Design/Logic Flaw

Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.2.0.1 and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Session, Execute Catalog Role privilege with network access via Oracle Net to compromise...

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Stored Procedure. Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise...

Buffer overflow

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: ImageIO. Supported versions that are affected are Oracle Java SE: 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows...

Buffer overflow

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows...

CVE-2022-21403

Summary of CVE-2022-21403 : A vulnerability in the Oracle Communications Operations Monitor product (component: Mediation Engine) affects versions 3.4, 4.2, 4.3, 4.4 and 5.0. An attacker with high privileges and network access via HTTP can compromise the monitor, potentially allowing unauthorized...

CVE-2022-21402

Oracle Communications Operations Monitor (Mediation Engine) is affected in CVE-2022-21402 for versions 3.4, 4.2, 4.3, 4.4 and 5.0. The vulnerability enables a high-privilege attacker with network access via HTTP to compromise data confidentiality and integrity, with unauthorized read/update/delet...

CVE-2022-21391

CVE-2022-21391 affects Oracle Communications Billing and Revenue Management (BRM), specifically the Connection Manager component. Affected versions are 12.0.0.3 and 12.0.0.4. The issue is described as easily exploitable: a low-privilege attacker with network access via HTTP can compromise BRM, wi...

CVE-2022-21390

CVE-2022-21390 affects Oracle Communications Billing and Revenue Management (BRM), Webservices Manager component. Affected versions: 12.0.0.3 and 12.0.0.4. The issue allows an unauthenticated attacker with network access over HTTP to compromise BRM, potentially taking over the system. CVSS 3.1 ba...

CVE-2022-21386

CVE-2022-21386 affects Oracle WebLogic Server (Web Container) on 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. The vulnerability allows an unauthenticated attacker with network access via HTTP to compromise WebLogic Server, with potential unauthorized update/insert/delete and read access to ...

CVE-2022-21382

CVE-2022-21382 affects Oracle Communications’ Oracle Enterprise Session Border Controller (WebUI) for the 8.4 and 9.0 ranges. A low-privilege, network-accessible attacker (via HTTP) can compromise the device, potentially enabling unauthorized creation, deletion or modification of data on the ECSB...

CVE-2022-21379

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Group Replication Plugin. Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

CVE-2022-21378

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

CVE-2022-21374

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Information Schema. Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

CVE-2022-21373

CVE-2022-21373 affects Oracle E-Business Suite Partner Management (Reseller Locator). Affected versions are 12.2.3–12.2.11. The vulnerability allows an unauthenticated attacker with network access via HTTP to compromise Partner Management, with human interaction required. Impacts include unauthor...

CVE-2022-21369

Affected product: Oracle PeopleSoft Enterprise PeopleTools Rich Text Editor (component). Vulnerable versions: 8.57, 8.58, 8.59. Root cause: vulnerability in Rich Text Editor allowing network-access exploitation via HTTP; attacker requires user interaction. Impact: unauthorized update/insert/delet...

CVE-2022-21368

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Components Services. Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

CVE-2022-21359

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: Optimization Framework. Supported versions that are affected are 8.57, 8.58 and 8.59. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSo...

CVE-2022-21358

CVE-2022-21358 affects Oracle/MySQL Server (component: Server: Security: Encryption). Affected versions are 8.0.27 and earlier. The vulnerability can be exploited by a low-privilege attacker with network access via multiple protocols, potentially causing the MySQL Server to hang or crash (complet...

CVE-2022-21354

Vulnerability in the Oracle iStore product of Oracle E-Business Suite component: User Interface. Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks...

CVE-2022-21351

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...