cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-21126,https://securityvulnerability.io/vulnerability/CVE-2024-21126,Unauthenticated Remote Code Execution in Oracle Database Server's Clusterware,"An unauthenticated remote code execution vulnerability exists in the Oracle Database Portable Clusterware component of Oracle Database Server, specifically affecting versions 19.3 through 19.23 and 21.3 through 21.14. An attacker with network access via DNS could exploit this vulnerability to compromise the Clusterware, potentially leading to unauthorized changes and partial denial of service conditions. Although the vulnerability resides within the Clusterware, the ramifications may extend beyond it, impacting additional Oracle products.",Oracle,Database - Enterprise Edition,5.8,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-07-16T23:15:00.000Z,0
CVE-2024-21174,https://securityvulnerability.io/vulnerability/CVE-2024-21174,Vulnerability in Oracle Database Server Java VM Could Lead to Partial Denial of Service,"A vulnerability in the Java VM component of Oracle Database Server allows low privileged attackers to exploit network access. Required privileges include Create Session and Create Procedure, facilitating potential unauthorized actions within the database environment. Successful exploitation of this vulnerability can lead to a partial denial of service (DoS) affecting the Java VM, disrupting service availability for legitimate users.",Oracle,Database - Enterprise Edition,3.1,LOW,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-07-16T23:15:00.000Z,0
CVE-2024-21184,https://securityvulnerability.io/vulnerability/CVE-2024-21184,Oracle Database RDBMS Security Vulnerability: High Privilege Takeover Risk,"A security vulnerability exists in the Oracle Database RDBMS Security component that affects Oracle Database Server versions 19.3 to 19.23. This vulnerability can be easily exploited by an attacker with high privileges, specifically someone with Execute permissions on SYS.XS_DIAG. Through network access via Oracle Net, this flaw enables the attacker to compromise the Oracle Database RDBMS Security system. Successful exploitation of this vulnerability may lead to a complete takeover of the affected security components, highlighting significant concerns over database integrity and confidentiality.",Oracle,Database - Enterprise Edition,7.2,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-07-16T23:15:00.000Z,0
CVE-2024-21123,https://securityvulnerability.io/vulnerability/CVE-2024-21123,Database Integrity Vulnerability in Oracle Database Server,"A vulnerability in the Oracle Database Core component poses a risk for systems executing Oracle Database Server versions 19.3 to 19.23. This issue can be exploited by an attacker with SYSDBA privilege, enabling them to gain unauthorized access to the data within the Oracle Database Core. A successful exploit can lead to unauthorized operations such as updating, inserting, or deleting critical data. This scenario highlights the importance of securing database environments and restricting access based on the principles of least privilege. For further information, see the Oracle Advisory.",Oracle,Database - Enterprise Edition,2.3,LOW,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-07-16T23:15:00.000Z,0
CVE-2024-21058,https://securityvulnerability.io/vulnerability/CVE-2024-21058,Vulnerability in Unified Audit Component of Oracle Database Server,"This vulnerability exists in the Unified Audit component of Oracle Database Server, affecting supported versions 19.3 to 19.22 and 21.3 to 21.13. A high-privileged attacker with SYSDBA access via Oracle Net can exploit this vulnerability to compromise Unified Audit functionality. Such exploitation can lead to unauthorized creation, deletion, or modification of critical data, posing a significant risk to the integrity and confidentiality of accessible data.",Oracle,Database - Enterprise Edition,4.9,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-04-16T22:15:00.000Z,0
CVE-2024-21066,https://securityvulnerability.io/vulnerability/CVE-2024-21066,Vulnerability in Oracle Database Server RDBMS Component,"A vulnerability exists in the RDBMS component of Oracle Database Server that allows an attacker with authenticated user privileges to compromise the RDBMS. The successful exploitation of this vulnerability necessitates human interaction from an unsuspecting user. Once compromised, an attacker could gain unauthorized access to sensitive data, potentially leading to complete access to all data accessible through the RDBMS. Supported versions affected include those within the 19.3 to 19.22 range and 21.3 to 21.13. For more details, refer to Oracle's advisory.",Oracle,Database - Enterprise Edition,4.2,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-04-16T22:15:00.000Z,0
