CVSS: 10.0EPSS: 1%CPEs: 26EXPL: 0CVE-2008-0340
https://notcve.org/view.php?id=CVE-2008-0340
Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 have unknown impact and remote attack vectors, related to the (1) Advanced Queuing component (DB02) and (2) Oracle Spatial component (DB04). Múltiples vulnerabilidades no especificadas en Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, y 10.2.0.3 tiene impacto y vectores de ataque desconocidos, relacionados con los componentes (1) Advanced Queuing y (2) Oracle Spatial (DB04). • http://marc.info/?l=bugtraq&m=120058413923005&w=2 http://secunia.com/advisories/28518 http://secunia.com/advisories/28556 http://securitytracker.com/id?1019218 http://www.oracle.com/technetwork/topics/security/cpujan2008-086860.html http://www.securityfocus.com/bid/27229 http://www.us-cert.gov/cas/techalerts/TA08-017A.html http://www.vupen.com/english/advisories/2008/0150 http://www.vupen.com/english/advisories/2008/0180 •
CVSS: 10.0EPSS: 1%CPEs: 26EXPL: 0CVE-2008-0344
https://notcve.org/view.php?id=CVE-2008-0344
Unspecified vulnerability in the Oracle Spatial component in Oracle Database 10.1.0.5 and 10.2.0.3 has unknown impact and remote attack vectors, aka DB07. Vulnerabilidad no especificada en el componente Oracle Spatial de Oracle Database 10.1.0.5 y 10.2.0.3 tiene impacto y vectores de ataque remotos desconocidos, también conocido como DB07. • http://marc.info/?l=bugtraq&m=120058413923005&w=2 http://secunia.com/advisories/28518 http://secunia.com/advisories/28556 http://securitytracker.com/id?1019218 http://www.oracle.com/technetwork/topics/security/cpujan2008-086860.html http://www.securityfocus.com/bid/27229 http://www.us-cert.gov/cas/techalerts/TA08-017A.html http://www.vupen.com/english/advisories/2008/0150 http://www.vupen.com/english/advisories/2008/0180 •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 0CVE-2008-0341
https://notcve.org/view.php?id=CVE-2008-0341
Unspecified vulnerability in the Advanced Queuing component in Oracle Database 9.0.1.5 FIPS+ and 10.1.0.5 has unknown impact and remote attack vectors, aka DB03. Vulnerabilidad no especificada en el componente Advanced Queuing de Oracle Database 9.0.1.5 FIPS+ y 10.1.0.5 tiene impacto y vectores de ataque desconocidos, también conocido como DB03. • http://marc.info/?l=bugtraq&m=120058413923005&w=2 http://secunia.com/advisories/28518 http://secunia.com/advisories/28556 http://securitytracker.com/id?1019218 http://www.oracle.com/technetwork/topics/security/cpujan2008-086860.html http://www.securityfocus.com/bid/27229 http://www.us-cert.gov/cas/techalerts/TA08-017A.html http://www.vupen.com/english/advisories/2008/0150 http://www.vupen.com/english/advisories/2008/0180 •
CVSS: 7.8EPSS: 1%CPEs: 5EXPL: 0CVE-2007-5506
https://notcve.org/view.php?id=CVE-2007-5506
The Core RDBMS component in Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote attackers to cause a denial of service (CPU consumption) via a crafted type 6 Data packet, aka DB20. El núcleo del componente RDBMS en Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, y 10.2.0.3 permite a atacantes remotos provocar una denegación de servicio (consumo de CPU) mediante un paquete de datos tipo 6 manipulado artesanalmente, también conocido como DB20. • http://marc.info/?l=bugtraq&m=119332677525918&w=2 http://secunia.com/advisories/27251 http://secunia.com/advisories/27409 http://securityreason.com/securityalert/3244 http://www.oracle.com/technetwork/topics/security/cpuoct2007-092913.html http://www.securityfocus.com/archive/1/482424/100/0/threaded http://www.securityfocus.com/bid/26108 http://www.securitytracker.com/id?1018823 http://www.us-cert.gov/cas/techalerts/TA07-290A.html http://www.vupen.com/english/advisories/2007&#x • CWE-399: Resource Management Errors •
CVSS: 6.4EPSS: 1%CPEs: 5EXPL: 0CVE-2007-5507
https://notcve.org/view.php?id=CVE-2007-5507
The GIOP service in TNS Listener in the Oracle Net Services component in Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote attackers to cause a denial of service (crash) or read potentially sensitive memory via a connect GIOP packet with an invalid data size, which triggers a buffer over-read, aka DB22. El servicio GIOP en TNS Listener del componente Oracle Net Services de Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, y 10.2.0.3 permite a atacantes remotos provocar una denegación de servicio (caída) o leer memoria potencialmente sensible mediante un paquete GIOP connect con un tamaño de datos inválido, lo cual dispara un desbordamiento de lectura de búfer, también conocida como DB22. • http://marc.info/?l=bugtraq&m=119332677525918&w=2 http://secunia.com/advisories/27251 http://secunia.com/advisories/27409 http://securityreason.com/securityalert/3250 http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-oracle-tns-listener http://www.oracle.com/technetwork/topics/security/cpuoct2007-092913.html http://www.securityfocus.com/archive/1/482423/100/0/threaded http://www.securityfocus.com/bid/26103 http://www.securitytracker.com/id?1018823 http://www.us-cert. • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •