CVSS: 4.7EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21546 – mysql: Privilege Misuse in MySQL Server Security Component
https://notcve.org/view.php?id=CVE-2025-21546
21 Jan 2025 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to ... • https://www.oracle.com/security-alerts/cpujan2025.html • CWE-269: Improper Privilege Management CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-21545
https://notcve.org/view.php?id=CVE-2025-21545
21 Jan 2025 — Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: OpenSearch). Supported versions that are affected are 8.60 and 8.61. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 7.5 (Ava... • https://www.oracle.com/security-alerts/cpujan2025.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21544
https://notcve.org/view.php?id=CVE-2025-21544
21 Jan 2025 — Vulnerability in the Oracle Communications Order and Service Management product of Oracle Communications Applications (component: Security). Supported versions that are affected are 7.4.0, 7.4.1 and 7.5.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Order and Service Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications Order an... • https://www.oracle.com/security-alerts/cpujan2025.html • CWE-281: Improper Preservation of Permissions •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2025-21543 – mysql: Packaging unspecified vulnerability (CPU Jan 2025)
https://notcve.org/view.php?id=CVE-2025-21543
21 Jan 2025 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availabili... • https://www.oracle.com/security-alerts/cpujan2025.html • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21542
https://notcve.org/view.php?id=CVE-2025-21542
21 Jan 2025 — Vulnerability in the Oracle Communications Order and Service Management product of Oracle Communications Applications (component: Security). Supported versions that are affected are 7.4.0, 7.4.1 and 7.5.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Order and Service Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Order and Serv... • https://www.oracle.com/security-alerts/cpujan2025.html • CWE-346: Origin Validation Error •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-21541
https://notcve.org/view.php?id=CVE-2025-21541
21 Jan 2025 — Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Admin Screens and Grants UI). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Workflow. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Workflow accessible data as well as unauthorized read access to a subset of Oracle Workflow accessi... • https://www.oracle.com/security-alerts/cpujan2025.html • CWE-281: Improper Preservation of Permissions •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21540 – mysql: Privileges unspecified vulnerability (CPU Jan 2025)
https://notcve.org/view.php?id=CVE-2025-21540
21 Jan 2025 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a... • https://www.oracle.com/security-alerts/cpujan2025.html • CWE-863: Incorrect Authorization •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-21539
https://notcve.org/view.php?id=CVE-2025-21539
21 Jan 2025 — Vulnerability in the PeopleSoft Enterprise FIN eSettlements product of Oracle PeopleSoft (component: eSettlements). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FIN eSettlements. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise FIN eSettlements accessible data as well as unauthorized read access ... • https://www.oracle.com/security-alerts/cpujan2025.html • CWE-863: Incorrect Authorization •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-21538
https://notcve.org/view.php?id=CVE-2025-21538
21 Jan 2025 — Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are affected are Prior to 9.2.9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products ... • https://www.oracle.com/security-alerts/cpujan2025.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-21537
https://notcve.org/view.php?id=CVE-2025-21537
21 Jan 2025 — Vulnerability in the PeopleSoft Enterprise FIN Cash Management product of Oracle PeopleSoft (component: Cash Management). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FIN Cash Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise FIN Cash Management accessible data as well as unauthorized ... • https://www.oracle.com/security-alerts/cpujan2025.html • CWE-863: Incorrect Authorization •