Alexander Kornbrust Oracle Security Blog

Sans updated their Top-20 list of security risks.

One section covers Oracle and Database Software. Since September 2006 there are 18 new CVE vulnerabilities with a CVSS base score of 7 or higher.

CVE-2006-5332, CVE-2006-5333, CVE-2006-5334, CVE-2006-5335, CVE-2006-5336, CVE-2006-5339, CVE-2006-5340, CVE-2006-5341, CVE-2006-5342, CVE-2006-5343, CVE-2006-5344, CVE-2006-5345, CVE-2006-7138, CVE-2007-0272, CVE-2007-1442, CVE-2007-2113, CVE-2007-2118, CVE-2007-5506.

Some of the most critical vulnerabilities in Oracle databases like the view / inline-view bug or the bypass logon trigger are not covered in the SANS list.

BTW.: Microsoft SQL Server has only 1 vulnerability: CVE-2007-4814

This entry was posted on Mittwoch, November 28th, 2007 at 13:32 and is filed under Oracle Security, Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.