CVSS: 7.5EPSS: 97%CPEs: 7EXPL: 3CVE-2012-1675 – Oracle TNS Listener Checker
https://notcve.org/view.php?id=CVE-2012-1675
The TNS Listener, as used in Oracle Database 11g 11.1.0.7, 11.2.0.2, and 11.2.0.3, and 10g 10.2.0.3, 10.2.0.4, and 10.2.0.5, as used in Oracle Fusion Middleware, Enterprise Manager, E-Business Suite, and possibly other products, allows remote attackers to execute arbitrary database commands by performing a remote registration of a database (1) instance or (2) service name that already exists, then conducting a man-in-the-middle (MITM) attack to hijack database connections, aka "TNS Poison." TNS Listener, tal como es usado en Oracle Database 11g 11.1.0.7, 11.2.0.2, y 11.2.0.3, y 10g 10.2.0.3, 10.2.0.4, y 10.2.0.5, y en Oracle Fusion Middleware, Enterprise Manager, E-Business Suite, y posiblemente otros productos, permite a atacantes remotos ejecutar comandos de base de datos arbitrarios realizando un registro remoto de (1) una instancia o (2) nombre de servicio de base de datos que ya existe y, a continuación, relizando un ataque de man-in-the-middle (MITM) para secuestrar conexiones de bases de datos. También conocido como "TNS Poison." • https://github.com/bongbongco/CVE-2012-1675 http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00018.html http://seclists.org/fulldisclosure/2012/Apr/204 http://seclists.org/fulldisclosure/2012/Apr/343 http://www.kb.cert.org/vuls/id/359816 http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.oracle.com/technetwork/topics/security/alert-cve-2012-1675-1608180.html http://www.securityfocus.com/bid/53308 http://www.securitytracker.com/id?1027000 http • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.0EPSS: 0%CPEs: 6EXPL: 0CVE-2012-0552
https://notcve.org/view.php?id=CVE-2012-0552
Unspecified vulnerability in the Oracle Spatial component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. Vulnerabilidad no especificada en el componente Oracle Spatial en Oracle Database Server v10.2.0.3, v10.2.0.4, v10.2.0.5, v11.1.0.7, v11.2.0.2 y v11.2.0.3, permite a usuarios remotos autenticados afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00018.html http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html http://www.securitytracker.com/id?1026929 •
CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2012-0520
https://notcve.org/view.php?id=CVE-2012-0520
Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.2, and in Oracle Enterprise Manager Grid Control 10.2.0.5 and 11.1.0.1, allows remote attackers to affect integrity via unknown vectors related to Security Framework. Vulnerabilidad no especificada en el componente Enterprise Manager Base Platform en Oracle Database Server v10.2.0.3, v10.2.0.4, v10.2.0.5, v11.1.0.7, y v11.2.0.2, y en Oracle Enterprise Manager Grid Control v10.2.0.5 v11.1.0.1, permite a atacantes remotos afectar la integridad a través de vectores desconocidos relacionados con Security Framework. • http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html http://www.securityfocus.com/bid/53081 http://www.securitytracker.com/id?1026929 •
CVSS: 4.0EPSS: 0%CPEs: 6EXPL: 0CVE-2012-0534
https://notcve.org/view.php?id=CVE-2012-0534
Unspecified vulnerability in the RDBMS Core component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to affect integrity via unknown vectors related to Create Session. Vulnerabilidad sin especificar en el componente RDBMS Core del servidor de bases de datos Oracle 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, y 11.2.0.3. Permite a usuarios autenticados remotos afectar la integridad a través de vectores desconocidos relacionados con la creacción de sesión. • http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00018.html http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html http://www.securitytracker.com/id?1026929 •
CVSS: 5.8EPSS: 0%CPEs: 5EXPL: 0CVE-2012-0528
https://notcve.org/view.php?id=CVE-2012-0528
Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, and 11.1.0.7, and Oracle Enterprise Manager Grid Control, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security Framework. Vulnerabilidad sin especificar en el componente Enterprise Manager Base Platform del servidor de bases de datos Oracle 10.2.0.3, 10.2.0.4, 10.2.0.5 y 11.1.0.7, y Oracle Enterprise Manager Grid Control. Permite a atacantes remotos afectar la confidencialidad e integridad a través de vectores desconocidos relacionados con la infraestructura de seguridad. • http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html http://www.securitytracker.com/id?1026929 •