VDB

GCVE-110-NCSC-2025-20

GCVE-110-NCSC-2025-20
Advisory PublishedCVSS 9.8/10
Vulnetix · Advisory published January 22, 2025
Oracle heeft kwetsbaarheden verholpen in diverse database producten en subsystemen, zoals de Core Database, Graal, Application Express, GoldenGate en REST data.

Weaknesses (CWE)

CWE-1321Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')CWE-190Integer Overflow or WraparoundCWE-502Deserialization of Untrusted DataCWE-400Uncontrolled Resource ConsumptionCWE-367Time-of-check Time-of-use (TOCTOU) Race ConditionCWE-391Unchecked Error ConditionCWE-427Uncontrolled Search Path ElementCWE-20Improper Input ValidationCWE-191Integer Underflow (Wrap or Wraparound)CWE-222Truncation of Security-relevant InformationCWE-787Out-of-bounds WriteCWE-276Incorrect Default PermissionsCWE-440Expected Behavior ViolationCWE-1333Inefficient Regular Expression ComplexityCWE-1286Improper Validation of Syntactic Correctness of InputCWE-835Loop with Unreachable Exit Condition ('Infinite Loop')CWE-284Improper Access ControlCWE-200Exposure of Sensitive Information to an Unauthorized ActorCWE-922Insecure Storage of Sensitive InformationCWE-601URL Redirection to Untrusted Site ('Open Redirect')CWE-404Improper Resource Shutdown or ReleaseCWE-611Improper Restriction of XML External Entity ReferenceCWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-476NULL Pointer DereferenceCWE-703Improper Check or Handling of Exceptional ConditionsCWE-466Return of Pointer Value Outside of Expected RangeCWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Risk Scores

CVSS 3.1
9.8/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
oracleapplication_express
oraclegoldengate
oraclesecure_backup
oraclegoldengate_big_data_and_application_adapters
oracledatabase_-_graalvm_multilingual_engine
oracledatabase_migration_assistant_for_unicode
oracledatabase_-_data_mining
oraclerest_data_services
oraclegraal_development_kit_for_micronaut
oracledatabase_server

References

advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›