CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0CVE-2013-3826
https://notcve.org/view.php?id=CVE-2013-3826
Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.2, 11.2.0.3, and 12.1.0.1 allows remote attackers to affect confidentiality via unknown vectors. Vulnerabilidad no especificada en el componente Core RDBMS de Oracle Database Server 11.1.0.7, 11.2.0.2, 11.2.0.3, y 12.1.0.1 permite a atacantes remotos afectar la confidencialidad a través de vectores desconocidos. • http://secunia.com/advisories/55322 http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18671 •
CVSS: 7.5EPSS: 97%CPEs: 7EXPL: 3CVE-2012-1675 – Oracle TNS Listener Checker
https://notcve.org/view.php?id=CVE-2012-1675
The TNS Listener, as used in Oracle Database 11g 11.1.0.7, 11.2.0.2, and 11.2.0.3, and 10g 10.2.0.3, 10.2.0.4, and 10.2.0.5, as used in Oracle Fusion Middleware, Enterprise Manager, E-Business Suite, and possibly other products, allows remote attackers to execute arbitrary database commands by performing a remote registration of a database (1) instance or (2) service name that already exists, then conducting a man-in-the-middle (MITM) attack to hijack database connections, aka "TNS Poison." TNS Listener, tal como es usado en Oracle Database 11g 11.1.0.7, 11.2.0.2, y 11.2.0.3, y 10g 10.2.0.3, 10.2.0.4, y 10.2.0.5, y en Oracle Fusion Middleware, Enterprise Manager, E-Business Suite, y posiblemente otros productos, permite a atacantes remotos ejecutar comandos de base de datos arbitrarios realizando un registro remoto de (1) una instancia o (2) nombre de servicio de base de datos que ya existe y, a continuación, relizando un ataque de man-in-the-middle (MITM) para secuestrar conexiones de bases de datos. También conocido como "TNS Poison." • https://github.com/bongbongco/CVE-2012-1675 http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00018.html http://seclists.org/fulldisclosure/2012/Apr/204 http://seclists.org/fulldisclosure/2012/Apr/343 http://www.kb.cert.org/vuls/id/359816 http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.oracle.com/technetwork/topics/security/alert-cve-2012-1675-1608180.html http://www.securityfocus.com/bid/53308 http://www.securitytracker.com/id?1027000 http • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 59%CPEs: 4EXPL: 0CVE-2007-3338 – Computer Associates Advantage Ingres 2.6 Denial Of Service
https://notcve.org/view.php?id=CVE-2007-3338
Multiple stack-based buffer overflows in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (Computer Associates) products, allow remote attackers to execute arbitrary code via the (1) uuid_from_char or (2) duve_get_args functions. Múltiples desbordamientos de búfer en la región stack de la memoria en Ingres database server 2006 versiones 9.0.4, r3, 2.6 y 2.5, tal como se usa en varios productos de CA (Computer Associates), permiten a los atacantes remotos ejecutar código arbitrario por medio de las funciones (1) uuid_from_char o (2) duve_get_args. Computer Associates Advantage Ingres version 2.6 suffers from multiple denial of service vulnerabilities. • http://osvdb.org/37483 http://secunia.com/advisories/25756 http://secunia.com/advisories/25775 http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778 http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-ingres-stack-overflow http://www.ngssoftware.com/advisories/medium-risk-vulnerability-in-ingres-stack-overflow http://www.securityfocus.com/archive/1/472194/100/0/threaded http://www.securityfo • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 2.1EPSS: 0%CPEs: 4EXPL: 0CVE-2007-3337 – Computer Associates Advantage Ingres 2.6 Denial Of Service
https://notcve.org/view.php?id=CVE-2007-3337
wakeup in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (Computer Associates) products, allows local users to truncate arbitrary files via a symlink attack on the alarmwkp.def file. El inicio (wakeup) en la base de datos Ingres server 2006 9.0.4, r3, 2.6 y 2.5, tal y como se usa en los productos CA (Computer Associates), permite a usuarios locales truncar ficheros de su elección mediante un ataque symlink (de enlaces simbólicos) en el fichero alarmwkp.def. Computer Associates Advantage Ingres version 2.6 suffers from multiple denial of service vulnerabilities. • http://osvdb.org/37485 http://secunia.com/advisories/25756 http://secunia.com/advisories/25775 http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778 http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35451 http://www.ngssoftware.com/advisories/medium-risk-vulnerability-in-ingres-file-truncation http://www.securityfocus.com/archive/1/472200/100/0/threaded http://www.securityfocus.com/bid&#x •
CVSS: 10.0EPSS: 77%CPEs: 4EXPL: 1CVE-2007-3336 – CA Advantage Ingres 2.6 - Multiple Buffer Overflow Vulnerabilities (PoC)
https://notcve.org/view.php?id=CVE-2007-3336
Multiple "pointer overwrite" vulnerabilities in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (formerly Computer Associates) products, allow remote attackers to execute arbitrary code by sending certain TCP data at different times to the Ingres Communications Server Process (iigcc), which calls the (1) QUinsert or (2) QUremove functions with attacker-controlled input. Múltiples vulnerabilidades "pointer overwrite" en Ingres database server 2006 versiones 9.0.4, r3, 2.6 y 2.5, tal como se usa en varios productos de CA (anteriormente Computer Associates), permiten a los atacantes remotos ejecutar código arbitrario mediante el envío de ciertos datos TCP en diferentes momentos hacia Ingres Communications Server Process (iigcc), que llama a las funciones (1) QUinsert o (2) QUremove con entrada controlada por el atacante. Computer Associates Advantage Ingres version 2.6 suffers from multiple denial of service vulnerabilities. • https://www.exploit-db.com/exploits/14646 http://archives.neohapsis.com/archives/bugtraq/2007-06/0302.html http://osvdb.org/37486 http://secunia.com/advisories/25756 http://secunia.com/advisories/25775 http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778 http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-1 http://www.ngssoftware.com/advisories/critical-risk- •