Oracle Security Vulnerabilities (CVEs)
Track 700 security vulnerabilities affecting Oracle products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
Node.js servers are vulnerable to denial of service attacks when attackers establish numerous connections with unknown protocols, causing file descrip...
Mar 3, 2021This vulnerability in Apache Tomcat allows HTTP/2 cleartext (h2c) connections to leak request data between users. When processing h2c requests, Tomcat...
Mar 1, 2021This vulnerability in Jackson CBOR data format library allows attackers to cause denial of service through memory exhaustion by sending specially craf...
Feb 18, 2021This OpenSSL vulnerability involves integer overflow in cryptographic functions (EVP_CipherUpdate, EVP_EncryptUpdate, EVP_DecryptUpdate) when processi...
Feb 16, 2021Lodash versions before 4.17.21 contain a command injection vulnerability in the template function that allows attackers to execute arbitrary commands ...
Feb 15, 2021This vulnerability in Apache Thrift allows malicious RPC clients to send specially crafted short messages that trigger excessive memory allocation, po...
Feb 12, 2021This vulnerability in Python's cryptography package allows integer overflow and buffer overflow when encrypting multi-gigabyte values using symmetric ...
Feb 7, 2021This vulnerability in JetBrains Kotlin before version 1.4.21 uses an insecure Java API for temporary file creation, allowing attackers to read sensiti...
Feb 3, 2021This vulnerability is a heap-based buffer overflow in Libgcrypt's _gcry_md_block_write function when processing large count values during digest final...
Jan 29, 2021This vulnerability in the GNU C Library's iconv function causes a program crash when processing invalid ISO-2022-JP-3 encoded input. It affects any ap...
Jan 27, 2021CVE-2021-3156 is a heap-based buffer overflow vulnerability in Sudo that allows local users to escalate privileges to root. The exploit involves using...
Jan 26, 2021This vulnerability in Oracle VM VirtualBox allows a high-privileged attacker with local access to compromise the virtualization software, potentially ...
Jan 20, 2021This vulnerability in Oracle Common Applications Calendar allows unauthenticated attackers to access sensitive data and modify information via HTTP re...
Jan 20, 2021This vulnerability in Oracle Marketing (part of Oracle E-Business Suite) allows unauthenticated attackers with network access via HTTP to compromise t...
Jan 20, 2021This vulnerability in Oracle One-to-One Fulfillment allows unauthenticated attackers to remotely manipulate or access sensitive data via HTTP. It affe...
Jan 20, 2021This vulnerability in Oracle Complex Maintenance, Repair, and Overhaul allows unauthenticated attackers to access and modify sensitive data via a dial...
Jan 20, 2021This vulnerability in Oracle Complex Maintenance, Repair, and Overhaul allows unauthenticated attackers to access and modify sensitive data via a dial...
Jan 20, 2021This vulnerability in Oracle Customer Interaction History allows unauthenticated attackers to access and modify sensitive data via HTTP. It affects Or...
Jan 20, 2021CVE-2021-2108 is a critical vulnerability in Oracle WebLogic Server that allows unauthenticated remote attackers to execute arbitrary code and complet...
Jan 20, 2021An unauthenticated attacker can exploit this vulnerability in Oracle CRM Technical Foundation via HTTP to gain unauthorized access to critical data or...
Jan 20, 2021This vulnerability in Oracle iStore allows unauthenticated attackers to access sensitive data or modify information via HTTP requests. It affects Orac...
Jan 20, 2021This vulnerability in Oracle Scripting (part of Oracle E-Business Suite) allows unauthenticated attackers to access and modify sensitive data via HTTP...
Jan 20, 2021This vulnerability in Oracle Common Applications allows unauthenticated attackers to compromise the system via HTTP. It affects Oracle E-Business Suit...
Jan 20, 2021This vulnerability in Oracle iStore allows unauthenticated attackers to access sensitive data and modify some data via HTTP requests. It affects Oracl...
Jan 20, 2021This vulnerability in Oracle Email Center allows unauthenticated attackers to access sensitive data and modify information via HTTP requests. It affec...
