Oracle Security Vulnerabilities (CVEs)
Track 702 security vulnerabilities affecting Oracle products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
This is a buffer overflow vulnerability in Python's ctypes module that could allow remote code execution. It affects Python applications that process ...
Jan 19, 2021This vulnerability in XMLBeans XML parsers allows attackers to perform XML Entity Expansion (XXE) attacks by submitting malicious XML input. It affect...
Jan 14, 2021This vulnerability in FasterXML jackson-databind allows remote code execution through deserialization of untrusted data. Attackers can exploit the int...
Jan 7, 2021This vulnerability in FasterXML jackson-databind allows remote code execution through deserialization of untrusted data. It affects applications using...
Jan 7, 2021This vulnerability in FasterXML jackson-databind allows remote code execution through deserialization of untrusted data. Attackers can exploit the int...
Jan 6, 2021This vulnerability in FasterXML jackson-databind allows remote code execution through deserialization of untrusted data. It affects applications using...
Jan 6, 2021This vulnerability in FasterXML jackson-databind allows remote code execution through deserialization of untrusted data. Attackers can exploit the int...
Jan 6, 2021This vulnerability in FasterXML jackson-databind allows remote code execution through deserialization of untrusted data. Attackers can exploit the int...
Jan 6, 2021This CVE describes a use-after-free vulnerability in Node.js TLS implementation that can lead to memory corruption. Attackers could exploit this to ca...
Jan 6, 2021CVE-2020-27844 is an out-of-bounds write vulnerability in OpenJPEG's t2.c file that allows attackers to compromise confidentiality, integrity, and ava...
Jan 5, 2021This vulnerability in FasterXML jackson-databind allows remote code execution through deserialization of untrusted data. Attackers can exploit the int...
Dec 27, 2020This vulnerability in FasterXML jackson-databind allows remote code execution through deserialization of untrusted data. Attackers can exploit the int...
Dec 17, 2020Dell BSAFE Micro Edition Suite versions before 4.5 contain a buffer under-read vulnerability that allows unauthenticated remote attackers to cause und...
Dec 16, 2020This vulnerability is a heap-based buffer overflow in p11-kit's RPC protocol that allows remote attackers to execute arbitrary code or cause denial of...
Dec 16, 2020CVE-2020-8285 is a stack overflow vulnerability in curl's FTP wildcard parsing that allows remote attackers to crash applications or potentially execu...
Dec 14, 2020This vulnerability in Apache Struts allows attackers to perform remote code execution by forcing OGNL evaluation on raw user input in tag attributes. ...
Dec 11, 2020This vulnerability in Google Guava's createTempDir() method creates temporary directories with world-readable permissions on Unix-like systems, allowi...
Dec 10, 2020This CVE describes a use-after-free vulnerability in the Linux kernel's tty subsystem that allows attackers to potentially escalate privileges or cras...
Dec 9, 2020CVE-2020-29651 is a denial-of-service vulnerability in the py library's py.path.svnwc component. Attackers can cause excessive CPU consumption by supp...
Dec 9, 2020CVE-2020-25649 is an XML external entity (XXE) vulnerability in FasterXML Jackson Databind that allows attackers to read arbitrary files from the serv...
Dec 3, 2020This SQL injection vulnerability in Hibernate Core allows attackers to inject malicious SQL through JPA Criteria API comments, potentially accessing u...
Dec 2, 2020This vulnerability in MIT Kerberos 5 allows remote attackers to cause a denial of service (DoS) via unbounded recursion when processing specially craf...
Nov 6, 2020CVE-2020-14750 is a critical remote code execution vulnerability in Oracle WebLogic Server's Administration Console. Unauthenticated attackers can exp...
Nov 2, 2020This vulnerability in Python's test suite allows remote code execution via eval() on untrusted HTTP content. It affects Python 3 through 3.9.0 when ru...
Oct 22, 2020CVE-2020-14882 is a critical remote code execution vulnerability in Oracle WebLogic Server's Administration Console. Unauthenticated attackers can exp...
Oct 21, 2020This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authentication Module (PAM) that allows unauthenticated remot...
