cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2025-21553,https://securityvulnerability.io/vulnerability/CVE-2025-21553,Vulnerability in Java VM of Oracle Database Server,"A vulnerability exists in the Java VM component of Oracle Database Server allowing a low-privileged attacker with specific privileges to exploit it. This vulnerability can enable unauthorized updates, insertions, or deletions of Java VM accessible data, as well as unauthorized reading of certain data. Affected versions include Oracle Database Server 19.3 to 19.25, 21.3 to 21.16, and 23.4 to 23.6. The vulnerability can be exploited over the network via Oracle Net, highlighting the need for immediate attention from users of affected versions to safeguard their data.",Oracle,Oracle Database Server,4.2,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-21T20:53:17.298Z,0
CVE-2024-21251,https://securityvulnerability.io/vulnerability/CVE-2024-21251,Vulnerability in Java VM Component Could Allow Privilege Escalation,"Vulnerability in the Java VM component of Oracle Database Server.  Supported versions that are affected are 19.3-19.24, 21.3-21.15 and  23.4-23.5. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via Oracle Net to compromise Java VM.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Java VM accessible data. CVSS 3.1 Base Score 3.1 (Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N).",Oracle,Oracle Database Server,3.1,LOW,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-10-15T19:52:51.702Z,0
CVE-2024-21242,https://securityvulnerability.io/vulnerability/CVE-2024-21242,xml database vulnerability,"Vulnerability in the XML Database component of Oracle Database Server.  Supported versions that are affected are 19.3-19.24, 21.3-21.15 and  23.4-23.5. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via HTTP to compromise XML Database.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of XML Database. CVSS 3.1 Base Score 3.5 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L).",Oracle,Oracle Database Server,3.5,LOW,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-10-15T19:52:48.993Z,0
CVE-2024-21233,https://securityvulnerability.io/vulnerability/CVE-2024-21233,Vulnerability in Oracle Database Server Core Component,"A vulnerability in the Oracle Database Server's core component allows an attacker with low privileges and network access to exploit the system. The flaw enables unauthorized updates, inserts, or deletions of accessible data, thereby compromising data integrity. Supported versions affected include 19.3 to 19.24, 21.3 to 21.15, and 23.4 to 23.5. Users are advised to apply necessary security patches to mitigate the risk.",Oracle,Oracle Database Server,4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-10-15T19:52:46.224Z,0
CVE-2024-21126,https://securityvulnerability.io/vulnerability/CVE-2024-21126,Unauthenticated Remote Code Execution in Oracle Database Server's Clusterware,"An unauthenticated remote code execution vulnerability exists in the Oracle Database Portable Clusterware component of Oracle Database Server, specifically affecting versions 19.3 through 19.23 and 21.3 through 21.14. An attacker with network access via DNS could exploit this vulnerability to compromise the Clusterware, potentially leading to unauthorized changes and partial denial of service conditions. Although the vulnerability resides within the Clusterware, the ramifications may extend beyond it, impacting additional Oracle products.",Oracle,Database - Enterprise Edition,5.8,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-07-16T23:15:00.000Z,0
CVE-2024-21123,https://securityvulnerability.io/vulnerability/CVE-2024-21123,Database Integrity Vulnerability in Oracle Database Server,"A vulnerability in the Oracle Database Core component poses a risk for systems executing Oracle Database Server versions 19.3 to 19.23. This issue can be exploited by an attacker with SYSDBA privilege, enabling them to gain unauthorized access to the data within the Oracle Database Core. A successful exploit can lead to unauthorized operations such as updating, inserting, or deleting critical data. This scenario highlights the importance of securing database environments and restricting access based on the principles of least privilege. For further information, see the Oracle Advisory.",Oracle,Database - Enterprise Edition,2.3,LOW,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-07-16T23:15:00.000Z,0
CVE-2024-21184,https://securityvulnerability.io/vulnerability/CVE-2024-21184,Oracle Database RDBMS Security Vulnerability: High Privilege Takeover Risk,"A security vulnerability exists in the Oracle Database RDBMS Security component that affects Oracle Database Server versions 19.3 to 19.23. This vulnerability can be easily exploited by an attacker with high privileges, specifically someone with Execute permissions on SYS.XS_DIAG. Through network access via Oracle Net, this flaw enables the attacker to compromise the Oracle Database RDBMS Security system. Successful exploitation of this vulnerability may lead to a complete takeover of the affected security components, highlighting significant concerns over database integrity and confidentiality.",Oracle,Database - Enterprise Edition,7.2,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-07-16T23:15:00.000Z,0
