CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2005-3438
https://notcve.org/view.php?id=CVE-2005-3438
Multiple unspecified vulnerabilities in Oracle Database Server 9i up to 10.1.0.4.2 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB04 in Change Data Capture; (2) DB06 in Data Guard Logical Standby; (3) DB10 in Locale; (4) DB12 in Materialized Views; (5) DB13 in Objects Extension; (6) DB15 in Oracle Label Security; (7) DB27 in Security, possibly due to a buffer overflow in sys.pbsde.init; and (8) DB28 and (9) DB29 in Workspace Manager. • http://lists.grok.org.uk/pipermail/full-disclosure/2005-October/038061.html http://secunia.com/advisories/17250 http://www.kb.cert.org/vuls/id/210524 http://www.kb.cert.org/vuls/id/449444 http://www.oracle.com/technetwork/topics/security/cpuoct2005-090497.html http://www.securityfocus.com/bid/15134 http://www.us-cert.gov/cas/techalerts/TA05-292A.html •
CVSS: 5.0EPSS: 0%CPEs: 12EXPL: 0CVE-2005-0298
https://notcve.org/view.php?id=CVE-2005-0298
The DIRECTORY objects in Oracle 8i through Oracle 10g contain the location of a specific operating system directory, which allows users with read privileges to a DIRECTORY object to obtain sensitive information. • http://marc.info/?l=bugtraq&m=110608912525883&w=2 http://www.oracle.com/technology/deploy/security/pdf/cpu-jan-2005_advisory.pdf http://www.petefinnigan.com/directory_traversal.pdf https://exchange.xforce.ibmcloud.com/vulnerabilities/18947 •
CVSS: 9.8EPSS: 10%CPEs: 33EXPL: 0CVE-2004-1363
https://notcve.org/view.php?id=CVE-2004-1363
Buffer overflow in extproc in Oracle 10g allows remote attackers to execute arbitrary code via environment variables in the library name, which are expanded after the length check is performed. • http://marc.info/?l=bugtraq&m=110382345829397&w=2 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1 http://www.kb.cert.org/vuls/id/316206 http://www.ngssoftware.com/advisories/oracle23122004.txt http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf http://www.securityfocus.com/bid/10871 http://www.us-cert.gov/cas/techalerts/TA04-245A.html https://exchange.xforce.ibmcloud.com/vulnerabilities/18659 • CWE-131: Incorrect Calculation of Buffer Size •
CVSS: 9.0EPSS: 30%CPEs: 31EXPL: 0CVE-2003-0222
https://notcve.org/view.php?id=CVE-2003-0222
Stack-based buffer overflow in Oracle Net Services for Oracle Database Server 9i release 2 and earlier allows attackers to execute arbitrary code via a "CREATE DATABASE LINK" query containing a connect string with a long USING parameter. Desbordamiento de búfer basado en la pila en Oracle Net Sevices de Oracle Database Server 9i release 2 y anteriores permite a atacantes ejecutar código arbitrario mediante una consulta "CREATE DATABASE LINK" conteniendo una cadena de conexión con un parámetro USING largo. • http://marc.info/?l=bugtraq&m=105162831008176&w=2 http://marc.info/?l=ntbugtraq&m=105163376015735&w=2 http://otn.oracle.com/deploy/security/pdf/2003alert54.pdf http://www.ciac.org/ciac/bulletins/n-085.shtml http://www.securityfocus.com/bid/7453 https://exchange.xforce.ibmcloud.com/vulnerabilities/11885 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 67%CPEs: 10EXPL: 0CVE-2003-0095
https://notcve.org/view.php?id=CVE-2003-0095
Buffer overflow in ORACLE.EXE for Oracle Database Server 9i, 8i, 8.1.7, and 8.0.6 allows remote attackers to execute arbitrary code via a long username that is provided during login, as exploitable through client applications that perform their own authentication, as demonstrated using LOADPSP. • http://marc.info/?l=bugtraq&m=104549693426042&w=2 http://otn.oracle.com/deploy/security/pdf/2003alert51.pdf http://www.cert.org/advisories/CA-2003-05.html http://www.ciac.org/ciac/bulletins/n-046.shtml http://www.iss.net/security_center/static/11328.php http://www.kb.cert.org/vuls/id/953746 http://www.osvdb.org/6319 http://www.securityfocus.com/bid/6849 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •