CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-14736
https://notcve.org/view.php?id=CVE-2020-14736
Vulnerability in the Database Vault component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Easily exploitable vulnerability allows high privileged attacker having Create Public Synonym privilege with network access via Oracle Net to compromise Database Vault. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Database Vault accessible data as well as unauthorized read access to a subset of Database Vault accessible data. CVSS 3.1 Base Score 3.8 (Confidentiality and Integrity impacts). • https://www.oracle.com/security-alerts/cpuoct2020.html •
CVSS: 8.0EPSS: 0%CPEs: 5EXPL: 0CVE-2020-2968
https://notcve.org/view.php?id=CVE-2020-2968
Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via multiple protocols to compromise Java VM. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java VM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java VM. • https://www.oracle.com/security-alerts/cpujul2020.html •
CVSS: 6.6EPSS: 0%CPEs: 5EXPL: 1CVE-2020-2969 – Oracle Database Password Hash Unauthorized Access
https://notcve.org/view.php?id=CVE-2020-2969
Vulnerability in the Data Pump component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows high privileged attacker having DBA role account privilege with network access via Oracle Net to compromise Data Pump. Successful attacks of this vulnerability can result in takeover of Data Pump. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). • https://github.com/emad-almousa/CVE-2020-2969 https://www.oracle.com/security-alerts/cpujul2020.html •
CVSS: 4.1EPSS: 0%CPEs: 4EXPL: 2CVE-2020-2978 – Oracle RMAN Missing Auditing
https://notcve.org/view.php?id=CVE-2020-2978
Vulnerability in the Oracle Database - Enterprise Edition component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having DBA role account privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition. While the vulnerability is in Oracle Database - Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database - Enterprise Edition accessible data. • https://github.com/emad-almousa/CVE-2020-2978 http://packetstormsecurity.com/files/172183/Oracle-RMAN-Missing-Auditing.html https://databasesecurityninja.wordpress.com/2020/12/01/cve-2020-2978-rman-audit-table-point-in-time-recovery-not-logged https://www.oracle.com/security-alerts/cpujul2020.html •
CVSS: 3.5EPSS: 0%CPEs: 4EXPL: 0CVE-2020-2734
https://notcve.org/view.php?id=CVE-2020-2734
Vulnerability in the RDBMS/Optimizer component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having Execute on DBMS_SQLTUNE privilege with network access via Oracle Net to compromise RDBMS/Optimizer. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of RDBMS/Optimizer accessible data. • https://www.oracle.com/security-alerts/cpuapr2020.html •