CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2019-2484
https://notcve.org/view.php?id=CVE-2019-2484
23 Jul 2019 — Vulnerability in the Application Express component of Oracle Database Server. Supported versions that are affected are 5.1 and 18.2. Easily exploitable vulnerability allows low privileged attacker having Valid Account privilege with network access via HTTP to compromise Application Express. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Application Express, attacks may significantly impact additional products. Successful attacks of this v... • http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html •
CVSS: 9.9EPSS: 0%CPEs: 6EXPL: 0CVE-2012-3220
https://notcve.org/view.php?id=CVE-2012-3220
17 Jan 2013 — Unspecified vulnerability in the Spatial component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users with Create Session privileges to affect confidentiality, integrity, and availability via unknown vectors. Vulnerabilidad no especificada en el componente Spatial en Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2 y 11.2.0.3 permite a usuarios autenticados remotos con privilegios Create Session afectar a la confi... • http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 •
CVSS: 7.7EPSS: 0%CPEs: 6EXPL: 0CVE-2012-3146
https://notcve.org/view.php?id=CVE-2012-3146
16 Oct 2012 — Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to affect integrity via unknown vectors. Vulnerabilidad no especificada en el componente Core RDBMS en Oracle Database Server v10.2.0.3, v10.2.0.4, v10.2.0.5, v11.1.0.7, v11.2.0.2 y v11.2.0.3 permite a usuarios autenticados remotos afectar la integridad mediante vectores desconocidos • http://osvdb.org/86387 •
CVSS: 7.5EPSS: 51%CPEs: 9EXPL: 4CVE-2012-3137 – Oracle Database - Protocol Authentication Bypass
https://notcve.org/view.php?id=CVE-2012-3137
21 Sep 2012 — The authentication protocol in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote attackers to obtain the session key and salt for arbitrary users, which leaks information about the cryptographic hash and makes it easier to conduct brute force password guessing attacks, aka "stealth password cracking vulnerability." El protocolo de autenticación en Oracle Database 11g 1 y 2 permite a atacantes remotos obtener la clave y la "salt" de sesión para usuarios de su... • https://www.exploit-db.com/exploits/22069 • CWE-287: Improper Authentication •
CVSS: 8.8EPSS: 1%CPEs: 6EXPL: 0CVE-2012-3132
https://notcve.org/view.php?id=CVE-2012-3132
10 Aug 2012 — SQL injection vulnerability in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to execute arbitrary SQL commands via vectors involving CREATE INDEX with a CTXSYS.CONTEXT INDEXTYPE and DBMS_STATS.GATHER_TABLE_STATS. Vulnerabilidad de inyección SQL en Oracle Database Server v10.2.0.3, v10.2.0.4, v10.2.0.5, v11.1.0.7, v11.2.0.2, y v11.2.0.3, permite a atacantes remotos ejecutar comandos SQL de su elección mediante vectores que comprenden C... • http://www.darkreading.com/database-security/167901020/security/news/240004776/hacking-oracle-database-indexes.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 1%CPEs: 6EXPL: 0CVE-2012-1745
https://notcve.org/view.php?id=CVE-2012-1745
17 Jul 2012 — Unspecified vulnerability in the Network Layer component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote attackers to affect availability via unknown vectors. Vulnerabilidad no especificada en el componente de capa de red en Oracle Database Server v10.2.0.3, v10.2.0.4, v10.2.0.5, v11.1.0.7, v11.2.0.2, v11.2.0.3 permite a atacantes remotos afectar a la disponibilidad a través de vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00018.html •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2012-1746
https://notcve.org/view.php?id=CVE-2012-1746
17 Jul 2012 — Unspecified vulnerability in the Network Layer component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3, when running on Windows, allows remote attackers to affect availability via unknown vectors, a different vulnerability than CVE-2012-1747. Vulnerabilidad no especificada en el componente Network Layer en Oracle Database Server v10.2.0.3, v10.2.0.4, v10.2.0.5, v11.1.0.7, v11.2.0.2 y v11.2.0.3, cuando se ejecuta en Windows, permite a atacantes remotos afectar a la ... • http://osvdb.org/83947 •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2012-1747
https://notcve.org/view.php?id=CVE-2012-1747
17 Jul 2012 — Unspecified vulnerability in the Network Layer component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3, when running on Windows, allows remote attackers to affect availability via unknown vectors, a different vulnerability than CVE-2012-1746. Vulnerabilidad no especificada en el componente Network Layer en Oracle Database Server v10.2.0.3, v10.2.0.4, v10.2.0.5, v11.1.0.7, v11.2.0.2 y v11.2.0.3, cuando se ejecuta en Windows, permite a atacantes remotos afectar a la ... • http://osvdb.org/83948 •
CVSS: 8.1EPSS: 91%CPEs: 7EXPL: 4CVE-2012-1675 – Oracle TNS Listener Checker
https://notcve.org/view.php?id=CVE-2012-1675
08 May 2012 — The TNS Listener, as used in Oracle Database 11g 11.1.0.7, 11.2.0.2, and 11.2.0.3, and 10g 10.2.0.3, 10.2.0.4, and 10.2.0.5, as used in Oracle Fusion Middleware, Enterprise Manager, E-Business Suite, and possibly other products, allows remote attackers to execute arbitrary database commands by performing a remote registration of a database (1) instance or (2) service name that already exists, then conducting a man-in-the-middle (MITM) attack to hijack database connections, aka "TNS Poison." TNS Listener, ta... • https://packetstorm.news/files/id/180935 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.9EPSS: 0%CPEs: 6EXPL: 0CVE-2012-0552
https://notcve.org/view.php?id=CVE-2012-0552
03 May 2012 — Unspecified vulnerability in the Oracle Spatial component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. Vulnerabilidad no especificada en el componente Oracle Spatial en Oracle Database Server v10.2.0.3, v10.2.0.4, v10.2.0.5, v11.1.0.7, v11.2.0.2 y v11.2.0.3, permite a usuarios remotos autenticados afectar la confidencialidad, integridad y disponibilidad a ... • http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00018.html •