Oracle Database Server Oracle Database Server

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Oracle Database Server.

By the Year

In 2026 there have been 0 vulnerabilities in Oracle Database Server. Last year, in 2025 Database Server had 15 security vulnerabilities published. Right now, Database Server is on track to have less security vulnerabilities in 2026 than it did last year.

Year	Vulnerabilities	Average Score
2026	0	0.00
2025	15	5.34
2024	11	4.30
2023	13	4.68
2022	21	7.55
2021	18	4.44
2020	20	5.84
2019	31	5.61
2018	11	7.39

It may take a day or so for new Database Server vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Oracle Database Server Security Vulnerabilities

Unauth Java VM Exploit in Oracle DB Server 19c-23c
CVE-2025-61881 5.9 - Medium - October 21, 2025

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.28, 21.3-21.19 and 23.4-23.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java VM accessible data. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).

Authorization

Oracle Database Server 23.x: Unified Audit Priv Escal via Oracle Net
CVE-2025-61749 2.7 - Low - October 21, 2025

Vulnerability in the Unified Audit component of Oracle Database Server. Supported versions that are affected are 23.4-23.9. Easily exploitable vulnerability allows high privileged attacker having DBA privilege with network access via Oracle Net to compromise Unified Audit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Unified Audit accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).

Authorization

Oracle DB 23.4-23.9: RDBMS Functional Index Privilege Data Leak
CVE-2025-53051 2.7 - Low - October 21, 2025

Vulnerability in the RDBMS Functional Index component of Oracle Database Server. Supported versions that are affected are 23.4-23.9. Easily exploitable vulnerability allows high privileged attacker having SYSDBA privilege with network access via Oracle Net to compromise RDBMS Functional Index. Successful attacks of this vulnerability can result in unauthorized read access to a subset of RDBMS Functional Index accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).

Out-of-bounds Read

Oracle DB Server - Portable Clusterware Unauth Read via Bonjour (19.3-23.9)
CVE-2025-53047 5.8 - Medium - October 21, 2025

Vulnerability in the Portable Clusterware component of Oracle Database Server. Supported versions that are affected are 19.3-19.28, 21.3-21.19 and 23.4-23.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via Bonjour to compromise Portable Clusterware. While the vulnerability is in Portable Clusterware, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Portable Clusterware accessible data. CVSS 3.1 Base Score 5.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N).

Information Disclosure

Oracle DB Server Unified Audit INT Impact CVE-2025-30750 (19.3-23.8)
CVE-2025-30750 2.4 - Low - July 15, 2025

Vulnerability in the Unified Audit component of Oracle Database Server. Supported versions that are affected are 19.3-19.27, 21.3-21.18 and 23.4-23.8. Easily exploitable vulnerability allows high privileged attacker having Create User privilege with network access via Oracle Net to compromise Unified Audit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Unified Audit accessible data. CVSS 3.1 Base Score 2.4 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N).

Oracle Database 19.27/23.4-23.8: Low-Privileged Session Hijack via Oracle Net
CVE-2025-30751 8.8 - High - July 15, 2025

Vulnerability in the Oracle Database component of Oracle Database Server. Supported versions that are affected are 19.27 and 23.4-23.8. Easily exploitable vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via Oracle Net to compromise Oracle Database. Successful attacks of this vulnerability can result in takeover of Oracle Database. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

Oracle DB MV CVE-2025-50066: Unauth Mod 19.3-23.8
CVE-2025-50066 2.7 - Low - July 15, 2025

Vulnerability in the Oracle Database Materialized View component of Oracle Database Server. Supported versions that are affected are 19.3-19.27, 21.3-21.18 and 23.4-23.8. Easily exploitable vulnerability allows high privileged attacker having Execute on DBMS_REDEFINITION privilege with network access via Oracle Net to compromise Oracle Database Materialized View. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database Materialized View accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).

Oracle DB Java VM RCE in 19.3-19.27, 21.3-21.18
CVE-2025-50069 7.7 - High - July 15, 2025

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.27 and 21.3-21.18. Easily exploitable vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via Oracle Net to compromise Java VM. While the vulnerability is in Java VM, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java VM accessible data. CVSS 3.1 Base Score 7.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N).

Oracle JDBC vulnerability 23.4-23.8: Auth OS user can access data
CVE-2025-50070 5.3 - Medium - July 15, 2025

Vulnerability in the JDBC component of Oracle Database Server. Supported versions that are affected are 23.4-23.8. Difficult to exploit vulnerability allows low privileged attacker having Authenticated OS User privilege with logon to the infrastructure where JDBC executes to compromise JDBC. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JDBC, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all JDBC accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N).