CVE-2024-20903,https://securityvulnerability.io/vulnerability/CVE-2024-20903,Vulnerability in Java VM Component Could Lead to Unauthorized Data Access,"Vulnerability in the Java VM component of Oracle Database Server.  Supported versions that are affected are 19.3-19.21 and  21.3-21.12. Easily exploitable vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via Oracle Net to compromise Java VM.  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Java VM accessible data. CVSS 3.1 Base Score 6.5 (Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N).",Oracle,Database - Enterprise Edition,6.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-02-17T02:15:00.000Z,0
CVE-2023-22073,https://securityvulnerability.io/vulnerability/CVE-2023-22073,Unauthenticated Access Vulnerability in Oracle Notification Server Component of Oracle Database,A vulnerability exists in the Oracle Notification Server component of Oracle Database Server that allows unauthenticated attackers with access to the physical communication segment to compromise the server. This vulnerability can lead to unauthorized read access to certain data within the Oracle Notification Server. The affected versions of Oracle Database Server include those from 19.3 to 19.20 and 21.3 to 21.11. Organizations are urged to assess their deployment and apply necessary security measures to mitigate potential data breaches.,Oracle,Database - Enterprise Edition,4.3,MEDIUM,0.0006099999882280827,false,,false,false,false,,,false,false,,2023-10-17T22:15:00.000Z,0
CVE-2023-22077,https://securityvulnerability.io/vulnerability/CVE-2023-22077,Vulnerability in Oracle Database Recovery Manager Affects Oracle Database Server,"The vulnerability in Oracle Database Recovery Manager poses a significant risk, enabling an attacker with DBA privileges and network access via Oracle Net to exploit the system. This exploitation could lead to unauthorized operations, including causing the Recovery Manager to hang or repeatedly crash, resulting in denial of service. Affected versions of the Oracle Database Server, specifically from 19.3 to 19.20 and 21.3 to 21.11, require urgent attention to mitigate these risks.",Oracle,Database - Enterprise Edition,4.9,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2023-10-17T22:15:00.000Z,0
CVE-2023-22074,https://securityvulnerability.io/vulnerability/CVE-2023-22074,Vulnerability in Oracle Database Sharding Component of Oracle Database Server,"This vulnerability exists in the Oracle Database Sharding component, allowing high-privileged attackers with 'Create Session' and 'Select Any Dictionary' privileges to exploit the system with network access through Oracle Net. Successful exploitation requires interaction from an unauthorized user, potentially leading to partial denial of service, thereby impacting the availability of the Oracle Database Sharding component. Specific versions impacted include 19.3 to 19.20 and 21.3 to 21.11.",Oracle,Database - Enterprise Edition,2.4,LOW,0.0004299999854993075,false,,false,false,true,2023-10-25T15:26:17.000Z,true,false,false,,2023-10-17T22:15:00.000Z,0
CVE-2023-22096,https://securityvulnerability.io/vulnerability/CVE-2023-22096,Java VM Vulnerability in Oracle Database Server,"An easily exploitable Java VM vulnerability in Oracle Database Server allows a low-privileged attacker with specific privileges and network access to potentially manipulate Java VM accessible data. By leveraging this vulnerability, unauthorized updates, insertions, or deletions of data can occur, raising significant integrity concerns. It is crucial for organizations using affected versions to apply relevant security patches and tighten access controls.",Oracle,Database - Enterprise Edition,4.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2023-10-17T22:15:00.000Z,0
CVE-2023-22075,https://securityvulnerability.io/vulnerability/CVE-2023-22075,Exploitable Vulnerability in Oracle Database Sharding Component by Oracle Corporation,"An exploitable vulnerability exists within the Oracle Database Sharding component of the Oracle Database Server. This vulnerability affects various versions and can be exploited by high-privileged attackers with specific privileges, including 'Create Session' and 'Select Any Table'. Attackers must have network access and require human interaction from a user other than the attacker to successfully exploit this vulnerability. Successful exploitation can lead to unauthorized actions resulting in potential partial denial of service for the affected Oracle Database Sharding component.",Oracle,Database - Enterprise Edition,2.4,LOW,0.0004299999854993075,false,,false,false,false,,,false,false,,2023-10-17T22:15:00.000Z,0
