The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of SQL*Net

computer vulnerability announce CVE-2010-5312 CVE-2016-3562 CVE-2016-5497

Oracle Database: vulnerabilities of October 2016

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Oracle Database.
Impacted products: Oracle DB, SQL*Net.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights, data reading, data creation/edition, data deletion, denial of service on service.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 9.
Creation date: 19/10/2016.
Identifiers: CERTFR-2016-AVI-348, cpuoct2016, CVE-2010-5312, CVE-2016-3562, CVE-2016-5497, CVE-2016-5498, CVE-2016-5499, CVE-2016-5505, CVE-2016-5516, CVE-2016-5555, CVE-2016-5572, VIGILANCE-VUL-20907.

Description of the vulnerability

Several vulnerabilities were announced in Oracle Database.

An attacker can use a vulnerability via OJVM, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-5555]

An attacker can use a vulnerability via Kernel PDB, in order to obtain information, to alter information, or to trigger a denial of service. [severity:2/4; CVE-2016-5572]

An attacker can use a vulnerability via RDBMS Security, in order to obtain information, to alter information, or to trigger a denial of service. [severity:2/4; CVE-2016-5497]

An attacker can use a vulnerability via Application Express, in order to obtain or alter information. [severity:2/4; CVE-2010-5312]

An attacker can use a vulnerability via Kernel PDB, in order to trigger a denial of service. [severity:2/4; CVE-2016-5516]

An attacker can use a vulnerability via RDBMS Programmable Interface, in order to trigger a denial of service. [severity:2/4; CVE-2016-5505]

An attacker can use a vulnerability via RDBMS Security, in order to obtain information. [severity:1/4; CVE-2016-5498]

An attacker can use a vulnerability via RDBMS Security, in order to obtain information. [severity:1/4; CVE-2016-5499]

An attacker can use a vulnerability via RDBMS Security and SQL*Plus, in order to obtain information. [severity:1/4; CVE-2016-3562]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2012-1737 CVE-2012-1745 CVE-2012-1746

Oracle Database: several vulnerabilities of July 2012

Synthesis of the vulnerability

Several vulnerabilities of Oracle Database are corrected by the CPU of July 2012.
Impacted products: Oracle DB, SQL*Net, SLES.
Severity: 3/4.
Consequences: user access/rights, data reading, data creation/edition, denial of service on service.
Provenance: user account.
Number of vulnerabilities in this bulletin: 5.
Creation date: 18/07/2012.
Identifiers: BID-54496, BID-54501, BID-54507, BID-54518, BID-54569, CERTA-2012-AVI-393, cpujul2012, CVE-2012-1737, CVE-2012-1745, CVE-2012-1746, CVE-2012-1747, CVE-2012-3134, SUSE-SU-2012:1020-1, VIGILANCE-VUL-11775.

Description of the vulnerability

A Critical Patch Update corrects several vulnerabilities of Oracle Database.

An attacker can use SQL injections in DB Performance Advisories/UIs, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-54569, CVE-2012-1737]

An attacker can use a vulnerability of Oracle NET, in order to create a denial of service. [severity:2/4; BID-54501, CVE-2012-1745]

An attacker can use a vulnerability of Oracle NET, in order to create a denial of service. [severity:2/4; BID-54507, CVE-2012-1746]

An attacker can use a vulnerability of Oracle NET, in order to create a denial of service. [severity:2/4; BID-54518, CVE-2012-1747]

An attacker can use a vulnerability of Core RDBMS, in order to create a denial of service. [severity:2/4; BID-54496, CVE-2012-3134]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2012-0510 CVE-2012-0511 CVE-2012-0512

Oracle Database: several vulnerabilities of April 2012

Synthesis of the vulnerability

Several vulnerabilities of Oracle Database are corrected by the CPU of April 2012.
Impacted products: Oracle DB, SQL*Net, SLES.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights, data reading, data creation/edition, data deletion, denial of service on service.
Provenance: user account.
Number of vulnerabilities in this bulletin: 12.
Creation date: 18/04/2012.
Identifiers: BID-53063, BID-53072, BID-53076, BID-53081, BID-53084, BID-53089, BID-53090, BID-53092, BID-53093, BID-53097, BID-53101, BID-53104, CERTA-2012-AVI-220, cpuapr2012, CVE-2012-0510, CVE-2012-0511, CVE-2012-0512, CVE-2012-0519, CVE-2012-0520, CVE-2012-0525, CVE-2012-0526, CVE-2012-0527, CVE-2012-0528, CVE-2012-0534, CVE-2012-0552, CVE-2012-1708, SUSE-SU-2012:1020-1, VIGILANCE-VUL-11549.

