Oracle Security Vulnerabilities (CVEs)
Track 682 security vulnerabilities affecting Oracle products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
A use-after-free vulnerability in the Linux kernel's Bluetooth subsystem allows local attackers to crash the system or potentially escalate privileges...
Feb 16, 2022A netfilter flaw allows network-connected attackers to infer OpenVPN connection endpoint information by analyzing network traffic patterns. This affec...
Feb 16, 2022CVE-2021-3551 is a credential exposure vulnerability in Dogtag PKI-server where the spkispawn command, when run in debug mode, stores admin credential...
Feb 16, 2022CVE-2022-25235 is a critical vulnerability in Expat (libexpat) XML parser where improper UTF-8 character validation allows attackers to bypass securit...
Feb 16, 2022This vulnerability in Python's urllib.parse module allows injection attacks via crafted URLs containing carriage return (\r) or line feed (\n) charact...
Feb 9, 2022CVE-2021-4034 (PwnKit) is a local privilege escalation vulnerability in polkit's pkexec utility that allows unprivileged local users to gain root priv...
Jan 28, 2022This CVE describes a time-of-check-time-of-use (TOCTOU) vulnerability in Apache Tomcat that allows local attackers to escalate privileges. The vulnera...
Jan 27, 2022CVE-2022-23990 is an integer overflow vulnerability in Expat (libexpat) XML parser library that can lead to denial of service or arbitrary code execut...
Jan 26, 2022CVE-2022-23852 is a signed integer overflow vulnerability in Expat (libexpat) XML parser that can lead to buffer overflow. When XML_CONTEXT_BYTES is c...
Jan 24, 2022This vulnerability allows remote attackers to execute arbitrary code on H2 Database Console by exploiting a flaw in JDBC URL parsing. Attackers can cr...
Jan 19, 2022This vulnerability in Oracle Communications Operations Monitor allows high-privileged attackers with network access via HTTP to completely compromise ...
Jan 19, 2022CVE-2022-21371 is a local file inclusion vulnerability in Oracle WebLogic Server's web container that allows unauthenticated attackers with network ac...
Jan 19, 2022This vulnerability in Oracle Enterprise Session Border Controller's WebUI allows authenticated attackers with low privileges to modify or delete criti...
Jan 19, 2022This critical vulnerability in Oracle Communications Billing and Revenue Management allows unauthenticated attackers to remotely execute code and comp...
Jan 19, 2022This critical vulnerability in Oracle Communications Billing and Revenue Management allows authenticated attackers with network access via HTTP to com...
Jan 19, 2022This vulnerability in MySQL Server's optimizer component allows authenticated attackers with network access to cause denial of service (server crashes...
Jan 19, 2022This vulnerability in Oracle BI Publisher allows unauthenticated attackers with network access via HTTP to access sensitive data. It affects Oracle BI...
Jan 19, 2022CVE-2022-21306 is a critical vulnerability in Oracle WebLogic Server that allows unauthenticated attackers with network access via the T3 protocol to ...
Jan 19, 2022This vulnerability in Oracle WebLogic Server allows unauthenticated attackers with network access via HTTP to access sensitive data. It affects WebLog...
Jan 19, 2022This vulnerability allows unauthenticated attackers with network access via HTTP to access sensitive data in Oracle PeopleSoft Enterprise CS SA Integr...
Jan 19, 2022This vulnerability in Oracle Communications Billing and Revenue Management allows unauthenticated attackers to remotely access sensitive data via HTTP...
Jan 19, 2022This vulnerability in Oracle Project Costing allows authenticated attackers with low privileges to manipulate critical data via HTTP requests. Attacke...
Jan 19, 2022This critical vulnerability in Oracle Communications Billing and Revenue Management allows unauthenticated attackers with network access via HTTP to c...
Jan 19, 2022This vulnerability in MySQL Server's optimizer component allows authenticated attackers with network access to cause denial of service (server crashes...
Jan 19, 2022This vulnerability in Oracle Trade Management allows authenticated attackers with low privileges to perform unauthorized data manipulation and access ...
