CVE-2009-2000 — Oracle Database Server vulnerability

22 documents7 sources

Severity

5.0MEDIUMNVD

EPSS

0.9%

top 23.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Database Server

Timeline

PublishedOct 22

Latest updateMay 2

Description

Unspecified vulnerability in the Authentication component in Oracle Database 11.1.0.7 allows remote attackers to affect confidentiality via unknown vectors.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDoracle/database_server11.1.0.7

🔴Vulnerability Details

GHSA

GHSA-p67h-5cwv-hq8r: Unspecified vulnerability in the Authentication component in Oracle Database 11↗2022-05-02

▶

Kernel

namei: allow restricted O_CREAT of FIFOs and regular files↗2018-08-23

▶

CVEList

CVE-2009-2000: Unspecified vulnerability in the Authentication component in Oracle Database 11↗2009-10-22

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Windows Outlook Express and Windows Mail - Integer Overflow↗2010-05-11

▶

Exploit-DB

phpAuction - Cross-Site Scripting↗2009-12-26

▶

Exploit-DB

XM Easy Personal FTP Server 5.8.0 - Remote Denial of Service↗2009-11-24

▶

Exploit-DB

Cisco VPN Client - Integer Overflow Denial of Service↗2009-11-21

▶

Exploit-DB

Snitz Forums 2000 3.4.7 - Sound Tag Onload Attribute Cross-Site Scripting↗2009-10-15

▶

📋Vendor Advisories

Red Hat

CVE-2009-1349: Cross-site scripting (XSS) vulnerability in C2Net Stronghold 2↗

▶

💬Community

Bugzilla

CVE-2009-0259 openoffice.org: text converter memory corruption via a crafted (1) .doc, (2) .wri, or (3) .rtf Word97 file↗2008-12-10

▶