Oracle DB RDBMS Listener CVE-2025-30733 (19.3-23.7) Unauth Exp
CVE-2025-30733 6.5 - Medium - April 15, 2025

Vulnerability in the RDBMS Listener component of Oracle Database Server. Supported versions that are affected are 19.3-19.26, 21.3-21.17 and 23.4-23.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise RDBMS Listener. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all RDBMS Listener accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N).

Oracle DB 19/21/23 Java VM unauth RCE - CVE-2025-30736
CVE-2025-30736 7.4 - High - April 15, 2025

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.26, 21.3-21.17 and 23.4-23.7. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java VM accessible data as well as unauthorized access to critical data or complete access to all Java VM accessible data. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).

Oracle DB XML DB CVE-2025-30694: v19.3-23.7 low-priv User Access
CVE-2025-30694 5.4 - Medium - April 15, 2025

Vulnerability in the XML Database component of Oracle Database Server. Supported versions that are affected are 19.3-19.26, 21.3-21.17 and 23.4-23.7. Easily exploitable vulnerability allows low privileged attacker having User Account privilege with network access via HTTP to compromise XML Database. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in XML Database, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of XML Database accessible data as well as unauthorized read access to a subset of XML Database accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).

Oracle Database RAS Security Escalation Vulnerability (19.3-23.7)
CVE-2025-30701 7.3 - High - April 15, 2025

Vulnerability in the RAS Security component of Oracle Database Server. Supported versions that are affected are 19.3-19.26, 21.3-21.17 and 23.4-23.7. Easily exploitable vulnerability allows low privileged attacker having User Account privilege with network access via Oracle Net to compromise RAS Security. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all RAS Security accessible data as well as unauthorized access to critical data or complete access to all RAS Security accessible data. CVSS 3.1 Base Score 7.3 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N).

Oracle DB 19.3-19.26: Fleet Patching & Prov Unauth Read CVE-2025-30702
CVE-2025-30702 5.3 - Medium - April 15, 2025

Vulnerability in the Fleet Patching and amp; Provisioning component of Oracle Database Server. Supported versions that are affected are 19.3-19.26. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Fleet Patching and amp; Provisioning. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Fleet Patching and amp; Provisioning accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

Oracle Database Server Java VM PrivEsc via Create Session/Procedure
CVE-2025-21553 4.2 - Medium - January 21, 2025

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.25, 21.3-21.16 and 23.4-23.6. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java VM accessible data as well as unauthorized read access to a subset of Java VM accessible data. CVSS 3.1 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N).

Oracle DB Core CVE-2024-21233 - Oracle Net RCE, 19.3-23.5
CVE-2024-21233 4.3 - Medium - October 15, 2024

Vulnerability in the Oracle Database Core component of Oracle Database Server. Supported versions that are affected are 19.3-19.24, 21.3-21.15 and 23.4-23.5. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Oracle Database Core. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database Core accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).

XML Database Component in Oracle DB 19.3-23.5 Vulnerable to Remote DoS
CVE-2024-21242 3.5 - Low - October 15, 2024

Vulnerability in the XML Database component of Oracle Database Server. Supported versions that are affected are 19.3-19.24, 21.3-21.15 and 23.4-23.5. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via HTTP to compromise XML Database. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of XML Database. CVSS 3.1 Base Score 3.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L).

Oracle DB Server Java VM CVE-2024-21251 19.323.5
CVE-2024-21251 3.1 - Low - October 15, 2024

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.24, 21.3-21.15 and 23.4-23.5. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java VM accessible data. CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N).

Oracle Database 19.3-23.4 Java VM Partial DOS Vulnerability
CVE-2024-21174 3.1 - Low - July 16, 2024

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.23, 21.3-21.14 and 23.4. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java VM. CVSS 3.1 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L).

Oracle Database Core 19.3-19.23 SYSDBA Logon Escalation
CVE-2024-21123 2.3 - Low - July 16, 2024

Vulnerability in the Oracle Database Core component of Oracle Database Server. Supported versions that are affected are 19.3-19.23. Easily exploitable vulnerability allows high privileged attacker having SYSDBA privilege with logon to the infrastructure where Oracle Database Core executes to compromise Oracle Database Core. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database Core accessible data. CVSS 3.1 Base Score 2.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).