CVE-2024-21174,https://securityvulnerability.io/vulnerability/CVE-2024-21174,Vulnerability in Oracle Database Server Java VM Could Lead to Partial Denial of Service,"A vulnerability in the Java VM component of Oracle Database Server allows low privileged attackers to exploit network access. Required privileges include Create Session and Create Procedure, facilitating potential unauthorized actions within the database environment. Successful exploitation of this vulnerability can lead to a partial denial of service (DoS) affecting the Java VM, disrupting service availability for legitimate users.",Oracle,Database - Enterprise Edition,3.1,LOW,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-07-16T23:15:00.000Z,0
CVE-2024-20995,https://securityvulnerability.io/vulnerability/CVE-2024-20995,Vulnerability in Oracle Database Sharding Component,"The Oracle Database Sharding component of Oracle Database Server contains an exploitable vulnerability that allows an attacker with DBA privileges and network access via Oracle Net to compromise the database. While successful exploitation requires human interaction from a different individual, the result can lead to unauthorized actions causing a partial denial of service on the Oracle Database Sharding. This vulnerability affects specific versions of the Oracle Database, including 19.3 to 19.22 and 21.3 to 21.13, making it critical for organizations to address this security concern promptly.",Oracle,Database Server,2.4,LOW,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-04-16T22:15:00.000Z,0
CVE-2024-21066,https://securityvulnerability.io/vulnerability/CVE-2024-21066,Vulnerability in Oracle Database Server RDBMS Component,"A vulnerability exists in the RDBMS component of Oracle Database Server that allows an attacker with authenticated user privileges to compromise the RDBMS. The successful exploitation of this vulnerability necessitates human interaction from an unsuspecting user. Once compromised, an attacker could gain unauthorized access to sensitive data, potentially leading to complete access to all data accessible through the RDBMS. Supported versions affected include those within the 19.3 to 19.22 range and 21.3 to 21.13. For more details, refer to Oracle's advisory.",Oracle,Database - Enterprise Edition,4.2,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-04-16T22:15:00.000Z,0
CVE-2024-21058,https://securityvulnerability.io/vulnerability/CVE-2024-21058,Vulnerability in Unified Audit Component of Oracle Database Server,"This vulnerability exists in the Unified Audit component of Oracle Database Server, affecting supported versions 19.3 to 19.22 and 21.3 to 21.13. A high-privileged attacker with SYSDBA access via Oracle Net can exploit this vulnerability to compromise Unified Audit functionality. Such exploitation can lead to unauthorized creation, deletion, or modification of critical data, posing a significant risk to the integrity and confidentiality of accessible data.",Oracle,Database - Enterprise Edition,4.9,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-04-16T22:15:00.000Z,0
CVE-2024-20911,https://securityvulnerability.io/vulnerability/CVE-2024-20911,Oracle Audit Vault and Database Firewall Vulnerability Could Lead to Unauthorized Data Access,"Vulnerability in Oracle Audit Vault and Database Firewall (component: Firewall).  Supported versions that are affected are 20.1-20.9. Difficult to exploit vulnerability allows high privileged attacker with network access via Oracle Net to compromise Oracle Audit Vault and Database Firewall.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Audit Vault and Database Firewall, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in  unauthorized read access to a subset of Oracle Audit Vault and Database Firewall accessible data. CVSS 3.1 Base Score 2.6 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:N/A:N).",Oracle,Audit Vault And Database Firewall,2.6,LOW,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-02-17T02:15:00.000Z,0
CVE-2024-20903,https://securityvulnerability.io/vulnerability/CVE-2024-20903,Vulnerability in Java VM Component Could Lead to Unauthorized Data Access,"Vulnerability in the Java VM component of Oracle Database Server.  Supported versions that are affected are 19.3-19.21 and  21.3-21.12. Easily exploitable vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via Oracle Net to compromise Java VM.  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Java VM accessible data. CVSS 3.1 Base Score 6.5 (Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N).",Oracle,Database - Enterprise Edition,6.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-02-17T02:15:00.000Z,0
