CVE-2020-14899

CVE-2020-14899 affects the Oracle Application Express Data Reporter component of Oracle Database Server (pre-20.2). The issue is exploitable by a low-privilege user with a valid account, via HTTP, and requires user interaction. An attacker can modify and delete data and also obtain unauthorized r...

CVE-2020-14898

CVE-2020-14898 affects Oracle Database Server’s Oracle Application Express Packaged Apps (APEX) prior to version 20.2. The issue allows a low-privilege user with a valid account and network access via HTTP to interact with a vulnerable APEX Packaged Apps component, potentially resulting in unauth...

CVE-2020-14901

Vulnerability in the RDBMS Security component of Oracle Database Server. The supported version that is affected is 19c. Easily exploitable vulnerability allows high privileged attacker having Analyze Any privilege with network access via Oracle Net to compromise RDBMS Security. Successful attacks...

CVE-2020-14900

Oracle CVE-2020-14900 affects the Oracle Application Express Group Calendar component in Oracle Database Server (older than 20.2). The vulnerability allows a low-privileged user with a valid account, over HTTP, to perform unauthorized updates, inserts, or deletes and read access to certain data, ...

CVE-2020-14763

Vulnerability in the Oracle Application Express Quick Poll component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low privileged attacker having Valid User Account privilege with network access via HTTP to compromise...

CVE-2020-14763

CVE-2020-14763 affects Oracle Database Server’s Application Express Quick Poll component, with the affected version being prior to 20.2. A low-privileged attacker with a valid user account and network access via HTTP can compromise Quick Poll, with successful attacks potentially leading to unauth...

CVE-2020-14763

Vulnerability in the Oracle Application Express Quick Poll component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low privileged attacker having Valid User Account privilege with network access via HTTP to compromise...

CVE-2020-14742

Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having SYSDBA level account privilege with network access via Oracle Net to...

CVE-2020-14740

Vulnerability in the SQL Developer Install component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c. Easily exploitable vulnerability allows low privileged attacker having Client Computer User Account privilege with logon to the...

CVE-2020-14743

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows low privileged attacker having Create Procedure privilege with network access via multiple protocols to...

CVE-2020-14741

Vulnerability in the Database Filesystem component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Easily exploitable vulnerability allows high privileged attacker having Resource, Create Table, Create View, Create Procedure, Dbfsrole privilege...

CVE-2020-14736

Vulnerability in the Database Vault component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Easily exploitable vulnerability allows high privileged attacker having Create Public Synonym privilege with network access via Oracle Net to compromi...

CVE-2020-14740

Vulnerability in the SQL Developer Install component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c. Easily exploitable vulnerability allows low privileged attacker having Client Computer User Account privilege with logon to the...

CVE-2020-14734

Vulnerability in the Oracle Text component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Oracle Text. Successful...

CVE-2020-14735

Vulnerability in the Scheduler component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Scheduler...

CVE-2020-14743

CVE-2020-14743 is a vulnerability in the Oracle Database Server Java VM component affecting 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, and 19c. The issue allows a low-privileged attacker with Create Procedure privilege and network access via multiple protocols to compromise the Java VM, potentially leadi...

CVE-2020-14741

CVE-2020-14741 is a vulnerability in the Oracle Database Server’s Database Filesystem component affecting Oracle versions 11.2.0.4, 12.1.0.2, and 12.2.0.1. An attacker with high privileges (Resource, Create Table, Create View, Create Procedure, Dbfs_role) and network access via Oracle Net can cau...

CVE-2020-14741

Vulnerability in the Database Filesystem component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Easily exploitable vulnerability allows high privileged attacker having Resource, Create Table, Create View, Create Procedure, Dbfsrole privilege...

CVE-2020-14734

Vulnerability in the Oracle Text component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Oracle Text. Successful...

CVE-2020-14740

CVE-2020-14740 affects Oracle Database Server’s SQL Developer Install component in versions 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c. A low-privilege user with Client Computer User Account privileges and logon to the environment can trigger a vulnerability that requires user interaction and can lead ...