Oracle Security Vulnerabilities (CVEs)
Track 688 security vulnerabilities affecting Oracle products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
This vulnerability allows unauthenticated attackers to cause a denial of service (DoS) on MySQL Server running on Windows by crashing or hanging the s...
Oct 20, 2021This vulnerability in Oracle Outside In Technology allows unauthenticated attackers to cause denial of service by crashing or hanging the software via...
Oct 20, 2021This vulnerability in Oracle Outside In Technology allows unauthenticated attackers to cause denial of service by crashing or hanging the software thr...
Oct 20, 2021This vulnerability in Oracle Mobile Field Service allows authenticated attackers with low privileges to perform unauthorized data manipulation and acc...
Oct 20, 2021This vulnerability in Oracle Applications Manager allows authenticated attackers with low privileges to perform unauthorized data manipulation and acc...
Oct 20, 2021This vulnerability in Oracle Universal Work Queue allows authenticated attackers with low privileges to perform unauthorized data manipulation and acc...
Oct 20, 2021This vulnerability in Oracle Java SE 8u301 allows an unauthenticated attacker to potentially compromise Java deployments via network protocols when a ...
Oct 20, 2021This vulnerability in Oracle PeopleSoft Enterprise CC Common Application Objects allows authenticated attackers with low privileges to perform unautho...
Oct 20, 2021This vulnerability in Oracle VM VirtualBox allows a low-privileged local attacker to gain full control of the virtualization software, potentially com...
Oct 20, 2021This vulnerability in Oracle Deal Management allows authenticated attackers with low privileges to perform unauthorized data manipulation and access s...
Oct 20, 2021This vulnerability in Oracle Operations Intelligence allows authenticated attackers with low privileges to perform unauthorized data manipulation and ...
Oct 20, 2021This vulnerability in Oracle Payables allows authenticated attackers with low privileges to perform unauthorized data manipulation and access sensitiv...
Oct 20, 2021This vulnerability in Oracle Communications Interactive Session Recorder allows unauthenticated attackers to remotely manipulate data, read sensitive ...
Oct 20, 2021This vulnerability in Oracle Web Analytics allows low-privileged attackers with network access via HTTP to compromise the system, potentially leading ...
Oct 20, 2021This vulnerability in Oracle Enterprise Manager's Policy Framework allows authenticated attackers with low privileges to gain complete control over th...
Oct 20, 2021CVE-2021-37136 is a denial-of-service vulnerability in Netty's Bzip2Decoder that allows attackers to trigger out-of-memory errors by sending specially...
Oct 19, 2021CVE-2021-42575 is a critical vulnerability in the OWASP Java HTML Sanitizer that allows bypassing HTML sanitization policies for SELECT, STYLE, and OP...
Oct 18, 2021CVE-2021-42013 is a critical path traversal vulnerability in Apache HTTP Server that allows attackers to access files outside configured directories. ...
Oct 7, 2021This vulnerability allows attackers with access to openjdk containers to modify the /etc/passwd file, enabling privilege escalation. It affects openjd...
Oct 6, 2021CVE-2021-41773 is a path traversal vulnerability in Apache HTTP Server 2.4.49 that allows attackers to access files outside configured directories. If...
Oct 5, 2021This CVE describes an integer overflow vulnerability in Redis' hiredis library that affects redis-cli and redis-sentinel when parsing large multi-bulk...
Oct 4, 2021CVE-2021-41099 is an integer overflow vulnerability in Redis' string library that allows heap corruption when the proto-max-bulk-len configuration is ...
Oct 4, 2021CVE-2021-32627 is an integer overflow vulnerability in Redis that allows remote attackers to corrupt heap memory by setting configuration parameters t...
Oct 4, 2021CVE-2021-32675 is a memory allocation vulnerability in Redis where specially crafted RESP protocol requests can cause excessive memory consumption, po...
Oct 4, 2021CVE-2021-41303 is an authentication bypass vulnerability in Apache Shiro when used with Spring Boot. A specially crafted HTTP request can allow attack...
Sep 17, 2021CVE-2021-36160 is an out-of-bounds read vulnerability in Apache HTTP Server's mod_proxy_uwsgi module. A specially crafted URI path can cause the serve...
