Sans updated their Top-20 list of security risks.
One section covers Oracle and Database Software. Since September 2006 there are 18 new CVE vulnerabilities with a CVSS base score of 7 or higher.
CVE-2006-5332, CVE-2006-5333, CVE-2006-5334, CVE-2006-5335, CVE-2006-5336, CVE-2006-5339, CVE-2006-5340, CVE-2006-5341, CVE-2006-5342, CVE-2006-5343, CVE-2006-5344, CVE-2006-5345, CVE-2006-7138, CVE-2007-0272, CVE-2007-1442, CVE-2007-2113, CVE-2007-2118, CVE-2007-5506.
BTW.: Microsoft SQL Server has only 1 vulnerability: CVE-2007-4814