CVSS: 3.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-21251
https://notcve.org/view.php?id=CVE-2024-21251
Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.24, 21.3-21.15 and 23.4-23.5. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java VM accessible data. CVSS 3.1 Base Score 3.1 (Integrity impacts). • https://www.oracle.com/security-alerts/cpuoct2024.html • CWE-203: Observable Discrepancy •
CVSS: 3.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-21242
https://notcve.org/view.php?id=CVE-2024-21242
Vulnerability in the XML Database component of Oracle Database Server. Supported versions that are affected are 19.3-19.24, 21.3-21.15 and 23.4-23.5. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via HTTP to compromise XML Database. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of XML Database. • https://www.oracle.com/security-alerts/cpuoct2024.html •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2024-21233
https://notcve.org/view.php?id=CVE-2024-21233
Vulnerability in the Oracle Database Core component of Oracle Database Server. Supported versions that are affected are 19.3-19.24, 21.3-21.15 and 23.4-23.5. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Oracle Database Core. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database Core accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). • https://www.oracle.com/security-alerts/cpuoct2024.html • CWE-203: Observable Discrepancy •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-20227
https://notcve.org/view.php?id=CVE-2021-20227
A flaw was found in SQLite's SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerability is to system availability. Se encontró un fallo en la funcionalidad de consulta SELECT de SQLite (src/select.c). Este fallo permite a un atacante que es capaz de ejecutar consultas SQL localmente en la base de datos SQLite causar una denegación de servicio o una posible ejecución de código desencadenando un uso de la memoria previamente liberada. • https://bugzilla.redhat.com/show_bug.cgi?id=1924886 https://security.gentoo.org/glsa/202103-04 https://security.gentoo.org/glsa/202210-40 https://security.netapp.com/advisory/ntap-20210423-0010 https://www.oracle.com//security-alerts/cpujul2021.html https://www.oracle.com/security-alerts/cpuApr2021.html https://www.oracle.com/security-alerts/cpuoct2021.html https://www.sqlite.org/releaselog/3_34_1.html • CWE-416: Use After Free •
CVSS: 9.8EPSS: 87%CPEs: 174EXPL: 1CVE-2017-5645 – log4j: Socket receiver deserialization vulnerability
https://notcve.org/view.php?id=CVE-2017-5645
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code. En Apache Log4j 2.x en versiones anteriores a 2.8.2, cuando se utiliza el servidor de socket TCP o el servidor de socket UDP para recibir sucesos de registro serializados de otra aplicación, puede enviarse una carga binaria especialmente diseñada que, cuando se deserializa, puede ejecutar código arbitrario. It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the context of the logger application. • https://github.com/pimps/CVE-2017-5645 http://www.openwall.com/lists/oss-security/2019/12/19/2 http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/97702 http://www.securitytracker.com/id/1040200 http://www.securit • CWE-502: Deserialization of Untrusted Data •