Oracle Database Server vulnerabilities

CVE-2006-5333 [HIGH] CVE-2006-5333: Unspecified vulnerability in Oracle Spatial component in Oracle Database 10.2.0.2 has unknown impact Unspecified vulnerability in Oracle Spatial component in Oracle Database 10.2.0.2 has unknown impact and remote authenticated attack vectors related to "create session" privileges, aka Vuln# DB02. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB02 is for SQL injection in the SDO_DROP_USER_BEFORE package using a Trigger f

CVE-2006-3701 [CRITICAL] CVE-2006-3701: Unspecified vulnerability in the Dictionary component in Oracle Database 8.1.7.4, 9.0.1.5, and 9.2.0 Unspecified vulnerability in the Dictionary component in Oracle Database 8.1.7.4, 9.0.1.5, and 9.2.0.6 has unknown impact and attack vectors, aka Oracle Vuln# DB05.

CVE-2006-3702 [CRITICAL] CVE-2006-3702: Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, 10.1.0.5, and 10. Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, 10.1.0.5, and 10.2.0.2 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB06 in Export; (2) DB08, (3) DB09, (4) DB10, (5) DB11, (6) DB12, (7) DB13, (8) DB14, and (9) DBC01 for OCI; (10) DB16 for Query Rewrite/Summary Mgmt; (11) DB17, (12) DB18, (13) DB19, (14) DBC

CVE-2006-3700 [CRITICAL] CVE-2006-3700: Multiple unspecified vulnerabilities in Oracle Database 9.2.0.6 and 10.1.0.4 have unknown impact and Multiple unspecified vulnerabilities in Oracle Database 9.2.0.6 and 10.1.0.4 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB04 for Web Distributed Authoring and Versioning (DAV) and (2) DB23 for XMLDB.

CVE-2006-3699 [CRITICAL] CVE-2006-3699: Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.0.1.5 and 9.2.0.6 has unk Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.0.1.5 and 9.2.0.6 has unknown impact and attack vectors, aka Oracle Vuln# DB02.

CVE-2006-3698 [CRITICAL] CVE-2006-3698: Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 have unknown impact and attack vect Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB01 for Change Data Capture (CDC) component and (2) DB03 for Data Pump Metadata API. NOTE: as of 20060719, Oracle has not disputed a claim by a reliable researcher that DB01 is related to multiple SQL injection vulnerabilities in SY

CVE-2006-3705 [CRITICAL] CVE-2006-3705: Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 have unknown impact and attack vect Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB21 for Statistics and (2) DB22 for Upgrade & Downgrade. NOTE: as of 20060719, Oracle has not disputed a claim by a reliable researcher that DB21 is for a local SQL injection vulnerability in SYS.DBMS_STATS, and that DB22 is for SQL

CVE-2006-3703 [CRITICAL] CVE-2006-3703: Unspecified vulnerability in InterMedia for Oracle Database 9.0.1.5, 9.2.0.6, and 10.1.0.4 has unkno Unspecified vulnerability in InterMedia for Oracle Database 9.0.1.5, 9.2.0.6, and 10.1.0.4 has unknown impact and attack vectors, aka oracle Vuln# DB07.

CVE-2006-3704 [CRITICAL] CVE-2006-3704: Unspecified vulnerability in the Oracle ODBC Driver for Oracle Database 10.1.0.4 has unknown impact Unspecified vulnerability in the Oracle ODBC Driver for Oracle Database 10.1.0.4 has unknown impact and attack vectors, aka Oracle Vuln# 10.1.0.4.

CVE-2006-2505 [LOW] CVE-2006-2505: Oracle Database Server 10g Release 2 allows local users to execute arbitrary SQL queries via a refer Oracle Database Server 10g Release 2 allows local users to execute arbitrary SQL queries via a reference to a malicious package in the TYPE_NAME argument in the (1) GET_DOMAIN_INDEX_TABLES or (2) GET_V2_DOMAIN_INDEX_TABLES function in the DBMS_EXPORT_EXTENSION package.