Description of the vulnerability

A Critical Patch Update corrects several vulnerabilities of Oracle Database.

An attacker can use a vulnerability of Oracle Spatial, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-53097, CVE-2012-0552]

An attacker can use a vulnerability of Core RDBMS, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-53072, CVE-2012-0519]

An attacker can use a vulnerability of Core RDBMS, in order to alter information, or to create a denial of service. [severity:2/4; BID-53090, CVE-2012-0510]

An attacker can use a vulnerability of OCI, in order to obtain or alter information. [severity:2/4; BID-53101, CVE-2012-0511]

An attacker can use a vulnerability of Enterprise Manager Base Platform, in order to obtain or alter information. [severity:2/4; BID-53089, CVE-2012-0528]

An attacker can use a vulnerability of Enterprise Manager Base Platform, in order to obtain or alter information. [severity:2/4; BID-53092, CVE-2012-0512]

An attacker can use a vulnerability of Enterprise Manager Base Platform, in order to obtain or alter information. [severity:2/4; BID-53063, CVE-2012-0525]

An attacker can use a vulnerability of Application Express, in order to alter information. [severity:2/4; BID-53104, CVE-2012-1708]

An attacker can use a vulnerability of Enterprise Manager Base Platform, in order to alter information. [severity:2/4; BID-53084, CVE-2012-0526]

An attacker can use a vulnerability of Enterprise Manager Base Platform, in order to alter information. [severity:2/4; BID-53093, CVE-2012-0527]

An attacker can use a vulnerability of Enterprise Manager Base Platform, in order to alter information. [severity:2/4; BID-53081, CVE-2012-0520]

An attacker can use a vulnerability of RDBMS Core, in order to alter information. [severity:2/4; BID-53076, CVE-2012-0534]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2010-0892 CVE-2010-0900 CVE-2010-0901

Oracle Database: several vulnerabilities of July 2010

Synthesis of the vulnerability

Several vulnerabilities of Oracle Database are corrected by the CPU of July 2010.
Impacted products: Oracle DB, Oracle Net Services, SQL*Net.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights, data reading, data creation/edition, data deletion, denial of service on service.
Provenance: user account.
Number of vulnerabilities in this bulletin: 6.
Creation date: 15/07/2010.
Identifiers: BID-41621, BID-41624, BID-41635, BID-41639, BID-41643, cpujul2010, CVE-2010-0892, CVE-2010-0900, CVE-2010-0901, CVE-2010-0902, CVE-2010-0903, CVE-2010-0911, VIGILANCE-VUL-9759.

Description of the vulnerability

The CPU (Critical Patch Update) of July 2010 corrects several vulnerabilities of Oracle Database. Oracle's announce contains a detailed table, summarized below.

An attacker can use a vulnerability of Listener, in order to create a denial of service. [severity:3/4; BID-41624, CVE-2010-0911]

An attacker can use a vulnerability of Net Foundation Layer, in order to create a denial of service. [severity:3/4; BID-41639, CVE-2010-0903]

An attacker can use a vulnerability of Oracle OLAP, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-41643, CVE-2010-0902]

An attacker can use a vulnerability of Application Express, in order to alter information. [severity:2/4; BID-41621, CVE-2010-0892]

An attacker can use a vulnerability of Network Layer, in order to create a denial of service. [severity:1/4; CVE-2010-0900]

An attacker can use a vulnerability of Export, in order to obtain information. [severity:1/4; BID-41635, CVE-2010-0901]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2009-1996 CVE-2009-3410 CVE-2009-3411

