CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2019-2484
https://notcve.org/view.php?id=CVE-2019-2484
23 Jul 2019 — Vulnerability in the Application Express component of Oracle Database Server. Supported versions that are affected are 5.1 and 18.2. Easily exploitable vulnerability allows low privileged attacker having Valid Account privilege with network access via HTTP to compromise Application Express. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Application Express, attacks may significantly impact additional products. Successful attacks of this v... • http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html •
CVSS: 10.0EPSS: 28%CPEs: 4EXPL: 1CVE-2007-3336 – CA Advantage Ingres 2.6 - Multiple Buffer Overflow Vulnerabilities (PoC)
https://notcve.org/view.php?id=CVE-2007-3336
22 Jun 2007 — Multiple "pointer overwrite" vulnerabilities in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (formerly Computer Associates) products, allow remote attackers to execute arbitrary code by sending certain TCP data at different times to the Ingres Communications Server Process (iigcc), which calls the (1) QUinsert or (2) QUremove functions with attacker-controlled input. Múltiples vulnerabilidades "pointer overwrite" en Ingres database server 2006 versiones 9.0.4, r3, 2.6 y 2.5, t... • https://www.exploit-db.com/exploits/14646 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2007-3337
https://notcve.org/view.php?id=CVE-2007-3337
22 Jun 2007 — wakeup in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (Computer Associates) products, allows local users to truncate arbitrary files via a symlink attack on the alarmwkp.def file. El inicio (wakeup) en la base de datos Ingres server 2006 9.0.4, r3, 2.6 y 2.5, tal y como se usa en los productos CA (Computer Associates), permite a usuarios locales truncar ficheros de su elección mediante un ataque symlink (de enlaces simbólicos) en el fichero alarmwkp.def. • http://osvdb.org/37485 •
CVSS: 10.0EPSS: 20%CPEs: 4EXPL: 0CVE-2007-3338
https://notcve.org/view.php?id=CVE-2007-3338
22 Jun 2007 — Multiple stack-based buffer overflows in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (Computer Associates) products, allow remote attackers to execute arbitrary code via the (1) uuid_from_char or (2) duve_get_args functions. Múltiples desbordamientos de búfer en la región stack de la memoria en Ingres database server 2006 versiones 9.0.4, r3, 2.6 y 2.5, tal como se usa en varios productos de CA (Computer Associates), permiten a los atacantes remotos ejecutar código arbitrario... • http://osvdb.org/37483 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 29%CPEs: 4EXPL: 0CVE-2007-0272
https://notcve.org/view.php?id=CVE-2007-0272
17 Jan 2007 — Multiple buffer overflows in MDSYS.MD in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4 allows remote authenticated users to cause a denial of service (crash) or execute arbitrary code via unspecified vectors involving certain public procedures, aka DB05. Múltiples desbordamientos de búfer en MDSYS.MD en Oracle Database versiones 8.1.7.4, 9.0.1.5, 9.2.0.7 y 10.1.0.4 permite a los usuarios autenticados remotos causar una denegación de servicio (bloqueo) o ejecutar código arbitrario por medio de vect... • http://osvdb.org/32911 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2007-0276
https://notcve.org/view.php?id=CVE-2007-0276
17 Jan 2007 — Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4 and 9.0.1.5 have unknown impact and attack vectors related to (1) Advanced Security Option and oklist or okdstry (DB10), (2) Oracle Net Services (DB13), and (3) Recovery Manager and oklist (DB16). Múltiples vulnerabilidades no especificadas en Oracle Database 8.1.7.4 y 9.0.1.5 tienen impacto y vectores de ataque desconocidos relacionados con (1) Advanced Security Option y oklist o okdstry (DB10), (2) Oracle Net Services (DB13), y (3) Recovery M... • http://osvdb.org/32916 •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2007-0278
https://notcve.org/view.php?id=CVE-2007-0278
17 Jan 2007 — Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unknown impact and attack vectors related to (1) NLS Runtime and lmsgen (DB12), and (2) Oracle Text and ctxkbtc (DB14). Múltiples vulnerabilidades no especificadas en Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, y 10.1.0.5 tienen impacto y vectores de ataque desconocidos relacionados con (1) NLS Runtime y lmsgen (DB12), y (2) Oracle Text y ctxkbtc (DB14). • http://osvdb.org/32918 •
CVSS: 9.8EPSS: 5%CPEs: 4EXPL: 0CVE-2006-5339
https://notcve.org/view.php?id=CVE-2006-5339
18 Oct 2006 — Unspecified vulnerability in Oracle Spatial component in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4 has unknown impact and remote authenticated attack vectors related to mdsys.sdo_geom, aka Vuln# DB11. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB11 is related to "length checking" in the RELATE function before MD2.RELATE is called. Vulnerabilidad no especificada en el componente Oracle Spatial en Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, y 10.1.0.4 t... • http://secunia.com/advisories/22396 •
CVSS: 9.8EPSS: 10%CPEs: 5EXPL: 0CVE-2006-5340
https://notcve.org/view.php?id=CVE-2006-5340
18 Oct 2006 — Multiple unspecified vulnerabilities in Oracle Spatial component in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.2 have unknown impact and remote authenticated attack vectors related to (1) mdsys.sdo_lrs, aka Vuln# DB13, and (2) Vuln# DB17. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB13 is related to bypassing input validation for SQL injection related to convert_to_lrs_layer and dbms_assert, and DB17 is related to SQL injection in the trigger ... • http://archive.cert.uni-stuttgart.de/archive/bugtraq/2006/07/msg00489.html •
CVSS: 9.8EPSS: 13%CPEs: 4EXPL: 0CVE-2006-5344
https://notcve.org/view.php?id=CVE-2006-5344
18 Oct 2006 — Multiple unspecified vulnerabilities in Oracle Spatial component in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4 have unknown impact and remote authenticated attack vectors related to (1) mdsys.sdo_3gl, aka Vuln# DB20, and (2) mdsys.sdo_cs, aka DB21. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB20 is a buffer overflow in GEOM_OPERATION, and DB21 is related to a buffer overflow and SQL injection in TRANSFORM_LAYER. Múltiples vulnerabilidades no especific... • http://secunia.com/advisories/22396 •