cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2025-21553,https://securityvulnerability.io/vulnerability/CVE-2025-21553,Vulnerability in Java VM of Oracle Database Server,"A vulnerability exists in the Java VM component of Oracle Database Server allowing a low-privileged attacker with specific privileges to exploit it. This vulnerability can enable unauthorized updates, insertions, or deletions of Java VM accessible data, as well as unauthorized reading of certain data. Affected versions include Oracle Database Server 19.3 to 19.25, 21.3 to 21.16, and 23.4 to 23.6. The vulnerability can be exploited over the network via Oracle Net, highlighting the need for immediate attention from users of affected versions to safeguard their data.",Oracle,Oracle Database Server,4.2,MEDIUM,0.01,false,false,false,false,false,false,false,2025-01-21T20:53:17.298Z,0
CVE-2024-21251,https://securityvulnerability.io/vulnerability/CVE-2024-21251,Vulnerability in Java VM Component Could Allow Privilege Escalation,"Vulnerability in the Java VM component of Oracle Database Server.  Supported versions that are affected are 19.3-19.24, 21.3-21.15 and  23.4-23.5. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via Oracle Net to compromise Java VM.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Java VM accessible data. CVSS 3.1 Base Score 3.1 (Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N).",Oracle,Oracle Database Server,3.1,LOW,0.00044999999227002263,false,false,false,false,,false,false,2024-10-15T19:52:51.702Z,0
CVE-2024-21242,https://securityvulnerability.io/vulnerability/CVE-2024-21242,xml database vulnerability,"Vulnerability in the XML Database component of Oracle Database Server.  Supported versions that are affected are 19.3-19.24, 21.3-21.15 and  23.4-23.5. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via HTTP to compromise XML Database.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of XML Database. CVSS 3.1 Base Score 3.5 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L).",Oracle,Oracle Database Server,3.5,LOW,0.0004400000034365803,false,false,false,false,,false,false,2024-10-15T19:52:48.993Z,0
CVE-2024-21233,https://securityvulnerability.io/vulnerability/CVE-2024-21233,Vulnerability in Oracle Database Server Core Component,"A vulnerability in the Oracle Database Server's core component allows an attacker with low privileges and network access to exploit the system. The flaw enables unauthorized updates, inserts, or deletions of accessible data, thereby compromising data integrity. Supported versions affected include 19.3 to 19.24, 21.3 to 21.15, and 23.4 to 23.5. Users are advised to apply necessary security patches to mitigate the risk.",Oracle,Oracle Database Server,4.3,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2024-10-15T19:52:46.224Z,0
CVE-2020-2968,https://securityvulnerability.io/vulnerability/CVE-2020-2968,,"Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via multiple protocols to compromise Java VM. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java VM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java VM. CVSS 3.1 Base Score 8.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H).",Oracle,Oracle Database,8,HIGH,0.0013800000306218863,false,false,false,false,,false,false,2020-07-15T17:34:36.000Z,0
CVE-2020-2969,https://securityvulnerability.io/vulnerability/CVE-2020-2969,,"Vulnerability in the Data Pump component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows high privileged attacker having DBA role account privilege with network access via Oracle Net to compromise Data Pump. Successful attacks of this vulnerability can result in takeover of Data Pump. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).",Oracle,Oracle Database,6.6,MEDIUM,0.0009699999936856329,false,false,false,true,true,false,false,2020-07-15T17:34:36.000Z,0
CVE-2020-2978,https://securityvulnerability.io/vulnerability/CVE-2020-2978,,"Vulnerability in the Oracle Database - Enterprise Edition component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having DBA role account privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition. While the vulnerability is in Oracle Database - Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database - Enterprise Edition accessible data. CVSS 3.1 Base Score 4.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N).",Oracle,Oracle Database,4.1,MEDIUM,0.0006000000284984708,false,false,false,true,true,false,false,2020-07-15T00:00:00.000Z,0
CVE-2020-2735,https://securityvulnerability.io/vulnerability/CVE-2020-2735,,"Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Java VM. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java VM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java VM. CVSS 3.0 Base Score 8.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H).",Oracle,Oracle Database,8,HIGH,0.0009699999936856329,false,false,false,false,,false,false,2020-04-15T13:29:43.000Z,0
