cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-21251,https://securityvulnerability.io/vulnerability/CVE-2024-21251,Vulnerability in Java VM Component Could Allow Privilege Escalation,"Vulnerability in the Java VM component of Oracle Database Server.  Supported versions that are affected are 19.3-19.24, 21.3-21.15 and  23.4-23.5. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via Oracle Net to compromise Java VM.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Java VM accessible data. CVSS 3.1 Base Score 3.1 (Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N).",Oracle,Oracle Database Server,3.1,LOW,0.00044999999227002263,false,false,false,false,,false,false,2024-10-15T19:52:51.702Z,0
CVE-2024-21242,https://securityvulnerability.io/vulnerability/CVE-2024-21242,xml database vulnerability,"Vulnerability in the XML Database component of Oracle Database Server.  Supported versions that are affected are 19.3-19.24, 21.3-21.15 and  23.4-23.5. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via HTTP to compromise XML Database.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of XML Database. CVSS 3.1 Base Score 3.5 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L).",Oracle,Oracle Database Server,3.5,LOW,0.0004400000034365803,false,false,false,false,,false,false,2024-10-15T19:52:48.993Z,0
CVE-2024-21233,https://securityvulnerability.io/vulnerability/CVE-2024-21233,Vulnerability in Oracle Database Server Core Component,"A vulnerability in the Oracle Database Server's core component allows an attacker with low privileges and network access to exploit the system. The flaw enables unauthorized updates, inserts, or deletions of accessible data, thereby compromising data integrity. Supported versions affected include 19.3 to 19.24, 21.3 to 21.15, and 23.4 to 23.5. Users are advised to apply necessary security patches to mitigate the risk.",Oracle,Oracle Database Server,4.3,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2024-10-15T19:52:46.224Z,0
CVE-2024-21184,https://securityvulnerability.io/vulnerability/CVE-2024-21184,Oracle Database RDBMS Security Vulnerability: High Privilege Takeover Risk,"A security vulnerability exists in the Oracle Database RDBMS Security component that affects Oracle Database Server versions 19.3 to 19.23. This vulnerability can be easily exploited by an attacker with high privileges, specifically someone with Execute permissions on SYS.XS_DIAG. Through network access via Oracle Net, this flaw enables the attacker to compromise the Oracle Database RDBMS Security system. Successful exploitation of this vulnerability may lead to a complete takeover of the affected security components, highlighting significant concerns over database integrity and confidentiality.",Oracle,Database - Enterprise Edition,7.2,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-07-16T23:15:00.000Z,0
CVE-2024-21123,https://securityvulnerability.io/vulnerability/CVE-2024-21123,Database Integrity Vulnerability in Oracle Database Server,"A vulnerability in the Oracle Database Core component poses a risk for systems executing Oracle Database Server versions 19.3 to 19.23. This issue can be exploited by an attacker with SYSDBA privilege, enabling them to gain unauthorized access to the data within the Oracle Database Core. A successful exploit can lead to unauthorized operations such as updating, inserting, or deleting critical data. This scenario highlights the importance of securing database environments and restricting access based on the principles of least privilege. For further information, see the Oracle Advisory.",Oracle,Database - Enterprise Edition,2.3,LOW,0.0004299999854993075,false,false,false,false,,false,false,2024-07-16T23:15:00.000Z,0
CVE-2024-21126,https://securityvulnerability.io/vulnerability/CVE-2024-21126,Unauthenticated Remote Code Execution in Oracle Database Server's Clusterware,"An unauthenticated remote code execution vulnerability exists in the Oracle Database Portable Clusterware component of Oracle Database Server, specifically affecting versions 19.3 through 19.23 and 21.3 through 21.14. An attacker with network access via DNS could exploit this vulnerability to compromise the Clusterware, potentially leading to unauthorized changes and partial denial of service conditions. Although the vulnerability resides within the Clusterware, the ramifications may extend beyond it, impacting additional Oracle products.",Oracle,Database - Enterprise Edition,5.8,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-07-16T23:15:00.000Z,0