Oracle Database: several vulnerabilities of January 2010

Synthesis of the vulnerability

Several vulnerabilities of Oracle Database are corrected by the CPU of January 2010.
Impacted products: Oracle DB, SQL*Net.
Severity: 2/4.
Consequences: privileged access/rights, data reading, data creation/edition, denial of service on service.
Provenance: user account.
Number of vulnerabilities in this bulletin: 9.
Creation date: 13/01/2010.
Identifiers: BID-37728, BID-37729, BID-37730, BID-37731, BID-37738, BID-37740, BID-37743, BID-37746, CERTA-2010-AVI-010, cpujan2010, CVE-2009-1996, CVE-2009-3410, CVE-2009-3411, CVE-2009-3412, CVE-2009-3413, CVE-2009-3414, CVE-2009-3415, CVE-2010-0071, CVE-2010-0076, VIGILANCE-VUL-9339.

Description of the vulnerability

The CPU (Critical Patch Update) of January 2010 corrects several vulnerabilities of Oracle Database. Oracle's announce contains a detailed table, summarized below.

An attacker can generate a buffer overflow in the nsglvcrt() function of the Listener, in order to obtain information, to alter information, or to generate a denial of service. [severity:2/4; BID-37728, CVE-2010-0071]

An attacker can use a vulnerability of Oracle OLAP, in order to obtain information, to alter information, or to generate a denial of service. [severity:2/4; BID-37729, CVE-2009-3415]

An attacker can use a vulnerability of Application Express Application Builder, in order to obtain information, to alter information, or to generate a denial of service. [severity:2/4; CVE-2010-0076]

An attacker can use a vulnerability of Oracle Data Pump, in order to obtain information or to alter information. [severity:2/4; BID-37743, CVE-2009-3411]

An attacker can use a vulnerability of Oracle Spatial, in order to obtain information or to alter information. [severity:2/4; BID-37730, CVE-2009-3414]

An attacker can use a vulnerability of Logical Standby, in order to alter information. [severity:2/4; BID-37740, CERTA-2010-AVI-010, CVE-2009-1996]

An attacker can use a vulnerability of RDBMS, in order to obtain information ou to alter information. [severity:2/4; BID-37746, CVE-2009-3410]

An attacker can use a vulnerability of Oracle Spatial, in order to obtain information or to alter information. [severity:2/4; BID-37738, CVE-2009-3413]

An attacker can use a vulnerability of Unzip, in order to obtain information. [severity:1/4; BID-37731, CVE-2009-3412]
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2009-1007 CVE-2009-1018 CVE-2009-1964

Oracle Database: several vulnerabilities of October 2009

Synthesis of the vulnerability

Several vulnerabilities of Oracle Database are corrected by the CPU of October 2009.
Impacted products: Oracle DB, SQL*Net.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights, data reading, data creation/edition, data deletion, denial of service on service.
Provenance: user account.
Number of vulnerabilities in this bulletin: 16.
Creation date: 21/10/2009.
Identifiers: BID-36742, BID-36743, BID-36744, BID-36745, BID-36747, BID-36748, BID-36750, BID-36751, BID-36752, BID-36754, BID-36755, BID-36756, BID-36758, BID-36759, BID-36760, cpuoct2009, CVE-2009-1007, CVE-2009-1018, CVE-2009-1964, CVE-2009-1965, CVE-2009-1971, CVE-2009-1972, CVE-2009-1979, CVE-2009-1985, CVE-2009-1991, CVE-2009-1992, CVE-2009-1993, CVE-2009-1994, CVE-2009-1995, CVE-2009-1997, CVE-2009-2000, CVE-2009-2001, DSECRG-09-010, VIGILANCE-VUL-9104.

Description of the vulnerability

The CPU (Critical Patch Update) of October 2009 corrects several vulnerabilities of Oracle Database. Oracle's announce contains a detailed table, summarized below.

