Page 17 of 124 results (0.016 seconds)

CVSS: 9.0EPSS: 55%CPEs: 4EXPL: 0

Multiple unspecified vulnerabilities in Oracle Spatial component in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4 have unknown impact and remote authenticated attack vectors related to (1) mdsys.sdo_3gl, aka Vuln# DB20, and (2) mdsys.sdo_cs, aka DB21. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB20 is a buffer overflow in GEOM_OPERATION, and DB21 is related to a buffer overflow and SQL injection in TRANSFORM_LAYER. Múltiples vulnerabilidades no especificadas en el componente Oracle Spatial en Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, y 10.1.0.4 tienen impacto y vectores de ataque remotos autenticados desconocidos relacionados con (1) mdsys.sdo_3gl, también conocido como Vuln# DB20, y (2) mdsys.sdo_cs, también conocido como DB21. NOTA: a fecha de 23/10/2006, Oracle no ha negado los informes de terceras partes fiables de que DB20 es un desbordamiento de búfer en GEOM_OPERATION, y DB21 está relacionado con un desbordamiento de búfer e inyección de SQL en TRANSFORM_LAYER. • http://secunia.com/advisories/22396 http://securitytracker.com/id?1017077 http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html http://www.securityfocus.com/archive/1/449110/100/0/threaded http://www.securityfocus.com/archive/1/449711/100/0/threaded http://www.securityfocus.com/bid/20588 http://www.us-cert.gov/cas/techalerts/ •

CVSS: 9.0EPSS: 2%CPEs: 3EXPL: 0

Unspecified vulnerability in Oracle Spatial component in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.4 has unknown impact and remote authenticated attack vectors related to mdsys.sdo_geom, aka Vuln# DB22. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB22 is related to "length checking" in the RELATE function before MD2.RELATE is called. Vulnerabilidad no especificada en el componente Oracle Spatial en Oracle Database 9.0.1.5, 9.2.0.7, y 10.1.0.4 tiene impacto y vectores de ataque remotos autenticados desconocidos relacionados con mdsys.sdo_geom, también conocido como Vuln# DB22. NOTA: a fecha de 23/10/2006, Oracle no ha impugnado los informes de una tercera parte fiable de que DB22 está relacionado con la "comprobación de longitud" en la función RELATE anterior a que se llame a MD2.RELATE. • http://secunia.com/advisories/22396 http://securitytracker.com/id?1017077 http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html http://www.securityfocus.com/archive/1/449110/100/0/threaded http://www.securityfocus.com/archive/1/449711/100/0/threaded http://www.securityfocus.com/bid/20588 http://www.us-cert.gov/cas/techalerts/ •

CVSS: 9.0EPSS: 1%CPEs: 3EXPL: 0

Multiple unspecified vulnerabilities in the Change Data Capture (CDC) component in Oracle Database 9.2.0.7, 10.1.0.5, and have unknown impact and remote authenticated attack vectors related to (1) sys.dbms_cdc_ipublish (Vuln# DB05) and (2) sys.dbms_cdc_isubscribe (DB06). NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB05 is for SQL injection in CREATE_CHANGE_TABLE and CHANGE_TABLE_TRIGGER, and DB06 is for PL/SQL injection in the PREPARE_UNBOUNDED_VIEW procedure. Múltiples vulnerabilidades no especificadas en el componente Change Data Capture (CDC) en Oracle Database 9.2.0.7, 10.1.0.5, tienen impacto y vectores de ataque remotos autenticados desconocidos relacionados con (1) sys.dbms_cdc_ipublish (Vuln# DB05) y (2) sys.dbms_cdc_isubscribe (DB06). NOTA: a fecha del 23/10/2006, Oracle no ha negado los informes de terceras partes fiables de que DB05 es una inyección SQL en CREATE_CHANGE_TABLE y CHANGE_TABLE_TRIGGER, y DB06 es una inyección PL/SQL en el procedimiento PREPARE_UNBOUNDED_VIEW. • http://secunia.com/advisories/22396 http://securitytracker.com/id?1017077 http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf http://www.kb.cert.org/vuls/id/446100 http://www.kb.cert.org/vuls/id/716964 http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html http://www.securityfocus.com/archive/1/449110/100/0/threaded http://www.securityfocus.com/archive/1/449711/100/0/ •

CVSS: 9.0EPSS: 1%CPEs: 4EXPL: 0

Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.2 has unknown impact and remote authenticated attack vectors, aka Vuln# DB09. Vulnerabilidad no especificada en el componente Core RDBMS en Oracle Database 9.0.1.5, 9.2.0.8, 10.1.0.5 y 10.2.0.2 tiene impacto y vectores de ataque autenticado remoto desconocidos, también conocida como Vuln# DB09. • http://secunia.com/advisories/22396 http://securitytracker.com/id?1017077 http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html http://www.securityfocus.com/archive/1/449110/100/0/threaded http://www.securityfocus.com/archive/1/449711/100/0/threaded http://www.securityfocus.com/bid/20588 http://www.us-cert.gov/cas/techalerts/ •

CVSS: 7.1EPSS: 75%CPEs: 5EXPL: 0

Multiple unspecified vulnerabilities in Oracle Spatial component in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.2 have unknown impact and remote authenticated attack vectors related to (1) mdsys.sdo_lrs, aka Vuln# DB13, and (2) Vuln# DB17. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB13 is related to bypassing input validation for SQL injection related to convert_to_lrs_layer and dbms_assert, and DB17 is related to SQL injection in the trigger in the SDO_DROP_USER package. Múltiples vulnerabilidades no especificadas en el componente Oracle Spatial en Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.8, 10.1.0.5 y 10.2.0.2 tiene impacto y vectores de ataque remoto autenticado remoto relacionado con (1) mdsys.sdo_lrs, también conocida como Vuln# DB13 y (2) Vuln# DB17. NOTA: a partir de 20061023, Oracle no ha disputado informes de terceras partes confiables sobre que DB13 está relacionado con eludir la validación de entrada para inyección SQL relacionada con convert_to_lrs_layer y dbms_assert y DB17 está relacionado con inyección SQL en el disparador en el paquete SDO_DROP_USER. • http://archive.cert.uni-stuttgart.de/archive/bugtraq/2006/07/msg00489.html http://archive.cert.uni-stuttgart.de/archive/bugtraq/2006/07/msg00500.html http://secunia.com/advisories/22396 http://securitytracker.com/id?1017077 http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf http://www.kb.cert.org/vuls/id/869292 http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html http://www. •