CVE-2006-5340 — Oracle Database Server vulnerability

3 documents3 sources

Severity

7.1HIGHNVD

EPSS

2.1%

top 15.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Database Server

Timeline

PublishedOct 18

Latest updateMay 1

Description

Multiple unspecified vulnerabilities in Oracle Spatial component in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.2 have unknown impact and remote authenticated attack vectors related to (1) mdsys.sdo_lrs, aka Vuln# DB13, and (2) Vuln# DB17. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB13 is related to bypassing input validation for SQL injection related to convert_to_lrs_layer and dbms_assert, and DB17 is related to SQL injection in …

CVSS vector

AV:N/AC:H/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

▶NVDoracle/database_server5 versions+4

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-8pjp-6466-7x4j: Multiple unspecified vulnerabilities in Oracle Spatial component in Oracle Database 8↗2022-05-01

▶

CVEList

CVE-2006-5340: Multiple unspecified vulnerabilities in Oracle Spatial component in Oracle Database 8↗2006-10-18

▶