CVE-2006-1866 [CRITICAL] CVE-2006-1866: Multiple unspecified vulnerabilities in Oracle Database Server 8.1.7.4, 9.0.1.5, 9.2.0.7, 10.1.0.5, Multiple unspecified vulnerabilities in Oracle Database Server 8.1.7.4, 9.0.1.5, 9.2.0.7, 10.1.0.5, and other versions have unknown impact and attack vectors in the (1) Advanced Replication component, as identified by Vuln# DB01, and (2) Oracle Spatial component, as identified by Vuln# DB10. NOTE: details are unavailable from Oracle, but as of 20060421, they

CVE-2006-1875 [CRITICAL] CVE-2006-1875: Unspecified vulnerability in Oracle Database Server 9.0.1.5, 9.2.0.7, and 10.1.0.5 has unknown impac Unspecified vulnerability in Oracle Database Server 9.0.1.5, 9.2.0.7, and 10.1.0.5 has unknown impact and attack vectors in the Oracle Spatial component, aka Vuln# DB11. NOTE: Oracle has not disputed reliable researcher claims that this issue is SQL injection in MDSYS.SDO_LRS_TRIG_INS.

CVE-2006-1873 [CRITICAL] CVE-2006-1873: Unspecified vulnerability in Oracle Database Server 9.2.0.7, 10.1.0.4, and 10.2.0.1 has unknown impa Unspecified vulnerability in Oracle Database Server 9.2.0.7, 10.1.0.4, and 10.2.0.1 has unknown impact and attack vectors in the Oracle Spatial component, aka Vuln# DB08.

CVE-2006-1876 [CRITICAL] CVE-2006-1876: Unspecified vulnerability in Oracle Database Server 9.2.0.7 and 10.1.0.4 has unknown impact and atta Unspecified vulnerability in Oracle Database Server 9.2.0.7 and 10.1.0.4 has unknown impact and attack vectors in the Oracle Spatial component, aka Vuln# DB12. NOTE: details are unavailable from Oracle, but as of 20060421, they have not publicly disputed a claim by a reliable independent researcher that states that the problem is SQL injection in the (1) GE

CVE-2006-1870 [CRITICAL] CVE-2006-1870: Unspecified vulnerability in Oracle Database Server 8.1.7.4, 9.0.1.5, 9.2.0.7, 10.1.0.5, and 10.2.0. Unspecified vulnerability in Oracle Database Server 8.1.7.4, 9.0.1.5, 9.2.0.7, 10.1.0.5, and 10.2.0.2 has unknown impact and attack vectors in the Export component, aka Vuln# DB05. NOTE: details are unavailable from Oracle, but as of 20060427, they have not publicly commented on whether DB05 is the same issue as CVE-2006-2081.

CVE-2006-1869 [CRITICAL] CVE-2006-1869: Unspecified vulnerability in Oracle Database Server 8.1.7.4 and 9.0.1.5 has unknown impact and attac Unspecified vulnerability in Oracle Database Server 8.1.7.4 and 9.0.1.5 has unknown impact and attack vectors in the Dictionary component, aka Vuln# DB04.

CVE-2006-1867 [CRITICAL] CVE-2006-1867: Unspecified vulnerability in Oracle Database Server 9.2.0.6 has unknown impact and attack vectors in Unspecified vulnerability in Oracle Database Server 9.2.0.6 has unknown impact and attack vectors in the Advanced Replication component, aka Vuln# DB02.

CVE-2006-1884 [CRITICAL] CVE-2006-1884: Unspecified vulnerability in the Oracle Thesaurus Management System component in Oracle E-Business S Unspecified vulnerability in the Oracle Thesaurus Management System component in Oracle E-Business Suite and OPA 4.5.2 Applications has unknown impact and attack vectors, aka Vuln# OPA01.

CVE-2006-1872 [HIGH] CVE-2006-1872: Unspecified vulnerability in Oracle Database Server 9.0.1.5 and 9.2.0.7 has unknown impact and attac Unspecified vulnerability in Oracle Database Server 9.0.1.5 and 9.2.0.7 has unknown impact and attack vectors in the Oracle Enterprise Manager Intelligent Agent component, aka Vuln# DB07.

CVE-2006-1877 [HIGH] CVE-2006-1877: Unspecified vulnerability in Oracle Database Server 8.1.7.4, 9.0.1.5, and 9.2.0.7 has unknown impact Unspecified vulnerability in Oracle Database Server 8.1.7.4, 9.0.1.5, and 9.2.0.7 has unknown impact and attack vectors in the Oracle Spatial component, aka Vuln# DB13.