CVE-2024-21174,https://securityvulnerability.io/vulnerability/CVE-2024-21174,Vulnerability in Oracle Database Server Java VM Could Lead to Partial Denial of Service,"A vulnerability in the Java VM component of Oracle Database Server allows low privileged attackers to exploit network access. Required privileges include Create Session and Create Procedure, facilitating potential unauthorized actions within the database environment. Successful exploitation of this vulnerability can lead to a partial denial of service (DoS) affecting the Java VM, disrupting service availability for legitimate users.",Oracle,Database - Enterprise Edition,3.1,LOW,0.0004299999854993075,false,false,false,false,,false,false,2024-07-16T23:15:00.000Z,0
CVE-2024-21066,https://securityvulnerability.io/vulnerability/CVE-2024-21066,Vulnerability in Oracle Database Server RDBMS Component,"A vulnerability exists in the RDBMS component of Oracle Database Server that allows an attacker with authenticated user privileges to compromise the RDBMS. The successful exploitation of this vulnerability necessitates human interaction from an unsuspecting user. Once compromised, an attacker could gain unauthorized access to sensitive data, potentially leading to complete access to all data accessible through the RDBMS. Supported versions affected include those within the 19.3 to 19.22 range and 21.3 to 21.13. For more details, refer to Oracle's advisory.",Oracle,Database - Enterprise Edition,4.2,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-04-16T22:15:00.000Z,0
CVE-2024-21058,https://securityvulnerability.io/vulnerability/CVE-2024-21058,Vulnerability in Unified Audit Component of Oracle Database Server,"This vulnerability exists in the Unified Audit component of Oracle Database Server, affecting supported versions 19.3 to 19.22 and 21.3 to 21.13. A high-privileged attacker with SYSDBA access via Oracle Net can exploit this vulnerability to compromise Unified Audit functionality. Such exploitation can lead to unauthorized creation, deletion, or modification of critical data, posing a significant risk to the integrity and confidentiality of accessible data.",Oracle,Database - Enterprise Edition,4.9,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-04-16T22:15:00.000Z,0
CVE-2024-20995,https://securityvulnerability.io/vulnerability/CVE-2024-20995,Vulnerability in Oracle Database Sharding Component,"The Oracle Database Sharding component of Oracle Database Server contains an exploitable vulnerability that allows an attacker with DBA privileges and network access via Oracle Net to compromise the database. While successful exploitation requires human interaction from a different individual, the result can lead to unauthorized actions causing a partial denial of service on the Oracle Database Sharding. This vulnerability affects specific versions of the Oracle Database, including 19.3 to 19.22 and 21.3 to 21.13, making it critical for organizations to address this security concern promptly.",Oracle,Database Server,2.4,LOW,0.0004299999854993075,false,false,false,false,,false,false,2024-04-16T22:15:00.000Z,0
CVE-2024-20911,https://securityvulnerability.io/vulnerability/CVE-2024-20911,Oracle Audit Vault and Database Firewall Vulnerability Could Lead to Unauthorized Data Access,"Vulnerability in Oracle Audit Vault and Database Firewall (component: Firewall).  Supported versions that are affected are 20.1-20.9. Difficult to exploit vulnerability allows high privileged attacker with network access via Oracle Net to compromise Oracle Audit Vault and Database Firewall.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Audit Vault and Database Firewall, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in  unauthorized read access to a subset of Oracle Audit Vault and Database Firewall accessible data. CVSS 3.1 Base Score 2.6 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:N/A:N).",Oracle,Audit Vault And Database Firewall,2.6,LOW,0.0004299999854993075,false,false,false,false,,false,false,2024-02-17T02:15:00.000Z,0
CVE-2024-20909,https://securityvulnerability.io/vulnerability/CVE-2024-20909,Unauthenticated Network Access Vulnerability in Oracle Audit Vault and Database Firewall,"A significant security vulnerability has been identified in Oracle Audit Vault and Database Firewall, specifically impacting versions 20.1 to 20.9. This issue allows an unauthenticated attacker with network access through Oracle Net to exploit the system, leading to unauthorized actions such as the creation, deletion, or modification of sensitive data. The unaddressed access can severely compromise the integrity of the data managed by the Oracle Audit Vault and Database Firewall, posing a noteworthy risk to data security. Organizations utilizing these versions are advised to review their configurations and apply necessary security measures as detailed in the Oracle Advisory.",Oracle,Audit Vault And Database Firewall,7.5,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-02-17T02:15:00.000Z,0
