CVE-2008-0349
https://notcve.org/view.php?id=CVE-2008-0349
Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.15 and 8.49.07 has unknown impact and remote attack vectors, aka PSE02. Vulnerabilidad no especificada en el componente PeopleTools de Oracle PeopleSoft Enterprise y JD Edwards EnterpriseOne 8.48.15 y 8.49.07 tiene impacto y vectores de ataque remotos desconocidos, también conocido como PSE02. • http://marc.info/?l=bugtraq&m=120058413923005&w=2 http://secunia.com/advisories/28518 http://secunia.com/advisories/28556 http://securitytracker.com/id?1019218 http://www.oracle.com/technetwork/topics/security/cpujan2008-086860.html http://www.securityfocus.com/bid/27229 http://www.us-cert.gov/cas/techalerts/TA08-017A.html http://www.vupen.com/english/advisories/2008/0150 http://www.vupen.com/english/advisories/2008/0180 •
CVE-2007-5897
https://notcve.org/view.php?id=CVE-2007-5897
Buffer overflow in MDSYS.SDO_CS in Oracle Database Server 8iR3, 9iR1, 9iR2 up to 9.2.0.6, and 10gR1 up to 10.1.0.4 allows remote authenticated users to cause a denial of service (crash) and execute arbitrary code via the TRANSFORM function. NOTE: this issue might already be covered by CVE-2007-5515, CVE-2007-5509, or CVE-2007-5505, but there are insufficient details to be sure. Desbordamiento de búfer en MDSYS.SDO_CS de Oracle Database Server 8iR3, 9iR1, 9iR2 hasta 9.2.0.6, y 10gR1 hasta 10.1.0.4 permite a usuarios autenticados remotos provocar una denegación de servicio (caída) y ejecutar código de su elección mediante la función TRANSFORM. NOTA: este asunto podría estar ya cubierto por CVE-2007-5515, CVE-2007-5509, o CVE-2007-5505, pero no hay suficientes detalles como para estar seguros. • http://osvdb.org/40081 http://www.oracle.com/technetwork/topics/security/cpuoct2007-092913.html http://www.securityfocus.com/archive/1/482918/100/100/threaded http://www.securityfocus.com/bid/26243 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2007-5506
https://notcve.org/view.php?id=CVE-2007-5506
The Core RDBMS component in Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote attackers to cause a denial of service (CPU consumption) via a crafted type 6 Data packet, aka DB20. El núcleo del componente RDBMS en Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, y 10.2.0.3 permite a atacantes remotos provocar una denegación de servicio (consumo de CPU) mediante un paquete de datos tipo 6 manipulado artesanalmente, también conocido como DB20. • http://marc.info/?l=bugtraq&m=119332677525918&w=2 http://secunia.com/advisories/27251 http://secunia.com/advisories/27409 http://securityreason.com/securityalert/3244 http://www.oracle.com/technetwork/topics/security/cpuoct2007-092913.html http://www.securityfocus.com/archive/1/482424/100/0/threaded http://www.securityfocus.com/bid/26108 http://www.securitytracker.com/id?1018823 http://www.us-cert.gov/cas/techalerts/TA07-290A.html http://www.vupen.com/english/advisories/2007 • CWE-399: Resource Management Errors •
CVE-2007-5507
https://notcve.org/view.php?id=CVE-2007-5507
The GIOP service in TNS Listener in the Oracle Net Services component in Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote attackers to cause a denial of service (crash) or read potentially sensitive memory via a connect GIOP packet with an invalid data size, which triggers a buffer over-read, aka DB22. El servicio GIOP en TNS Listener del componente Oracle Net Services de Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, y 10.2.0.3 permite a atacantes remotos provocar una denegación de servicio (caída) o leer memoria potencialmente sensible mediante un paquete GIOP connect con un tamaño de datos inválido, lo cual dispara un desbordamiento de lectura de búfer, también conocida como DB22. • http://marc.info/?l=bugtraq&m=119332677525918&w=2 http://secunia.com/advisories/27251 http://secunia.com/advisories/27409 http://securityreason.com/securityalert/3250 http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-oracle-tns-listener http://www.oracle.com/technetwork/topics/security/cpuoct2007-092913.html http://www.securityfocus.com/archive/1/482423/100/0/threaded http://www.securityfocus.com/bid/26103 http://www.securitytracker.com/id?1018823 http://www.us-cert. • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2007-5513
https://notcve.org/view.php?id=CVE-2007-5513
The XML DB (XMLDB) component in Oracle Database 9.2.0.8, 9.2.0.8DV, and 10.1.0.5 generates incorrect audit entries in the USERID column in which (1) long usernames are trimmed to 5 characters, or (2) short entries contain any extra characters from usernames in previous entries, aka DB23. El componente XML DB (XMLDB) de Oracle Database 9.2.0.8, 9.2.0.8DV, y 10.1.0.5 genera entradas de auditoría incorrectas en la columna USERID en la cual (1) nombres de usuario largo se recortan a 5 caracteres, o (2) entradas cortas contienen los caracteres extra de nombres de usuario en entradas previas, también conocida como DB23. • http://marc.info/?l=bugtraq&m=119332677525918&w=2 http://secunia.com/advisories/27251 http://secunia.com/advisories/27409 http://securityreason.com/securityalert/3247 http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-oracle-xmldb-ftp-service http://www.oracle.com/technetwork/topics/security/cpuoct2007-092913.html http://www.securityfocus.com/archive/1/482426/100/0/threaded http://www.securityfocus.com/bid/26107 http://www.securitytracker.com/id?1018823 http://www.us- •