CVE-2024-21174

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.23, 21.3-21.14 and 23.4. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via Oracle Net to...

Oracle Database Password Hash Unauthorized Access

Title: CVE-2020-2969 – Unauthorized Access to Password Hashes by Account with DBA role Product: Database Manufacturer: Oracle Affected Versions: 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, 19c Tested Versions: 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, 19c Risk Level: Medium Solution Status: Fixed CVE Reference:...

Oracle Database Server (Apr 2024 CPU)

The versions of Oracle Database Server installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2024 CPU advisory. - Vulnerability in the RDBMS Python component of Oracle Database Server. Supported versions that are affected are 21.3-21.13. Easily exploitab...

CVE-2024-20995

Vulnerability in the Oracle Database Sharding component of Oracle Database Server. Supported versions that are affected are 19.3-19.22 and 21.3-21.13. Easily exploitable vulnerability allows high privileged attacker having DBA privilege with network access via Oracle Net to compromise Oracle...

CVE-2024-20903

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.21 and 21.3-21.12. Easily exploitable vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via Oracle Net to compromise...

CVE-2024-20911

CVE-2024-20911 affects Oracle Audit Vault and Database Firewall (Firewall component) with affected versions 20.1–20.9. The vulnerability allows an attacker with network access via Oracle Net and high privileges to read a subset of data, requiring user interaction and potentially impacting additio...

CVE-2024-20909

CVE-2024-20909 affects Oracle Audit Vault and Database Firewall (Firewall component) for versions 20.1–20.9. The issue allows an unauthenticated attacker with network access via Oracle Net to compromise data, enabling unauthorized creation, deletion or modification of critical data. The base scor...

CVE-2024-20912

Oracle Audit Vault and Database Firewall (Firewall component) versions 20.1–20.9 are affected. Root cause: insufficient input validation in the Firewall, enabling a high-privilege attacker with network access via Oracle Net to read/modify/delete data. Impact matches unauthorized updates/inserts/d...

CVE-2024-20910

CVE-2024-20910 affects Oracle Audit Vault and Database Firewall (Firewall component). Versions 20.1–20.9 are affected. The issue allows a high-privilege attacker with network access via Oracle Net to read data from the vault/firewall, with the attack surface potentially impacting related Oracle p...

PT-2024-1155 · Oracle · Oracle Audit Vault/Database Firewall

Name of the Vulnerable Software and Affected Versions: Oracle Audit Vault and Database Firewall versions 20.1 through 20.9 Description: The issue is related to insufficient input validation in the Firewall component of Oracle Audit Vault and Database Firewall, allowing a remote attacker to gain...

Oracle TimesTen < 11.2.2.8.65 Buffer Overflow (January 2023 CPU)

The version of Oracle TimesTen installed on the remote host is prior to 11.2.2.8.65. It is, therefore, affected by a buffer overflow vulnerability as referenced in the January 2023 CPU advisory - Vulnerability in Oracle TimesTen In-Memory Database component: In-Memory Database zlib. Supported...

PT-2023-9588 · Oracle · Oracle Database Server

Name of the Vulnerable Software and Affected Versions: Oracle Database Server versions 19.3 through 19.24 Oracle Database Server versions 21.3 through 21.15 Oracle Database Server versions 23.4 through 23.5 Description: The issue is related to insufficient protection of internal data due to...

PT-2023-9647 · Oracle · Oracle Database

Name of the Vulnerable Software and Affected Versions: Oracle Database versions 19.3 through 19.23 Description: The issue is related to errors in privilege management within the Oracle Database RDBMS Security component of Oracle Database Server. It allows a highly privileged attacker with Execute...

Buffer overflow

Vulnerability in the Oracle Database Sharding component of Oracle Database Server. Supported versions that are affected are 19.3-19.20 and 21.3-21.11. Easily exploitable vulnerability allows high privileged attacker having Create Session, Create Any View, Select Any Table privilege with network...

Oracle Database Server Security Vulnerability

Oracle Database Server is a set of relational database management system of the United States Oracle Oracle. The database management system provides data management, distributed processing, and other functions. A security vulnerability in the Oracle Database Recovery Manager component of Oracle...

Oracle Database Server Security Vulnerability

Oracle Database Server is a set of relational database management system of the United States Oracle Oracle. The database management system provides data management, distributed processing, and other functions. A security vulnerability in the Oracle Database Sharding component of Oracle Database...

Oracle Database Server Security Vulnerability

Oracle Database Server is a set of relational database management system of the United States Oracle Oracle. The database management system provides data management, distributed processing, and other functions. A security vulnerability in the Oracle Database Sharding component of Oracle Database...

CVE-2023-22034

Vulnerability in the Unified Audit component of Oracle Database Server. Supported versions that are affected are 19.3-19.19 and 21.3-21.10. Easily exploitable vulnerability allows high privileged attacker having SYSDBA privilege with network access via Oracle Net to compromise Unified Audit...

CVE-2023-21918

Vulnerability in the Oracle Database Recovery Manager component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Easily exploitable vulnerability allows high privileged attacker having Local SYSDBA privilege with network access via Oracle Net to compromise Oracle...

Oracle Enterprise Manager Ops Center UI and Other Patches (January 2022 CPU)

The 12.4.0.0 versions of Enterprise Manager Ops Center installed on the remote host are affected by multiple vulnerabilities as referenced in the January 2022 CPU advisory. - Vulnerability in the Enterprise Manager Ops Center product of Oracle Enterprise Manager component: Networking JDBC. The...