Oracle DB Portable Clusterware: CVE-2024-21126 19.3-21.14 Vulnerability
CVE-2024-21126 5.8 - Medium - July 16, 2024

Vulnerability in the Oracle Database Portable Clusterware component of Oracle Database Server. Supported versions that are affected are 19.3-19.23 and 21.3-21.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via DNS to compromise Oracle Database Portable Clusterware. While the vulnerability is in Oracle Database Portable Clusterware, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Database Portable Clusterware. CVSS 3.1 Base Score 5.8 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L).

Oracle Database 19.3-19.23 RDBMS Security exec privilege escalation
CVE-2024-21184 7.2 - High - July 16, 2024

Vulnerability in the Oracle Database RDBMS Security component of Oracle Database Server. Supported versions that are affected are 19.3-19.23. Easily exploitable vulnerability allows high privileged attacker having Execute on SYS.XS_DIAG privilege with network access via Oracle Net to compromise Oracle Database RDBMS Security. Successful attacks of this vulnerability can result in takeover of Oracle Database RDBMS Security. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).

Oracle DB Sharding Partial DOS Vulnerability 19.3-22,21.3-13
CVE-2024-20995 2.4 - Low - April 16, 2024

Vulnerability in the Oracle Database Sharding component of Oracle Database Server. Supported versions that are affected are 19.3-19.22 and 21.3-21.13. Easily exploitable vulnerability allows high privileged attacker having DBA privilege with network access via Oracle Net to compromise Oracle Database Sharding. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Database Sharding. CVSS 3.1 Base Score 2.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:L).

Oracle DB Unified Audit Vulnerability (19.3-21.13) Privilege Escalation
CVE-2024-21058 4.9 - Medium - April 16, 2024

Vulnerability in the Unified Audit component of Oracle Database Server. Supported versions that are affected are 19.3-19.22 and 21.3-21.13. Easily exploitable vulnerability allows high privileged attacker having SYSDBA privilege with network access via Oracle Net to compromise Unified Audit. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Unified Audit accessible data. CVSS 3.1 Base Score 4.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N).

Oracle DB RDBMS 19.3-19.22/21.3-21.13 Vulnerable to Auth Priv Escalation
CVE-2024-21066 4.2 - Medium - April 16, 2024

Vulnerability in the RDBMS component of Oracle Database Server. Supported versions that are affected are 19.3-19.22 and 21.3-21.13. Easily exploitable vulnerability allows high privileged attacker having Authenticated User privilege with logon to the infrastructure where RDBMS executes to compromise RDBMS. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all RDBMS accessible data. CVSS 3.1 Base Score 4.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N).

Oracle Database Server Java VM Integrity Flaw 19.3-21.12 (CVE-2024-20903)
CVE-2024-20903 6.5 - Medium - February 17, 2024

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.21 and 21.3-21.12. Easily exploitable vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java VM accessible data. CVSS 3.1 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N).

Oracle Database Server Java VM 19.3-21.11 Privilege Escalation Vulnerability
CVE-2023-22096 4.3 - Medium - October 17, 2023

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.20 and 21.3-21.11. Easily exploitable vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java VM accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).

Oracle DB Server 19.3-21.11 Recovery Manager DoS via Oracle Net
CVE-2023-22077 4.9 - Medium - October 17, 2023

Vulnerability in the Oracle Database Recovery Manager component of Oracle Database Server. Supported versions that are affected are 19.3-19.20 and 21.3-21.11. Easily exploitable vulnerability allows high privileged attacker having DBA account privilege with network access via Oracle Net to compromise Oracle Database Recovery Manager. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Database Recovery Manager. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Oracle DB Sharding CVE-2023-22075 High Privilege/Partial DoS
CVE-2023-22075 2.4 - Low - October 17, 2023

Vulnerability in the Oracle Database Sharding component of Oracle Database Server. Supported versions that are affected are 19.3-19.20 and 21.3-21.11. Easily exploitable vulnerability allows high privileged attacker having Create Session, Create Any View, Select Any Table privilege with network access via Oracle Net to compromise Oracle Database Sharding. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Database Sharding. CVSS 3.1 Base Score 2.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:L).

