24 matches found
CVE-2024-20903
CVE-2024-20903 affects Oracle Database Server Java VM component. Affected versions are 19.3–19.21 and 21.3–21.12. The vulnerability allows a low-privileged attacker with Create Session and Create Procedure privileges and network access via Oracle Net to compromise the Java VM, potentially leading...
CVE-2023-22074
CVE-2023-22074 affects Oracle Database Server, specifically the Database Sharding component. Affected versions are 19.3–19.20 and 21.3–21.11. The root issue allows a highly privileged attacker (needs Create Session and Select Any Dictionary) with network access via Oracle Net, plus user interacti...
CVE-2023-22075
CVE-2023-22075 affects Oracle Database Server, specifically the Database Sharding component. Affected versions are 19.3–19.20 and 21.3–21.11. The issue arises from insufficient input validation in Oracle Database Sharding, enabling a high-privilege user with network access via Oracle Net to cause...
CVE-2023-22071
CVE-2023-22071 affects Oracle Database Server, specifically the PL/SQL component. Affected versions are 19.3–19.20 and 21.3–21.11. The vulnerability allows a high-privileged attacker with Create Session and Execute on sys.utl_http and network access via Oracle Net to compromise PL/SQL. Exploitati...
CVE-2023-22077
CVE-2023-22077 affects Oracle Database Server’s Recovery Manager. Affected: Oracle Database versions 19.3–19.20 and 21.3–21.11. The flaw allows a high-privilege attacker with a DBA role and network access via Oracle Net to cause a hang or frequent crash of Recovery Manager (denial of service). CV...
CVE-2023-22096
CVE-2023-22096 affects Oracle Database Server, Java VM component. Affected: Oracle Database Server versions 19.3–19.20 and 21.3–21.11. Description states that a low-privileged attacker with Create Session and Create Procedure privileges and network access via Oracle Net can compromise the Java VM...
CVE-2023-22073
CVE-2023-22073 affects Oracle Database Server’s Oracle Notification Server component. Affected versions are 19.3–19.20 and 21.3–21.11. The vulnerability allows an unauthenticated attacker with access to the physical network segment to compromise Oracle Notification Server and read a subset of dat...
CVE-2024-21184
CVE-2024-21184 relates to the Oracle Database Server, specifically the RDBMS Security component. Connected sources confirm affected software: Oracle Database Server versions 19.3–19.23 with a privilege-management flaw that can be exploited by a high-privilege attacker who has Execute on SYS.XS_DI...
CVE-2024-21126
CVE-2024-21126 affects Oracle Database Server’s portable clusterware component. The issue stems from insufficient input validation in Oracle Database Portable Clusterware, allowing an unauthenticated attacker with network access via DNS to compromise the component and potentially cause a partial ...
CVE-2023-21949
CVE-2023-21949 affects Oracle Database Server, specifically the Advanced Networking Option . Affects versions 19.3–19.19 and 21.3–21.10. The vulnerability is exploitable by an unauthenticated attacker with network access via Oracle Net to compromise the Advanced Networking Option, potentially res...
CVE-2024-21058
CVE-2024-21058 affects Oracle Database Server’s Unified Audit component. Affected: Oracle Database Server versions 19.3–19.22 and 21.3–21.13 . Root cause described as insufficient input validation in the Unified Audit path (per connected PT Security entry). A highly privileged attacker with SYSDB...
CVE-2024-21066
CVE-2024-21066 affects Oracle Database Server RDBMS component. Affected versions are 19.3–19.22 and 21.3–21.13. The issue allows a high-privileged, authenticated user with logon access to compromise the RDBMS, with human interaction required. Exploitation is described as feasible by an authentica...
CVE-2024-21174
CVE-2024-21174 affects Oracle Database Server's Java VM component across 19.3–19.23, 21.3–21.14, and 23.4. The root cause is improper resource clearance/release in the Java VM, allowing a low-privileged attacker with Create Session and Create Procedure privileges and network access via Oracle Net...
CVE-2023-22052
CVE-2023-22052 affects Oracle Database Server under the Java VM component. Affected versions are 19.3–19.19 and 21.3–21.10. The issue arises from insufficient input validation in the Java VM, enabling a low-privileged attacker with Create Session and Create Procedure privileges (and network acces...
CVE-2024-20995
The CVE refers to Oracle Database Sharding in Oracle Database Server. Affected: Oracle Database Server 19.3–19.22 and 21.3–21.13. Root cause: insufficient input validation in the Oracle Database Sharding component. Impact: high-privileged DBA with network access via Oracle Net can cause partial d...
CVE-2023-22034
The CVE-2023-22034 issue affects Oracle Database Server Unified Audit component. Affected versions are 19.3–19.19 and 21.3–21.10. The root cause is described as insufficient input validation, enabling a high-privileged SYSDBA attacker with network access via Oracle Net to compromise Unified Audit...
CVE-2024-21233
Oracle Database Server Core vulnerability CVE-2024-21233 affects Core in Oracle Database Server versions 19.3–19.24, 21.3–21.15, and 23.4–23.5. The flaw stems from improper authorization in the Database Core Component, enabling a low-privileged attacker with Create Session privilege and network a...
CVE-2024-21123
The CVE-2024-21123 issue affects Oracle Database Server (Oracle Database Core). Affected versions are 19.3 through 19.23. The root cause is insufficient input validation in the Oracle Database Core component, enabling a high-privileged attacker with SYSDBA privileges to compromise the Core when l...
CVE-2024-21251
CVE-2024-21251 — Oracle Database Server Java VM component affected versions: 19.3–19.24, 21.3–21.15, 23.4–23.5. Cause: insufficient input validation in the Java VM component. Impact: a low-privileged attacker with Create Session and Create Procedure privileges and network access via Oracle Net ca...
CVE-2025-30751
CVE-2025-30751 affects Oracle Database Server (Oracle Database component). Affected supported versions are 19.27 and 23.4–23.8. The flaw enables a low-privileged attacker who has Create Session and Create Procedure privileges with network access via Oracle Net to compromise the database, potentia...
CVE-2026-34312
The CVE-2026-34312 entry concerns Oracle Database Server's RDBMS component with affected versions 19.3–19.30. It describes a vulnerability that an attacker with Row Access Method privilege and network access via multiple protocols can exploit to achieve unauthorized read access to a subset of RDB...
CVE-2025-30750
CVE-2025-30750 affects Oracle Database Server Unified Audit. Affected versions: 19.3–19.27, 21.3–21.18, 23.4–23.8. High-privileged attacker with Create User privilege and network access via Oracle Net can compromise Unified Audit; exploitation requires user interaction and may allow unauthorized ...
CVE-2025-50066
CVE-2025-50066 affects the Oracle Database Server’s Materialized View component. Affected versions are 19.3–19.27, 21.3–21.18, and 23.4–23.8. An attacker with Execute on DBMS_REDEFINITION and network access via Oracle Net can exploit this to gain unauthorized update/insert/delete access to data i...
CVE-2025-53047
CVE-2025-53047 affects Oracle Database Server’s Portable Clusterware. Affected versions are 19.3–19.28, 21.3–21.19, and 23.4–23.9. The issue allows an unauthenticated attacker with network access via Bonjour to read data from Portable Clusterware. The vulnerability is specifically tied to Portabl...