CVE-2020-2734,https://securityvulnerability.io/vulnerability/CVE-2020-2734,,"Vulnerability in the RDBMS/Optimizer component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having Execute on DBMS_SQLTUNE privilege with network access via Oracle Net to compromise RDBMS/Optimizer. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of RDBMS/Optimizer accessible data. CVSS 3.0 Base Score 2.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N).",Oracle,Oracle Database,2.4,LOW,0.000539999979082495,false,false,false,false,,false,false,2020-04-15T13:29:43.000Z,0
CVE-2020-2737,https://securityvulnerability.io/vulnerability/CVE-2020-2737,,"Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows high privileged attacker having Create Session, Execute Catalog Role privilege with network access via Oracle Net to compromise Core RDBMS. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Core RDBMS. CVSS 3.0 Base Score 6.4 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).",Oracle,Oracle Database,6.4,MEDIUM,0.0009699999936856329,false,false,false,false,,false,false,2020-04-15T13:29:43.000Z,0
CVE-2020-2731,https://securityvulnerability.io/vulnerability/CVE-2020-2731,,"Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Core RDBMS executes to compromise Core RDBMS. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Core RDBMS accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Core RDBMS. CVSS 3.0 Base Score 3.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L).",Oracle,Oracle Database,3.9,LOW,0.000910000002477318,false,false,false,false,,false,false,2020-01-15T16:34:09.000Z,0
CVE-2020-2637,https://securityvulnerability.io/vulnerability/CVE-2020-2637,,"Vulnerability in the Enterprise Manager for Oracle Database product of Oracle Enterprise Manager (component: Change Manager - web based). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager for Oracle Database. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager for Oracle Database accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager for Oracle Database accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager for Oracle Database. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L).",Oracle,Enterprise Manager For Oracle Database,6,MEDIUM,0.0007999999797903001,false,false,false,false,,false,false,2020-01-15T16:34:04.000Z,0
CVE-2020-2568,https://securityvulnerability.io/vulnerability/CVE-2020-2568,,"Vulnerability in the Oracle Applications DBA component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Oracle Applications DBA executes to compromise Oracle Applications DBA. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications DBA accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Applications DBA. CVSS 3.0 Base Score 3.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L).",Oracle,Oracle Database,3.9,LOW,0.000910000002477318,false,false,false,false,,false,false,2020-01-15T16:34:01.000Z,0
CVE-2020-2517,https://securityvulnerability.io/vulnerability/CVE-2020-2517,,"Vulnerability in the Database Gateway for ODBC component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, and 19c. Difficult to exploit vulnerability allows high privileged attacker having Create Procedure, Create Database Link privilege with network access via OracleNet to compromise Database Gateway for ODBC. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Database Gateway for ODBC accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Database Gateway for ODBC. CVSS 3.0 Base Score 3.3 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:L).",Oracle,Oracle Database,3.3,LOW,0.0005799999926239252,false,false,false,false,,false,false,2020-01-15T16:33:59.000Z,0
CVE-2020-2527,https://securityvulnerability.io/vulnerability/CVE-2020-2527,,"Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Index, Create Table privilege with network access via OracleNet to compromise Core RDBMS. While the vulnerability is in Core RDBMS, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Core RDBMS accessible data. CVSS 3.0 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N).",Oracle,Oracle Database,4.1,MEDIUM,0.000539999979082495,false,false,false,false,,false,false,2020-01-15T16:33:59.000Z,0
CVE-2020-2516,https://securityvulnerability.io/vulnerability/CVE-2020-2516,,"Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Materialized View, Create Table privilege with network access via OracleNet to compromise Core RDBMS. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Core RDBMS accessible data. CVSS 3.0 Base Score 2.4 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N).",Oracle,Oracle Database,2.4,LOW,0.000539999979082495,false,false,false,false,,false,false,2020-01-15T16:33:59.000Z,0
