VYPR

Database Server

by Actian

CVEs (8)

  • CVE-2007-3336Jun 22, 2007
    risk 0.04cvss epss 0.09

    Multiple "pointer overwrite" vulnerabilities in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (formerly Computer Associates) products, allow remote attackers to execute arbitrary code by sending certain TCP data at different times to the Ingres…

  • CVE-2007-3334Jun 21, 2007
    risk 0.04cvss epss 0.10

    Multiple heap-based buffer overflows in the (1) Communications Server (iigcc.exe) and (2) Data Access Server (iigcd.exe) components for Ingres Database Server 3.0.3, as used in CA (Computer Associates) products including eTrust Secure Content Manager r8 on Windows, allow remote…

  • CVE-2002-1767Dec 31, 2002
    risk 0.03cvss epss 0.04

    Buffer overflow in tnslsnr of Oracle 8i Database Server 8.1.5 for Linux allows local users to execute arbitrary code as the oracle user via a long command line argument.

  • CVE-2007-3338Jun 22, 2007
    risk 0.01cvss epss 0.07

    Multiple stack-based buffer overflows in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (Computer Associates) products, allow remote attackers to execute arbitrary code via the (1) uuid_from_char or (2) duve_get_args functions.

  • CVE-2004-1367Aug 4, 2004
    risk 0.01cvss epss 0.07

    Oracle 10g Database Server, when installed with a password that contains an exclamation point ("!") for the (1) DBSNMP or (2) SYSMAN user, generates an error that logs the password in the world-readable postDBCreation.log file, which could allow local users to obtain that…

  • CVE-2004-1366Aug 4, 2004
    risk 0.01cvss epss 0.15

    Oracle 10g Database Server stores the password for the SYSMAN account in cleartext in the world-readable emoms.properties file, which could allow local users to gain DBA privileges.

  • CVE-2007-3337Jun 22, 2007
    risk 0.00cvss epss 0.00

    wakeup in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (Computer Associates) products, allows local users to truncate arbitrary files via a symlink attack on the alarmwkp.def file.

  • CVE-2005-3447Nov 2, 2005
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in Single Sign-On in Oracle Database Server 10g up to 10.1.0.4.2 and Application Server 9.0.2.3 up to 9.0.4.2 has unknown impact and attack vectors, aka Oracle Vuln# DB33 and AS08.