA). It was the first commercial database released in 1979. It has users all over the world and has all the necessary functions for a relational database management system (RDBMS). There are three support stages for Oracle enterprise Database. Premier Support (standard support for five years from the time of product shipment) Extended Support (3 years of extended support from the end of Premier Support) Extended Support (3 years of extended support after Premier Support expires) ・Sustaining Support (support received for continued use of the product) From Oracle Database 18c onwards, the "annual release" model has been adopted. Updates and Revisions are released in January, April, July, and October. In the case of version "18.0.1", 18 is the version, 0 is the update, and 1 is the revision.
Tag	商用ライセンス有り

Add Information URL

No	Type	Name	URL
1			https://www.oracle.com/technetwork/jp/database/enterprise-edition/downloads/index.html
2			https://support.oracle.com/knowledge/Oracle%20Database%20Products/2413744_1.html
3			https://support.oracle.com/knowledge/Oracle%20Cloud/2413744_1.html
4			https://www.oracle.com/jp/support/lifetime-support/
5			https://www.oracle.com/jp/database/technologies/oracle-database-software-downloads.html
6			http://otndnld.oracle.co.jp/ondemand/technight/19-1_CoreInstUpgr_DL_final.pdf

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Normal Support	Extended for a fee	Critical	High	Medium	Low
381	Oracle Database 19c	19.5		March 31, 2023		March 31, 2026	3	9	21	10
382	Oracle Database 12c Release 2	12.2.0.1		Nov. 20, 2020			8	13	24	12
383	Oracle Database 18c	18.0.0.0	June 15, 2018	Feb. 1, 2018			9	14	23	10
384	Oracle Database 12c Release 1	12.1.0.2		July 1, 2013	Aug. 31, 2016		6	28	72	23
385	Oracle Database 11g Release 2	11.2.0.4		Sept. 1, 2009	Jan. 31, 2015	Dec. 31, 2020	5	40	110	27
386	Oracle Database 11g Release 1	11.1.0.7		Sept. 1, 2007	Aug. 31, 2012	Aug. 31, 2015	0	37	114	23
387	Oracle Database 9.0c	9.0.4					1	47	18	3
388	Oracle Database 8.0c	8.0.6.3					0	10	2	2
389	Oracle Database 7.0c	7.0.64					0	3	0	1
390	Oracle Database 5.1c	5.1					0	2	1	1
391	Oracle Database 4.0c	4.0.8					0	2	5	2
392	Oracle Database 21.3c	21.3					0	0	6	5
393	Oracle Database 10.1c	10.1.0.5					1	83	75	16
394	Oracle Database 1.0c	1.0.2.2					0	2	3	2

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	Update date Published date	Show Affected	Exploit PoC Search
381	- 7.2	HIGH	Oracle Database 10g uses a NULL pDacl parameter when calling the SetSecurityDescriptorDacl function to create discretionary access control lists (DACLs), which allows local users to gain privileges.	NVD-CWE-Other	CVE-2007-1442	cpe:2.3:a:oracle:database_server:10.2.3:* cpe:2.3:a:oracle:database_server:10.2.3:* cpe:2.3:a:oracle:database_ser…	2026-04-23 09:35 2007-03-14	Show	GitHub Exploit DB Packet Storm

382	- 6.0	MEDIUM	Oracle 10g R2 and possibly other versions allows remote attackers to trigger internal errors, and possibly have other impacts, via an "alter session set events" command with invalid arguments. NOTE:…	NVD-CWE-Other	CVE-2006-7067	cpe:2.3:a:oracle:database_server:10.2.1:r2	2026-04-23 09:35 2007-03-3	Show	GitHub Exploit DB Packet Storm

383	- 6.5	MEDIUM	Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unknown impact and attack vectors related to (1) the Advanced Queuing component and sys.dbms_aqsys.dbms_aq …	NVD-CWE-noinfo	CVE-2007-0268	cpe:2.3:a:oracle:database_server:9.2.0.7:* cpe:2.3:a:oracle:database_server:9.0.1.5:* cpe:2.3:a:oracle:database_s…	2026-04-23 09:35 2007-01-17	Show	GitHub Exploit DB Packet Storm

