cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score CVE-2024-21126,https://securityvulnerability.io/vulnerability/CVE-2024-21126,Unauthenticated Remote Code Execution in Oracle Database Server's Clusterware,"An unauthenticated remote code execution vulnerability exists in the Oracle Database Portable Clusterware component of Oracle Database Server, specifically affecting versions 19.3 through 19.23 and 21.3 through 21.14. An attacker with network access via DNS could exploit this vulnerability to compromise the Clusterware, potentially leading to unauthorized changes and partial denial of service conditions. Although the vulnerability resides within the Clusterware, the ramifications may extend beyond it, impacting additional Oracle products.",Oracle,Database - Enterprise Edition,5.8,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-07-16T23:15:00.000Z,0 CVE-2024-21184,https://securityvulnerability.io/vulnerability/CVE-2024-21184,Oracle Database RDBMS Security Vulnerability: High Privilege Takeover Risk,"A security vulnerability exists in the Oracle Database RDBMS Security component that affects Oracle Database Server versions 19.3 to 19.23. This vulnerability can be easily exploited by an attacker with high privileges, specifically someone with Execute permissions on SYS.XS_DIAG. Through network access via Oracle Net, this flaw enables the attacker to compromise the Oracle Database RDBMS Security system. Successful exploitation of this vulnerability may lead to a complete takeover of the affected security components, highlighting significant concerns over database integrity and confidentiality.",Oracle,Database - Enterprise Edition,7.2,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-07-16T23:15:00.000Z,0 CVE-2024-21123,https://securityvulnerability.io/vulnerability/CVE-2024-21123,Database Integrity Vulnerability in Oracle Database Server,"A vulnerability in the Oracle Database Core component poses a risk for systems executing Oracle Database Server versions 19.3 to 19.23. This issue can be exploited by an attacker with SYSDBA privilege, enabling them to gain unauthorized access to the data within the Oracle Database Core. A successful exploit can lead to unauthorized operations such as updating, inserting, or deleting critical data. This scenario highlights the importance of securing database environments and restricting access based on the principles of least privilege. For further information, see the Oracle Advisory.",Oracle,Database - Enterprise Edition,2.3,LOW,0.0004299999854993075,false,false,false,false,,false,false,2024-07-16T23:15:00.000Z,0 CVE-2024-21174,https://securityvulnerability.io/vulnerability/CVE-2024-21174,Vulnerability in Oracle Database Server Java VM Could Lead to Partial Denial of Service,"A vulnerability in the Java VM component of Oracle Database Server allows low privileged attackers to exploit network access. Required privileges include Create Session and Create Procedure, facilitating potential unauthorized actions within the database environment. Successful exploitation of this vulnerability can lead to a partial denial of service (DoS) affecting the Java VM, disrupting service availability for legitimate users.",Oracle,Database - Enterprise Edition,3.1,LOW,0.0004299999854993075,false,false,false,false,,false,false,2024-07-16T23:15:00.000Z,0 CVE-2024-21066,https://securityvulnerability.io/vulnerability/CVE-2024-21066,Vulnerability in Oracle Database Server RDBMS Component,"A vulnerability exists in the RDBMS component of Oracle Database Server that allows an attacker with authenticated user privileges to compromise the RDBMS. The successful exploitation of this vulnerability necessitates human interaction from an unsuspecting user. Once compromised, an attacker could gain unauthorized access to sensitive data, potentially leading to complete access to all data accessible through the RDBMS. Supported versions affected include those within the 19.3 to 19.22 range and 21.3 to 21.13. For more details, refer to Oracle's advisory.",Oracle,Database - Enterprise Edition,4.2,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-04-16T22:15:00.000Z,0 CVE-2024-21058,https://securityvulnerability.io/vulnerability/CVE-2024-21058,Vulnerability in Unified Audit Component of Oracle Database Server,"This vulnerability exists in the Unified Audit component of Oracle Database Server, affecting supported versions 19.3 to 19.22 and 21.3 to 21.13. A high-privileged attacker with SYSDBA access via Oracle Net can exploit this vulnerability to compromise Unified Audit functionality. Such exploitation can lead to unauthorized creation, deletion, or modification of critical data, posing a significant risk to the integrity and confidentiality of accessible data.",Oracle,Database - Enterprise Edition,4.9,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-04-16T22:15:00.000Z,0 CVE-2024-20903,https://securityvulnerability.io/vulnerability/CVE-2024-20903,Vulnerability in Java VM Component Could Lead to Unauthorized Data Access,"Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.21 and 21.3-21.12. Easily exploitable vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java VM accessible data. CVSS 3.1 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N).",Oracle,Database - Enterprise Edition,6.5,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-02-17T02:15:00.000Z,0 CVE-2023-22073,https://securityvulnerability.io/vulnerability/CVE-2023-22073,,Vulnerability