Jan 20, 2021This vulnerability in Oracle PeopleSoft Enterprise PeopleTools allows an unauthenticated attacker with network access via HTTP to potentially compromi...
Jan 20, 2021This vulnerability in Oracle VM VirtualBox allows a high-privileged attacker with local access to the host system to completely compromise the Virtual...
Jan 20, 2021This critical vulnerability in Oracle WebLogic Server allows unauthenticated attackers to remotely execute arbitrary code and completely compromise af...
Jan 20, 2021This vulnerability in Oracle iStore allows unauthenticated attackers to access sensitive data and modify information via HTTP. It affects Oracle E-Bus...
Jan 20, 2021This vulnerability in Oracle Configurator allows unauthenticated attackers to access sensitive data and modify information via HTTP requests. It affec...
Jan 20, 2021This vulnerability in Oracle iStore allows unauthenticated attackers to access sensitive data and modify some data through a web-based attack requirin...
Jan 20, 2021This vulnerability in Oracle BI Publisher allows authenticated attackers with low privileges to exploit a flaw via HTTP requests that require user int...
Jan 20, 2021CVE-2021-2064 is a critical vulnerability in Oracle WebLogic Server that allows unauthenticated remote attackers to execute arbitrary code and complet...
Jan 20, 2021This vulnerability in Oracle Outside In Technology allows unauthenticated attackers with network access via HTTP to compromise systems using this SDK....
Jan 20, 2021This vulnerability in Oracle Outside In Technology allows unauthenticated attackers with network access to manipulate or delete critical data, read se...
Jan 20, 2021This vulnerability in Oracle Business Intelligence Enterprise Edition allows unauthenticated attackers with network access via HTTP to potentially com...
Jan 20, 2021This critical vulnerability in Oracle WebLogic Server allows unauthenticated attackers with network access via IIOP or T3 protocols to completely comp...
Jan 20, 2021This vulnerability in Oracle BI Publisher allows authenticated attackers with low privileges to access, modify, or delete sensitive data, and cause pa...
Jan 20, 2021This vulnerability in Oracle BI Publisher allows authenticated attackers with low privileges to access, modify, or delete sensitive data, and cause pa...
Jan 20, 2021This vulnerability in Oracle Database Server's RDBMS Sharding component allows high-privileged attackers with specific database privileges (Create Any...
Jan 20, 2021An unauthenticated attacker can exploit this vulnerability in Oracle Business Intelligence Enterprise Edition via HTTP to gain unauthorized access to ...
Jan 20, 2021This vulnerability in Oracle Marketing allows unauthenticated attackers with network access via HTTP to compromise the system, requiring human interac...
Jan 20, 2021This critical vulnerability in Oracle Scripting allows unauthenticated attackers with network access via HTTP to completely compromise the component. ...
Jan 20, 2021This vulnerability in Oracle Common Applications Calendar allows unauthenticated attackers to access sensitive data or modify information via HTTP req...
Jan 20, 2021This vulnerability in Oracle Siebel CRM's Search component allows authenticated attackers with low privileges to gain unauthorized access to sensitive...
Jan 20, 2021This vulnerability in Oracle BI Publisher allows low-privileged attackers with network access via HTTP to compromise the system. Successful exploitati...
Jan 20, 2021This vulnerability in Oracle Workflow allows unauthenticated attackers to access sensitive data and modify information via HTTP requests. It affects O...
Jan 20, 2021This vulnerability in Oracle Database Server's Advanced Networking Option allows unauthenticated attackers with network access via Oracle Net to poten...
Jan 20, 2021An unauthenticated remote code execution vulnerability in Oracle WebLogic Server's Web Services component allows attackers to completely compromise af...
Jan 20, 2021This vulnerability in Oracle Hospitality Reporting and Analytics allows low-privileged attackers with network access via HTTP to compromise the system...
Jan 20, 2021Why Monitor Oracle Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 700+ known vulnerabilities affecting Oracle products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Oracle packages in under 60 seconds. No agents required - completely agentless scanning that works across Oracle deployments.
Free vulnerability database: Access detailed information about every Oracle CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Oracle CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