CVE-2024-20909,https://securityvulnerability.io/vulnerability/CVE-2024-20909,Unauthenticated Network Access Vulnerability in Oracle Audit Vault and Database Firewall,"A significant security vulnerability has been identified in Oracle Audit Vault and Database Firewall, specifically impacting versions 20.1 to 20.9. This issue allows an unauthenticated attacker with network access through Oracle Net to exploit the system, leading to unauthorized actions such as the creation, deletion, or modification of sensitive data. The unaddressed access can severely compromise the integrity of the data managed by the Oracle Audit Vault and Database Firewall, posing a noteworthy risk to data security. Organizations utilizing these versions are advised to review their configurations and apply necessary security measures as detailed in the Oracle Advisory.",Oracle,Audit Vault And Database Firewall,7.5,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-02-17T02:15:00.000Z,0
CVE-2024-20924,https://securityvulnerability.io/vulnerability/CVE-2024-20924,Vulnerability in Oracle Database Firewall Affects Oracle's Security Solutions,"A vulnerability exists in Oracle's Audit Vault and Database Firewall that can be potentially exploited by high privileged attackers who have network access through Oracle Net. This vulnerability poses a significant risk as it may affect not only the Oracle Audit Vault and Database Firewall itself but also extend its impact to additional products. Successful exploitation requires human interaction from an individual other than the attacker, making it less straightforward yet still concerning. Given the nature of this vulnerability, attackers could potentially take over the Oracle Audit Vault and Database Firewall, leading to substantial confidentiality, integrity, and availability concerns for organizations relying on these security solutions.",Oracle,Audit Vault and Database Firewall,7.6,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-01-16T21:41:15.905Z,0
CVE-2024-20912,https://securityvulnerability.io/vulnerability/CVE-2024-20912,Vulnerability in Oracle Audit Vault and Database Firewall - Oracle,"A vulnerability has been identified in Oracle Audit Vault and Database Firewall, affecting versions 20.1 through 20.9. This flaw allows an attacker with high privileges and network access via Oracle Net to compromise the system's functionality. Exploiting this vulnerability can lead to unauthorized modifications, such as updates, insertions, or deletions of data accessible within the Oracle Audit Vault and Database Firewall. The integrity of data may be at risk as a result of successful exploitation.",Oracle,Audit Vault and Database Firewall,2.7,LOW,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-01-16T21:41:14.033Z,0
CVE-2024-20910,https://securityvulnerability.io/vulnerability/CVE-2024-20910,Oracle Audit Vault and Database Firewall Vulnerability,"A vulnerability exists in Oracle Audit Vault and Database Firewall that could allow a high privileged attacker with network access via Oracle Net to compromise the system. This vulnerability could lead to unauthorized read access to sensitive data within Oracle Audit Vault and Database Firewall. While primarily associated with this product, successful exploitation may have repercussions across additional products due to the interconnected nature of database systems. It is critical for organizations utilizing affected versions to assess their security posture and implement appropriate mitigations to safeguard against potential attacks.",Oracle,Audit Vault And Database Firewall,3,LOW,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-01-16T21:41:13.662Z,0
CVE-2023-22074,https://securityvulnerability.io/vulnerability/CVE-2023-22074,Vulnerability in Oracle Database Sharding Component of Oracle Database Server,"This vulnerability exists in the Oracle Database Sharding component, allowing high-privileged attackers with 'Create Session' and 'Select Any Dictionary' privileges to exploit the system with network access through Oracle Net. Successful exploitation requires interaction from an unauthorized user, potentially leading to partial denial of service, thereby impacting the availability of the Oracle Database Sharding component. Specific versions impacted include 19.3 to 19.20 and 21.3 to 21.11.",Oracle,Database - Enterprise Edition,2.4,LOW,0.0004299999854993075,false,,false,false,true,2023-10-25T15:26:17.000Z,true,false,false,,2023-10-17T22:15:00.000Z,0
CVE-2023-22077,https://securityvulnerability.io/vulnerability/CVE-2023-22077,Vulnerability in Oracle Database Recovery Manager Affects Oracle Database Server,"The vulnerability in Oracle Database Recovery Manager poses a significant risk, enabling an attacker with DBA privileges and network access via Oracle Net to exploit the system. This exploitation could lead to unauthorized operations, including causing the Recovery Manager to hang or repeatedly crash, resulting in denial of service. Affected versions of the Oracle Database Server, specifically from 19.3 to 19.20 and 21.3 to 21.11, require urgent attention to mitigate these risks.",Oracle,Database - Enterprise Edition,4.9,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2023-10-17T22:15:00.000Z,0
