CVSS: 10.0EPSS: 95%CPEs: 2EXPL: 2CVE-2009-1979 – Oracle 10gR2 - TNS Listener AUTH_SESSKEY Buffer Overflow
https://notcve.org/view.php?id=CVE-2009-1979
Unspecified vulnerability in the Network Authentication component in Oracle Database 10.1.0.5 and 10.2.0.4 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2009 CPU. Oracle has not commented on claims from an independent researcher that this is related to improper validation of the AUTH_SESSKEY parameter length that leads to arbitrary code execution. Vulnerabilidad no especificada en el componente Network Authentication en Oracle Database v10.1.0.5 y v10.2.0.4 permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores no conocidos. • https://www.exploit-db.com/exploits/16342 https://www.exploit-db.com/exploits/9905 http://blogs.conus.info/node/28 http://osvdb.org/59110 http://secunia.com/advisories/37027 http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html http://www.securityfocus.com/archive/1/507598/100/0/threaded http://www.securityfocus.com/bid/36747 http://www.securitytracker.com/id?1023057 http://www.us-cert.gov/cas/techalerts/TA09-294A.html •
CVSS: 3.6EPSS: 17%CPEs: 4EXPL: 0CVE-2009-1991
https://notcve.org/view.php?id=CVE-2009-1991
Unspecified vulnerability in the Oracle Text component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.4 allows remote authenticated users to affect confidentiality and integrity, related to CTXSYS.DRVXTABC. NOTE: the previous information was obtained from the October 2009 CPU. Oracle has not commented on claims from an established researcher that this is for multiple SQL injection vulnerabilities via the (1) idx_owner or (2) idx_name parameters to the create_tables procedure. Vulnerabilidad no especificada en el componente Oracle Text en Oracle Database v9.2.0.8, v9.2.0.8DV, v10.1.0.5, y v10.2.0.4 permite a los usuarios remotos autenticados comprometer la confidencialidad e integridad, relativo a CTXSYS.DRVXTABC. • http://osvdb.org/59113 http://secunia.com/advisories/37027 http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html http://www.securityfocus.com/bid/36748 http://www.securitytracker.com/id?1023057 http://www.us-cert.gov/cas/techalerts/TA09-294A.html •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2009-0987
https://notcve.org/view.php?id=CVE-2009-0987
Unspecified vulnerability in the Upgrade component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. Vulnerabilidad inespecífica en el componente Upgrade en Oracle Database v9.2.0.8, v9.2.0.8DV, v10.1.0.5, y v10.2.0.3 permite a usuarios remotos autenticados afectar a la confidencialidad y la integridad a través de vectores desconocidos. • http://osvdb.org/55889 http://secunia.com/advisories/35776 http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html http://www.securityfocus.com/bid/35679 http://www.securitytracker.com/id?1022560 http://www.vupen.com/english/advisories/2009/1900 https://exchange.xforce.ibmcloud.com/vulnerabilities/51746 •
CVSS: 4.0EPSS: 0%CPEs: 4EXPL: 0CVE-2009-1015
https://notcve.org/view.php?id=CVE-2009-1015
Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.05, and 10.2.04 allows remote authenticated users to affect integrity via unknown vectors. Vulnerabilidad inespecífica en el componente Core RDBMS en Oracle Database v9.2.0.8, v9.2.0.8DV, v10.1.05, y v10.2.04 permite a usuarios remotos autenticados afectar a la integridad a través de vectores desconocidos. • http://osvdb.org/55893 http://secunia.com/advisories/35776 http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html http://www.securityfocus.com/bid/35682 http://www.securitytracker.com/id?1022560 http://www.vupen.com/english/advisories/2009/1900 https://exchange.xforce.ibmcloud.com/vulnerabilities/51747 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2009-1973
https://notcve.org/view.php?id=CVE-2009-1973
Unspecified vulnerability in the Virtual Private Database component in Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote authenticated users to affect confidentiality and integrity, related to VPD policies. Vulnerabilidad no especificada en el componente Virtual Private Database en Oracle Database v10.1.0.5, v10.2.0.4, y v11.1.0.7 permite a los usuario remotos autenticados afectar la confidencialidad y integridad en relación a las políticas VPD. • http://osvdb.org/55890 http://secunia.com/advisories/35776 http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html http://www.securityfocus.com/bid/35687 http://www.securitytracker.com/id?1022560 http://www.vupen.com/english/advisories/2009/1900 https://exchange.xforce.ibmcloud.com/vulnerabilities/51757 •