Jan 19, 2022This vulnerability in Oracle Configurator (part of Oracle E-Business Suite) allows authenticated attackers with low privileges to perform unauthorized...
Jan 19, 2022This critical vulnerability in Oracle Access Manager allows unauthenticated attackers to remotely compromise the system via HTTP requests, potentially...
Jan 19, 2022A race condition vulnerability in the Linux kernel's Unix domain socket garbage collection allows local users to trigger a read-after-free memory flaw...
Jan 18, 2022CVE-2022-23305 is an SQL injection vulnerability in Log4j 1.2.x's JDBCAppender that allows attackers to execute arbitrary SQL queries by injecting mal...
Jan 18, 2022A buffer overflow vulnerability in glibc's sunrpc module allows attackers to execute arbitrary code or cause denial of service. This affects applicati...
Jan 14, 2022CVE-2021-42392 is a critical remote code execution vulnerability in H2 Database where attackers can exploit JNDI injection through the database driver...
Jan 10, 2022This vulnerability in protobuf-java allows attackers to craft malicious Protocol Buffer messages that cause excessive CPU consumption through parser i...
Jan 10, 2022A vulnerability in Wireshark's RFC 7468 dissector allows attackers to cause a denial of service crash via specially crafted network packets or capture...
Dec 30, 2021This vulnerability in Wireshark's BitTorrent DHT dissector allows attackers to cause a denial of service (DoS) by triggering an infinite loop. Attacke...
Dec 30, 2021This vulnerability in Apache HTTP Server allows attackers to crash the server via NULL pointer dereference or perform Server-Side Request Forgery (SSR...
Dec 20, 2021CVE-2021-4104 is a deserialization vulnerability in Log4j 1.2's JMSAppender that allows remote code execution when attackers can modify Log4j configur...
Dec 14, 2021CVE-2021-43527 is a critical heap overflow vulnerability in NSS (Network Security Services) that allows remote code execution when processing maliciou...
Dec 8, 2021CVE-2021-42717 is a denial-of-service vulnerability in ModSecurity's JSON parser where excessively nested JSON objects cause excessive CPU consumption...
Dec 7, 2021This vulnerability in Oracle Outside In Technology allows unauthenticated attackers to cause denial of service by crashing or hanging the software. It...
Oct 20, 2021This vulnerability in Oracle Outside In Technology allows unauthenticated attackers to cause denial of service by crashing or hanging the software. It...
Oct 20, 2021This vulnerability in Oracle Outside In Technology allows unauthenticated attackers to cause denial of service by crashing or hanging the software via...
Oct 20, 2021This vulnerability allows unauthenticated attackers with network access via HTTP to cause a denial of service (DoS) by crashing or hanging Oracle Essb...
Oct 20, 2021This vulnerability in Oracle Outside In Technology allows unauthenticated attackers to cause denial of service by crashing or hanging the software via...
Oct 20, 2021This vulnerability in Oracle Essbase Administration Services allows authenticated attackers with low privileges to access and modify sensitive data vi...
Oct 20, 2021This critical vulnerability in Oracle Essbase Administration Services allows unauthenticated attackers with network access via HTTP to completely comp...
Oct 20, 2021This vulnerability in Oracle Database Server's Java VM component allows attackers with low privileges (Create Procedure access) and network access via...
Oct 20, 2021This critical vulnerability in Oracle WebLogic Server allows unauthenticated attackers with network access via IIOP to completely compromise the serve...
Oct 20, 2021This vulnerability in MySQL Server's optimizer component allows authenticated attackers with network access to cause denial of service (server hangs o...
Oct 20, 2021This vulnerability in Oracle Database Server's Zero Downtime DB Migration to Cloud component allows high-privileged local attackers to completely comp...
Oct 20, 2021This vulnerability in Oracle Incentive Compensation allows authenticated attackers with low privileges to perform unauthorized data manipulation and a...
Oct 20, 2021Why Monitor Oracle Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 682+ known vulnerabilities affecting Oracle products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Oracle packages in under 60 seconds. No agents required - completely agentless scanning that works across Oracle deployments.
Free vulnerability database: Access detailed information about every Oracle CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Oracle CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
