CVE-2007-0272
https://notcve.org/view.php?id=CVE-2007-0272
Multiple buffer overflows in MDSYS.MD in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4 allows remote authenticated users to cause a denial of service (crash) or execute arbitrary code via unspecified vectors involving certain public procedures, aka DB05. Múltiples desbordamientos de búfer en MDSYS.MD en Oracle Database versiones 8.1.7.4, 9.0.1.5, 9.2.0.7 y 10.1.0.4 permite a los usuarios autenticados remotos causar una denegación de servicio (bloqueo) o ejecutar código arbitrario por medio de vectores no especificados que implican ciertos procedimientos públicos, también se conoce como DB05. • http://osvdb.org/32911 http://secunia.com/advisories/23794 http://securitytracker.com/id?1017522 http://www.appsecinc.com/resources/alerts/oracle/2007-05.shtml http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html http://www.securityfocus.com/archive/1/458038/100/0/threaded http://www.securityfocus.com/archive/1/474047/100/0/threaded http://www.securityfocus.com/bid/22083 http://www.us-cert.gov/cas/techalerts/TA07-017A.html https://exchange.xforce.ibmcloud • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2007-0276
https://notcve.org/view.php?id=CVE-2007-0276
Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4 and 9.0.1.5 have unknown impact and attack vectors related to (1) Advanced Security Option and oklist or okdstry (DB10), (2) Oracle Net Services (DB13), and (3) Recovery Manager and oklist (DB16). Múltiples vulnerabilidades no especificadas en Oracle Database 8.1.7.4 y 9.0.1.5 tienen impacto y vectores de ataque desconocidos relacionados con (1) Advanced Security Option y oklist o okdstry (DB10), (2) Oracle Net Services (DB13), y (3) Recovery Manager y oklist (DB16). • http://osvdb.org/32916 http://osvdb.org/32919 http://osvdb.org/32922 http://secunia.com/advisories/23794 http://securitytracker.com/id?1017522 http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html http://www.securityfocus.com/bid/22083 http://www.us-cert.gov/cas/techalerts/TA07-017A.html https://exchange.xforce.ibmcloud.com/vulnerabilities/31541 •
CVE-2006-5339
https://notcve.org/view.php?id=CVE-2006-5339
Unspecified vulnerability in Oracle Spatial component in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4 has unknown impact and remote authenticated attack vectors related to mdsys.sdo_geom, aka Vuln# DB11. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB11 is related to "length checking" in the RELATE function before MD2.RELATE is called. Vulnerabilidad no especificada en el componente Oracle Spatial en Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, y 10.1.0.4 tiene impacto y vectores de ataque remotos autenticados desconocidos relacionados con mdsys.sdo_geom, también conocido como Vuln# DB11. NOTA: a fecha del 23/10/2006, Oracle no ha negado los informes de terceras partes fiables de que DB11 está relacionada con la "comprobación de longitud" en la función RELATE antes de que se llame a MD2.RELATE. • http://secunia.com/advisories/22396 http://securitytracker.com/id?1017077 http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html http://www.securityfocus.com/archive/1/449110/100/0/threaded http://www.securityfocus.com/archive/1/449711/100/0/threaded http://www.securityfocus.com/bid/20588 http://www.us-cert.gov/cas/techalerts/ •
CVE-2006-5344
https://notcve.org/view.php?id=CVE-2006-5344
Multiple unspecified vulnerabilities in Oracle Spatial component in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4 have unknown impact and remote authenticated attack vectors related to (1) mdsys.sdo_3gl, aka Vuln# DB20, and (2) mdsys.sdo_cs, aka DB21. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB20 is a buffer overflow in GEOM_OPERATION, and DB21 is related to a buffer overflow and SQL injection in TRANSFORM_LAYER. Múltiples vulnerabilidades no especificadas en el componente Oracle Spatial en Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, y 10.1.0.4 tienen impacto y vectores de ataque remotos autenticados desconocidos relacionados con (1) mdsys.sdo_3gl, también conocido como Vuln# DB20, y (2) mdsys.sdo_cs, también conocido como DB21. NOTA: a fecha de 23/10/2006, Oracle no ha negado los informes de terceras partes fiables de que DB20 es un desbordamiento de búfer en GEOM_OPERATION, y DB21 está relacionado con un desbordamiento de búfer e inyección de SQL en TRANSFORM_LAYER. • http://secunia.com/advisories/22396 http://securitytracker.com/id?1017077 http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html http://www.securityfocus.com/archive/1/449110/100/0/threaded http://www.securityfocus.com/archive/1/449711/100/0/threaded http://www.securityfocus.com/bid/20588 http://www.us-cert.gov/cas/techalerts/ •
CVE-2006-5340
https://notcve.org/view.php?id=CVE-2006-5340
Multiple unspecified vulnerabilities in Oracle Spatial component in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.2 have unknown impact and remote authenticated attack vectors related to (1) mdsys.sdo_lrs, aka Vuln# DB13, and (2) Vuln# DB17. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB13 is related to bypassing input validation for SQL injection related to convert_to_lrs_layer and dbms_assert, and DB17 is related to SQL injection in the trigger in the SDO_DROP_USER package. Múltiples vulnerabilidades no especificadas en el componente Oracle Spatial en Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.8, 10.1.0.5 y 10.2.0.2 tiene impacto y vectores de ataque remoto autenticado remoto relacionado con (1) mdsys.sdo_lrs, también conocida como Vuln# DB13 y (2) Vuln# DB17. NOTA: a partir de 20061023, Oracle no ha disputado informes de terceras partes confiables sobre que DB13 está relacionado con eludir la validación de entrada para inyección SQL relacionada con convert_to_lrs_layer y dbms_assert y DB17 está relacionado con inyección SQL en el disparador en el paquete SDO_DROP_USER. • http://archive.cert.uni-stuttgart.de/archive/bugtraq/2006/07/msg00489.html http://archive.cert.uni-stuttgart.de/archive/bugtraq/2006/07/msg00500.html http://secunia.com/advisories/22396 http://securitytracker.com/id?1017077 http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf http://www.kb.cert.org/vuls/id/869292 http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html http://www. •