384	- 5.5	MEDIUM	Unspecified vulnerability in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3 has unknown impact and attack vectors related to the Change Data Capture and sys.dbms_cdc_subscribe privileges, aka DB02.	NVD-CWE-Other	CVE-2007-0269	cpe:2.3:a:oracle:database_server:9.2.0.8:* cpe:2.3:a:oracle:database_server:10.2.0.3:* cpe:2.3:a:oracle:database_…	2026-04-23 09:35 2007-01-17	Show	GitHub Exploit DB Packet Storm

385	- 6.5	MEDIUM	Buffer overflow in SYS.DBMS_DRS in Oracle Database 9.2.0.7 and 10.1.0.4 allows remote authenticated users to cause a denial of service (crash) or execute arbitrary code via the GET_PROPERTY function …	CWE-119 Incorrect Access of Indexable Resource ('Range Error')	CVE-2007-0270	cpe:2.3:a:oracle:database_server:9.2.0.7:* cpe:2.3:a:oracle:database_server:10.1.0.4:*	2026-04-23 09:35 2007-01-17	Show	GitHub Exploit DB Packet Storm

386	- 6.5	MEDIUM	Unspecified vulnerability in Oracle Database 9.0.1.5 and 9.2.0.7 has unknown impact and attack vectors related to the Log Miner component and sys.dbms_log_mnr privileges, aka DB04. NOTE: Oracle has …	NVD-CWE-noinfo	CVE-2007-0271	cpe:2.3:a:oracle:database_server:9.2.0.7:* cpe:2.3:a:oracle:database_server:9.0.1.5:*	2026-04-23 09:35 2007-01-17	Show	GitHub Exploit DB Packet Storm

387	- 8.5	HIGH	Multiple buffer overflows in MDSYS.MD in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4 allows remote authenticated users to cause a denial of service (crash) or execute arbitrary code via u…	CWE-119 Incorrect Access of Indexable Resource ('Range Error')	CVE-2007-0272	cpe:2.3:a:oracle:database_server:9.2.0.7:* cpe:2.3:a:oracle:database_server:9.0.1.5:* cpe:2.3:a:oracle:database_s…	2026-04-23 09:35 2007-01-17	Show	GitHub Exploit DB Packet Storm

388	- 4.3	MEDIUM	Unspecified vulnerability in Oracle Database 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.3 has unknown impact and attack vectors related to XMLDB, aka DB06. NOTE: as of 20070123, Oracle has not disputed …	NVD-CWE-noinfo	CVE-2007-0273	cpe:2.3:a:oracle:database_server:9.2.0.8:* cpe:2.3:a:oracle:database_server:9.0.1.5:* cpe:2.3:a:oracle:database_s…	2026-04-23 09:35 2007-01-17	Show	GitHub Exploit DB Packet Storm

389	- 6.5	MEDIUM	Multiple unspecified vulnerabilities in Oracle Database 9.2.0.7 and 10.1.0.5 have unknown impact and attack vectors related to (1) Export and sys.dbms_logrep_util (DB08), and (2) Oracle Streams and s…	NVD-CWE-noinfo	CVE-2007-0274	cpe:2.3:a:oracle:database_server:9.2.0.7:* cpe:2.3:a:oracle:database_server:10.1.0.5:*	2026-04-23 09:35 2007-01-17	Show	GitHub Exploit DB Packet Storm

390	- 3.5	LOW	Cross-site scripting (XSS) vulnerability in Oracle Reports Web Cartridge (RWCGI60) in the Workflow Cartridge component, as used in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3; Application Server …	CWE-79 Cross-site Scripting	CVE-2007-0275	cpe:2.3:a:oracle:database_server:9.2.0.8:* cpe:2.3:a:oracle:database_server:10.2.0.3:* cpe:2.3:a:oracle:database_…	2026-04-23 09:35 2007-01-17	Show	GitHub Exploit DB Packet Storm