CVE-2020-2510,https://securityvulnerability.io/vulnerability/CVE-2020-2510,,"Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via OracleNet to compromise Core RDBMS. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Core RDBMS. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).",Oracle,Oracle Database,7.5,HIGH,0.001930000027641654,false,false,false,false,,false,false,2020-01-15T16:33:59.000Z,0
CVE-2020-2511,https://securityvulnerability.io/vulnerability/CVE-2020-2511,,"Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via OracleNet to compromise Core RDBMS. While the vulnerability is in Core RDBMS, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Core RDBMS. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).",Oracle,Oracle Database,7.7,HIGH,0.000590000010561198,false,false,false,false,,false,false,2020-01-15T16:33:59.000Z,0
CVE-2020-2512,https://securityvulnerability.io/vulnerability/CVE-2020-2512,,"Vulnerability in the Database Gateway for ODBC component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via OracleNet to compromise Database Gateway for ODBC. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Database Gateway for ODBC. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).",Oracle,Oracle Database,5.9,MEDIUM,0.0009299999801442027,false,false,false,false,,false,false,2020-01-15T16:33:59.000Z,0
CVE-2020-2518,https://securityvulnerability.io/vulnerability/CVE-2020-2518,,"Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows low privileged attacker having Create Session privilege with network access via multiple protocols to compromise Java VM. Successful attacks of this vulnerability can result in takeover of Java VM. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H).",Oracle,Oracle Database,7.5,HIGH,0.0013800000306218863,false,false,false,false,,false,false,2020-01-15T16:33:59.000Z,0
CVE-2020-2515,https://securityvulnerability.io/vulnerability/CVE-2020-2515,,"Vulnerability in the Database Gateway for ODBC component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows low privileged attacker having Create Session privilege with network access via OracleNet to compromise Database Gateway for ODBC. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Database Gateway for ODBC accessible data as well as unauthorized read access to a subset of Database Gateway for ODBC accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Database Gateway for ODBC. CVSS 3.0 Base Score 5.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L).",Oracle,Oracle Database,5,MEDIUM,0.0005300000193528831,false,false,false,false,,false,false,2020-01-15T16:33:59.000Z,0
CVE-2019-2955,https://securityvulnerability.io/vulnerability/CVE-2019-2955,,"Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Core RDBMS executes to compromise Core RDBMS. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Core RDBMS accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Core RDBMS. CVSS 3.0 Base Score 3.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L).",Oracle,Oracle Database,3.9,LOW,0.000910000002477318,false,false,false,false,,false,false,2019-10-16T17:40:56.000Z,0
CVE-2019-2954,https://securityvulnerability.io/vulnerability/CVE-2019-2954,,"Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with logon to the infrastructure where Core RDBMS executes to compromise Core RDBMS. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Core RDBMS accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Core RDBMS. CVSS 3.0 Base Score 3.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L).",Oracle,Oracle Database,3.9,LOW,0.000910000002477318,false,false,false,false,,false,false,2019-10-16T17:40:56.000Z,0
CVE-2019-2956,https://securityvulnerability.io/vulnerability/CVE-2019-2956,,"Vulnerability in the Core RDBMS (jackson-databind) component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via multiple protocols to compromise Core RDBMS (jackson-databind). Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Core RDBMS (jackson-databind). CVSS 3.0 Base Score 5.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H).",Oracle,Oracle Database,5.7,MEDIUM,0.000590000010561198,false,false,false,false,,false,false,2019-10-16T17:40:56.000Z,0
CVE-2019-2939,https://securityvulnerability.io/vulnerability/CVE-2019-2939,,"Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via OracleNet to compromise Core RDBMS. While the vulnerability is in Core RDBMS, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Core RDBMS accessible data. CVSS 3.0 Base Score 5.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N).",Oracle,Oracle Database,5,MEDIUM,0.000539999979082495,false,false,false,false,,false,false,2019-10-16T17:40:55.000Z,0