Unspecified Vulnerability in Oracle Database Server (CNVD-2023-71322)

Oracle Database Server is a set of relational database management system of the United States Oracle Oracle. The database management system provides data management, distributed processing and other functions. A security vulnerability exists in Oracle Database Server versions 19c and 21c. An...

Oracle Patch Tuesday April 2023 Security Update Review

Oracle has released the second quarterly edition of Critical Patch Update, which contains a group of patches for 433 security vulnerabilities. Some of the vulnerabilities addressed this month impact various products. These patches address vulnerabilities in Oracle code and third-party components...

Design/Logic Flaw

Vulnerability in the Oracle Database Recovery Manager component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Easily exploitable vulnerability allows high privileged attacker having Local SYSDBA privilege with network access via Oracle Net to compromise Oracle...

Design/Logic Flaw

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Difficult to exploit vulnerability allows low privileged attacker having User Account privilege with network access via TLS to compromise Java VM. Successful attacks of this...

CVE-2023-21934

The CVE-2023-21934 issue affects Oracle Database Server (Java VM component) in 19c and 21c. The root cause is described in connected sources as insufficient input validation in the Java VM, enabling a low-privileged user with network access via TLS to compromise the Java VM and potentially read, ...

Component takeover in Oracle Data Provider for .NET

Vulnerability in the Oracle Data Provider for .NET component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TCPS to compromise Oracle Data Provider for .NET. Successful...

GHSA-5PM2-9MR2-3FRQ Component takeover in Oracle Data Provider for .NET

Vulnerability in the Oracle Data Provider for .NET component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TCPS to compromise Oracle Data Provider for .NET. Successful...

CVE-2022-39429

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Procedure privilege with network access via Oracle Net to compromise Java VM. Successful attacks of...

Design/Logic Flaw

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Procedure privilege with network access via Oracle Net to compromise Java VM. Successful attacks of...

CVE-2023-21829

CVE-2023-21829 affects Oracle Database Server, specifically the RDBMS Security component. Connected sources confirm affected versions are 19c and 21c. A low-privileged attacker with Create Session privilege and network access via Oracle Net can compromise RDBMS Security, with human interaction re...

CVE-2023-21827

The CVE-2023-21827 entry describes a vulnerability in the Oracle Database Data Redaction component affecting Oracle Database Server 19c and 21c. The flaw allows a low-privileged attacker with Create Session privilege and network access via Oracle Net to read a subset of Data Redaction data. The a...

CVE-2022-39429

The CVE-2022-39429 entry affects Oracle Database Server’s Java VM component on 19c and 21c. The vulnerability is exploitable by a low-privilege attacker with Create Procedure privilege and network access via Oracle Net, enabling partial denial of service of the Java VM. This conclusion is support...

PT-2023-1244 · Oracle · Oracle Data Provider For .Net +1

Name of the Vulnerable Software and Affected Versions: Oracle Data Provider for .NET versions 19c through 21c Description: The issue is related to insufficient input validation in the Oracle Data Provider for .NET component of Oracle Database Server, allowing an unauthenticated attacker with...

Oracle Database Server (Oct 2022 CPU)

The 19c and 21c versions of Oracle Database Server installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2022 CPU advisory. - Vulnerability in the Oracle Database - Machine Learning Numpy component of Oracle Database Server. The supported version that ...

Design/Logic Flaw

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Procedure privilege with network access via Oracle Net to compromise Java VM. Successful attacks of...

CVE-2022-21603

Vulnerability in the Oracle Database - Sharding component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Easily exploitable vulnerability allows high privileged attacker having Local Logon privilege with network access via Local Logon to compromise Oracle Databas...

CVE-2022-39419

Oracle Database Server’s Java VM component (19c and 21c) is affected by CVE-2022-39419. A low-privilege attacker with Create Procedure privilege and network access via Oracle Net can read a subset of Java VM data due to a vulnerability in the Java VM component. The issue is documented across mult...

CVE-2022-21603

CVE-2022-21603 affects Oracle Database Server, specifically the Sharding component, with 19c and 21c as affected versions. The root cause is a vulnerability in Sharding that enables a high-privilege attacker with Local Logon privilege and network access via Local Logon to compromise the Sharding ...

CVE-2022-21603

Vulnerability in the Oracle Database - Sharding component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Easily exploitable vulnerability allows high privileged attacker having Local Logon privilege with network access via Local Logon to compromise Oracle Databas...

CVE-2022-39419

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Procedure privilege with network access via Oracle Net to compromise Java VM. Successful attacks of...