cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2025-21553,https://securityvulnerability.io/vulnerability/CVE-2025-21553,Vulnerability in Java VM of Oracle Database Server,"A vulnerability exists in the Java VM component of Oracle Database Server allowing a low-privileged attacker with specific privileges to exploit it. This vulnerability can enable unauthorized updates, insertions, or deletions of Java VM accessible data, as well as unauthorized reading of certain data. Affected versions include Oracle Database Server 19.3 to 19.25, 21.3 to 21.16, and 23.4 to 23.6. The vulnerability can be exploited over the network via Oracle Net, highlighting the need for immediate attention from users of affected versions to safeguard their data.",Oracle,Oracle Database Server,4.2,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-21T20:53:17.298Z,0
CVE-2024-21251,https://securityvulnerability.io/vulnerability/CVE-2024-21251,Vulnerability in Java VM Component Could Allow Privilege Escalation,"Vulnerability in the Java VM component of Oracle Database Server.  Supported versions that are affected are 19.3-19.24, 21.3-21.15 and  23.4-23.5. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via Oracle Net to compromise Java VM.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Java VM accessible data. CVSS 3.1 Base Score 3.1 (Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N).",Oracle,Oracle Database Server,3.1,LOW,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-10-15T19:52:51.702Z,0
CVE-2024-21242,https://securityvulnerability.io/vulnerability/CVE-2024-21242,xml database vulnerability,"Vulnerability in the XML Database component of Oracle Database Server.  Supported versions that are affected are 19.3-19.24, 21.3-21.15 and  23.4-23.5. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via HTTP to compromise XML Database.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of XML Database. CVSS 3.1 Base Score 3.5 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L).",Oracle,Oracle Database Server,3.5,LOW,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-10-15T19:52:48.993Z,0
CVE-2024-21233,https://securityvulnerability.io/vulnerability/CVE-2024-21233,Vulnerability in Oracle Database Server Core Component,"A vulnerability in the Oracle Database Server's core component allows an attacker with low privileges and network access to exploit the system. The flaw enables unauthorized updates, inserts, or deletions of accessible data, thereby compromising data integrity. Supported versions affected include 19.3 to 19.24, 21.3 to 21.15, and 23.4 to 23.5. Users are advised to apply necessary security patches to mitigate the risk.",Oracle,Oracle Database Server,4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-10-15T19:52:46.224Z,0
CVE-2020-2968,https://securityvulnerability.io/vulnerability/CVE-2020-2968,Java Virtual Machine Vulnerability in Oracle Database Server,"A vulnerability exists in the Java Virtual Machine component of Oracle Database Server, allowing a low privileged attacker with specific privileges to compromise the Java VM. This vulnerability, while difficult to exploit, necessitates human interaction from an individual unrelated to the attacker. If successfully exploited, the attacker may gain significant control over the Java VM, potentially affecting other interconnected products and systems, thus posing a broader security risk.",Oracle,Oracle Database,8,HIGH,0.0013800000306218863,false,,false,false,false,,,false,false,,2020-07-15T17:34:36.000Z,0
CVE-2020-2969,https://securityvulnerability.io/vulnerability/CVE-2020-2969,Data Pump Vulnerability in Oracle Database Server,"A vulnerability exists in the Data Pump component of Oracle Database Server that allows a high-privileged attacker with DBA role access to compromise the Data Pump functionality. This issue affects specific supported versions of Oracle Database Server, making it essential for administrators to implement security updates to protect against potential takeovers and unauthorized access.",Oracle,Oracle Database,6.6,MEDIUM,0.0009699999936856329,false,,false,false,true,2024-06-19T18:40:56.000Z,true,false,false,,2020-07-15T17:34:36.000Z,0
CVE-2020-2978,https://securityvulnerability.io/vulnerability/CVE-2020-2978,Oracle Database Server Vulnerability in Enterprise Edition,"A vulnerability in the Oracle Database - Enterprise Edition component allows attackers with DBA role privileges and network access via Oracle Net to exploit weaknesses in the system. Affected versions include 12.1.0.2, 12.2.0.1, 18c, and 19c. This flaw can lead to unauthorized updates, insertions, or deletions of sensitive data within the database, posing serious risks to data integrity and security. Awareness of this vulnerability is crucial for organizations using these versions to enhance their cybersecurity measures.",Oracle,Oracle Database,4.1,MEDIUM,0.0006000000284984708,false,,false,false,true,2020-12-18T06:56:51.000Z,true,false,false,,2020-07-15T00:00:00.000Z,0
