Vulnerabilities in Oracle Corporation

5,160 results
Vexday analysis

Com 5.160 CVEs catalogadas e 376 surgidas apenas nos últimos 90 dias, o portfólio de vulnerabilidades da Oracle Corporation reflete a amplitude e complexidade de seu ecossistema de produtos. A taxa de exploração ativa — 26 entradas no CISA KEV, representando 0,5% do total — está em linha com a média geral do catálogo, mas o EPSS máximo observado de 1,0 indica que ao menos uma vulnerabilidade concentra probabilidade praticamente certa de exploração: CVE-2020-14882, uma falha ativa com EPSS de 1,0 que deve ser tratada como prioridade absoluta em qualquer ambiente Oracle. O tipo de falha mais recorrente, CWE-284 (controle de acesso impróprio), associado às 254 vulnerabilidades críticas e 74 com prova de conceito pública, sugere que superfícies de exposição relacionadas a autorização e gerenciamento de permissões merecem atenção redobrada nas avaliações de risco e nos ciclos de patching.

CVE-2025-30701HIGHVulnerability in the RAS Security component of Oracle Database Server. Supported versions that are affected are 19.3-19.26, 21.3-21.17 and EPSS 0.4%CVE-2024-20956HIGHVulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply Chain (component: Installation). SupporEPSS 0.4%CVE-2026-34279CRITICALVulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Event Management). Supported EPSS 0.4%CVE-2025-53054MEDIUMVulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0EPSS 0.4%CVE-2025-53053MEDIUMVulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.0-8.0.43, EPSS 0.4%CVE-2019-2444Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.2.0.1 and 18c. Easily exploEPSS 0.4%CVE-2017-10219Vulnerability in the Oracle Hospitality Guest Access component of Oracle Hospitality Applications (subcomponent: Base). Supported versions tEPSS 0.4%CVE-2022-21580MEDIUMVulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: EPSS 0.4%CVE-2024-21084MEDIUMVulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Service Gateway). Supported versions that are affected areEPSS 0.4%CVE-2017-10056Vulnerability in the Oracle Hospitality 9700 component of Oracle Hospitality Applications (subcomponent: Property Management Systems). The sEPSS 0.4%CVE-2017-10169Vulnerability in the Oracle Hospitality 9700 component of Oracle Hospitality Applications (subcomponent: Operation Security). The supported EPSS 0.4%CVE-2022-39420MEDIUMVulnerability in the Oracle Transportation Management product of Oracle Supply Chain (component: Data, Functional Security). Supported versiEPSS 0.4%CVE-2024-21279HIGHVulnerability in the Oracle Sourcing product of Oracle E-Business Suite (component: Auctions). Supported versions that are affected are 12.EPSS 0.4%CVE-2024-21282HIGHVulnerability in the Oracle Financials product of Oracle E-Business Suite (component: Common Components). Supported versions that are affecEPSS 0.4%CVE-2024-21278HIGHVulnerability in the Oracle Contract Lifecycle Management for Public Sector product of Oracle E-Business Suite (component: Award Processes).EPSS 0.4%CVE-2018-2923Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: Core Services). The suEPSS 0.4%CVE-2026-35276HIGHVulnerability in the PeopleSoft Enterprise PT PeopleTools product of Oracle PeopleSoft (component: Application Server). Supported versions EPSS 0.4%CVE-2024-21266HIGHVulnerability in the Oracle Advanced Pricing product of Oracle E-Business Suite (component: Price List). Supported versions that are affectEPSS 0.4%CVE-2023-21908MEDIUMVulnerability in the Oracle Banking Virtual Account Management product of Oracle Financial Services Applications (component: OBVAM Trn JournEPSS 0.4%CVE-2020-14889MEDIUMVulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is PrioEPSS 0.4%