Status Tracking Note TRTA06-291A

Oracle Updates for Multiple Vulnerabilities

Overview

Oracle has released patch to address numerous vulnerabilities in different Oracle products. The impacts of these vulnerabilities include remote execution of arbitrary code, information disclosure, and denial of service.
Event Information


Date (UTC)Description
2006-10-18 18:56 US-CERT
TA06-291A: Oracle Updates for Multiple Vulnerabilities
Via US-CERT Mailing List
Oracle has released patch to address numerous vulnerabilities in different Oracle products. The impacts of these vulnerabilities include remote execution of arbitrary code, information disclosure, and denial of service.
2006-10-18 06:36 databasesecurity.com
Analysis of the October 2006 Critical Patch Update for the Oracle RDBMS
2006-10-17 18:37 Oracle
Critical Patch Update - October 2006
2006-07-24 Red-Database-Security
Modify Data via Inline Views (8107967) [DB09]
Vulnerability Reported
2006-04-19 Red-Database-Security
SQL Injection in package MDSYS.SDO_LRS (7569081) [DB13]
Vulnerability Reported
2005-11-01 Red-Database-Security
SQL Injection in package SYS.DBMS_SQLTUNE_INTERNAL (6980745) [DB10]
Vulnerability Reported
2005-11-01 Red-Database-Security
SQL Injection in package SYS.DBMS_CDC_IMPDP
Vulnerability Reported
2005-11-01 Red-Database-Security
SQL Injection in package XDB.DBMS_XDBZ0 [DB01]/[DB15]
Vulnerability Reported
2005-10-03 Red-Database-Security
Cross-Site-Scripting Vulnerability in Oracle APEX WWV_FLOW_ITEM_HELP
Vulnerability Reported
2005-10-03 Red-Database-Security
Cross-Site-Scripting Vulnerabilitiy in Oracle APEX NOTIFICATION_MSG
Vulnerability Reported
2005-10-03 Red-Database-Security
SQL Injection Vulnerability in Oracle WWV_FLOW_UTILITIES
Vulnerability Reported
2003-08-28 Red-Database-Security
Various Cross-Site-Scripting Vulnerabilities in Oracle Reports
Vulnerability Reported


Date first published (UTC): 2006-10-23T15:23+00:00
Date last updated (UTC): 2006-10-27T01:51+00:00