CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-20924
https://notcve.org/view.php?id=CVE-2024-20924
16 Jan 2024 — Vulnerability in Oracle Audit Vault and Database Firewall (component: Firewall). Supported versions that are affected are 20.1-20.9. Difficult to exploit vulnerability allows high privileged attacker with network access via Oracle Net to compromise Oracle Audit Vault and Database Firewall. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Audit Vault and Database Firewall, attacks may significantly impact additional products (scope ch... • https://www.oracle.com/security-alerts/cpujan2024.html •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-20912
https://notcve.org/view.php?id=CVE-2024-20912
16 Jan 2024 — Vulnerability in Oracle Audit Vault and Database Firewall (component: Firewall). Supported versions that are affected are 20.1-20.9. Easily exploitable vulnerability allows high privileged attacker with network access via Oracle Net to compromise Oracle Audit Vault and Database Firewall. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Audit Vault and Database Firewall accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts). • https://www.oracle.com/security-alerts/cpujan2024.html • CWE-284: Improper Access Control •
CVSS: 3.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-20910
https://notcve.org/view.php?id=CVE-2024-20910
16 Jan 2024 — Vulnerability in Oracle Audit Vault and Database Firewall (component: Firewall). Supported versions that are affected are 20.1-20.9. Difficult to exploit vulnerability allows high privileged attacker with network access via Oracle Net to compromise Oracle Audit Vault and Database Firewall. While the vulnerability is in Oracle Audit Vault and Database Firewall, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized read access ... • https://www.oracle.com/security-alerts/cpujan2024.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-22096
https://notcve.org/view.php?id=CVE-2023-22096
17 Oct 2023 — Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.20 and 21.3-21.11. Easily exploitable vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java VM accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). • https://www.oracle.com/security-alerts/cpuoct2023.html •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2023-22077
https://notcve.org/view.php?id=CVE-2023-22077
17 Oct 2023 — Vulnerability in the Oracle Database Recovery Manager component of Oracle Database Server. Supported versions that are affected are 19.3-19.20 and 21.3-21.11. Easily exploitable vulnerability allows high privileged attacker having DBA account privilege with network access via Oracle Net to compromise Oracle Database Recovery Manager. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Database Recovery Manager. C... • https://www.oracle.com/security-alerts/cpuoct2023.html •
CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-22075
https://notcve.org/view.php?id=CVE-2023-22075
17 Oct 2023 — Vulnerability in the Oracle Database Sharding component of Oracle Database Server. Supported versions that are affected are 19.3-19.20 and 21.3-21.11. Easily exploitable vulnerability allows high privileged attacker having Create Session, Create Any View, Select Any Table privilege with network access via Oracle Net to compromise Oracle Database Sharding. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ab... • https://www.oracle.com/security-alerts/cpuoct2023.html •
CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 3CVE-2023-22074 – Oracle 19c / 21c Sharding Component Password Hash Exposure
https://notcve.org/view.php?id=CVE-2023-22074
17 Oct 2023 — Vulnerability in the Oracle Database Sharding component of Oracle Database Server. Supported versions that are affected are 19.3-19.20 and 21.3-21.11. Easily exploitable vulnerability allows high privileged attacker having Create Session, Select Any Dictionary privilege with network access via Oracle Net to compromise Oracle Database Sharding. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cau... • https://packetstorm.news/files/id/175352 •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-22073
https://notcve.org/view.php?id=CVE-2023-22073
17 Oct 2023 — Vulnerability in the Oracle Notification Server component of Oracle Database Server. Supported versions that are affected are 19.3-19.20 and 21.3-21.11. Easily exploitable vulnerability allows unauthenticated attacker with access to the physical communication segment attached to the hardware where the Oracle Notification Server executes to compromise Oracle Notification Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Notification Server accessibl... • https://www.oracle.com/security-alerts/cpuoct2023.html •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2023-22071
https://notcve.org/view.php?id=CVE-2023-22071
17 Oct 2023 — Vulnerability in the PL/SQL component of Oracle Database Server. Supported versions that are affected are 19.3-19.20 and 21.3-21.11. Easily exploitable vulnerability allows high privileged attacker having Create Session, Execute on sys.utl_http privilege with network access via Oracle Net to compromise PL/SQL. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PL/SQL, attacks may significantly impact additional products (scope change). Succes... • https://www.oracle.com/security-alerts/cpuoct2023.html •
CVSS: 3.1EPSS: 0%CPEs: 2EXPL: 0CVE-2023-22052
https://notcve.org/view.php?id=CVE-2023-22052
18 Jul 2023 — Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.19 and 21.3-21.10. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via multiple protocols to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java VM accessible data. CVSS 3.1 Base Score 3.1 (Integrity impacts). • https://www.oracle.com/security-alerts/cpujul2023.html •