Oracle Notification Server Unauth Access 19.3-21.11
CVE-2023-22073 4.3 - Medium - October 17, 2023

Vulnerability in the Oracle Notification Server component of Oracle Database Server. Supported versions that are affected are 19.3-19.20 and 21.3-21.11. Easily exploitable vulnerability allows unauthenticated attacker with access to the physical communication segment attached to the hardware where the Oracle Notification Server executes to compromise Oracle Notification Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Notification Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

Oracle PL/SQL Net Exec Vulnerability 19.3-19.20 / 21.3-21.11
CVE-2023-22071 5.9 - Medium - October 17, 2023

Vulnerability in the PL/SQL component of Oracle Database Server. Supported versions that are affected are 19.3-19.20 and 21.3-21.11. Easily exploitable vulnerability allows high privileged attacker having Create Session, Execute on sys.utl_http privilege with network access via Oracle Net to compromise PL/SQL. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PL/SQL, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PL/SQL accessible data as well as unauthorized read access to a subset of PL/SQL accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of PL/SQL. CVSS 3.1 Base Score 5.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L).

Oracle Database Sharding Component Availability Impact (Partial DOS) in 19.x-21.x
CVE-2023-22074 2.4 - Low - October 17, 2023

Vulnerability in the Oracle Database Sharding component of Oracle Database Server. Supported versions that are affected are 19.3-19.20 and 21.3-21.11. Easily exploitable vulnerability allows high privileged attacker having Create Session, Select Any Dictionary privilege with network access via Oracle Net to compromise Oracle Database Sharding. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Database Sharding. CVSS 3.1 Base Score 2.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:L).

Oracle DB ADV NET Before 21.10 Unauth Net Attack
CVE-2023-21949 3.7 - Low - July 18, 2023

Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 19.3-19.19 and 21.3-21.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Advanced Networking Option accessible data. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

Oracle Database Server Vulnerable Unified Audit (19.3-21.10) Integrity Impact
CVE-2023-22034 4.9 - Medium - July 18, 2023

Vulnerability in the Unified Audit component of Oracle Database Server. Supported versions that are affected are 19.3-19.19 and 21.3-21.10. Easily exploitable vulnerability allows high privileged attacker having SYSDBA privilege with network access via Oracle Net to compromise Unified Audit. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Unified Audit accessible data. CVSS 3.1 Base Score 4.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N).

Oracle Database Java VM Vulnerability 19.3-21.10 (Low Privilege Exec)
CVE-2023-22052 3.1 - Low - July 18, 2023

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.19 and 21.3-21.10. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via multiple protocols to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java VM accessible data. CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N).

Oracle DB 19c/21c Java VM PrivEsc via TLS (CVE-2023-21934)
CVE-2023-21934 6.8 - Medium - April 18, 2023

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Difficult to exploit vulnerability allows low privileged attacker having User Account privilege with network access via TLS to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java VM accessible data as well as unauthorized access to critical data or complete access to all Java VM accessible data. CVSS 3.1 Base Score 6.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N).

ODP.NET 19c/21c Vulnerability Allows Una-Auth Network Access (CVE-2023-21893)
CVE-2023-21893 7.5 - High - January 18, 2023

Vulnerability in the Oracle Data Provider for .NET component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TCPS to compromise Oracle Data Provider for .NET. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Data Provider for .NET. Note: Applies also to Database client-only on Windows platform. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).

Oracle DB 19c/21c Data Redaction Vulnerability CVE-2023-21827
CVE-2023-21827 4.3 - Medium - January 18, 2023

Vulnerability in the Oracle Database Data Redaction component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Oracle Database Data Redaction. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Database Data Redaction accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).

Oracle DB RDBMS Security low-priv create session exploit 19c/21c
CVE-2023-21829 6.3 - Medium - January 18, 2023

Vulnerability in the Oracle Database RDBMS Security component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Oracle Database RDBMS Security. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Database RDBMS Security accessible data as well as unauthorized read access to a subset of Oracle Database RDBMS Security accessible data. CVSS 3.1 Base Score 6.3 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N).

Oracle DB 19c OSSMS RCE via HTTP unauthenticated Windows
CVE-2022-21606 6.1 - Medium - October 18, 2022

Vulnerability in the Oracle Services for Microsoft Transaction Server component of Oracle Database Server. The supported version that is affected is 19c. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Services for Microsoft Transaction Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Services for Microsoft Transaction Server, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Services for Microsoft Transaction Server accessible data as well as unauthorized read access to a subset of Oracle Services for Microsoft Transaction Server accessible data. Note: This vulnerability applies to Windows systems only. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).

XSS

Oracle DB 19c Advanced Queuing: Vulnerability allows DBA takeover
CVE-2022-21596 7.2 - High - October 18, 2022

Vulnerability in the Oracle Database - Advanced Queuing component of Oracle Database Server. The supported version that is affected is 19c. Easily exploitable vulnerability allows high privileged attacker having DBA user privilege with network access via Oracle Net to compromise Oracle Database - Advanced Queuing. Successful attacks of this vulnerability can result in takeover of Oracle Database - Advanced Queuing. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).

