Multiple Vulnerabilities in Oracle Database 9.x-10.x Affecting Advanced Queuing and Spatial Components
CVE-2007-3854

Currently unrated

Key Information:

Vendor: Oracle
Status: Database Server; Application Server; Peoplesoft Enterprise Customer Relationship Management; Peoplesoft Enterprise Peopletools
Vendor: CVE Published:; 18 July 2007

Summary

Oracle Database, versions 9.0.1.5+, 9.2.0.7, and 10.1.0.5, are affected by multiple unspecified vulnerabilities that could allow remote authenticated users to exploit components such as SYS.DBMS_PRVTAQIS in Advanced Queuing and MDSYS.MD in the Spatial component. Notably, these vulnerabilities have been reported to relate to SQL injection and buffer overflow issues, which pose risks for data integrity and application availability.

References

http://h20000.www2.hp.com/bizsupport/TechSupport/Document...

vendor-advisoryx_refsource_HP

http://secunia.com/advisories/26114

third-party-advisoryx_refsource_SECUNIA

http://www.red-database-security.com/advisory/oracle_sql_...

x_refsource_MISC

EPSS Score

6% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jul 18, 2007
Vulnerability Reserved
Jul 18, 2007