CVSS: 7.7EPSS: 0%CPEs: 2EXPL: 0CVE-2025-50069
https://notcve.org/view.php?id=CVE-2025-50069
15 Jul 2025 — Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.27 and 21.3-21.18. Easily exploitable vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via Oracle Net to compromise Java VM. While the vulnerability is in Java VM, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or com... • https://www.oracle.com/security-alerts/cpujul2025.html • CWE-269: Improper Privilege Management •
CVSS: 3.3EPSS: 0%CPEs: 3EXPL: 0CVE-2025-50066
https://notcve.org/view.php?id=CVE-2025-50066
15 Jul 2025 — Vulnerability in the Oracle Database Materialized View component of Oracle Database Server. Supported versions that are affected are 19.3-19.27, 21.3-21.18 and 23.4-23.8. Easily exploitable vulnerability allows high privileged attacker having Execute on DBMS_REDEFINITION privilege with network access via Oracle Net to compromise Oracle Database Materialized View. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database Materialized View a... • https://www.oracle.com/security-alerts/cpujul2025.html • CWE-269: Improper Privilege Management •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2025-30751
https://notcve.org/view.php?id=CVE-2025-30751
15 Jul 2025 — Vulnerability in the Oracle Database component of Oracle Database Server. Supported versions that are affected are 19.3-19.27 and 23.4-23.8. Easily exploitable vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via Oracle Net to compromise Oracle Database. Successful attacks of this vulnerability can result in takeover of Oracle Database. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). • https://www.oracle.com/security-alerts/cpujul2025.html • CWE-863: Incorrect Authorization •
CVSS: 3.3EPSS: 0%CPEs: 3EXPL: 0CVE-2025-30750
https://notcve.org/view.php?id=CVE-2025-30750
15 Jul 2025 — Vulnerability in the Unified Audit component of Oracle Database Server. Supported versions that are affected are 19.3-19.27, 21.3-21.18 and 23.4-23.8. Easily exploitable vulnerability allows high privileged attacker having Create User privilege with network access via Oracle Net to compromise Unified Audit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Unified ... • https://www.oracle.com/security-alerts/cpujul2025.html • CWE-863: Incorrect Authorization •
CVSS: 7.4EPSS: 0%CPEs: 3EXPL: 0CVE-2025-30736
https://notcve.org/view.php?id=CVE-2025-30736
15 Apr 2025 — Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.26, 21.3-21.17 and 23.4-23.7. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java VM accessible data as well as unauthorized access to critical data or complete access to all Ja... • https://www.oracle.com/security-alerts/cpuapr2025.html • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-30733
https://notcve.org/view.php?id=CVE-2025-30733
15 Apr 2025 — Vulnerability in the RDBMS Listener component of Oracle Database Server. Supported versions that are affected are 19.3-19.26, 21.3-21.17 and 23.4-23.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise RDBMS Listener. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all RDBMS Listener accessible da... • https://www.oracle.com/security-alerts/cpuapr2025.html • CWE-287: Improper Authentication •
CVSS: 8.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-30701
https://notcve.org/view.php?id=CVE-2025-30701
15 Apr 2025 — Vulnerability in the RAS Security component of Oracle Database Server. Supported versions that are affected are 19.3-19.26, 21.3-21.17 and 23.4-23.7. Easily exploitable vulnerability allows low privileged attacker having User Account privilege with network access via Oracle Net to compromise RAS Security. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical... • https://www.oracle.com/security-alerts/cpuapr2025.html • CWE-276: Incorrect Default Permissions •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-30694
https://notcve.org/view.php?id=CVE-2025-30694
15 Apr 2025 — Vulnerability in the XML Database component of Oracle Database Server. Supported versions that are affected are 19.3-19.26, 21.3-21.17 and 23.4-23.7. Easily exploitable vulnerability allows low privileged attacker having User Account privilege with network access via HTTP to compromise XML Database. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in XML Database, attacks may significantly impact additional products (scope change). Successful ... • https://www.oracle.com/security-alerts/cpuapr2025.html • CWE-284: Improper Access Control •
CVSS: 4.2EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21553
https://notcve.org/view.php?id=CVE-2025-21553
21 Jan 2025 — Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.25, 21.3-21.16 and 23.4-23.6. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java VM accessible data as well as unauthorized read access to a subset of Java VM... • https://www.oracle.com/security-alerts/cpujan2025.html • CWE-863: Incorrect Authorization •
CVSS: 3.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-21251
https://notcve.org/view.php?id=CVE-2024-21251
15 Oct 2024 — Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.24, 21.3-21.15 and 23.4-23.5. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java VM accessible data. CVSS 3.1 Base Score 3.1 (Integrity impacts). • https://www.oracle.com/security-alerts/cpuoct2024.html • CWE-203: Observable Discrepancy •