CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1CVE-2007-0268
https://notcve.org/view.php?id=CVE-2007-0268
Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unknown impact and attack vectors related to (1) the Advanced Queuing component and sys.dbms_aqsys.dbms_aq privileges (DB01), (2) Advanced Replication and sys.dbms_repcat_untrusted (DB07), and (3) Oracle Text and ctxload (DB15). NOTE: Oracle has not publicly claims by reliable researchers that DB01 is for SQL injection in the SYS.DBMS_AQ_INV package, and DB07 is for a buffer overflow in the UNREGISTER_SNAPSHOT procedure in the DBMS_REPCAT_UNTRUSTED package. Múltiples vulnerabilidades no especificadas en Oracle Database versiones 9.0.1.5, 9.2.0.7 y 10.1.0.5 tienen vectores de impacto y ataque desconocidos relacionados con (1) el componente Advanced Queue Server y los privilegios sys.dbms_aqsys.dbms_aq (DB01), (2) Advanced Replication and sys.dbms_ repcat_untrusted (DB07) y (3) Oracle Text y ctxload (DB15). NOTA: Oracle no ha reclamado públicamente por investigadores confiables de que DB01 es para inyección SQL en el SYS. DBMS_AQ_INV y DB07 es para un desbordamiento de búfer en el procedimiento UNREGISTER_SNAPSHOT en el paquete DBMS_REPCAT_UNTRUSTED. • http://osvdb.org/32907 http://osvdb.org/32913 http://osvdb.org/32921 http://secunia.com/advisories/23794 http://securitytracker.com/id?1017522 http://www.kb.cert.org/vuls/id/221788 http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aq_inv.html http://www.securityfocus.com/archive/1/458005/100/0/threaded http://www.securityfocus.com/archive/1/458475/100/100/threaded http:/ •
CVSS: 8.5EPSS: 2%CPEs: 4EXPL: 0CVE-2007-0272
https://notcve.org/view.php?id=CVE-2007-0272
Multiple buffer overflows in MDSYS.MD in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4 allows remote authenticated users to cause a denial of service (crash) or execute arbitrary code via unspecified vectors involving certain public procedures, aka DB05. Múltiples desbordamientos de búfer en MDSYS.MD en Oracle Database versiones 8.1.7.4, 9.0.1.5, 9.2.0.7 y 10.1.0.4 permite a los usuarios autenticados remotos causar una denegación de servicio (bloqueo) o ejecutar código arbitrario por medio de vectores no especificados que implican ciertos procedimientos públicos, también se conoce como DB05. • http://osvdb.org/32911 http://secunia.com/advisories/23794 http://securitytracker.com/id?1017522 http://www.appsecinc.com/resources/alerts/oracle/2007-05.shtml http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html http://www.securityfocus.com/archive/1/458038/100/0/threaded http://www.securityfocus.com/archive/1/474047/100/0/threaded http://www.securityfocus.com/bid/22083 http://www.us-cert.gov/cas/techalerts/TA07-017A.html https://exchange.xforce.ibmcloud • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.0EPSS: 1%CPEs: 4EXPL: 0CVE-2006-5337
https://notcve.org/view.php?id=CVE-2006-5337
Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.2 has unknown impact and remote authenticated attack vectors, aka Vuln# DB09. Vulnerabilidad no especificada en el componente Core RDBMS en Oracle Database 9.0.1.5, 9.2.0.8, 10.1.0.5 y 10.2.0.2 tiene impacto y vectores de ataque autenticado remoto desconocidos, también conocida como Vuln# DB09. • http://secunia.com/advisories/22396 http://securitytracker.com/id?1017077 http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html http://www.securityfocus.com/archive/1/449110/100/0/threaded http://www.securityfocus.com/archive/1/449711/100/0/threaded http://www.securityfocus.com/bid/20588 http://www.us-cert.gov/cas/techalerts/ •
CVSS: 9.0EPSS: 2%CPEs: 3EXPL: 0CVE-2006-5345
https://notcve.org/view.php?id=CVE-2006-5345
Unspecified vulnerability in Oracle Spatial component in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.4 has unknown impact and remote authenticated attack vectors related to mdsys.sdo_geom, aka Vuln# DB22. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB22 is related to "length checking" in the RELATE function before MD2.RELATE is called. Vulnerabilidad no especificada en el componente Oracle Spatial en Oracle Database 9.0.1.5, 9.2.0.7, y 10.1.0.4 tiene impacto y vectores de ataque remotos autenticados desconocidos relacionados con mdsys.sdo_geom, también conocido como Vuln# DB22. NOTA: a fecha de 23/10/2006, Oracle no ha impugnado los informes de una tercera parte fiable de que DB22 está relacionado con la "comprobación de longitud" en la función RELATE anterior a que se llame a MD2.RELATE. • http://secunia.com/advisories/22396 http://securitytracker.com/id?1017077 http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html http://www.securityfocus.com/archive/1/449110/100/0/threaded http://www.securityfocus.com/archive/1/449711/100/0/threaded http://www.securityfocus.com/bid/20588 http://www.us-cert.gov/cas/techalerts/ •
CVSS: 9.0EPSS: 2%CPEs: 4EXPL: 0CVE-2006-5339
https://notcve.org/view.php?id=CVE-2006-5339
Unspecified vulnerability in Oracle Spatial component in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4 has unknown impact and remote authenticated attack vectors related to mdsys.sdo_geom, aka Vuln# DB11. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB11 is related to "length checking" in the RELATE function before MD2.RELATE is called. Vulnerabilidad no especificada en el componente Oracle Spatial en Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, y 10.1.0.4 tiene impacto y vectores de ataque remotos autenticados desconocidos relacionados con mdsys.sdo_geom, también conocido como Vuln# DB11. NOTA: a fecha del 23/10/2006, Oracle no ha negado los informes de terceras partes fiables de que DB11 está relacionada con la "comprobación de longitud" en la función RELATE antes de que se llame a MD2.RELATE. • http://secunia.com/advisories/22396 http://securitytracker.com/id?1017077 http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html http://www.securityfocus.com/archive/1/449110/100/0/threaded http://www.securityfocus.com/archive/1/449711/100/0/threaded http://www.securityfocus.com/bid/20588 http://www.us-cert.gov/cas/techalerts/ •