Vulnerability in the Oracle Database - Enterprise Edition RDBMS Security component of Oracle Database Server
CVE-2022-21432 2.7 - Low - July 19, 2022

Vulnerability in the Oracle Database - Enterprise Edition RDBMS Security component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 19c and 21c. Easily exploitable vulnerability allows high privileged attacker having DBA role privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition RDBMS Security. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Database - Enterprise Edition RDBMS Security. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L).

Vulnerability in the Java VM component of Oracle Database Server
CVE-2022-21565 6.5 - Medium - July 19, 2022

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Procedure privilege with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java VM accessible data. CVSS 3.1 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N).

Vulnerability in the Oracle Database - Enterprise Edition Recovery component of Oracle Database Server
CVE-2022-21511 7.2 - High - July 19, 2022

Vulnerability in the Oracle Database - Enterprise Edition Recovery component of Oracle Database Server. For supported versions that are affected see note. Easily exploitable vulnerability allows high privileged attacker having EXECUTE ON DBMS_IR.EXECUTESQLSCRIPT privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition Recovery. Successful attacks of this vulnerability can result in takeover of Oracle Database - Enterprise Edition Recovery. Note: None of the supported versions are affected. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).

Vulnerability in the Oracle Database - Enterprise Edition Sharding component of Oracle Database Server
CVE-2022-21510 8.8 - High - July 19, 2022

Vulnerability in the Oracle Database - Enterprise Edition Sharding component of Oracle Database Server. For supported versions that are affected see note. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Oracle Database - Enterprise Edition Sharding executes to compromise Oracle Database - Enterprise Edition Sharding. While the vulnerability is in Oracle Database - Enterprise Edition Sharding, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Database - Enterprise Edition Sharding. Note: None of the supported versions are affected. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).

Dell BSAFE Crypto-C Micro Edition
CVE-2020-35164 8.1 - High - July 11, 2022

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.

Dell BSAFE Crypto-C Micro Edition
CVE-2020-35169 9.8 - Critical - July 11, 2022

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Improper Input Validation Vulnerability.

Improper Input Validation

Dell BSAFE Crypto-C Micro Edition
CVE-2020-35168 9.8 - Critical - July 11, 2022

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.

Dell BSAFE Crypto-C Micro Edition
CVE-2020-35167 9.8 - Critical - July 11, 2022

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.

Dell BSAFE Crypto-C Micro Edition
CVE-2020-29506 9.8 - Critical - July 11, 2022

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Observable Timing Discrepancy Vulnerability.

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Oracle Database Server or by Oracle? Click the Watch button to subscribe.

Oracle
Vendor

Oracle Database Server
Oracle Database Server

Oracle Database Server Oracle Database Server

Don't miss out!

By the Year

Recent Oracle Database Server Security Vulnerabilities

Unauth Java VM Exploit in Oracle DB Server 19c-23c CVE-2025-61881 5.9 - Medium - October 21, 2025

Oracle Database Server 23.x: Unified Audit Priv Escal via Oracle Net CVE-2025-61749 2.7 - Low - October 21, 2025

Oracle DB 23.4-23.9: RDBMS Functional Index Privilege Data Leak CVE-2025-53051 2.7 - Low - October 21, 2025

Oracle DB Server - Portable Clusterware Unauth Read via Bonjour (19.3-23.9) CVE-2025-53047 5.8 - Medium - October 21, 2025

Oracle DB Server Unified Audit INT Impact CVE-2025-30750 (19.3-23.8) CVE-2025-30750 2.4 - Low - July 15, 2025

Oracle Database 19.27/23.4-23.8: Low-Privileged Session Hijack via Oracle Net CVE-2025-30751 8.8 - High - July 15, 2025

Oracle DB MV CVE-2025-50066: Unauth Mod 19.3-23.8 CVE-2025-50066 2.7 - Low - July 15, 2025

Oracle DB Java VM RCE in 19.3-19.27, 21.3-21.18 CVE-2025-50069 7.7 - High - July 15, 2025

Oracle JDBC vulnerability 23.4-23.8: Auth OS user can access data CVE-2025-50070 5.3 - Medium - July 15, 2025

Oracle DB RDBMS Listener CVE-2025-30733 (19.3-23.7) Unauth Exp CVE-2025-30733 6.5 - Medium - April 15, 2025