Oct 21, 2020This vulnerability in Oracle Marketing allows unauthenticated attackers to remotely manipulate or access sensitive data via HTTP. It affects Oracle E-...
Oct 21, 2020CVE-2020-14855 is a critical vulnerability in Oracle Universal Work Queue component of Oracle E-Business Suite that allows unauthenticated attackers t...
Oct 21, 2020CVE-2020-14859 is a critical remote code execution vulnerability in Oracle WebLogic Server that allows unauthenticated attackers to completely comprom...
Oct 21, 2020CVE-2020-14841 is a critical vulnerability in Oracle WebLogic Server that allows unauthenticated attackers to remotely execute arbitrary code via the ...
Oct 21, 2020CVE-2020-14825 is a critical remote code execution vulnerability in Oracle WebLogic Server that allows unauthenticated attackers to completely comprom...
Oct 21, 2020This vulnerability in Oracle E-Business Suite Secure Enterprise Search allows unauthenticated attackers with network access via HTTP to compromise the...
Oct 21, 2020CVE-2019-0230 is a remote code execution vulnerability in Apache Struts where forced double OGNL evaluation on raw user input in tag attributes allows...
Sep 14, 2020This vulnerability in Apache ActiveMQ allows remote attackers to execute arbitrary code by exploiting a JMX re-bind regression. Attackers can bypass a...
Sep 10, 2020CVE-2020-25020 is an XML External Entity (XXE) vulnerability in MPXJ library versions through 8.1.3. It allows attackers to read arbitrary files from ...
Aug 29, 2020CVE-2020-1472 (Zerologon) is a critical authentication bypass vulnerability in Microsoft's Netlogon protocol that allows unauthenticated attackers to ...
Aug 17, 2020CVE-2020-11984 is a critical vulnerability in Apache HTTP Server's mod_proxy_uwsgi module that allows attackers to disclose sensitive information and ...
Aug 7, 2020CVE-2020-5413 is a critical deserialization vulnerability in Spring Integration's Kryo Codec implementation that allows remote code execution when pro...
Jul 31, 2020This critical vulnerability in Oracle SD-WAN Aware 8.2 allows unauthenticated attackers to remotely compromise the system via HTTP. Attackers can achi...
Jul 15, 2020This critical vulnerability in Oracle GoldenGate's Process Management component allows unauthenticated attackers on the same network segment to comple...
Jul 15, 2020This vulnerability in Oracle WebLogic Server allows unauthenticated attackers with network access via IIOP or T3 protocols to remotely execute arbitra...
Jul 15, 2020This critical vulnerability in Oracle Trade Management allows unauthenticated attackers to remotely manipulate or access sensitive data via HTTP. It a...
Jul 15, 2020This is an unauthenticated remote code execution vulnerability in Oracle Marketing component of Oracle E-Business Suite. Attackers can access, modify,...
Jul 15, 2020CVE-2020-14644 is a critical remote code execution vulnerability in Oracle WebLogic Server that allows unauthenticated attackers to completely comprom...
Jul 15, 2020CVE-2020-14625 is a critical remote code execution vulnerability in Oracle WebLogic Server that allows unauthenticated attackers to completely comprom...
Jul 15, 2020This critical vulnerability in Oracle SD-WAN Edge allows unauthenticated attackers with network access via HTTP to completely compromise the device. I...
Jul 15, 2020This vulnerability in Oracle CRM Gateway for Mobile Devices allows unauthenticated attackers with network access via HTTP to compromise the system. It...
Jul 15, 2020This vulnerability allows attackers to bypass authentication in Apache Spark's standalone resource manager and execute arbitrary shell commands on the...
Jun 23, 2020This vulnerability allows unauthenticated remote attackers to gain superuser privileges on affected TIBCO JasperReports Server installations. Attacker...
May 20, 2020Apache Camel RabbitMQ component has insecure default configuration that enables Java deserialization, allowing remote code execution. This affects Apa...
May 14, 2020Why Monitor Oracle Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 702+ known vulnerabilities affecting Oracle products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Oracle packages in under 60 seconds. No agents required - completely agentless scanning that works across Oracle deployments.
Free vulnerability database: Access detailed information about every Oracle CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Oracle CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
