Description

Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and 10.2.0.2 have unknown impact and remote authenticated attack vectors, related to (1) Change Data Capture (CDC), aka DB08, and (2) Oracle Instant Client, aka DB11. NOTE: as of 20070424, oracle has not disputed reliable claims that these issues are buffer overflows using a long CHANGE_TABLE_NAME parameter to the DBMS_CDC_IPUBLISH.CHGTAB_CACHE procedure (DB08) and Oracle Instant Client genezi utility (DB11).

Remediation

References

CVE-2007-2114

Related Vulnerabilities

WordPress Plugin Contact Form for WordPress-Ultimate Form Builder Lite Cross-Site Scripting (1.3.3)

WordPress Plugin Wonder Video Embed Cross-Site Scripting (1.7)

CKEditor Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41165)

WordPress Plugin WordPress File Upload Multiple Unspecified Vulnerabilities (3.10.0)

Atlassian Jira Insufficient Session Expiration Vulnerability (CVE-2021-39113)

Severity

Critical

Classification

CVE-2007-2114

Tags

Missing Update Known Vulnerabilities