The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

computer vulnerability note CVE-2012-0510 CVE-2012-0511 CVE-2012-0512

Oracle Database: several vulnerabilities of April 2012

Synthesis of the vulnerability

Several vulnerabilities of Oracle Database are corrected by the CPU of April 2012.
Impacted systems: Oracle DB, SQL*Net, SLES.
Severity of this alert: 3/4.
Consequences of an intrusion: privileged access/rights, user access/rights, data reading, data creation/edition, data deletion, denial of service on service.
Pirate's origin: user account.
Number of vulnerabilities in this bulletin: 12.
Creation date: 18/04/2012.
Références of this alert: BID-53063, BID-53072, BID-53076, BID-53081, BID-53084, BID-53089, BID-53090, BID-53092, BID-53093, BID-53097, BID-53101, BID-53104, CERTA-2012-AVI-220, cpuapr2012, CVE-2012-0510, CVE-2012-0511, CVE-2012-0512, CVE-2012-0519, CVE-2012-0520, CVE-2012-0525, CVE-2012-0526, CVE-2012-0527, CVE-2012-0528, CVE-2012-0534, CVE-2012-0552, CVE-2012-1708, SUSE-SU-2012:1020-1, VIGILANCE-VUL-11549.

Description of the vulnerability

A Critical Patch Update corrects several vulnerabilities of Oracle Database.

An attacker can use a vulnerability of Oracle Spatial, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-53097, CVE-2012-0552]

An attacker can use a vulnerability of Core RDBMS, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-53072, CVE-2012-0519]

An attacker can use a vulnerability of Core RDBMS, in order to alter information, or to create a denial of service. [severity:2/4; BID-53090, CVE-2012-0510]

An attacker can use a vulnerability of OCI, in order to obtain or alter information. [severity:2/4; BID-53101, CVE-2012-0511]

An attacker can use a vulnerability of Enterprise Manager Base Platform, in order to obtain or alter information. [severity:2/4; BID-53089, CVE-2012-0528]

An attacker can use a vulnerability of Enterprise Manager Base Platform, in order to obtain or alter information. [severity:2/4; BID-53092, CVE-2012-0512]

An attacker can use a vulnerability of Enterprise Manager Base Platform, in order to obtain or alter information. [severity:2/4; BID-53063, CVE-2012-0525]

An attacker can use a vulnerability of Application Express, in order to alter information. [severity:2/4; BID-53104, CVE-2012-1708]

An attacker can use a vulnerability of Enterprise Manager Base Platform, in order to alter information. [severity:2/4; BID-53084, CVE-2012-0526]

An attacker can use a vulnerability of Enterprise Manager Base Platform, in order to alter information. [severity:2/4; BID-53093, CVE-2012-0527]

An attacker can use a vulnerability of Enterprise Manager Base Platform, in order to alter information. [severity:2/4; BID-53081, CVE-2012-0520]

An attacker can use a vulnerability of RDBMS Core, in order to alter information. [severity:2/4; BID-53076, CVE-2012-0534]
Full Vigil@nce bulletin... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides application vulnerability alerts. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system. Each administrator can customize the list of products for which he wants to receive vulnerability alerts. The Vigil@nce vulnerability database contains several thousand vulnerabilities.