Sep 16, 2021CVE-2021-39275 is a critical buffer overflow vulnerability in Apache HTTP Server's ap_escape_quotes() function that could allow remote code execution ...
Sep 16, 2021CVE-2021-23440 is a type confusion vulnerability in the set-value npm package that allows attackers to bypass previous security fixes (CVE-2019-10747)...
Sep 12, 2021This vulnerability in the npm tar package allows attackers to bypass symlink checks by exploiting Unicode normalization and Windows short path behavio...
Aug 31, 2021This vulnerability in @npmcli/arborist allows attackers to write arbitrary files to any location on case-insensitive filesystems by exploiting case-se...
Aug 31, 2021This OpenSSL vulnerability allows attackers to cause buffer overruns when applications directly construct ASN.1 strings without proper NUL termination...
Aug 24, 2021CVE-2021-39150 is a deserialization vulnerability in XStream library that allows remote attackers to access internal resources by manipulating XML inp...
Aug 23, 2021CVE-2021-39154 is a remote code execution vulnerability in XStream library that allows attackers to execute arbitrary code by manipulating XML input s...
Aug 23, 2021CVE-2021-39144 is a remote code execution vulnerability in XStream library versions before 1.4.18. Attackers with sufficient privileges can execute ar...
Aug 23, 2021CVE-2021-39146 is a remote code execution vulnerability in XStream library that allows attackers to execute arbitrary code by manipulating XML input s...
Aug 23, 2021CVE-2021-39148 is a remote code execution vulnerability in XStream library that allows attackers to execute arbitrary code by manipulating XML input s...
Aug 23, 2021CVE-2021-39151 is a remote code execution vulnerability in XStream library versions before 1.4.18. Attackers can manipulate XML input to execute arbit...
Aug 23, 2021CVE-2021-39139 is a remote code execution vulnerability in XStream library that allows attackers to execute arbitrary code by manipulating XML input s...
Aug 23, 2021CVE-2021-35940 is an out-of-bounds read vulnerability in Apache Portable Runtime (APR) 1.7.x branch that allows reading memory beyond allocated array ...
Aug 23, 2021Node.js DNS library vulnerability allows remote code execution, XSS, and application crashes due to improper validation of DNS responses. Attackers ca...
Aug 16, 2021CVE-2021-22940 is a use-after-free vulnerability in Node.js that allows memory corruption attacks. An attacker could exploit this to potentially execu...
Aug 16, 2021CVE-2021-33193 is an HTTP/2 request smuggling vulnerability in Apache HTTP Server's mod_proxy module. Attackers can send specially crafted HTTP/2 requ...
Aug 16, 2021CVE-2021-37695 is a cross-site scripting (XSS) vulnerability in CKEditor 4's Fake Objects plugin that allows attackers to inject malicious HTML that c...
Aug 13, 2021CVE-2021-32808 is a cross-site scripting (XSS) vulnerability in CKEditor 4 that allows attackers to execute arbitrary JavaScript code by exploiting a ...
Aug 12, 2021This vulnerability allows attackers to trick libcurl applications into using a malicious client certificate instead of the intended one when running i...
Aug 5, 2021The npm tar package before versions 6.1.1, 5.0.6, 4.4.14, and 3.3.2 has an arbitrary file creation/overwrite vulnerability due to insufficient sanitiz...
Aug 3, 2021This vulnerability in Ruby's Net::IMAP library allows man-in-the-middle attackers to bypass TLS encryption by blocking StartTLS commands, potentially ...
Aug 1, 2021This vulnerability in RDoc (Ruby's documentation generator) allows arbitrary code execution when processing filenames containing pipe (|) or backtick ...
Jul 30, 2021This critical vulnerability in Oracle Secure Global Desktop 5.6 allows unauthenticated attackers to remotely compromise the system via multiple networ...
Jul 21, 2021This vulnerability in Oracle VM VirtualBox allows a high-privileged attacker with local access to cause denial of service, modify data, or read sensit...
Jul 21, 2021Why Monitor Oracle Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 688+ known vulnerabilities affecting Oracle products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Oracle packages in under 60 seconds. No agents required - completely agentless scanning that works across Oracle deployments.
Free vulnerability database: Access detailed information about every Oracle CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Oracle CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