An attacker can use a vulnerability of Core RDBMS, in order to obtain information, to alter information, or to generate a denial of service. [severity:3/4; BID-36742, CVE-2009-1992]

An attacker can use a vulnerability of Network Authentication, in order to obtain information, to alter information, or to generate a denial of service. [severity:3/4; BID-36747, CVE-2009-1979]

An attacker can use a vulnerability of Network Authentication, in order to obtain information, to alter information, or to generate a denial of service. [severity:3/4; BID-36745, CVE-2009-1985]

An attacker can use a vulnerability of Data Mining, in order to obtain information, to alter information, or to generate a denial of service. [severity:2/4; BID-36750, CVE-2009-1007]

An attacker can use a vulnerability of Oracle Spatial, in order to obtain information, to alter information, or to generate a denial of service. [severity:2/4; BID-36744, CVE-2009-1994]

An attacker can use a vulnerability of PL/SQL, in order to obtain information, to alter information, or to generate a denial of service. [severity:3/4; BID-36743, CVE-2009-2001]

An attacker can use a vulnerability of Application Express, in order to obtain information, or to alter information. [severity:2/4; BID-36759, CVE-2009-1993]

An attacker can use a vulnerability of Workspace Manager, in order to obtain information, or to alter information. [severity:2/4; CVE-2009-1018]

An attacker can use a vulnerability of Workspace Manager, in order to obtain information, or to alter information. [severity:2/4; BID-36755, CVE-2009-1964]

An attacker can use a vulnerability of Net Foundation Layer, in order to obtain information, to alter information, or to generate a denial of service. [severity:2/4; BID-36760, CVE-2009-1965]

An attacker can use a vulnerability of Authentication, in order to obtain information. [severity:1/4; BID-36751, CVE-2009-1997]

An attacker can use a vulnerability of Authentication, in order to obtain information. [severity:1/4; BID-36756, CVE-2009-2000]

An attacker can use a vulnerability of Advanced Queuing, in order to obtain information, or to alter information. [severity:2/4; BID-36752, CVE-2009-1995]

An attacker can generate a SQL injection in CTXSYS.DRVXTABC of Oracle Text, in order to obtain information, or to alter information. [severity:2/4; BID-36748, CVE-2009-1991, DSECRG-09-010]

An attacker can use a vulnerability of Data Pump, in order to alter information. [severity:2/4; BID-36754, CVE-2009-1971]

An attacker can use a vulnerability of Auditing, in order to alter information. [severity:2/4; BID-36758, CVE-2009-1972]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2009-0987 CVE-2009-1015 CVE-2009-1019

Oracle Database: several vulnerabilities of July 2009

Synthesis of the vulnerability

Several vulnerabilities are corrected by the CPU of July 2009.
Impacted products: Oracle DB, Oracle Net Services, SQL*Net.
Severity: 2/4.
Consequences: privileged access/rights, data reading, data creation/edition, denial of service on service.
Provenance: user account.
Number of vulnerabilities in this bulletin: 12.
Creation date: 15/07/2009.
Revision date: 27/07/2009.
Identifiers: BID-35676, BID-35677, BID-35679, BID-35680, BID-35681, BID-35682, BID-35683, BID-35684, BID-35685, BID-35687, BID-35689, BID-35692, cpujul2009, CVE-2009-0987, CVE-2009-1015, CVE-2009-1019, CVE-2009-1020, CVE-2009-1021, CVE-2009-1963, CVE-2009-1966, CVE-2009-1967, CVE-2009-1968, CVE-2009-1969, CVE-2009-1970, CVE-2009-1973, DSECRG-09-025, VIGILANCE-VUL-8865.

Description of the vulnerability

The CPU (Critical Patch Update) of July 2009 corrects several vulnerabilities of Oracle Database. Oracle's announce contains a detailed table, summarized below.

