CVE-2007-3854
published 2007-07-18CVE-2007-3854: Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.5 allow remote authenticated users to have unknown impact via (1)…
medium5.5CVSS 3.1
AVNACLAuSCPIPAN
Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.5 allow remote authenticated users to have unknown impact via (1) SYS.DBMS_PRVTAQIS in the Advanced Queuing component (DB02) and (2) MDSYS.MD in the Spatial component (DB12). NOTE: Oracle has not disputed reliable researcher claims that DB02 is for SQL injection and DB12 is for a buffer overflow.
Affected
38 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| oracle | apex | — | — |
| oracle | apex | — | — |
| oracle | apex | — | — |
| oracle | apex | — | — |
| oracle | application_server | — | — |
| oracle | application_server | — | — |
| oracle | application_server | — | — |
| oracle | application_server | — | — |
| oracle | application_server | — | — |
| oracle | application_server | — | — |
| oracle | application_server | — | — |
| oracle | application_server | — | — |
| oracle | application_server | — | — |
| oracle | application_server | — | — |
| oracle | collaboration_suite | — | — |
| oracle | database_server | — | — |
| oracle | database_server | — | — |
| oracle | database_server | — | — |
| oracle | database_server | — | — |
| oracle | database_server | — | — |
| oracle | database_server | — | — |
| oracle | database_server | — | — |
| oracle | e-business_suite | — | — |
| oracle | e-business_suite | — | — |
| oracle | e-business_suite | — | — |