CVE-2023-22052,https://securityvulnerability.io/vulnerability/CVE-2023-22052,Java VM Vulnerability in Oracle Database Server,"This vulnerability resides in the Java VM component of Oracle Database Server, allowing an attacker with low privileges—specifically the Create Session and Create Procedure rights—to potentially exploit the system. By gaining network access through various protocols, an attacker could manipulate data within the Java VM, leading to unauthorized modifications such as updates, insertions, or deletions. The affected versions span Oracle Database Server 19.3 to 19.19 and 21.3 to 21.10, highlighting the importance for users to apply the latest security updates to mitigate risks.",Oracle,Database - Enterprise Edition,3.1,LOW,0.00044999999227002263,false,,false,false,false,,,false,false,,2023-07-18T21:15:00.000Z,0
CVE-2023-22034,https://securityvulnerability.io/vulnerability/CVE-2023-22034,Unauthorized Data Manipulation in Oracle Database Server's Unified Audit Component,"This vulnerability in the Unified Audit component of Oracle Database Server allows a high-privileged attacker with SYSDBA access to potentially compromise the integrity of audit records. With network access via Oracle Net, threats can lead to unauthorized creation, deletion, or modification of critical audit data. The vulnerability affects specific versions of the database server, making it essential for organizations to implement necessary security measures to protect sensitive data from exploitation.",Oracle,Database - Enterprise Edition,4.9,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2023-07-18T21:15:00.000Z,0
CVE-2023-21934,https://securityvulnerability.io/vulnerability/CVE-2023-21934,Java VM Vulnerability in Oracle Database Server Affects Multiple Versions,"A vulnerability exists in the Java VM component of Oracle Database Server that affects versions 19c and 21c. It can be exploited by an attacker with User Account privilege who has network access via TLS. Exploitation enables the attacker to perform unauthorized actions, including the creation, deletion, or modification of critical data accessible through the Java VM. The vulnerability poses significant risks, as it could lead to unauthorized access to sensitive information and compromise the integrity and confidentiality of data managed by the Java VM.",Oracle,Database - Enterprise Edition,6.8,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2023-04-18T20:15:00.000Z,0
CVE-2023-21918,https://securityvulnerability.io/vulnerability/CVE-2023-21918,Vulnerability in Oracle Database Recovery Manager Affects Oracle Database Server,"A vulnerability exists in the Oracle Database Recovery Manager component of Oracle Database Server, which impacts versions 19c and 21c. This vulnerability is exploitable by attackers with Local SYSDBA privileges who have network access through Oracle Net. Successful exploitation can lead to unauthorized control over the Oracle Database Recovery Manager, potentially resulting in significant disruptions such as performance hangs or frequent crashes, thereby causing denial of service. Furthermore, while the vulnerability is focused on the Recovery Manager, its impact may extend to other components of the Oracle database ecosystem. Mitigation is recommended to prevent possible exploitation.",Oracle,Database - Enterprise Edition,6.8,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2023-04-18T20:15:00.000Z,0
CVE-2022-39429,https://securityvulnerability.io/vulnerability/CVE-2022-39429,Java VM Vulnerability in Oracle Database Server,"A vulnerability exists in the Java VM component of Oracle Database Server that could be exploited by a low privileged attacker with the Create Procedure privilege. This vulnerability grants access through Oracle Net, enabling the attacker to compromise Java VM functionality. Successful exploitation may lead to unauthorized operations, resulting in a partial denial of service affecting the Java VM component. Supported versions affected by this issue include Oracle Database Server 19c and 21c.",Oracle,Database - Enterprise Edition,4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2023-01-18T00:15:00.000Z,0
CVE-2023-21829,https://securityvulnerability.io/vulnerability/CVE-2023-21829,Vulnerability in Oracle Database RDBMS Security Component Affecting Oracle Database Server,"A vulnerability exists in the RDBMS Security component of Oracle Database Server that could allow a low-privileged attacker with Create Session privilege to compromise the security of the database. Exploitation requires the attacker to manipulate the targeted environment, necessitating human interaction from a third party. This issue may lead to unauthorized actions including creation, modification, or deletion of sensitive data within Oracle Database RDBMS Security, as well as unauthorized read access to certain accessible data.",Oracle,Database - Enterprise Edition,6.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2023-01-18T00:15:00.000Z,0
