CVSS: 7.8EPSS: 1%CPEs: 5EXPL: 0CVE-2007-5506
https://notcve.org/view.php?id=CVE-2007-5506
The Core RDBMS component in Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote attackers to cause a denial of service (CPU consumption) via a crafted type 6 Data packet, aka DB20. El núcleo del componente RDBMS en Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, y 10.2.0.3 permite a atacantes remotos provocar una denegación de servicio (consumo de CPU) mediante un paquete de datos tipo 6 manipulado artesanalmente, también conocido como DB20. • http://marc.info/?l=bugtraq&m=119332677525918&w=2 http://secunia.com/advisories/27251 http://secunia.com/advisories/27409 http://securityreason.com/securityalert/3244 http://www.oracle.com/technetwork/topics/security/cpuoct2007-092913.html http://www.securityfocus.com/archive/1/482424/100/0/threaded http://www.securityfocus.com/bid/26108 http://www.securitytracker.com/id?1018823 http://www.us-cert.gov/cas/techalerts/TA07-290A.html http://www.vupen.com/english/advisories/2007&#x • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2007-5520
https://notcve.org/view.php?id=CVE-2007-5520
Unspecified vulnerability in the Oracle Internet Directory component in Oracle Database 9.2.0.8 and 9.2.0.8DV, and Oracle Application Server 9.0.4.3, 10.1.3.0.0 up to 10.1.3.3.0, and 10.1.2.0.1 up to 10.1.2.2.0, has unknown impact and remote attack vectors, aka AS05. Vulnerabilidad no especificada en el componente Oracle Internet Directory en la base de datos Oracle 9.2.0.8 y 9.2.0.8DV, y Oracle Application Server 9.0.4.3, 10.1.3.0.0 hasta 10.1.3.3.0, y 10.1.2.0.1 hasta 10.1.2.2.0, tiene impacto desconocido y vectores de ataque, también conocido como AS05. • http://marc.info/?l=bugtraq&m=119332677525918&w=2 http://secunia.com/advisories/27251 http://secunia.com/advisories/27409 http://www.oracle.com/technetwork/topics/security/cpuoct2007-092913.html http://www.securitytracker.com/id?1018823 http://www.us-cert.gov/cas/techalerts/TA07-290A.html http://www.vupen.com/english/advisories/2007/3524 http://www.vupen.com/english/advisories/2007/3626 •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2007-5509
https://notcve.org/view.php?id=CVE-2007-5509
Unspecified vulnerability in the Spatial component in Oracle Database 9.2.0.8 and 9.2.0.8DV has unknown impact and remote attack vectors, aka DB06. noesp Vulnerabilidad no especificada en en el componente Spatial de Oracle Database 9.2.0.8 y 9.2.0.8DV tiene impacto y vectores de ataque remotos desconocidos, también conocida como DB06. • http://marc.info/?l=bugtraq&m=119332677525918&w=2 http://secunia.com/advisories/27251 http://secunia.com/advisories/27409 http://www.oracle.com/technetwork/topics/security/cpuoct2007-092913.html http://www.securitytracker.com/id?1018823 http://www.us-cert.gov/cas/techalerts/TA07-290A.html http://www.vupen.com/english/advisories/2007/3524 http://www.vupen.com/english/advisories/2007/3626 •
CVSS: 6.4EPSS: 1%CPEs: 5EXPL: 0CVE-2007-5507
https://notcve.org/view.php?id=CVE-2007-5507
The GIOP service in TNS Listener in the Oracle Net Services component in Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote attackers to cause a denial of service (crash) or read potentially sensitive memory via a connect GIOP packet with an invalid data size, which triggers a buffer over-read, aka DB22. El servicio GIOP en TNS Listener del componente Oracle Net Services de Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, y 10.2.0.3 permite a atacantes remotos provocar una denegación de servicio (caída) o leer memoria potencialmente sensible mediante un paquete GIOP connect con un tamaño de datos inválido, lo cual dispara un desbordamiento de lectura de búfer, también conocida como DB22. • http://marc.info/?l=bugtraq&m=119332677525918&w=2 http://secunia.com/advisories/27251 http://secunia.com/advisories/27409 http://securityreason.com/securityalert/3250 http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-oracle-tns-listener http://www.oracle.com/technetwork/topics/security/cpuoct2007-092913.html http://www.securityfocus.com/archive/1/482423/100/0/threaded http://www.securityfocus.com/bid/26103 http://www.securitytracker.com/id?1018823 http://www.us-cert. • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 1%CPEs: 3EXPL: 0CVE-2007-5513
https://notcve.org/view.php?id=CVE-2007-5513
The XML DB (XMLDB) component in Oracle Database 9.2.0.8, 9.2.0.8DV, and 10.1.0.5 generates incorrect audit entries in the USERID column in which (1) long usernames are trimmed to 5 characters, or (2) short entries contain any extra characters from usernames in previous entries, aka DB23. El componente XML DB (XMLDB) de Oracle Database 9.2.0.8, 9.2.0.8DV, y 10.1.0.5 genera entradas de auditoría incorrectas en la columna USERID en la cual (1) nombres de usuario largo se recortan a 5 caracteres, o (2) entradas cortas contienen los caracteres extra de nombres de usuario en entradas previas, también conocida como DB23. • http://marc.info/?l=bugtraq&m=119332677525918&w=2 http://secunia.com/advisories/27251 http://secunia.com/advisories/27409 http://securityreason.com/securityalert/3247 http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-oracle-xmldb-ftp-service http://www.oracle.com/technetwork/topics/security/cpuoct2007-092913.html http://www.securityfocus.com/archive/1/482426/100/0/threaded http://www.securityfocus.com/bid/26107 http://www.securitytracker.com/id?1018823 http://www.us- •