CVSS: 10.0EPSS: 2%CPEs: 28EXPL: 0CVE-2008-0347
https://notcve.org/view.php?id=CVE-2008-0347
Unspecified vulnerability in the Oracle Ultra Search component in Oracle Collaboration Suite 10.1.2; Database 9.2.0.8, 10.1.0.5, and 10.2.0.3; and Application Server 9.0.4.3 and 10.1.2.0.2; has unknown impact and local attack vectors, aka OCS01. NOTE: Oracle has not disputed a reliable claim that this issue is related to WKSYS schema privileges. Una vulnerabilidad no especificada en el componente Oracle Ultra Search en Oracle Collaboration Suite versión 10.1.2; Database versiones 9.2.0.8, 10.1.0.5 y 10.2.0.3; y Application Server 9.0.4.3 y 10.1.2.0.2; presenta un impacto desconocido y vectores de ataque locales, también se conoce como OCS01. NOTA: Oracle no ha cuestionado una afirmación confiable de que este problema está relacionado con los privilegios del esquema WKSYS. • http://marc.info/?l=bugtraq&m=120058413923005&w=2 http://secunia.com/advisories/28518 http://secunia.com/advisories/28556 http://securitytracker.com/id?1019218 http://www.oracle.com/technetwork/topics/security/cpujan2008-086860.html http://www.petefinnigan.com/Advisory_CPU_Jan_2008.htm http://www.securityfocus.com/archive/1/487322/100/100/threaded http://www.securityfocus.com/bid/27229 http://www.us-cert.gov/cas/techalerts/TA08-017A.html http://www.vupen.com/english/advis •
CVSS: 10.0EPSS: 1%CPEs: 26EXPL: 0CVE-2008-0348
https://notcve.org/view.php?id=CVE-2008-0348
Multiple unspecified vulnerabilities in the PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.22.18, 8.48.15, and 8.49.07 have unknown impact and remote attack vectors, aka (1) PSE01, (2) PSE03, and (3) PSE04. Múltiples vulnerabilidades no especificadas en el componente PeopleTools de Oracle PeopleSoft Enterprise y JD Edwards EnterpriseOne 8.22.18, 8.48.15, y 8.49.07 tienen impacto y vectores de ataque remotos desconocidos, también conocidos como (1) PSE01, (2) PSE03, y (3) PSE04. • http://marc.info/?l=bugtraq&m=120058413923005&w=2 http://secunia.com/advisories/28518 http://secunia.com/advisories/28556 http://securitytracker.com/id?1019218 http://www.oracle.com/technetwork/topics/security/cpujan2008-086860.html http://www.securityfocus.com/bid/27229 http://www.us-cert.gov/cas/techalerts/TA08-017A.html http://www.vupen.com/english/advisories/2008/0150 http://www.vupen.com/english/advisories/2008/0180 •
CVSS: 10.0EPSS: 1%CPEs: 26EXPL: 0CVE-2008-0349
https://notcve.org/view.php?id=CVE-2008-0349
Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.15 and 8.49.07 has unknown impact and remote attack vectors, aka PSE02. Vulnerabilidad no especificada en el componente PeopleTools de Oracle PeopleSoft Enterprise y JD Edwards EnterpriseOne 8.48.15 y 8.49.07 tiene impacto y vectores de ataque remotos desconocidos, también conocido como PSE02. • http://marc.info/?l=bugtraq&m=120058413923005&w=2 http://secunia.com/advisories/28518 http://secunia.com/advisories/28556 http://securitytracker.com/id?1019218 http://www.oracle.com/technetwork/topics/security/cpujan2008-086860.html http://www.securityfocus.com/bid/27229 http://www.us-cert.gov/cas/techalerts/TA08-017A.html http://www.vupen.com/english/advisories/2008/0150 http://www.vupen.com/english/advisories/2008/0180 •
CVSS: 8.5EPSS: 0%CPEs: 10EXPL: 0CVE-2007-5897
https://notcve.org/view.php?id=CVE-2007-5897
Buffer overflow in MDSYS.SDO_CS in Oracle Database Server 8iR3, 9iR1, 9iR2 up to 9.2.0.6, and 10gR1 up to 10.1.0.4 allows remote authenticated users to cause a denial of service (crash) and execute arbitrary code via the TRANSFORM function. NOTE: this issue might already be covered by CVE-2007-5515, CVE-2007-5509, or CVE-2007-5505, but there are insufficient details to be sure. Desbordamiento de búfer en MDSYS.SDO_CS de Oracle Database Server 8iR3, 9iR1, 9iR2 hasta 9.2.0.6, y 10gR1 hasta 10.1.0.4 permite a usuarios autenticados remotos provocar una denegación de servicio (caída) y ejecutar código de su elección mediante la función TRANSFORM. NOTA: este asunto podría estar ya cubierto por CVE-2007-5515, CVE-2007-5509, o CVE-2007-5505, pero no hay suficientes detalles como para estar seguros. • http://osvdb.org/40081 http://www.oracle.com/technetwork/topics/security/cpuoct2007-092913.html http://www.securityfocus.com/archive/1/482918/100/100/threaded http://www.securityfocus.com/bid/26243 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 1%CPEs: 5EXPL: 0CVE-2007-5506
https://notcve.org/view.php?id=CVE-2007-5506
The Core RDBMS component in Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote attackers to cause a denial of service (CPU consumption) via a crafted type 6 Data packet, aka DB20. El núcleo del componente RDBMS en Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, y 10.2.0.3 permite a atacantes remotos provocar una denegación de servicio (consumo de CPU) mediante un paquete de datos tipo 6 manipulado artesanalmente, también conocido como DB20. • http://marc.info/?l=bugtraq&m=119332677525918&w=2 http://secunia.com/advisories/27251 http://secunia.com/advisories/27409 http://securityreason.com/securityalert/3244 http://www.oracle.com/technetwork/topics/security/cpuoct2007-092913.html http://www.securityfocus.com/archive/1/482424/100/0/threaded http://www.securityfocus.com/bid/26108 http://www.securitytracker.com/id?1018823 http://www.us-cert.gov/cas/techalerts/TA07-290A.html http://www.vupen.com/english/advisories/2007&#x • CWE-399: Resource Management Errors •