CVE-2023-21827,https://securityvulnerability.io/vulnerability/CVE-2023-21827,Vulnerability in Oracle Database Data Redaction Component,"A vulnerability has been identified in the Oracle Database Data Redaction component, which impacts versions 19c and 21c of the Oracle Database Server. This vulnerability can be exploited by a low privileged attacker with network access and Create Session privileges via Oracle Net. Successful exploitation enables unauthorized read access to sensitive data within the database's data redaction framework, potentially exposing confidential information.",Oracle,Database - Enterprise Edition,4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2023-01-18T00:15:00.000Z,0
CVE-2022-21596,https://securityvulnerability.io/vulnerability/CVE-2022-21596,Database Server Vulnerability in Oracle's Advanced Queuing Component,"A vulnerability exists within the Advanced Queuing component of Oracle Database Server that allows attackers with DBA user privileges and network access through Oracle Net to potentially compromise the system. Successful exploitation may enable attackers to take control of the Oracle Database - Advanced Queuing, impacting the confidentiality, integrity, and availability of the service. The vulnerability highlights the importance of securing database configurations and monitoring access to mitigate risks associated with privileged user accounts.",Oracle,Database - Enterprise Edition,7.2,HIGH,0.00044999999227002263,false,,false,false,false,,,false,false,,2022-10-18T00:00:00.000Z,0
CVE-2022-39419,https://securityvulnerability.io/vulnerability/CVE-2022-39419,Java VM Vulnerability in Oracle Database Server Affecting Multiple Versions,"This vulnerability impacts the Java VM component of Oracle Database Server, specifically affecting the 19c and 21c versions. It enables a low privileged attacker with 'Create Procedure' privileges, who has network access via Oracle Net, to compromise Java VM. Exploiting this vulnerability could allow unauthorized read access to certain data accessible through Java VM, posing a risk to data confidentiality.",Oracle,Database - Enterprise Edition,4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2022-10-18T00:00:00.000Z,0
CVE-2022-21603,https://securityvulnerability.io/vulnerability/CVE-2022-21603,Oracle Database Sharding Vulnerability Exposes Critical Data,"A vulnerability exists in the Sharding component of Oracle Database Server, specifically impacting versions 19c and 21c. This security flaw allows an attacker with high privileges and Local Logon access to exploit the system. Successful exploitation could lead to unauthorized takeover of the Oracle Database Sharding feature, posing significant risks to data confidentiality, integrity, and availability. Organizations using affected versions should take immediate action to secure their database environments.",Oracle,Database - Enterprise Edition,7.2,HIGH,0.00044999999227002263,false,,false,false,false,,,false,false,,2022-10-18T00:00:00.000Z,0
CVE-2022-21565,https://securityvulnerability.io/vulnerability/CVE-2022-21565,Java VM Vulnerability in Oracle Database Server,"A vulnerability exists within the Java VM component of Oracle Database Server that can be exploited by low-privileged attackers who possess Create Procedure privileges. With network access through Oracle Net, these attackers could gain unauthorized control over the Java VM, potentially allowing them to create, delete, or modify critical data accessible via the VM. This risk highlights the importance of proper privilege management and timely patching to safeguard sensitive data and maintain database integrity.",Oracle,Database - Enterprise Edition,6.5,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2022-07-19T21:08:08.000Z,0
CVE-2022-21511,https://securityvulnerability.io/vulnerability/CVE-2022-21511,Vulnerability in Oracle Database - Enterprise Edition Recovery Component,"A high-privilege vulnerability exists in the Oracle Database - Enterprise Edition Recovery component. An attacker with the EXECUTE ON DBMS_IR.EXECUTESQLSCRIPT privilege can exploit this flaw through network access via Oracle Net. Successfully exploiting this vulnerability can lead to a complete compromise of the database recovery capabilities, allowing unauthorized access and control over the affected database system.",Oracle,Database - Enterprise Edition,7.2,HIGH,0.00044999999227002263,false,,false,false,false,,,false,false,,2022-07-19T21:06:45.000Z,0
CVE-2022-21510,https://securityvulnerability.io/vulnerability/CVE-2022-21510,Local Privilege Escalation in Oracle Database - Enterprise Edition Sharding,"A vulnerability exists in the Sharding component of Oracle Database - Enterprise Edition, which could be exploited by an attacker with low privileges who has local login access to the infrastructure where the database is executed. This flaw allows exploitation, potentially leading to the compromise of Sharding functionality. While the direct impact is on Oracle Database - Enterprise Edition Sharding, successful attacks may have broader implications for other interconnected Oracle systems.",Oracle,Database - Enterprise Edition,8.8,HIGH,0.00044999999227002263,false,,false,false,false,,,false,false,,2022-07-19T21:06:43.000Z,0