Vulnerabilities in Oracle Corporation

5,160 results
Vexday analysis

Com 5.160 CVEs catalogadas e 376 surgidas apenas nos últimos 90 dias, o portfólio de vulnerabilidades da Oracle Corporation reflete a amplitude e complexidade de seu ecossistema de produtos. A taxa de exploração ativa — 26 entradas no CISA KEV, representando 0,5% do total — está em linha com a média geral do catálogo, mas o EPSS máximo observado de 1,0 indica que ao menos uma vulnerabilidade concentra probabilidade praticamente certa de exploração: CVE-2020-14882, uma falha ativa com EPSS de 1,0 que deve ser tratada como prioridade absoluta em qualquer ambiente Oracle. O tipo de falha mais recorrente, CWE-284 (controle de acesso impróprio), associado às 254 vulnerabilidades críticas e 74 com prova de conceito pública, sugere que superfícies de exposição relacionadas a autorização e gerenciamento de permissões merecem atenção redobrada nas avaliações de risco e nos ciclos de patching.

CVE-2020-14725MEDIUMVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 anEPSS 1.8%CVE-2020-2776HIGHVulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Security). Supported versions that are affecEPSS 1.8%CVE-2020-2859HIGHVulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: nVision). Supported versions that are affectEPSS 1.8%CVE-2019-2768Vulnerability in the BI Publisher (formerly XML Publisher) component of Oracle Fusion Middleware (subcomponent: BI Publisher Security). The EPSS 1.8%CVE-2017-3545Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Blob Server). Supported versions that are aEPSS 1.8%CVE-2017-10040Vulnerability in the Oracle WebCenter Content component of Oracle Fusion Middleware (subcomponent: Content Server). Supported versions that EPSS 1.8%CVE-2017-10360Vulnerability in the Oracle WebCenter Content component of Oracle Fusion Middleware (subcomponent: Content Server). Supported versions that EPSS 1.8%CVE-2020-14634LOWVulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.20 and prior. EaEPSS 1.8%CVE-2018-3262Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Stylesheet). Supported versionEPSS 1.8%CVE-2021-2244CRITICALVulnerability in the Hyperion Analytic Provider Services product of Oracle Hyperion (component: JAPI) and Essbase Analytic Provider ServicesEPSS 1.8%CVE-2022-21485LOWVulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.35 anEPSS 1.8%CVE-2022-21303MEDIUMVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 5.EPSS 1.8%CVE-2022-21304MEDIUMVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 5.7.36 and pEPSS 1.8%CVE-2017-10282Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2 and 12.2.0.1. Easily EPSS 1.7%CVE-2022-21626MEDIUMVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions tEPSS 1.7%CVE-2018-3163Vulnerability in the Oracle Hospitality Cruise Fleet Management component of Oracle Hospitality Applications (subcomponent: Emergency ResponEPSS 1.7%CVE-2018-2706Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module). SuppoEPSS 1.7%CVE-2018-2648Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). SEPSS 1.7%CVE-2018-2705Vulnerability in the Oracle Banking Payments component of Oracle Financial Services Applications (subcomponent: Payments Core). Supported veEPSS 1.7%CVE-2018-2978Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Import/Export). Supported versiEPSS 1.7%