CVE-2020-2734,https://securityvulnerability.io/vulnerability/CVE-2020-2734,RDBMS/Optimizer Vulnerability in Oracle Database Server,"A vulnerability exists within the RDBMS/Optimizer component of Oracle Database Server, which affects specific versions. This easily exploitable issue could allow an attacker with high privileges to gain unauthorized access to RDBMS/Optimizer data through network access. Although successful exploitation requires human interaction from another individual, it poses a significant risk as it can lead to unauthorized read access to sensitive data within the database.",Oracle,Oracle Database,2.4,LOW,0.000539999979082495,false,,false,false,false,,,false,false,,2020-04-15T13:29:43.000Z,0
CVE-2020-2737,https://securityvulnerability.io/vulnerability/CVE-2020-2737,Remote Code Execution Vulnerability in Oracle Database Server,"This vulnerability in the Core RDBMS component of Oracle Database Server allows an attacker with high privileges and network access to compromise the system. Exploitation is challenging as it requires human interaction from an individual other than the attacker. The affected versions are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, and 19c, and a successful exploit can lead to the potential takeover of the Core RDBMS, posing significant risks to confidentiality, integrity, and availability.",Oracle,Oracle Database,6.4,MEDIUM,0.0009699999936856329,false,,false,false,false,,,false,false,,2020-04-15T13:29:43.000Z,0
CVE-2020-2735,https://securityvulnerability.io/vulnerability/CVE-2020-2735,Java Virtual Machine Vulnerability in Oracle Database Server,"A vulnerability exists in the Java VM component of Oracle Database Server which could be exploited by a low privileged attacker who has Create Session privileges and network access via Oracle Net. This vulnerability necessitates human interaction from an individual other than the attacker to successfully execute an attack. Although the vulnerability is localized within the Java VM, it poses a risk of impacting other products significantly. If successfully exploited, the attacker could take control of the Java VM, resulting in potential breaches of confidentiality, integrity, and availability within the affected environment.",Oracle,Oracle Database,8,HIGH,0.0009699999936856329,false,,false,false,false,,,false,false,,2020-04-15T13:29:43.000Z,0
CVE-2020-2731,https://securityvulnerability.io/vulnerability/CVE-2020-2731,Vulnerability in Oracle Database Server's Core RDBMS Component,"A vulnerability exists in the Core RDBMS component of Oracle Database Server, impacting versions 12.1.0.2, 12.2.0.1, 18c, and 19c. This issue enables a low-privileged attacker with Local Logon privilege to compromise the RDBMS after logging into the system. Exploitation of this vulnerability necessitates human interaction from a third party, which can lead to unauthorized updates, insertions, or deletions of accessible data within Core RDBMS. Additionally, it poses a risk of causing partial denial of service (partial DOS) to the Core RDBMS environment.",Oracle,Oracle Database,3.9,LOW,0.000910000002477318,false,,false,false,false,,,false,false,,2020-01-15T16:34:09.000Z,0
CVE-2020-2637,https://securityvulnerability.io/vulnerability/CVE-2020-2637,Vulnerability in Oracle Enterprise Manager for Database Affects Multiple Versions,"An exploitable vulnerability exists in the Oracle Enterprise Manager for Database component, specifically within the Change Manager module. This issue permits high-privileged attackers with network access via HTTP to breach the security of the Enterprise Manager. Successful exploitation can lead to unauthorized access to sensitive data and the potential for unauthorized actions such as updating, inserting, or deleting records. Additionally, this vulnerability poses a risk of causing localized denial of service, effectively impacting the availability of the service.",Oracle,Enterprise Manager For Oracle Database,6,MEDIUM,0.0007999999797903001,false,,false,false,false,,,false,false,,2020-01-15T16:34:04.000Z,0
CVE-2020-2568,https://securityvulnerability.io/vulnerability/CVE-2020-2568,Oracle Database Server Vulnerability in Applications DBA Component,"The vulnerability in the Oracle Applications DBA component of Oracle Database Server allows an attacker with local logon privileges to exploit the system. Affected versions 12.1.0.2, 12.2.0.1, 18c, and 19c can be compromised if the attacker has access to the infrastructure where Oracle Applications DBA operates. Successful exploitation can lead to unauthorized updates, insertions, or deletions of data, as well as potential partial denial of service. Human interaction from a third party is required for successful attacks, emphasizing the need for vigilance in access control.",Oracle,Oracle Database,3.9,LOW,0.000910000002477318,false,,false,false,false,,,false,false,,2020-01-15T16:34:01.000Z,0
