EUVD-2025-35283

Vulnerability in the RDBMS Functional Index component of Oracle Database Server. Supported versions that are affected are 23.4-23.9. Easily exploitable vulnerability allows high privileged attacker having SYSDBA privilege with network access via Oracle Net to compromise RDBMS Functional Index...

PT-2023-3643 · Oracle · Oracle Database Server

Name of the Vulnerable Software and Affected Versions: Oracle Database Server versions 19.3 through 19.19 Oracle Database Server versions 21.3 through 21.10 Description: The issue is related to insufficient input validation in the Unified Audit component of Oracle Database Server. It allows a...

CVE-2021-38459

The data of a network capture of the initial handshake phase can be used to authenticate at a SYSDBA level. If a specific .exe is not restarted often, it is possible to access the needed handshake packets between admin/client connections. Using the SYSDBA permission, an attacker can change user...

CVE-2021-38475

The database connection to the server is performed by calling a specific API, which could allow an unprivileged user to gain SYSDBA permissions...

Damon Database Vulnerability for Overstepping Authority and Tampering with Data

DM7 is a new-generation database product designed by Damon on the basis of summarizing the R&D and application experience of DM series products, absorbing the advantages of mainstream database products, and adopting JAVA-like virtual machine technology. DM7 database has the vulnerability of...