CVE-2024-20903,https://securityvulnerability.io/vulnerability/CVE-2024-20903,Vulnerability in Java VM Component Could Lead to Unauthorized Data Access,"Vulnerability in the Java VM component of Oracle Database Server.  Supported versions that are affected are 19.3-19.21 and  21.3-21.12. Easily exploitable vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via Oracle Net to compromise Java VM.  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Java VM accessible data. CVSS 3.1 Base Score 6.5 (Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N).",Oracle,Database - Enterprise Edition,6.5,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-02-17T02:15:00.000Z,0
CVE-2024-20924,https://securityvulnerability.io/vulnerability/CVE-2024-20924,Vulnerability in Oracle Database Firewall Affects Oracle's Security Solutions,"A vulnerability exists in Oracle's Audit Vault and Database Firewall that can be potentially exploited by high privileged attackers who have network access through Oracle Net. This vulnerability poses a significant risk as it may affect not only the Oracle Audit Vault and Database Firewall itself but also extend its impact to additional products. Successful exploitation requires human interaction from an individual other than the attacker, making it less straightforward yet still concerning. Given the nature of this vulnerability, attackers could potentially take over the Oracle Audit Vault and Database Firewall, leading to substantial confidentiality, integrity, and availability concerns for organizations relying on these security solutions.",Oracle,Audit Vault and Database Firewall,7.6,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-01-16T21:41:15.905Z,0
CVE-2024-20912,https://securityvulnerability.io/vulnerability/CVE-2024-20912,Vulnerability in Oracle Audit Vault and Database Firewall - Oracle,"A vulnerability has been identified in Oracle Audit Vault and Database Firewall, affecting versions 20.1 through 20.9. This flaw allows an attacker with high privileges and network access via Oracle Net to compromise the system's functionality. Exploiting this vulnerability can lead to unauthorized modifications, such as updates, insertions, or deletions of data accessible within the Oracle Audit Vault and Database Firewall. The integrity of data may be at risk as a result of successful exploitation.",Oracle,Audit Vault and Database Firewall,2.7,LOW,0.0004299999854993075,false,false,false,false,,false,false,2024-01-16T21:41:14.033Z,0
CVE-2024-20910,https://securityvulnerability.io/vulnerability/CVE-2024-20910,Oracle Audit Vault and Database Firewall Vulnerability,"A vulnerability exists in Oracle Audit Vault and Database Firewall that could allow a high privileged attacker with network access via Oracle Net to compromise the system. This vulnerability could lead to unauthorized read access to sensitive data within Oracle Audit Vault and Database Firewall. While primarily associated with this product, successful exploitation may have repercussions across additional products due to the interconnected nature of database systems. It is critical for organizations utilizing affected versions to assess their security posture and implement appropriate mitigations to safeguard against potential attacks.",Oracle,Audit Vault And Database Firewall,3,LOW,0.0004299999854993075,false,false,false,false,,false,false,2024-01-16T21:41:13.662Z,0
CVE-2023-22096,https://securityvulnerability.io/vulnerability/CVE-2023-22096,,"Vulnerability in the Java VM component of Oracle Database Server.  Supported versions that are affected are 19.3-19.20 and  21.3-21.11. Easily exploitable vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via Oracle Net to compromise Java VM.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Java VM accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).",Oracle,Database - Enterprise Edition,4.3,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2023-10-17T22:15:00.000Z,0
CVE-2023-22073,https://securityvulnerability.io/vulnerability/CVE-2023-22073,,Vulnerability in the Oracle Notification Server component of Oracle Database Server.  Supported versions that are affected are 19.3-19.20 and  21.3-21.11. Easily exploitable vulnerability allows unauthenticated attacker with access to the physical communication segment attached to the hardware where the Oracle Notification Server executes to compromise Oracle Notification Server.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of Oracle Notification Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).,Oracle,Database - Enterprise Edition,4.3,MEDIUM,0.0006099999882280827,false,false,false,false,,false,false,2023-10-17T22:15:00.000Z,0
