VDB

CVE-2006-0272

CVE-2006-0272 PUBLISHED CVSS 9 CRITICAL

Unspecified vulnerability in the XML Database component of Oracle Database server 9.2.0.7 and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB29. NOTE: based on mutual credits by the relevant sources, it is highly likely that this issue is a buffer overflow in the (a) DBMS_XMLSCHEMA and (b) DBMS_XMLSCHEMA_INT packages, as exploitable via long arguments to (1) XDB.DBMS_XMLSCHEMA.GENERATESCHEMA or (2) XDB.DBMS_XMLSCHEMA.GENERATESCHEMAS.

EPSS 25.71% · 96.4th percentile

Risk Scores

CVSS 2.0
9
EPSS Score
25.71%
96.4th percentile

Affected Products

VendorProductVersions
oracleoracle9istandard_9.2.0.7
oracleoracle10genterprise_10.1.0.4, personal_10.1.0.4, standard_10.1.0.4
n/an/an/a

Timeline

  • CVE Published
  • Feb 4, 2022 EPSS Score
  • May 20, 2022 EPSS Score
  • Jul 12, 2022 EPSS Score
  • Oct 26, 2022 EPSS Score
  • Dec 18, 2022 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Apr 3, 2023 EPSS Score
  • Jun 13, 2023 EPSS Score
  • Jul 17, 2023 EPSS Score
  • Sep 8, 2023 EPSS Score
  • Oct 30, 2023 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›