CVE-2020-2518,https://securityvulnerability.io/vulnerability/CVE-2020-2518,Java VM Vulnerability in Oracle Database Server,"A vulnerability exists in the Java VM component of Oracle Database Server that allows a low-privileged attacker with Create Session privilege and network access to potentially compromise the Java VM. Successful exploitation may lead to a complete takeover of the Java VM, affecting confidentiality, integrity, and availability of the impacted system. This vulnerability impacts multiple supported versions including 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, and 19c. Immediate action is recommended for organizations using affected versions.",Oracle,Oracle Database,7.5,HIGH,0.0013800000306218863,false,,false,false,false,,,false,false,,2020-01-15T16:33:59.000Z,0
CVE-2020-2512,https://securityvulnerability.io/vulnerability/CVE-2020-2512,Database Gateway for ODBC Vulnerability in Oracle Database Server,"A vulnerability exists in the Database Gateway for ODBC component of the Oracle Database Server, affecting specific supported versions. This issue allows an unauthenticated attacker with network access via OracleNet to exploit the Database Gateway for ODBC. Successful exploitation can lead to a denial of service, causing the gateway to hang or crash repeatedly, impacting its availability.",Oracle,Oracle Database,5.9,MEDIUM,0.0009299999801442027,false,,false,false,false,,,false,false,,2020-01-15T16:33:59.000Z,0
CVE-2020-2516,https://securityvulnerability.io/vulnerability/CVE-2020-2516,Database Server Core RDBMS Vulnerability in Oracle Products,"A vulnerability exists within the Core RDBMS component of Oracle Database Server that allows an attacker with elevated privileges, specifically those capable of creating materialized views or tables, to exploit the system through OracleNet. This vulnerability requires the attacker to prompt human interaction, allowing them to gain unauthorized access and manipulate Core RDBMS data, specifically enabling updates, inserts, or deletions. Such risks emphasize the importance of robust security measures in safeguarding sensitive database information.",Oracle,Oracle Database,2.4,LOW,0.000539999979082495,false,,false,false,false,,,false,false,,2020-01-15T16:33:59.000Z,0
CVE-2020-2511,https://securityvulnerability.io/vulnerability/CVE-2020-2511,Core RDBMS Vulnerability in Oracle Database Server,"A vulnerability exists in the Core RDBMS component of Oracle Database Server that can be easily exploited by low privileged attackers who have network access via OracleNet. This issue affects various versions including 12.1.0.2, 12.2.0.1, 18c, and 19c. Exploiting this vulnerability allows unauthorized individuals to disrupt the availability of the Core RDBMS, resulting in potential hangs or crashes that may affect additional products relying on the database. Proper security measures are essential to mitigate the risks associated with this vulnerability.",Oracle,Oracle Database,7.7,HIGH,0.000590000010561198,false,,false,false,false,,,false,false,,2020-01-15T16:33:59.000Z,0
CVE-2020-2510,https://securityvulnerability.io/vulnerability/CVE-2020-2510,Vulnerability in Core RDBMS of Oracle Database Server,"A vulnerability exists in the Core RDBMS component of the Oracle Database Server, enabling an unauthenticated attacker with network access via OracleNet to potentially exploit the system. The exploitation requires human interaction from a third party, complicating the attack vector. Successful exploitation of this flaw can lead to a complete takeover of the Core RDBMS, significantly impacting the confidentiality, integrity, and availability of the database. Immediate patching and monitoring of the affected Oracle Database versions are crucial to safeguard organizational data.",Oracle,Oracle Database,7.5,HIGH,0.001930000027641654,false,,false,false,false,,,false,false,,2020-01-15T16:33:59.000Z,0
CVE-2020-2515,https://securityvulnerability.io/vulnerability/CVE-2020-2515,Database Gateway for ODBC Vulnerability in Oracle Database Server,"A vulnerability exists in the Database Gateway for ODBC component of Oracle Database Server, impacting versions 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, and 19c. This vulnerability could be exploited by low privileged attackers who possess Create Session privileges, allowing them to manipulate accessible data through unauthorized updates, inserts, or deletions. Additionally, they may gain unauthorized read access to specific data and potentially initiate a partial denial of service on the Database Gateway for ODBC. This presents a significant risk for data integrity and confidentiality.",Oracle,Oracle Database,5,MEDIUM,0.0005300000193528831,false,,false,false,false,,,false,false,,2020-01-15T16:33:59.000Z,0
