CVSS: 4.0EPSS: 0%CPEs: 4EXPL: 0CVE-2014-0377
https://notcve.org/view.php?id=CVE-2014-0377
Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect confidentiality via vectors related to SYS tables. Vulnerabilidad no especificada en el componente Core RDBMS de Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4 y 12.1.0.1 que permite a los usuarios remotos autenticados afectar a la confidencialidad a través de vectores relacionados con las tablas de SYS. • http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00007.html http://osvdb.org/102081 http://secunia.com/advisories/56452 http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html http://www.securityfocus.com/bid/64758 http://www.securityfocus.com/bid/64824 http://www.securitytracker.com/id/1029607 •
CVSS: 4.0EPSS: 0%CPEs: 4EXPL: 0CVE-2013-5858
https://notcve.org/view.php?id=CVE-2013-5858
Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect integrity via unknown vectors, a different vulnerability than CVE-2015-0370. Vulnerabilidad no especificada en el componente Core RDBMS en Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4 y 12.1.0.1 permite a usuarios remotos autenticados afectar a la integridad a través de vectores desconocidos, una vulnerabilidad diferente a CVE-2015-0370. • http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00007.html http://osvdb.org/102082 http://secunia.com/advisories/56452 http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html http://www.securityfocus.com/bid/64758 http://www.securityfocus.com/bid/64820 http://www.securitytracker.com/id/1029607 •
CVSS: 7.5EPSS: 97%CPEs: 7EXPL: 3CVE-2012-1675 – Oracle TNS Listener Checker
https://notcve.org/view.php?id=CVE-2012-1675
The TNS Listener, as used in Oracle Database 11g 11.1.0.7, 11.2.0.2, and 11.2.0.3, and 10g 10.2.0.3, 10.2.0.4, and 10.2.0.5, as used in Oracle Fusion Middleware, Enterprise Manager, E-Business Suite, and possibly other products, allows remote attackers to execute arbitrary database commands by performing a remote registration of a database (1) instance or (2) service name that already exists, then conducting a man-in-the-middle (MITM) attack to hijack database connections, aka "TNS Poison." TNS Listener, tal como es usado en Oracle Database 11g 11.1.0.7, 11.2.0.2, y 11.2.0.3, y 10g 10.2.0.3, 10.2.0.4, y 10.2.0.5, y en Oracle Fusion Middleware, Enterprise Manager, E-Business Suite, y posiblemente otros productos, permite a atacantes remotos ejecutar comandos de base de datos arbitrarios realizando un registro remoto de (1) una instancia o (2) nombre de servicio de base de datos que ya existe y, a continuación, relizando un ataque de man-in-the-middle (MITM) para secuestrar conexiones de bases de datos. También conocido como "TNS Poison." • https://github.com/bongbongco/CVE-2012-1675 http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00018.html http://seclists.org/fulldisclosure/2012/Apr/204 http://seclists.org/fulldisclosure/2012/Apr/343 http://www.kb.cert.org/vuls/id/359816 http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.oracle.com/technetwork/topics/security/alert-cve-2012-1675-1608180.html http://www.securityfocus.com/bid/53308 http://www.securitytracker.com/id?1027000 http • CWE-264: Permissions, Privileges, and Access Controls •