in the Oracle Notification Server component of Oracle Database Server. Supported versions that are affected are 19.3-19.20 and 21.3-21.11. Easily exploitable vulnerability allows unauthenticated attacker with access to the physical communication segment attached to the hardware where the Oracle Notification Server executes to compromise Oracle Notification Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Notification Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).,Oracle,Database - Enterprise Edition,4.3,MEDIUM,0.0006099999882280827,false,false,false,false,,false,false,2023-10-17T22:15:00.000Z,0 CVE-2023-22074,https://securityvulnerability.io/vulnerability/CVE-2023-22074,,"Vulnerability in the Oracle Database Sharding component of Oracle Database Server. Supported versions that are affected are 19.3-19.20 and 21.3-21.11. Easily exploitable vulnerability allows high privileged attacker having Create Session, Select Any Dictionary privilege with network access via Oracle Net to compromise Oracle Database Sharding. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Database Sharding. CVSS 3.1 Base Score 2.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:L).",Oracle,Database - Enterprise Edition,2.4,LOW,0.0004299999854993075,false,false,false,true,true,false,false,2023-10-17T22:15:00.000Z,0 CVE-2023-22077,https://securityvulnerability.io/vulnerability/CVE-2023-22077,,Vulnerability in the Oracle Database Recovery Manager component of Oracle Database Server. Supported versions that are affected are 19.3-19.20 and 21.3-21.11. Easily exploitable vulnerability allows high privileged attacker having DBA account privilege with network access via Oracle Net to compromise Oracle Database Recovery Manager. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Database Recovery Manager. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).,Oracle,Database - Enterprise Edition,4.9,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2023-10-17T22:15:00.000Z,0 CVE-2023-22096,https://securityvulnerability.io/vulnerability/CVE-2023-22096,,"Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.20 and 21.3-21.11. Easily exploitable vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java VM accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).",Oracle,Database - Enterprise Edition,4.3,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2023-10-17T22:15:00.000Z,0 CVE-2023-22075,https://securityvulnerability.io/vulnerability/CVE-2023-22075,,"Vulnerability in the Oracle Database Sharding component of Oracle Database Server. Supported versions that are affected are 19.3-19.20 and 21.3-21.11. Easily exploitable vulnerability allows high privileged attacker having Create Session, Create Any View, Select Any Table privilege with network access via Oracle Net to compromise Oracle Database Sharding. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Database Sharding. CVSS 3.1 Base Score 2.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:L).",Oracle,Database - Enterprise Edition,2.4,LOW,0.0004299999854993075,false,false,false,false,,false,false,2023-10-17T22:15:00.000Z,0 CVE-2023-22034,https://securityvulnerability.io/vulnerability/CVE-2023-22034,,"Vulnerability in the Unified Audit component of Oracle Database Server. Supported versions that are affected are 19.3-19.19 and 21.3-21.10. Easily exploitable vulnerability allows high privileged attacker having SYSDBA privilege with network access via Oracle Net to compromise Unified Audit. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Unified Audit accessible data. CVSS 3.1 Base Score 4.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N).",Oracle,Database - Enterprise Edition,4.9,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2023-07-18T21:15:00.000Z,0 CVE-2023-22052,https://securityvulnerability.io/vulnerability/CVE-2023-22052,,"Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.19 and 21.3-21.10. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via multiple protocols to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java VM accessible data. CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N).",Oracle,Database - Enterprise Edition,3.1,LOW,0.0004299999854993075,false,false,false,false,,false,false,2023-07-18T21:15:00.000Z,0 CVE-2023-21934,https://securityvulnerability.io/vulnerability/CVE-2023-21934,,"Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Difficult to exploit vulnerability allows low privileged attacker having User Account privilege with network access via TLS to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java VM accessible data as well as unauthorized access to critical data or complete access to all Java VM accessible data. CVSS 3.1 Base Score 6.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N).",Oracle,Database - Enterprise Edition,6.8,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2023-04-18T20:15:00.000Z,0 CVE-2023-21918,https://securityvulnerability.io/vulnerability/CVE-2023-21918,,"Vulnerability in the Oracle Database Recovery Manager component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Easily exploitable vulnerability allows high privileged attacker having Local SYSDBA privilege with network access via Oracle Net to compromise Oracle Database Recovery Manager. While the vulnerability is in Oracle Database Recovery Manager, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Database Recovery Manager. CVSS 3.1 Base Score 6.8 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H).",Oracle,Database - Enterprise Edition,6.8,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2023-04-18T20:15:00.000Z,0 CVE-2023-21827,https://securityvulnerability.io/vulnerability/CVE-2023-21827,,Vulnerability in the Oracle Database Data Redaction component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Oracle Database Data Redaction. