CVSS: 8.5EPSS: 0%CPEs: 10EXPL: 0CVE-2007-5897
https://notcve.org/view.php?id=CVE-2007-5897
Buffer overflow in MDSYS.SDO_CS in Oracle Database Server 8iR3, 9iR1, 9iR2 up to 9.2.0.6, and 10gR1 up to 10.1.0.4 allows remote authenticated users to cause a denial of service (crash) and execute arbitrary code via the TRANSFORM function. NOTE: this issue might already be covered by CVE-2007-5515, CVE-2007-5509, or CVE-2007-5505, but there are insufficient details to be sure. Desbordamiento de búfer en MDSYS.SDO_CS de Oracle Database Server 8iR3, 9iR1, 9iR2 hasta 9.2.0.6, y 10gR1 hasta 10.1.0.4 permite a usuarios autenticados remotos provocar una denegación de servicio (caída) y ejecutar código de su elección mediante la función TRANSFORM. NOTA: este asunto podría estar ya cubierto por CVE-2007-5515, CVE-2007-5509, o CVE-2007-5505, pero no hay suficientes detalles como para estar seguros. • http://osvdb.org/40081 http://www.oracle.com/technetwork/topics/security/cpuoct2007-092913.html http://www.securityfocus.com/archive/1/482918/100/100/threaded http://www.securityfocus.com/bid/26243 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 1%CPEs: 5EXPL: 0CVE-2007-5506
https://notcve.org/view.php?id=CVE-2007-5506
The Core RDBMS component in Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote attackers to cause a denial of service (CPU consumption) via a crafted type 6 Data packet, aka DB20. El núcleo del componente RDBMS en Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, y 10.2.0.3 permite a atacantes remotos provocar una denegación de servicio (consumo de CPU) mediante un paquete de datos tipo 6 manipulado artesanalmente, también conocido como DB20. • http://marc.info/?l=bugtraq&m=119332677525918&w=2 http://secunia.com/advisories/27251 http://secunia.com/advisories/27409 http://securityreason.com/securityalert/3244 http://www.oracle.com/technetwork/topics/security/cpuoct2007-092913.html http://www.securityfocus.com/archive/1/482424/100/0/threaded http://www.securityfocus.com/bid/26108 http://www.securitytracker.com/id?1018823 http://www.us-cert.gov/cas/techalerts/TA07-290A.html http://www.vupen.com/english/advisories/2007&#x • CWE-399: Resource Management Errors •
CVSS: 6.4EPSS: 1%CPEs: 5EXPL: 0CVE-2007-5507
https://notcve.org/view.php?id=CVE-2007-5507
The GIOP service in TNS Listener in the Oracle Net Services component in Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote attackers to cause a denial of service (crash) or read potentially sensitive memory via a connect GIOP packet with an invalid data size, which triggers a buffer over-read, aka DB22. El servicio GIOP en TNS Listener del componente Oracle Net Services de Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, y 10.2.0.3 permite a atacantes remotos provocar una denegación de servicio (caída) o leer memoria potencialmente sensible mediante un paquete GIOP connect con un tamaño de datos inválido, lo cual dispara un desbordamiento de lectura de búfer, también conocida como DB22. • http://marc.info/?l=bugtraq&m=119332677525918&w=2 http://secunia.com/advisories/27251 http://secunia.com/advisories/27409 http://securityreason.com/securityalert/3250 http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-oracle-tns-listener http://www.oracle.com/technetwork/topics/security/cpuoct2007-092913.html http://www.securityfocus.com/archive/1/482423/100/0/threaded http://www.securityfocus.com/bid/26103 http://www.securitytracker.com/id?1018823 http://www.us-cert. • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 1%CPEs: 3EXPL: 0CVE-2007-5513
https://notcve.org/view.php?id=CVE-2007-5513
The XML DB (XMLDB) component in Oracle Database 9.2.0.8, 9.2.0.8DV, and 10.1.0.5 generates incorrect audit entries in the USERID column in which (1) long usernames are trimmed to 5 characters, or (2) short entries contain any extra characters from usernames in previous entries, aka DB23. El componente XML DB (XMLDB) de Oracle Database 9.2.0.8, 9.2.0.8DV, y 10.1.0.5 genera entradas de auditoría incorrectas en la columna USERID en la cual (1) nombres de usuario largo se recortan a 5 caracteres, o (2) entradas cortas contienen los caracteres extra de nombres de usuario en entradas previas, también conocida como DB23. • http://marc.info/?l=bugtraq&m=119332677525918&w=2 http://secunia.com/advisories/27251 http://secunia.com/advisories/27409 http://securityreason.com/securityalert/3247 http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-oracle-xmldb-ftp-service http://www.oracle.com/technetwork/topics/security/cpuoct2007-092913.html http://www.securityfocus.com/archive/1/482426/100/0/threaded http://www.securityfocus.com/bid/26107 http://www.securitytracker.com/id?1018823 http://www.us- •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2007-5505
https://notcve.org/view.php?id=CVE-2007-5505
Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 have unknown impact and remote attack vectors, related to (1) the Export component (DB02), (2) Oracle Text (DB04), (3) Oracle Text (DB05), (4) Spatial component (DB07), and (5) Advanced Security Option (DB19). Múltiples vulnerabilidades sin especificar en las Bases de Datos de Oracle 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5 y 10.2.0.3 tienen un impacto desconocido y vectores de ataque remotos, relacionado con (1) los componentes Export (DB02), (2) Oracle Text (DB04), (3) Oracle Text (DB05), (4) componente Spatial (DB07) y (5) Advanced Security Option (DB19). • http://marc.info/?l=bugtraq&m=119332677525918&w=2 http://secunia.com/advisories/27251 http://secunia.com/advisories/27409 http://www.oracle.com/technetwork/topics/security/cpuoct2007-092913.html http://www.securitytracker.com/id?1018823 http://www.us-cert.gov/cas/techalerts/TA07-290A.html http://www.vupen.com/english/advisories/2007/3524 http://www.vupen.com/english/advisories/2007/3626 •