Oracle : Security Vulnerabilities, CVEs, Published In May 2007

CVE-2007-2703

BEA WebLogic Portal 9.2 GA can corrupt a visitor entitlements role if an administrator provides a long role description, which might allow remote authenticated users to access privileged resources.
Max CVSS
3.6
EPSS Score
0.14%
Published
2007-05-16
Updated
2018-10-30

CVE-2007-2702

Cross-site scripting (XSS) vulnerability in the GroupSpace application in BEA WebLogic Portal 9.2 GA allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to the rich text editor.
Max CVSS
3.5
EPSS Score
0.12%
Published
2007-05-16
Updated
2018-10-30

CVE-2007-2693

MySQL before 5.1.18 allows remote authenticated users without SELECT privileges to obtain sensitive information from partitioned tables via an ALTER TABLE statement.
Max CVSS
3.5
EPSS Score
0.27%
Published
2007-05-16
Updated
2019-12-17

CVE-2007-2692

The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines, which allows remote authenticated users to gain privileges.
Max CVSS
6.0
EPSS Score
1.45%
Published
2007-05-16
Updated
2019-12-17

CVE-2007-2583

The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40, and 5.1 before 5.1.18-beta, allows context-dependent attackers to cause a denial of service (crash) via a crafted IF clause that results in a divide-by-zero error and a NULL pointer dereference.
Max CVSS
4.0
EPSS Score
0.28%
Published
2007-05-10
Updated
2021-11-08
5 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close