CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 1CVE-2018-3004
https://notcve.org/view.php?id=CVE-2018-3004
18 Jul 2018 — Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2,12.2.0.1 and 18.2. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via multiple protocols to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java VM accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality i... • http://obtruse.syfrtext.com/2018/07/oracle-privilege-escalation-via.html •
CVSS: 5.9EPSS: 3%CPEs: 42EXPL: 0CVE-2018-10237 – guava: Unbounded memory allocation in AtomicDoubleArray and CompoundOrdering classes allow remote attackers to cause a denial of service
https://notcve.org/view.php?id=CVE-2018-10237
26 Apr 2018 — Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable. Asignación de memoria ... • http://www.securitytracker.com/id/1041707 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.5EPSS: 1%CPEs: 4EXPL: 0CVE-2018-2841
https://notcve.org/view.php?id=CVE-2018-2841
19 Apr 2018 — Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via multiple protocols to compromise Java VM. While the vulnerability is in Java VM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java VM. • http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html •
CVSS: 7.5EPSS: 12%CPEs: 19EXPL: 0CVE-2016-2381 – Gentoo Linux Security Advisory 201701-75
https://notcve.org/view.php?id=CVE-2016-2381
02 Mar 2016 — Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp. Perl podría permitir a atacantes dependientes de contexto eludir los mecanismos de protección taint en un proceso hijo a través de variables de entorno duplicadas en envp. Stephane Chazelas discovered a bug in the environment handling in Perl. Perl provides a Perl-space hash variable, %ENV, in which environment variables can be looked up. If a variable appears... • http://lists.opensuse.org/opensuse-updates/2016-03/msg00112.html • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 28%CPEs: 4EXPL: 1CVE-2007-3336 – CA Advantage Ingres 2.6 - Multiple Buffer Overflow Vulnerabilities (PoC)
https://notcve.org/view.php?id=CVE-2007-3336
22 Jun 2007 — Multiple "pointer overwrite" vulnerabilities in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (formerly Computer Associates) products, allow remote attackers to execute arbitrary code by sending certain TCP data at different times to the Ingres Communications Server Process (iigcc), which calls the (1) QUinsert or (2) QUremove functions with attacker-controlled input. Múltiples vulnerabilidades "pointer overwrite" en Ingres database server 2006 versiones 9.0.4, r3, 2.6 y 2.5, t... • https://www.exploit-db.com/exploits/14646 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2007-3337
https://notcve.org/view.php?id=CVE-2007-3337
22 Jun 2007 — wakeup in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (Computer Associates) products, allows local users to truncate arbitrary files via a symlink attack on the alarmwkp.def file. El inicio (wakeup) en la base de datos Ingres server 2006 9.0.4, r3, 2.6 y 2.5, tal y como se usa en los productos CA (Computer Associates), permite a usuarios locales truncar ficheros de su elección mediante un ataque symlink (de enlaces simbólicos) en el fichero alarmwkp.def. • http://osvdb.org/37485 •
CVSS: 10.0EPSS: 20%CPEs: 4EXPL: 0CVE-2007-3338
https://notcve.org/view.php?id=CVE-2007-3338
22 Jun 2007 — Multiple stack-based buffer overflows in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (Computer Associates) products, allow remote attackers to execute arbitrary code via the (1) uuid_from_char or (2) duve_get_args functions. Múltiples desbordamientos de búfer en la región stack de la memoria en Ingres database server 2006 versiones 9.0.4, r3, 2.6 y 2.5, tal como se usa en varios productos de CA (Computer Associates), permiten a los atacantes remotos ejecutar código arbitrario... • http://osvdb.org/37483 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •