Oracle Security Vulnerabilities (CVEs)
Track 691 security vulnerabilities affecting Oracle products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
This vulnerability in Oracle Essbase Analytic Provider Services allows unauthenticated attackers with network access via HTTP to compromise the servic...
Jul 21, 2021This vulnerability in Oracle Essbase Analytic Provider Services allows unauthenticated attackers to cause a denial of service (DoS) by crashing or han...
Jul 21, 2021This vulnerability in Oracle Outside In Technology allows unauthenticated attackers to cause denial of service by crashing or hanging the software via...
Jul 21, 2021This vulnerability in Oracle Coherence allows unauthenticated attackers with network access via T3 or IIOP protocols to potentially compromise the sys...
Jul 21, 2021This vulnerability in Oracle Outside In Technology allows unauthenticated attackers to cause denial of service by crashing or hanging the software. It...
Jul 21, 2021This vulnerability in Oracle Outside In Technology allows unauthenticated attackers to cause denial of service by crashing or hanging the software. It...
Jul 21, 2021This vulnerability in Oracle Time and Labor allows authenticated attackers with low privileges to perform unauthorized data manipulation and access se...
Jul 21, 2021This vulnerability in Oracle Advanced Inbound Telephony allows authenticated attackers with network access via HTTP to perform unauthorized data manip...
Jul 21, 2021This vulnerability in Oracle Marketing allows unauthenticated attackers with network access via HTTP to compromise the system. It requires human inter...
Jul 21, 2021This vulnerability in Oracle Marketing (part of Oracle E-Business Suite) allows unauthenticated attackers with network access via HTTP to compromise t...
Jul 21, 2021This vulnerability in Oracle Database's Advanced Networking Option allows attackers to bypass network encryption protections and potentially compromis...
Jul 21, 2021This vulnerability in Oracle Hyperion Essbase Administration Services allows unauthenticated attackers to remotely access sensitive data via HTTP. It ...
Jul 21, 2021This vulnerability in Oracle Coherence allows unauthenticated attackers with network access via T3 or IIOP protocols to cause denial of service by cra...
Jul 21, 2021This vulnerability in Oracle XML DB allows high-privileged attackers with network access via Oracle Net to compromise the XML DB component, potentiall...
Jul 21, 2021This critical vulnerability in Oracle Commerce Platform's Dynamo Application Framework allows unauthenticated remote attackers to completely compromis...
Jul 21, 2021This critical vulnerability in Oracle Business Intelligence Enterprise Edition allows unauthenticated attackers with network access via HTTP to comple...
Jul 21, 2021This vulnerability in Oracle Identity Manager allows low-privileged attackers with network access via HTTP to compromise the system. Successful exploi...
Jul 21, 2021This vulnerability in Oracle Outside In Technology allows unauthenticated attackers to cause denial of service by crashing or hanging the software. It...
Jul 21, 2021This vulnerability in Oracle Outside In Technology allows unauthenticated attackers to cause denial of service by crashing or hanging the software. It...
Jul 21, 2021This vulnerability in Oracle Outside In Technology allows unauthenticated attackers to cause denial of service by crashing or hanging the software. It...
Jul 21, 2021This vulnerability in Oracle Text allows high-privileged attackers with network access via Oracle Net to compromise the Oracle Text component. Success...
Jul 21, 2021CVE-2021-35515 is a denial-of-service vulnerability in Apache Commons Compress's 7Z archive handling. When processing a specially crafted 7Z file, the...
Jul 13, 2021CVE-2021-35517 is a denial-of-service vulnerability in Apache Commons Compress where specially crafted TAR archives can trigger excessive memory alloc...
Jul 13, 2021A local privilege escalation vulnerability in Linux kernel versions before 5.9-rc1 allows attackers with local access to crash systems or gain root pr...
Jul 9, 2021Spring Security OAuth 2.0 clients are vulnerable to denial-of-service attacks where attackers can exhaust system resources by repeatedly initiating au...
Jun 29, 2021CVE-2021-32723 is a Regular Expression Denial of Service (ReDoS) vulnerability in Prism syntax highlighting library versions before 1.24.0. Attackers ...
Jun 28, 2021CVE-2021-2322 is a critical vulnerability in OpenGrok web application that allows authenticated attackers with low privileges to completely compromise...
Jun 23, 2021A denial-of-service vulnerability in Apache CXF's JsonMapObjectReaderWriter allows attackers to send specially crafted JSON payloads to web services, ...
Jun 16, 2021This vulnerability in Apport's read_file() function allows local attackers to read arbitrary files by exploiting symbolic links or FIFOs. When used by...
Jun 12, 2021CVE-2021-22901 is a use-after-free vulnerability in curl/libcurl that allows a malicious TLS 1.3 server to potentially execute arbitrary code on the c...
Jun 11, 2021CVE-2020-13950 is a NULL pointer dereference vulnerability in Apache HTTP Server's mod_proxy_http module that allows remote attackers to cause a denia...
Jun 10, 2021CVE-2021-26690 is a NULL pointer dereference vulnerability in Apache HTTP Server's mod_session module that can be triggered by a specially crafted Coo...
Jun 10, 2021CVE-2021-26691 is a critical heap overflow vulnerability in Apache HTTP Server that allows remote attackers to execute arbitrary code or cause denial ...
Jun 10, 2021This vulnerability in Libgcrypt allows side-channel attacks against ElGamal encryption due to missing exponent blinding and inappropriate window size ...
Jun 8, 2021CVE-2021-3520 is an integer overflow vulnerability in the LZ4 compression library that allows attackers to trigger out-of-bounds writes by submitting ...
Jun 2, 2021A denial-of-service vulnerability exists in JSON Smart's indexOf function that allows attackers to crash applications via specially crafted JSON input...
Jun 1, 2021CVE-2021-3516 is a use-after-free vulnerability in libxml2's xmllint tool that allows attackers to execute arbitrary code or cause denial of service b...
Jun 1, 2021This vulnerability allows a locally authenticated malicious user to escalate privileges in Spring Framework WebFlux applications by manipulating tempo...
May 27, 2021A use-after-free vulnerability in libxml2 versions before 2.9.11 allows attackers to submit crafted XML files to applications using this library, pote...
May 18, 2021CVE-2020-35198 is a critical integer overflow vulnerability in Wind River VxWorks 7's memory allocator that allows attackers to cause memory corruptio...
May 12, 2021The Python ipaddress library incorrectly interprets IP addresses with leading zeros in octets, treating them as octal numbers instead of decimal. This...
May 6, 2021This vulnerability in BIND DNS servers allows remote attackers to cause denial of service by sending specially crafted DNS queries that trigger an ass...
Apr 29, 2021Apache Maven follows repository references defined in dependency POM files, allowing malicious actors to redirect builds to compromised repositories. ...
Apr 23, 2021This critical vulnerability in Oracle Platform Security for Java allows unauthenticated attackers with network access via HTTP to completely compromis...
Apr 22, 2021This vulnerability in Oracle VM VirtualBox allows a high-privileged attacker with local access to the host system to compromise the virtualization sof...
Apr 22, 2021This vulnerability in Oracle Application Object Library allows authenticated attackers with low privileges to perform unauthorized data manipulation a...
Apr 22, 2021This vulnerability in Oracle HRMS (France) allows authenticated attackers with low privileges to perform unauthorized data manipulation and access via...
Apr 22, 2021An unauthenticated remote attacker can exploit this vulnerability in Oracle Cloud Infrastructure Storage Gateway's Management Console via HTTP to comp...
Apr 22, 2021A high-severity vulnerability in Oracle Cloud Infrastructure Storage Gateway Management Console allows authenticated attackers with network access via...
Apr 22, 2021This vulnerability in Oracle Purchasing (part of Oracle E-Business Suite) allows authenticated attackers with network access via HTTPS to perform unau...
Apr 22, 2021Why Monitor Oracle Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 691+ known vulnerabilities affecting Oracle products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Oracle packages in under 60 seconds. No agents required - completely agentless scanning that works across Oracle deployments.
Free vulnerability database: Access detailed information about every Oracle CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Oracle CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