An attacker can send a TTIPFN packet in order to write a zero in the memory of the process, in order to obtain or alter information or create a denial of service via a vulnerability of Network Foundation. [severity:2/4; BID-35684, CVE-2009-1020]

An attacker can send NSPTCN packets to obtain or alter information or create a denial of service via a vulnerability of Network Authentication. [severity:2/4; BID-35680, CVE-2009-1019]

An attacker can use a TTIPFN packet in order to alter information or create a denial of service via a vulnerability of Network Foundation. [severity:1/4; BID-35677, CVE-2009-1963]

An attacker can obtain or alter information via a vulnerability of REPCAT_RPC.VALIDATE_REMOTE_RC of Advanced Replication. [severity:2/4; BID-35685, CVE-2009-1021]

An attacker can obtain or alter information via a SQL injection of Config Management (Oracle Enterprise Manager. [severity:2/4; BID-35676, CVE-2009-1966]

An attacker can obtain or alter information via a SQL injection of Config Management (Oracle Enterprise Manager). [severity:2/4; BID-35692, CVE-2009-1967]

An attacker can obtain or alter information via a vulnerability of Upgrade. [severity:2/4; BID-35679, CVE-2009-0987]

An attacker can obtain or alter information via a vulnerability of Virtual Private Database. [severity:2/4; BID-35687, CVE-2009-1973]

An attacker can send a TNS command in a loop, in order to create a denial of service via a vulnerability of Listener. [severity:2/4; BID-35683, CVE-2009-1970]

An attacker can generate a Cross Site Scripting in the /search/query/search page of Secure Enterprise Search. [severity:2/4; BID-35681, CVE-2009-1968, DSECRG-09-025]

An attacker can alter information via a vulnerability of Core RDBMS. [severity:2/4; BID-35682, CVE-2009-1015]

An attacker can obtain information via a vulnerability of Auditing. [severity:1/4; BID-35689, CVE-2009-1969]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2009-0972 CVE-2009-0973 CVE-2009-0975

Oracle Database: several vulnerabilities of April 2009

Synthesis of the vulnerability

Several vulnerabilities are corrected by the CPU of April 2009.
Impacted products: Oracle DB, Oracle Net Services, SQL*Net.
Severity: 2/4.
Consequences: user access/rights, data reading, data creation/edition, denial of service on service.
Provenance: user account.
Number of vulnerabilities in this bulletin: 16.
Creation date: 15/04/2009.
Revision date: 21/04/2009.
Identifiers: CERTA-2009-AVI-154, CPUapr2009, CVE-2009-0972, CVE-2009-0973, CVE-2009-0975, CVE-2009-0976, CVE-2009-0977, CVE-2009-0978, CVE-2009-0979, CVE-2009-0980, CVE-2009-0981, CVE-2009-0984, CVE-2009-0985, CVE-2009-0986, CVE-2009-0988, CVE-2009-0991, CVE-2009-0992, CVE-2009-0997, VIGILANCE-VUL-8635.

Description of the vulnerability

The CPU (Critical Patch Update) of April 2009 corrects several vulnerabilities of Oracle Database. Oracle's announce contains a detailed table, summarized below.

An attacker can generate a buffer overflow by using a long "plan" name in ALTER SYSTEM SET RESOURCE_MANAGER_PLAN or in SYS.DBMS_RESOURCE_MANAGER.SWITCH_PLAN (Resource Manager). [severity:2/4; CVE-2009-0979]

An attacker can obtain or alter information or create a denial of service via a vulnerability of Core RDBMS. [severity:2/4; CVE-2009-0985]

An attacker can obtain or alter information or create a denial of service via a vulnerability of Workspace Manager. [severity:2/4; CERTA-2009-AVI-154, CVE-2009-0972]

An attacker can inject SQL in the GRANT_TYPE_ACCESS procedure of the DBMS_AQADM_SYS package of Advanced Queuing. [severity:2/4; CVE-2009-0977]

An attacker can inject SQL in the DEQ_EXEJOB procedure of the DBMS_AQIN package of Advanced Queuing. [severity:2/4; CVE-2009-0992]

An attacker can obtain or alter information via a vulnerability of Database Vault. [severity:2/4; CVE-2009-0984]

An attacker can alter information or create a denial of service via a vulnerability of SQLX Functions. [severity:2/4; CVE-2009-0980]

An attacker can obtain or alter information via a vulnerability of Workspace Manager. [severity:2/4; CVE-2009-0975]

An attacker can obtain or alter information via a vulnerability of Workspace Manager. [severity:2/4; CVE-2009-0976]

An attacker can obtain or alter information via a SQL injection in LT.ROLLBACKWORKSPACE of Workspace Manager. [severity:2/4; CVE-2009-0978]