CVE-2023-22096,https://securityvulnerability.io/vulnerability/CVE-2023-22096,Java VM Vulnerability in Oracle Database Server,"An easily exploitable Java VM vulnerability in Oracle Database Server allows a low-privileged attacker with specific privileges and network access to potentially manipulate Java VM accessible data. By leveraging this vulnerability, unauthorized updates, insertions, or deletions of data can occur, raising significant integrity concerns. It is crucial for organizations using affected versions to apply relevant security patches and tighten access controls.",Oracle,Database - Enterprise Edition,4.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2023-10-17T22:15:00.000Z,0
CVE-2023-22073,https://securityvulnerability.io/vulnerability/CVE-2023-22073,Unauthenticated Access Vulnerability in Oracle Notification Server Component of Oracle Database,A vulnerability exists in the Oracle Notification Server component of Oracle Database Server that allows unauthenticated attackers with access to the physical communication segment to compromise the server. This vulnerability can lead to unauthorized read access to certain data within the Oracle Notification Server. The affected versions of Oracle Database Server include those from 19.3 to 19.20 and 21.3 to 21.11. Organizations are urged to assess their deployment and apply necessary security measures to mitigate potential data breaches.,Oracle,Database - Enterprise Edition,4.3,MEDIUM,0.0006099999882280827,false,,false,false,false,,,false,false,,2023-10-17T22:15:00.000Z,0
CVE-2023-22075,https://securityvulnerability.io/vulnerability/CVE-2023-22075,Exploitable Vulnerability in Oracle Database Sharding Component by Oracle Corporation,"An exploitable vulnerability exists within the Oracle Database Sharding component of the Oracle Database Server. This vulnerability affects various versions and can be exploited by high-privileged attackers with specific privileges, including 'Create Session' and 'Select Any Table'. Attackers must have network access and require human interaction from a user other than the attacker to successfully exploit this vulnerability. Successful exploitation can lead to unauthorized actions resulting in potential partial denial of service for the affected Oracle Database Sharding component.",Oracle,Database - Enterprise Edition,2.4,LOW,0.0004299999854993075,false,,false,false,false,,,false,false,,2023-10-17T22:15:00.000Z,0
CVE-2023-22052,https://securityvulnerability.io/vulnerability/CVE-2023-22052,Java VM Vulnerability in Oracle Database Server,"This vulnerability resides in the Java VM component of Oracle Database Server, allowing an attacker with low privileges—specifically the Create Session and Create Procedure rights—to potentially exploit the system. By gaining network access through various protocols, an attacker could manipulate data within the Java VM, leading to unauthorized modifications such as updates, insertions, or deletions. The affected versions span Oracle Database Server 19.3 to 19.19 and 21.3 to 21.10, highlighting the importance for users to apply the latest security updates to mitigate risks.",Oracle,Database - Enterprise Edition,3.1,LOW,0.00044999999227002263,false,,false,false,false,,,false,false,,2023-07-18T21:15:00.000Z,0
CVE-2023-22034,https://securityvulnerability.io/vulnerability/CVE-2023-22034,Unauthorized Data Manipulation in Oracle Database Server's Unified Audit Component,"This vulnerability in the Unified Audit component of Oracle Database Server allows a high-privileged attacker with SYSDBA access to potentially compromise the integrity of audit records. With network access via Oracle Net, threats can lead to unauthorized creation, deletion, or modification of critical audit data. The vulnerability affects specific versions of the database server, making it essential for organizations to implement necessary security measures to protect sensitive data from exploitation.",Oracle,Database - Enterprise Edition,4.9,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2023-07-18T21:15:00.000Z,0
CVE-2023-21918,https://securityvulnerability.io/vulnerability/CVE-2023-21918,Vulnerability in Oracle Database Recovery Manager Affects Oracle Database Server,"A vulnerability exists in the Oracle Database Recovery Manager component of Oracle Database Server, which impacts versions 19c and 21c. This vulnerability is exploitable by attackers with Local SYSDBA privileges who have network access through Oracle Net. Successful exploitation can lead to unauthorized control over the Oracle Database Recovery Manager, potentially resulting in significant disruptions such as performance hangs or frequent crashes, thereby causing denial of service. Furthermore, while the vulnerability is focused on the Recovery Manager, its impact may extend to other components of the Oracle database ecosystem. Mitigation is recommended to prevent possible exploitation.",Oracle,Database - Enterprise Edition,6.8,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2023-04-18T20:15:00.000Z,0