CVE-2010-2419 – Oracle Database Java Stored Procedure Race Condition Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-2419
Unspecified vulnerability in the Java Virtual Machine component in Oracle Database Server 10.1.0.5, 10.2.0.4, 11.1.0.7, and 11.2.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. Vulnerabilidad no especificada en el componente Java Virtual Machine en Oracle Database Server v10.1.0.5, v10.2.0.4, v11.1.0.7, v11.2.0.1 y permite a usuarios remotos autenticados afectar a la confidencialidad, integridad y disponibilidad a través de vectores desconocidos. This vulnerability allows remote attackers to break out of the Java Sandbox implemented by Oracle's relational database. Authentication is required in that a user must be able to create a Java stored procedure to trigger the issue. The specific flaw exists within Oracle's custom SecurityManager implementation. Due to the implementation's dependence on a flag of a particular object to determine success or failure of a privileged call, a race condition exists which will allow one to execute Java code bypassing the sandbox. • http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html http://www.us-cert.gov/cas/techalerts/TA10-287A.html •
CVE-2010-0911
https://notcve.org/view.php?id=CVE-2010-0911
Unspecified vulnerability in the Listener component in Oracle Database Server 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, 11.1.0.7, and 11.2.0.1 allows remote attackers to affect availability via unknown vectors. Vulnerabilidad no especificada en el componente Listener de Oracle Database Server v9.2.0.8, v9.2.0.8DV, v10.1.0.5, v10.2.0.4, v11.1.0.7, y v11.2.0.1, permite a atacantes remotos afectar la disponibilidad a través de vectores desconocidos. • http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html •
CVE-2010-0901
https://notcve.org/view.php?id=CVE-2010-0901
Unspecified vulnerability in the Export component in Oracle Database Server 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, 11.1.0.7, and 11.2.0.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Select Any Dictionary. Vulnerabilidad no especificada en el componente Export en Oracle Database Server 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, 11.1.0.7 y 11.2.0.1 permite a atacantes remotos autenticados comprometer la confidencialidad a través de vectores desconocidos relacionados con "Select Any Dictionary". • http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html •
CVE-2010-0903
https://notcve.org/view.php?id=CVE-2010-0903
Unspecified vulnerability in the Net Foundation Layer component in Oracle Database Server 9.2.0.8, 10.1.0.5, 10.2.0.4, 11.1.0.7, and 11.2.0.1, when running on Windows, allows remote attackers to affect availability via unknown vectors. Vulnerabilidad no especificada en el componente Foundation Layer en Oracle Database Server v9.2.0.8, v10.1.0.5, v10.2.0.4, v11.1.0.7, y v11.2.0.1, cuando se ejecutan en Windows, permite a atacantes remotos afectar la disponibilidad a través de vectores desconocidos. • http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html •
CVE-2010-0900
https://notcve.org/view.php?id=CVE-2010-0900
Unspecified vulnerability in the Network Layer component in Oracle Database Server 9.2.0.8, 10.1.0.5, 10.2.0.4, 11.1.0.7, and 11.2.0.1, when running on Windows, allows remote attackers to affect availability via unknown vectors. Vulnerabilidad no especificada en el componente Network Layer en Oracle Database Server v9.2.0.8, v10.1.0.5, v10.2.0.4, v11.1.0.7, y v11.2.0.1, cuando se ejecuta en Windows, permite a atacantes remotos afectar la disponibilidad a través de vectores desconocidos. • http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html •