[SECURITY] [DSA 2120-1] New postgresql-8.3 packages fix privilege escalation

------------------------------------------------------------------------ Debian Security Advisory DSA-2120-1 [email protected] http://www.debian.org/security/ Florian Weimer October 12, 2010 http://www.debian.org/security/faq -...

ToolTalk rpc.ttdbserverd Database Parser Heap Overflow (CVE-2010-0083)

ToolTalk is a communications system developed by Sun Microsystems in order to allow applications to communicate with each other at runtime. A heap overflow vulnerability has been discovered in the ToolTalk database server. The vulnerability is located within a function of the ToolTalk database...

CVE-2010-0892

Unspecified vulnerability in the Application Express component in Oracle Database Server 3.2.0.00.27 allows remote attackers to affect integrity via unknown vectors...

CVE-2010-0902

Unspecified vulnerability in the Oracle OLAP component in Oracle Database Server 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, 11.1.0.7, and 11.2.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors...

CVE-2010-0900

Unspecified vulnerability in the Network Layer component in Oracle Database Server 9.2.0.8, 10.1.0.5, 10.2.0.4, 11.1.0.7, and 11.2.0.1, when running on Windows, allows remote attackers to affect availability via unknown vectors...

CVE-2010-0901

Unspecified vulnerability in the Export component in Oracle Database Server 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, 11.1.0.7, and 11.2.0.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Select Any Dictionary...

Design/Logic Flaw

Unspecified vulnerability in the Application Express component in Oracle Database Server 3.2.0.00.27 allows remote attackers to affect integrity via unknown vectors...

Design/Logic Flaw

Unspecified vulnerability in the Network Layer component in Oracle Database Server 9.2.0.8, 10.1.0.5, 10.2.0.4, 11.1.0.7, and 11.2.0.1, when running on Windows, allows remote attackers to affect availability via unknown vectors...

Design/Logic Flaw

Unspecified vulnerability in the Export component in Oracle Database Server 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, 11.1.0.7, and 11.2.0.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Select Any Dictionary...

CVE-2010-0900

Unspecified vulnerability in the Network Layer component in Oracle Database Server 9.2.0.8, 10.1.0.5, 10.2.0.4, 11.1.0.7, and 11.2.0.1, when running on Windows, allows remote attackers to affect availability via unknown vectors...

CVE-2010-0901

Unspecified vulnerability in the Export component in Oracle Database Server 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, 11.1.0.7, and 11.2.0.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Select Any Dictionary...

CVE-2010-0911

CVE-2010-0911 : The Oracle Database Server Listener component is affected by an unspecified vulnerability that allows remote attackers to impact availability via unknown vectors. The CVE is documented with a base CVSS v2 score of 7.8 (HIGH), attack vector Network, no authentication required, and ...

CVE-2010-0903

CVE-2010-0903 is a confirmed Oracle Database Server vulnerability affecting the Net Foundation Layer on Windows, with versions 9.2.0.8, 10.1.0.5, 10.2.0.4, 11.1.0.7, and 11.2.0.1. The issue is remotely exploitable over a network and contributes to availability impact (CVSSv2 base score 7.8). Orac...

CVE-2010-0902

CVE-2010-0902 affects Oracle Database Server’s OLAP component via Oracle Net (Create Session). Affected versions: 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, 11.1.0.7, 11.2.0.1. The vulnerability is not remote unauthenticated (Requires authentication) but can impact confidentiality, integrity, and av...

CVE-2010-0900

CVE-2010-0900 involves the Network Layer component (Oracle Net) in Oracle Database Server on Windows (versions 9.2.0.8, 10.1.0.5, 10.2.0.4, 11.1.0.7, 11.2.0.1). The vulnerability allows remote attackers to affect availability via unknown vectors and is listed in the Oracle July 2010 CPU advisory ...

CVE-2010-0892

CVE-2010-0892 affects Oracle Application Express (Apex) within Oracle Database Server 3.2.0.00.27. The vulnerability is described as unspecified, allowing remote attackers to affect integrity via unknown vectors. Oracle’s July 2010 CPU documents this CVE under Oracle Database Server, with the Ape...

CVE-2010-0892

Unspecified vulnerability in the Application Express component in Oracle Database Server 3.2.0.00.27 allows remote attackers to affect integrity via unknown vectors...

CVE-2010-0911

Unspecified vulnerability in the Listener component in Oracle Database Server 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, 11.1.0.7, and 11.2.0.1 allows remote attackers to affect availability via unknown vectors...

Oracle Releases Critical Patch Update for July 2010

Oracle has released its Critical Patch Update for July 2010 to address 59 vulnerabilities across multiple products. This update contains the following security fixes: 6 for Oracle Database Server 2 for TimesTen In-Memory Database 5 for Oracle Secure Backup 7 for Oracle Fusion Middleware 1 for...

Oracle Database Server Crafted View Privilege Escalation (CVE-2006-1705)

A privilege escalation vulnerability exists in the Oracle Database Server product. The vulnerability is caused by a design error in the processing of Join Views. An attacker with limited privileges may exploit this vulnerability to gain escalated privileges. Leveraging the vulnerability allows an...