Design/Logic Flaw

Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 19.3-19.19 and 21.3-21.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option...

CVE-2023-22034

The CVE-2023-22034 issue affects Oracle Database Server Unified Audit component. Affected versions are 19.3–19.19 and 21.3–21.10. The root cause is described as insufficient input validation, enabling a high-privileged SYSDBA attacker with network access via Oracle Net to compromise Unified Audit...

PT-2023-3643 · Oracle · Oracle Database Server

Name of the Vulnerable Software and Affected Versions: Oracle Database Server versions 19.3 through 19.19 Oracle Database Server versions 21.3 through 21.10 Description: The issue is related to insufficient input validation in the Unified Audit component of Oracle Database Server. It allows a...

Oracle Database Server 安全漏洞

Oracle Database Server is a set of relational database management system of the United States Oracle Oracle. The database management system provides data management, distributed processing and other functions. A security vulnerability exists in the Advanced Networking Option component of Oracle...

Oracle Database Server 安全漏洞

Oracle Database Server is a set of relational database management system of the United States Oracle Oracle. The database management system provides data management, distributed processing and other functions. A security vulnerability exists in the Unified Audit component of Oracle Database Serve...

Security Bulletin: A vulnerability in the Oracle Data Provider may affect IBM Robotic Process Automation and result in an attacker gaining elevated privileges (CVE-2023-21893).

Summary Oracle Data Provider is used by IBM Robotic Process Automation as part of SQL Server database connectivity. CVE-2023-21893. Vulnerability Details CVEID:CVE-2023-21893 DESCRIPTION: Oracle Database Server could allow a remote attacker to gain elevated privileges on the system, caused by an...

CVE-2023-34363

An issue was discovered in Progress DataDirect Connect for ODBC before 08.02.2770 for Oracle. When using Oracle Advanced Security OAS encryption, if an error is encountered initializing the encryption object used to encrypt data, the code falls back to a different encryption mechanism that uses a...

Vulnerability of the Server component: The Oracle MySQL Server database management system’s DDL functions allow attackers to cause service interruptions.

Vulnerability of the Server component: The DDL system for managing databases in Oracle MySQL Server has vulnerabilities related to access control. Exploiting this vulnerability can allow an attacker to cause service interruptions using the MySQL protocol...

Vulnerability of the Server component: The Optimizer component of the Oracle MySQL Server database management system, which allows a hacker to cause a service failure.

The vulnerability of the Oracle MySQL Server component of the database management system’s optimizer is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to cause service interruptions using the MySQL protocol...

The vulnerability of the InnoDB component of the Oracle MySQL Server database management system, which allows a hacker to cause a service failure.

The vulnerability of the InnoDB component in the Oracle MySQL Server database management system is related to access control deficiencies. Exploiting this vulnerability could allow an attacker to cause service interruptions using the MySQL protocol...

The vulnerability of the Oracle Database Recovery Manager component of the Oracle Database Server database management system allows a perpetrator to trigger a service failure.

The vulnerability of the Oracle Database Recovery Manager component of the Oracle Database Server management system exists due to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to cause service interruptions...

Oracle RMAN Missing Auditing

Title: CVE-2020-2978 - Oracle RMAN Audit table point in time recovery not recorded Product: Database Manufacturer: Oracle Affected Versions: 12.1.0.2, 12.2.0.1, 18c, 19c Tested Versions: 19c Risk Level: Medium Score: 4.1 Solution Status: Fixed CVE Reference: CVE-2020-2978 Author of Advisory: Emad...

The vulnerability of the Java VM component of the Oracle Database Server management system allows a hacker to gain access to read, modify, add, or delete data.

The vulnerability of the Java VM component of the Oracle Database Server management system is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain read, modify, add, or delete access to data...

Oracle Patch Tuesday April 2023 Security Update Review

Oracle has released the second quarterly edition of Critical Patch Update, which contains a group of patches for 433 security vulnerabilities. Some of the vulnerabilities addressed this month impact various products. These patches address vulnerabilities in Oracle code and third-party components...

Vulnerabilities fixed in Oracle Database Server

Vulnerabilities have been fixed in Oracle Database Server. The vulnerabilities allow a malicious party to carry out attacks execute attacks that lead to a denial-of-service DoS or manipulation of data. Oracle has fixed vulnerabilities in the following products: - Oracle Database Server - Oracle...

Oracle Database Server (Apr 2023 CPU)

The 19c and 21c versions of Oracle Database Server installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2023 CPU advisory. - Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Difficul...

CVE-2023-21934

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Difficult to exploit vulnerability allows low privileged attacker having User Account privilege with network access via TLS to compromise Java VM. Successful attacks of this...

CVE-2023-21934

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Difficult to exploit vulnerability allows low privileged attacker having User Account privilege with network access via TLS to compromise Java VM. Successful attacks of this...

CVE-2023-21918

Vulnerability in the Oracle Database Recovery Manager component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Easily exploitable vulnerability allows high privileged attacker having Local SYSDBA privilege with network access via Oracle Net to compromise Oracle...

CVE-2023-21918

Vulnerability in the Oracle Database Recovery Manager component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Easily exploitable vulnerability allows high privileged attacker having Local SYSDBA privilege with network access via Oracle Net to compromise Oracle...