Oracle DB 19/21/23 Java VM unauth RCE - CVE-2025-30736 CVE-2025-30736 7.4 - High - April 15, 2025

Oracle DB XML DB CVE-2025-30694: v19.3-23.7 low-priv User Access CVE-2025-30694 5.4 - Medium - April 15, 2025

Oracle Database RAS Security Escalation Vulnerability (19.3-23.7) CVE-2025-30701 7.3 - High - April 15, 2025

Oracle DB 19.3-19.26: Fleet Patching & Prov Unauth Read CVE-2025-30702 CVE-2025-30702 5.3 - Medium - April 15, 2025

Oracle Database Server Java VM PrivEsc via Create Session/Procedure CVE-2025-21553 4.2 - Medium - January 21, 2025

Oracle DB Core CVE-2024-21233 - Oracle Net RCE, 19.3-23.5 CVE-2024-21233 4.3 - Medium - October 15, 2024

XML Database Component in Oracle DB 19.3-23.5 Vulnerable to Remote DoS CVE-2024-21242 3.5 - Low - October 15, 2024

Oracle DB Server Java VM CVE-2024-21251 19.323.5 CVE-2024-21251 3.1 - Low - October 15, 2024

Oracle Database 19.3-23.4 Java VM Partial DOS Vulnerability CVE-2024-21174 3.1 - Low - July 16, 2024

Oracle Database Core 19.3-19.23 SYSDBA Logon Escalation CVE-2024-21123 2.3 - Low - July 16, 2024

Oracle DB Portable Clusterware: CVE-2024-21126 19.3-21.14 Vulnerability CVE-2024-21126 5.8 - Medium - July 16, 2024

Oracle Database 19.3-19.23 RDBMS Security exec privilege escalation CVE-2024-21184 7.2 - High - July 16, 2024

Oracle DB Sharding Partial DOS Vulnerability 19.3-22,21.3-13 CVE-2024-20995 2.4 - Low - April 16, 2024

Oracle DB Unified Audit Vulnerability (19.3-21.13) Privilege Escalation CVE-2024-21058 4.9 - Medium - April 16, 2024

Oracle DB RDBMS 19.3-19.22/21.3-21.13 Vulnerable to Auth Priv Escalation CVE-2024-21066 4.2 - Medium - April 16, 2024

Oracle Database Server Java VM Integrity Flaw 19.3-21.12 (CVE-2024-20903) CVE-2024-20903 6.5 - Medium - February 17, 2024

Oracle Database Server Java VM 19.3-21.11 Privilege Escalation Vulnerability CVE-2023-22096 4.3 - Medium - October 17, 2023

Oracle DB Server 19.3-21.11 Recovery Manager DoS via Oracle Net CVE-2023-22077 4.9 - Medium - October 17, 2023

Oracle DB Sharding CVE-2023-22075 High Privilege/Partial DoS CVE-2023-22075 2.4 - Low - October 17, 2023

Oracle Notification Server Unauth Access 19.3-21.11 CVE-2023-22073 4.3 - Medium - October 17, 2023

Oracle PL/SQL Net Exec Vulnerability 19.3-19.20 / 21.3-21.11 CVE-2023-22071 5.9 - Medium - October 17, 2023

Oracle Database Sharding Component Availability Impact (Partial DOS) in 19.x-21.x CVE-2023-22074 2.4 - Low - October 17, 2023

Oracle DB ADV NET Before 21.10 Unauth Net Attack CVE-2023-21949 3.7 - Low - July 18, 2023

Oracle Database Server Vulnerable Unified Audit (19.3-21.10) Integrity Impact CVE-2023-22034 4.9 - Medium - July 18, 2023

Oracle Database Java VM Vulnerability 19.3-21.10 (Low Privilege Exec) CVE-2023-22052 3.1 - Low - July 18, 2023

Oracle DB 19c/21c Java VM PrivEsc via TLS (CVE-2023-21934) CVE-2023-21934 6.8 - Medium - April 18, 2023

ODP.NET 19c/21c Vulnerability Allows Una-Auth Network Access (CVE-2023-21893) CVE-2023-21893 7.5 - High - January 18, 2023

Oracle DB 19c/21c Data Redaction Vulnerability CVE-2023-21827 CVE-2023-21827 4.3 - Medium - January 18, 2023

Oracle DB RDBMS Security low-priv create session exploit 19c/21c CVE-2023-21829 6.3 - Medium - January 18, 2023

Oracle DB 19c OSSMS RCE via HTTP unauthenticated Windows CVE-2022-21606 6.1 - Medium - October 18, 2022

