Status Tracking Note TRTA06-291A

Oracle Updates for Multiple Vulnerabilities

Oracle has released patch to address numerous vulnerabilities in different Oracle products. The impacts of these vulnerabilities include remote execution of arbitrary code, information disclosure, and denial of service.

Event Information

Date (UTC)	Description
2006-10-18 18:56	US-CERT TA06-291A: Oracle Updates for Multiple Vulnerabilities Via US-CERT Mailing List Oracle has released patch to address numerous vulnerabilities in different Oracle products. The impacts of these vulnerabilities include remote execution of arbitrary code, information disclosure, and denial of service.
2006-10-18 06:36	databasesecurity.com Analysis of the October 2006 Critical Patch Update for the Oracle RDBMS
2006-10-17 18:37	Oracle Critical Patch Update - October 2006
2006-07-24	Red-Database-Security Modify Data via Inline Views (8107967) [DB09] Vulnerability Reported
2006-04-19	Red-Database-Security SQL Injection in package MDSYS.SDO_LRS (7569081) [DB13] Vulnerability Reported
2005-11-01	Red-Database-Security SQL Injection in package SYS.DBMS_SQLTUNE_INTERNAL (6980745) [DB10] Vulnerability Reported
2005-11-01	Red-Database-Security SQL Injection in package SYS.DBMS_CDC_IMPDP Vulnerability Reported
2005-11-01	Red-Database-Security SQL Injection in package XDB.DBMS_XDBZ0 [DB01]/[DB15] Vulnerability Reported
2005-10-03	Red-Database-Security Cross-Site-Scripting Vulnerability in Oracle APEX WWV_FLOW_ITEM_HELP Vulnerability Reported
2005-10-03	Red-Database-Security Cross-Site-Scripting Vulnerabilitiy in Oracle APEX NOTIFICATION_MSG Vulnerability Reported
2005-10-03	Red-Database-Security SQL Injection Vulnerability in Oracle WWV_FLOW_UTILITIES Vulnerability Reported
2003-08-28	Red-Database-Security Various Cross-Site-Scripting Vulnerabilities in Oracle Reports Vulnerability Reported


Date first published (UTC):	2006-10-23T15:23+00:00
Date last updated (UTC):	2006-10-27T01:51+00:00