CVE-2023-22074,https://securityvulnerability.io/vulnerability/CVE-2023-22074,,"Vulnerability in the Oracle Database Sharding component of Oracle Database Server.  Supported versions that are affected are 19.3-19.20 and  21.3-21.11. Easily exploitable vulnerability allows high privileged attacker having Create Session, Select Any Dictionary privilege with network access via Oracle Net to compromise Oracle Database Sharding.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Database Sharding. CVSS 3.1 Base Score 2.4 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:L).",Oracle,Database - Enterprise Edition,2.4,LOW,0.0004299999854993075,false,false,false,true,true,false,false,2023-10-17T22:15:00.000Z,0
CVE-2023-22075,https://securityvulnerability.io/vulnerability/CVE-2023-22075,,"Vulnerability in the Oracle Database Sharding component of Oracle Database Server.  Supported versions that are affected are 19.3-19.20 and  21.3-21.11. Easily exploitable vulnerability allows high privileged attacker having Create Session, Create Any View, Select Any Table privilege with network access via Oracle Net to compromise Oracle Database Sharding.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Database Sharding. CVSS 3.1 Base Score 2.4 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:L).",Oracle,Database - Enterprise Edition,2.4,LOW,0.0004299999854993075,false,false,false,false,,false,false,2023-10-17T22:15:00.000Z,0
CVE-2023-22077,https://securityvulnerability.io/vulnerability/CVE-2023-22077,,Vulnerability in the Oracle Database Recovery Manager component of Oracle Database Server.  Supported versions that are affected are 19.3-19.20 and  21.3-21.11. Easily exploitable vulnerability allows high privileged attacker having DBA account privilege with network access via Oracle Net to compromise Oracle Database Recovery Manager.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Database Recovery Manager. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,Oracle,Database - Enterprise Edition,4.9,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2023-10-17T22:15:00.000Z,0
CVE-2023-22034,https://securityvulnerability.io/vulnerability/CVE-2023-22034,,"Vulnerability in the Unified Audit component of Oracle Database Server.  Supported versions that are affected are 19.3-19.19 and  21.3-21.10. Easily exploitable vulnerability allows high privileged attacker having SYSDBA privilege with network access via Oracle Net to compromise Unified Audit.  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Unified Audit accessible data. CVSS 3.1 Base Score 4.9 (Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N).",Oracle,Database - Enterprise Edition,4.9,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2023-07-18T21:15:00.000Z,0
CVE-2023-22052,https://securityvulnerability.io/vulnerability/CVE-2023-22052,,"Vulnerability in the Java VM component of Oracle Database Server.  Supported versions that are affected are 19.3-19.19 and  21.3-21.10. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via multiple protocols to compromise Java VM.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Java VM accessible data. CVSS 3.1 Base Score 3.1 (Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N).",Oracle,Database - Enterprise Edition,3.1,LOW,0.0004299999854993075,false,false,false,false,,false,false,2023-07-18T21:15:00.000Z,0
CVE-2023-21918,https://securityvulnerability.io/vulnerability/CVE-2023-21918,,"Vulnerability in the Oracle Database Recovery Manager component of Oracle Database Server.  Supported versions that are affected are 19c and  21c. Easily exploitable vulnerability allows high privileged attacker having Local SYSDBA privilege with network access via Oracle Net to compromise Oracle Database Recovery Manager.  While the vulnerability is in Oracle Database Recovery Manager, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Database Recovery Manager. CVSS 3.1 Base Score 6.8 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H).",Oracle,Database - Enterprise Edition,6.8,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2023-04-18T20:15:00.000Z,0
CVE-2023-21934,https://securityvulnerability.io/vulnerability/CVE-2023-21934,,"Vulnerability in the Java VM component of Oracle Database Server.  Supported versions that are affected are 19c and  21c. Difficult to exploit vulnerability allows low privileged attacker having User Account privilege with network access via TLS to compromise Java VM.  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Java VM accessible data as well as  unauthorized access to critical data or complete access to all Java VM accessible data. CVSS 3.1 Base Score 6.8 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N).",Oracle,Database - Enterprise Edition,6.8,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2023-04-18T20:15:00.000Z,0