Vulnerabilities (CVE)

Filtered by vendor Oracle Subscribe
Total 10698 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2010-3837 2 Mysql, Oracle 2 Mysql, Mysql 2026-06-16 4.0 MEDIUM N/A
MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a prepared statement that uses GROUP_CONCAT with the WITH ROLLUP modifier, probably triggering a use-after-free error when a copied object is modified in a way that also affects the original object.
CVE-2010-3836 2 Mysql, Oracle 2 Mysql, Mysql 2026-06-16 4.0 MEDIUM N/A
MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (assertion failure and server crash) via vectors related to view preparation, pre-evaluation of LIKE predicates, and IN Optimizers.
CVE-2010-3835 2 Mysql, Oracle 2 Mysql, Mysql 2026-06-16 4.0 MEDIUM N/A
MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (mysqld server crash) by performing a user-variable assignment in a logical expression that is calculated and stored in a temporary table for GROUP BY, then causing the expression value to be used after the table is created, which causes the expression to be re-evaluated instead of accessing its value from the table.
CVE-2010-3834 2 Mysql, Oracle 2 Mysql, Mysql 2026-06-16 4.0 MEDIUM N/A
Unspecified vulnerability in MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via vectors related to "materializing a derived table that required a temporary table for grouping" and "user variable assignments."
CVE-2010-3833 2 Mysql, Oracle 2 Mysql, Mysql 2026-06-16 5.0 MEDIUM N/A
MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 does not properly propagate type errors, which allows remote attackers to cause a denial of service (server crash) via crafted arguments to extreme-value functions such as (1) LEAST and (2) GREATEST, related to KILL_BAD_DATA and a "CREATE TABLE ... SELECT."
CVE-2010-3683 2 Mysql, Oracle 2 Mysql, Mysql 2026-06-16 4.0 MEDIUM N/A
Oracle MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 sends an OK packet when a LOAD DATA INFILE request generates SQL errors, which allows remote authenticated users to cause a denial of service (mysqld daemon crash) via a crafted request.
CVE-2010-3682 2 Mysql, Oracle 2 Mysql, Mysql 2026-06-16 4.0 MEDIUM N/A
Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using EXPLAIN with crafted "SELECT ... UNION ... ORDER BY (SELECT ... WHERE ...)" statements, which triggers a NULL pointer dereference in the Item_singlerow_subselect::store function.
CVE-2010-3681 2 Mysql, Oracle 2 Mysql, Mysql 2026-06-16 4.0 MEDIUM N/A
Oracle MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using the HANDLER interface and performing "alternate reads from two indexes on a table," which triggers an assertion failure.
CVE-2010-3680 2 Mysql, Oracle 2 Mysql, Mysql 2026-06-16 4.0 MEDIUM N/A
Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by creating temporary tables with nullable columns while using InnoDB, which triggers an assertion failure.
CVE-2010-3679 2 Mysql, Oracle 2 Mysql, Mysql 2026-06-16 4.0 MEDIUM N/A
Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via certain arguments to the BINLOG command, which triggers an access of uninitialized memory, as demonstrated by valgrind.
CVE-2010-3678 2 Mysql, Oracle 2 Mysql, Mysql 2026-06-16 4.0 MEDIUM N/A
Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (crash) via (1) IN or (2) CASE operations with NULL arguments that are explicitly specified or indirectly provided by the WITH ROLLUP modifier.
CVE-2010-3677 2 Mysql, Oracle 2 Mysql, Mysql 2026-06-16 4.0 MEDIUM N/A
Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via a join query that uses a table with a unique SET column.
CVE-2010-3676 2 Mysql, Oracle 2 Mysql, Mysql 2026-06-16 4.0 MEDIUM N/A
storage/innobase/dict/dict0crea.c in mysqld in Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (assertion failure) by modifying the (1) innodb_file_format or (2) innodb_file_per_table configuration parameters for the InnoDB storage engine, then executing a DDL statement.
CVE-2010-3654 7 Adobe, Apple, Google and 4 more 9 Acrobat, Acrobat Reader, Flash Player and 6 more 2026-06-16 9.3 HIGH N/A
Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris and 10.1.95.1 on Android, and authplay.dll (aka AuthPlayLib.bundle or libauthplay.so.0.0.0) in Adobe Reader and Acrobat 9.x through 9.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted SWF content, as exploited in the wild in October 2010.
CVE-2010-3600 1 Oracle 2 Database Server, Enterprise Manager Grid Control 2026-06-16 7.5 HIGH N/A
Unspecified vulnerability in the Client System Analyzer component in Oracle Database Server 11.1.0.7 and 11.2.0.1 and Enterprise Manager Grid Control 10.2.0.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable third party coordinator that this issue involves an exposed JSP script that accepts XML uploads in conjunction with NULL bytes in an unspecified parameter that allow execution of arbitrary code.
CVE-2010-3599 1 Oracle 1 Fusion Middleware 2026-06-16 9.4 HIGH N/A
Unspecified vulnerability in the Oracle Document Capture component in Oracle Fusion Middleware 10.1.3.4 and 10.1.3.5 allows remote attackers to affect integrity and availability via unknown vectors related to Import Server. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from the original researcher that remote attackers can overwrite arbitrary files and execute arbitrary code via a full pathname in the first argument to the WriteJPG method in the NCSECWLib ActiveX control.
CVE-2010-3598 1 Oracle 1 Fusion Middleware 2026-06-16 7.1 HIGH N/A
Unspecified vulnerability in the Oracle Document Capture component in Oracle Fusion Middleware 10.1.3.4 and 10.1.3.5 allows remote attackers to affect integrity via unknown vectors related to Import Export Utility.
CVE-2010-3597 1 Oracle 1 Fusion Middleware 2026-06-16 1.9 LOW N/A
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.0 allows local users to affect availability, related to Outside In Viewer SDK.
CVE-2010-3596 1 Oracle 1 Secure Backup 2026-06-16 6.4 MEDIUM N/A
Unspecified vulnerability in the mod_ssl component in Oracle Secure Backup 10.3.0.2 allows remote attackers to affect integrity and availability via unknown vectors.
CVE-2010-3595 1 Oracle 1 Fusion Middleware 2026-06-16 7.8 HIGH N/A
Unspecified vulnerability in the Oracle Document Capture component in Oracle Fusion Middleware 10.1.3.4 and 10.1.3.5 allows remote attackers to affect confidentiality via unknown vectors related to Import Server. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from the original researcher that remote attackers can read arbitrary files via a full pathname in the first argument to the ImportBodyText method in the EasyMail ActiveX control (emsmtp.dll).