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Database Data Redaction accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).,Oracle,Database - Enterprise Edition,4.3,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2023-01-18T00:15:00.000Z,0 CVE-2022-39429,https://securityvulnerability.io/vulnerability/CVE-2022-39429,,Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Procedure privilege with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java VM. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L).,Oracle,Database - Enterprise Edition,4.3,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2023-01-18T00:15:00.000Z,0 CVE-2023-21829,https://securityvulnerability.io/vulnerability/CVE-2023-21829,,"Vulnerability in the Oracle Database RDBMS Security component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Oracle Database RDBMS Security. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Database RDBMS Security accessible data as well as unauthorized read access to a subset of Oracle Database RDBMS Security accessible data. CVSS 3.1 Base Score 6.3 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N).",Oracle,Database - Enterprise Edition,6.3,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2023-01-18T00:15:00.000Z,0 CVE-2022-39419,https://securityvulnerability.io/vulnerability/CVE-2022-39419,,Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Procedure privilege with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java VM accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).,Oracle,Database - Enterprise Edition,4.3,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2022-10-18T00:00:00.000Z,0 CVE-2022-21603,https://securityvulnerability.io/vulnerability/CVE-2022-21603,,"Vulnerability in the Oracle Database - Sharding component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Easily exploitable vulnerability allows high privileged attacker having Local Logon privilege with network access via Local Logon to compromise Oracle Database - Sharding. Successful attacks of this vulnerability can result in takeover of Oracle Database - Sharding. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).",Oracle,Database - Enterprise Edition,7.2,HIGH,0.00044999999227002263,false,false,false,false,,false,false,2022-10-18T00:00:00.000Z,0 CVE-2022-21596,https://securityvulnerability.io/vulnerability/CVE-2022-21596,,"Vulnerability in the Oracle Database - Advanced Queuing component of Oracle Database Server. The supported version that is affected is 19c. Easily exploitable vulnerability allows high privileged attacker having DBA user privilege with network access via Oracle Net to compromise Oracle Database - Advanced Queuing. Successful attacks of this vulnerability can result in takeover of Oracle Database - Advanced Queuing. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).",Oracle,Database - Enterprise Edition,7.2,HIGH,0.00044999999227002263,false,false,false,false,,false,false,2022-10-18T00:00:00.000Z,0 CVE-2022-21565,https://securityvulnerability.io/vulnerability/CVE-2022-21565,,"Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Procedure privilege with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java VM accessible data. CVSS 3.1 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N).",Oracle,Database - Enterprise Edition,6.5,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2022-07-19T21:08:08.000Z,0 CVE-2022-21511,https://securityvulnerability.io/vulnerability/CVE-2022-21511,,"Vulnerability in the Oracle Database - Enterprise Edition Recovery component of Oracle Database Server. For supported versions that are affected see note. Easily exploitable vulnerability allows high privileged attacker having EXECUTE ON DBMS_IR.EXECUTESQLSCRIPT privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition Recovery. Successful attacks of this vulnerability can result in takeover of Oracle Database - Enterprise Edition Recovery. Note: None of the supported versions are affected. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).",Oracle,Database - Enterprise Edition,7.2,HIGH,0.00044999999227002263,false,false,false,false,,false,false,2022-07-19T21:06:45.000Z,0 CVE-2022-21510,https://securityvulnerability.io/vulnerability/CVE-2022-21510,,"Vulnerability in the Oracle Database - Enterprise Edition Sharding component of Oracle Database Server. For supported versions that are affected see note. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Oracle Database - Enterprise Edition Sharding executes to compromise Oracle Database - Enterprise Edition Sharding. While the vulnerability is in Oracle Database - Enterprise Edition Sharding, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Database - Enterprise Edition Sharding. Note: None of the supported versions are affected. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).",Oracle,Database - Enterprise Edition,8.8,HIGH,0.00044999999227002263,false,false,false,false,,false,false,2022-07-19T21:06:43.000Z,0