Oracle DB 19c Advanced Queuing: Vulnerability allows DBA takeover CVE-2022-21596 7.2 - High - October 18, 2022

Vulnerability in the Oracle Database - Enterprise Edition RDBMS Security component of Oracle Database Server CVE-2022-21432 2.7 - Low - July 19, 2022

Vulnerability in the Java VM component of Oracle Database Server CVE-2022-21565 6.5 - Medium - July 19, 2022

Vulnerability in the Oracle Database - Enterprise Edition Recovery component of Oracle Database Server CVE-2022-21511 7.2 - High - July 19, 2022

Vulnerability in the Oracle Database - Enterprise Edition Sharding component of Oracle Database Server CVE-2022-21510 8.8 - High - July 19, 2022

Dell BSAFE Crypto-C Micro Edition CVE-2020-35164 8.1 - High - July 11, 2022

Dell BSAFE Crypto-C Micro Edition CVE-2020-35169 9.8 - Critical - July 11, 2022

Dell BSAFE Crypto-C Micro Edition CVE-2020-35168 9.8 - Critical - July 11, 2022

Dell BSAFE Crypto-C Micro Edition CVE-2020-35167 9.8 - Critical - July 11, 2022

Dell BSAFE Crypto-C Micro Edition CVE-2020-29506 9.8 - Critical - July 11, 2022

Stay on top of Security Vulnerabilities

OracleVendor

Oracle Database ServerOracle Database Server

Unauth Java VM Exploit in Oracle DB Server 19c-23c
CVE-2025-61881 5.9 - Medium - October 21, 2025

Oracle Database Server 23.x: Unified Audit Priv Escal via Oracle Net
CVE-2025-61749 2.7 - Low - October 21, 2025

Oracle DB 23.4-23.9: RDBMS Functional Index Privilege Data Leak
CVE-2025-53051 2.7 - Low - October 21, 2025

Oracle DB Server - Portable Clusterware Unauth Read via Bonjour (19.3-23.9)
CVE-2025-53047 5.8 - Medium - October 21, 2025

Oracle DB Server Unified Audit INT Impact CVE-2025-30750 (19.3-23.8)
CVE-2025-30750 2.4 - Low - July 15, 2025

Oracle Database 19.27/23.4-23.8: Low-Privileged Session Hijack via Oracle Net
CVE-2025-30751 8.8 - High - July 15, 2025

Oracle DB MV CVE-2025-50066: Unauth Mod 19.3-23.8
CVE-2025-50066 2.7 - Low - July 15, 2025

Oracle DB Java VM RCE in 19.3-19.27, 21.3-21.18
CVE-2025-50069 7.7 - High - July 15, 2025

Oracle JDBC vulnerability 23.4-23.8: Auth OS user can access data
CVE-2025-50070 5.3 - Medium - July 15, 2025

Oracle DB RDBMS Listener CVE-2025-30733 (19.3-23.7) Unauth Exp
CVE-2025-30733 6.5 - Medium - April 15, 2025

Oracle DB 19/21/23 Java VM unauth RCE - CVE-2025-30736
CVE-2025-30736 7.4 - High - April 15, 2025

Oracle DB XML DB CVE-2025-30694: v19.3-23.7 low-priv User Access
CVE-2025-30694 5.4 - Medium - April 15, 2025

Oracle Database RAS Security Escalation Vulnerability (19.3-23.7)
CVE-2025-30701 7.3 - High - April 15, 2025

Oracle DB 19.3-19.26: Fleet Patching & Prov Unauth Read CVE-2025-30702
CVE-2025-30702 5.3 - Medium - April 15, 2025

Oracle Database Server Java VM PrivEsc via Create Session/Procedure
CVE-2025-21553 4.2 - Medium - January 21, 2025

Oracle DB Core CVE-2024-21233 - Oracle Net RCE, 19.3-23.5
CVE-2024-21233 4.3 - Medium - October 15, 2024

XML Database Component in Oracle DB 19.3-23.5 Vulnerable to Remote DoS
CVE-2024-21242 3.5 - Low - October 15, 2024

Oracle DB Server Java VM CVE-2024-21251 19.323.5
CVE-2024-21251 3.1 - Low - October 15, 2024

Oracle Database 19.3-23.4 Java VM Partial DOS Vulnerability
CVE-2024-21174 3.1 - Low - July 16, 2024

Oracle Database Core 19.3-19.23 SYSDBA Logon Escalation
CVE-2024-21123 2.3 - Low - July 16, 2024

