Vulnerabilities in Oracle Corporation

5,160 results
Vexday analysis

Com 5.160 CVEs catalogadas e 376 surgidas apenas nos últimos 90 dias, o portfólio de vulnerabilidades da Oracle Corporation reflete a amplitude e complexidade de seu ecossistema de produtos. A taxa de exploração ativa — 26 entradas no CISA KEV, representando 0,5% do total — está em linha com a média geral do catálogo, mas o EPSS máximo observado de 1,0 indica que ao menos uma vulnerabilidade concentra probabilidade praticamente certa de exploração: CVE-2020-14882, uma falha ativa com EPSS de 1,0 que deve ser tratada como prioridade absoluta em qualquer ambiente Oracle. O tipo de falha mais recorrente, CWE-284 (controle de acesso impróprio), associado às 254 vulnerabilidades críticas e 74 com prova de conceito pública, sugere que superfícies de exposição relacionadas a autorização e gerenciamento de permissões merecem atenção redobrada nas avaliações de risco e nos ciclos de patching.

CVE-2019-2761Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Attachments / File Upload). SuppoEPSS 1.1%CVE-2018-2719Vulnerability in the Oracle Financial Services Hedge Management and IFRS Valuations component of Oracle Financial Services Applications (subEPSS 1.1%CVE-2018-2626Vulnerability in the Oracle Financial Services Balance Sheet Planning component of Oracle Financial Services Applications (subcomponent: UseEPSS 1.1%CVE-2024-20961MEDIUMVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 aEPSS 1.1%CVE-2017-10181Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracle Financial Services Applications (subcomponent: Forgot Password). SupEPSS 1.1%CVE-2018-2699Vulnerability in the Application Express component of Oracle Database Server. The supported version that is affected is Prior to 5.1.4.00.08EPSS 1.1%CVE-2018-2716Vulnerability in the Oracle Financial Services Market Risk Measurement and Management component of Oracle Financial Services Applications (sEPSS 1.1%CVE-2024-20985MEDIUMVulnerability in the MySQL Server product of Oracle MySQL (component: Server: UDF). Supported versions that are affected are 8.0.35 and priEPSS 1.1%CVE-2018-2682Vulnerability in the Oracle Financial Services Liquidity Risk Management component of Oracle Financial Services Applications (subcomponent: EPSS 1.1%CVE-2018-2712Vulnerability in the Oracle Financial Services Loan Loss Forecasting and Provisioning component of Oracle Financial Services Applications (sEPSS 1.1%CVE-2018-2714Vulnerability in the Oracle Financial Services Market Risk component of Oracle Financial Services Applications (subcomponent: User InterfaceEPSS 1.1%CVE-2024-20963MEDIUMVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected aEPSS 1.1%CVE-2018-2567Vulnerability in the Oracle Communications Order and Service Management component of Oracle Communications Applications (subcomponent: PortaEPSS 1.1%CVE-2020-2983HIGHVulnerability in the Oracle Data Masking and Subsetting product of Oracle Enterprise Manager (component: Data Masking). Supported versions tEPSS 1.1%CVE-2020-2982HIGHVulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). SupporEPSS 1.1%CVE-2022-21418MEDIUMVulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.28 and prior. DiEPSS 1.1%CVE-2017-3307Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Server). Supported versions that are affeEPSS 1.1%CVE-2021-2013HIGHVulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: BI Publisher Security). Supported versions that areEPSS 1.1%CVE-2021-2049HIGHVulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Administration). Supported versions that are affectEPSS 1.1%CVE-2021-2051HIGHVulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: E-Business Suite - XDO). Supported versions that arEPSS 1.1%