CVE-2020-2527,https://securityvulnerability.io/vulnerability/CVE-2020-2527,Database Server Vulnerability in Oracle's Core RDBMS Component,"This vulnerability exists within the Core RDBMS component of Oracle Database Server, where a high-privileged attacker able to use Create Index and Create Table privileges, with network access through OracleNet, can exploit the weakness. Such an exploitation can lead to unauthorized read access to sensitive data within the RDBMS. The impact of attacks extends beyond the Core RDBMS, potentially affecting various interconnected products. Users should implement appropriate security measures to mitigate potential risks associated with this vulnerability.",Oracle,Oracle Database,4.1,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2020-01-15T16:33:59.000Z,0
CVE-2020-2517,https://securityvulnerability.io/vulnerability/CVE-2020-2517,Vulnerability in Oracle Database Gateway for ODBC Component,"A vulnerability exists in the Database Gateway for ODBC component of Oracle Database Server which can be exploited by an attacker with high privileges, particularly those with Create Procedure and Create Database Link privileges. The attacker must possess network access via OracleNet to target the Database Gateway for ODBC. Successful exploitation may lead to unauthorized updates, inserts, or deletions of accessible data within this component, as well as the potential to partially disrupt services, leading to a partial denial of service situation. The affected versions include 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, and 19c. Organizations using these versions should take necessary precautions to mitigate risks associated with this vulnerability.",Oracle,Oracle Database,3.3,LOW,0.0005799999926239252,false,,false,false,false,,,false,false,,2020-01-15T16:33:59.000Z,0
CVE-2019-2956,https://securityvulnerability.io/vulnerability/CVE-2019-2956,Vulnerability in Core RDBMS of Oracle Database Server,"A vulnerability exists in the Core RDBMS component of Oracle Database Server, specifically within jackson-databind. This flaw affects versions 12.1.0.2, 12.2.0.1, 18c, and 19c. It can be exploited by an attacker with low privileges who possesses the Create Session privilege and has network access through various protocols. Successful exploitation can lead to unauthorized manipulation that may result in the database process hanging or repeatedly crashing, leading to a denial-of-service condition. Attacks require interaction from a user other than the attacker, thus posing a unique risk.",Oracle,Oracle Database,5.7,MEDIUM,0.000590000010561198,false,,false,false,false,,,false,false,,2019-10-16T17:40:56.000Z,0
CVE-2019-2955,https://securityvulnerability.io/vulnerability/CVE-2019-2955,RDBMS Vulnerability in Oracle Database Server Software,"A vulnerability in Oracle's Core RDBMS component allows low privileged attackers with Local Logon rights to exploit the system. While this attack requires user interaction from a third party, successful exploitation can enable unauthorized updates, inserts, or deletions of data accessible in Core RDBMS. Additionally, it poses a risk of causing a partial denial of service, impacting data availability. Organizations using affected versions of Oracle Database Server should take immediate action to secure their systems.",Oracle,Oracle Database,3.9,LOW,0.000910000002477318,false,,false,false,false,,,false,false,,2019-10-16T17:40:56.000Z,0
CVE-2019-2954,https://securityvulnerability.io/vulnerability/CVE-2019-2954,Core RDBMS Vulnerability in Oracle Database Server,"A vulnerability exists in the Core RDBMS component of Oracle Database Server, allowing low privileged attackers to exploit the system with Create Session and Create Procedure privileges. This exploit requires the attacker to have logon access to the infrastructure. If successfully executed, the vulnerability could lead to unauthorized modifications to data, including updates and deletions, as well as potential partial denial of service scenarios. Human interaction from an individual other than the attacker is necessary for the exploit to succeed, emphasizing the importance of user awareness in mitigating the risk.",Oracle,Oracle Database,3.9,LOW,0.000910000002477318,false,,false,false,false,,,false,false,,2019-10-16T17:40:56.000Z,0
CVE-2019-2940,https://securityvulnerability.io/vulnerability/CVE-2019-2940,Unauthorized Data Access Vulnerability in Oracle Database Server,"An easily exploitable vulnerability exists in the Core RDBMS component of Oracle Database Server that could allow a highly privileged attacker, possessing Create Session privileges, to compromise the Core RDBMS. This vulnerability affects certain supported versions, allowing unauthorized update, insert, or delete access to some Core RDBMS accessible data, potentially leading to significant integrity impacts on the database.",Oracle,Oracle Database,2.3,LOW,0.0004900000058114529,false,,false,false,false,,,false,false,,2019-10-16T17:40:55.000Z,0