An attacker can obtain or alter information or create a denial of service via a vulnerability of Workspace Manager. [severity:2/4; CVE-2009-0986]

An attacker can create a denial of service via a vulnerability of Cluster Ready Services. [severity:2/4; CVE-2009-0973]

An attacker can create a denial of service via a vulnerability of Listener. [severity:2/4; CVE-2009-0991]

An attacker can obtain APEX password hashes. [severity:2/4; CVE-2009-0981]

An attacker can obtain or alter information via a vulnerability of Database Vault. [severity:2/4; CVE-2009-0997]

An attacker can obtain or alter information via a vulnerability of Password Policy. [severity:2/4; CVE-2009-0988]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2008-3973 CVE-2008-3974 CVE-2008-3978

Oracle Database: several vulnerabilities of January 2009

Synthesis of the vulnerability

Several vulnerabilities are corrected by the CPU of January 2009.
Impacted products: Oracle DB, Oracle Net Services, SQL*Net.
Severity: 2/4.
Consequences: privileged access/rights, data reading, data creation/edition.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 11.
Creation date: 14/01/2009.
Revisions dates: 15/01/2009, 04/02/2009.
Identifiers: cpujan2009, CVE-2008-3973, CVE-2008-3974, CVE-2008-3978, CVE-2008-3979, CVE-2008-3997, CVE-2008-3999, CVE-2008-4015, CVE-2008-5436, CVE-2008-5437, CVE-2008-5439, NISR13012009, VIGILANCE-VUL-8386, ZDI-09-003, ZDI-09-004.

Description of the vulnerability

The CPU (Critical Patch Update) of January 2009 corrects several vulnerabilities of Oracle Database. Oracle's announce contains a detailed table, summarized below.

An attacker (via Oracle Net, authenticated, with the EXECUTE privilege on DBMS_IJOB) can obtain or alter information via a vulnerability of Job Queue. [severity:2/4; CVE-2008-5437]

An attacker (via Oracle Net, authenticated, with the Create Session privilege) can alter information or create a denial of service via a vulnerability of Oracle OLAP. [severity:2/4; CVE-2008-5436]

An attacker (via Oracle Net, authenticated, with the Create Session privilege) can obtain or alter information via a vulnerability of Oracle Spatial. [severity:2/4; CVE-2008-3978]

An attacker (via Oracle Net, authenticated, with the Create Session privilege) can obtain privileges of the MDSYS user via MDSYS.SDO_TOPO_DROP_FTBL of Oracle Spatial. [severity:2/4; CVE-2008-3979, NISR13012009]

An attacker (via Oracle Net, authenticated, with the Execute on SYS.DBMS_STREAMS_AUTH privilege) can obtain or alter information via a vulnerability of Oracle Streams. [severity:2/4; CVE-2008-4015]

An attacker (via Oracle Net, authenticated, with the EXECUTE privilege on SYS.OLAPIMPL_T) can generate a buffer overflow in the SYS.OLAPIMPL_T.ODCITABLESTART procedure, in order to create a denial of service or to execute code. [severity:2/4; CVE-2008-3974]

An attacker (via Oracle Net, authenticated, with the EXECUTE privilege on SYS.DBMS_XSOQ_ODBO) can aller a file via a vulnerability of Summary Advisor (Oracle OLAP). [severity:2/4; CVE-2008-3997]

An attacker (via Oracle Net, authenticated, with the EXECUTE privilege on SYS.OLAPIMPL_T) can create a denial of service via a vulnerability of Oracle OLAP. [severity:2/4; CVE-2008-3999]

An attacker (local, authenticated) can obtain information via a vulnerability of SQL*Plus Windows GUI. [severity:2/4; CVE-2008-5439]

An attacker (local, authenticated) can obtain information via a vulnerability of SQL*Plus Windows GUI. [severity:1/4; CVE-2008-3973]

Other vulnerabilities impact Oracle Secure Backup, Oracle Forms, Oracle EBusiness Suite and Oracle TimesTen. [severity:1/4; ZDI-09-003, ZDI-09-004]
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.