Oracle DB Portable Clusterware: CVE-2024-21126 19.3-21.14 Vulnerability
CVE-2024-21126 5.8 - Medium - July 16, 2024

Oracle Database 19.3-19.23 RDBMS Security exec privilege escalation
CVE-2024-21184 7.2 - High - July 16, 2024

Oracle DB Sharding Partial DOS Vulnerability 19.3-22,21.3-13
CVE-2024-20995 2.4 - Low - April 16, 2024

Oracle DB Unified Audit Vulnerability (19.3-21.13) Privilege Escalation
CVE-2024-21058 4.9 - Medium - April 16, 2024

Oracle DB RDBMS 19.3-19.22/21.3-21.13 Vulnerable to Auth Priv Escalation
CVE-2024-21066 4.2 - Medium - April 16, 2024

Oracle Database Server Java VM Integrity Flaw 19.3-21.12 (CVE-2024-20903)
CVE-2024-20903 6.5 - Medium - February 17, 2024

Oracle Database Server Java VM 19.3-21.11 Privilege Escalation Vulnerability
CVE-2023-22096 4.3 - Medium - October 17, 2023

Oracle DB Server 19.3-21.11 Recovery Manager DoS via Oracle Net
CVE-2023-22077 4.9 - Medium - October 17, 2023

Oracle DB Sharding CVE-2023-22075 High Privilege/Partial DoS
CVE-2023-22075 2.4 - Low - October 17, 2023

Oracle Notification Server Unauth Access 19.3-21.11
CVE-2023-22073 4.3 - Medium - October 17, 2023

Oracle PL/SQL Net Exec Vulnerability 19.3-19.20 / 21.3-21.11
CVE-2023-22071 5.9 - Medium - October 17, 2023

Oracle Database Sharding Component Availability Impact (Partial DOS) in 19.x-21.x
CVE-2023-22074 2.4 - Low - October 17, 2023

Oracle DB ADV NET Before 21.10 Unauth Net Attack
CVE-2023-21949 3.7 - Low - July 18, 2023

Oracle Database Server Vulnerable Unified Audit (19.3-21.10) Integrity Impact
CVE-2023-22034 4.9 - Medium - July 18, 2023

Oracle Database Java VM Vulnerability 19.3-21.10 (Low Privilege Exec)
CVE-2023-22052 3.1 - Low - July 18, 2023

Oracle DB 19c/21c Java VM PrivEsc via TLS (CVE-2023-21934)
CVE-2023-21934 6.8 - Medium - April 18, 2023

ODP.NET 19c/21c Vulnerability Allows Una-Auth Network Access (CVE-2023-21893)
CVE-2023-21893 7.5 - High - January 18, 2023

Oracle DB 19c/21c Data Redaction Vulnerability CVE-2023-21827
CVE-2023-21827 4.3 - Medium - January 18, 2023

Oracle DB RDBMS Security low-priv create session exploit 19c/21c
CVE-2023-21829 6.3 - Medium - January 18, 2023

Oracle DB 19c OSSMS RCE via HTTP unauthenticated Windows
CVE-2022-21606 6.1 - Medium - October 18, 2022

Oracle DB 19c Advanced Queuing: Vulnerability allows DBA takeover
CVE-2022-21596 7.2 - High - October 18, 2022

Vulnerability in the Oracle Database - Enterprise Edition RDBMS Security component of Oracle Database Server
CVE-2022-21432 2.7 - Low - July 19, 2022

Vulnerability in the Java VM component of Oracle Database Server
CVE-2022-21565 6.5 - Medium - July 19, 2022

Vulnerability in the Oracle Database - Enterprise Edition Recovery component of Oracle Database Server
CVE-2022-21511 7.2 - High - July 19, 2022

Vulnerability in the Oracle Database - Enterprise Edition Sharding component of Oracle Database Server
CVE-2022-21510 8.8 - High - July 19, 2022

Dell BSAFE Crypto-C Micro Edition
CVE-2020-35164 8.1 - High - July 11, 2022

Dell BSAFE Crypto-C Micro Edition
CVE-2020-35169 9.8 - Critical - July 11, 2022

Dell BSAFE Crypto-C Micro Edition
CVE-2020-35168 9.8 - Critical - July 11, 2022

Dell BSAFE Crypto-C Micro Edition
CVE-2020-35167 9.8 - Critical - July 11, 2022

Dell BSAFE Crypto-C Micro Edition
CVE-2020-29506 9.8 - Critical - July 11, 2022

Oracle
Vendor

Oracle Database Server
Oracle Database Server