O

Oracle Security Vulnerabilities (CVE)

Explore vulnerabilities and security advisories affecting Oracle products.

31 known CVE vulnerabilities tracked

Critical
1
High
3
Medium
23
Low
4
None
0

Vulnerabilities By Year

1
2013
1
2014
1
2015
1
2016
1
2021
21
2022
1
2023
1
2024
3
2026

Products Affected

Graalvm 23 Communications Application Session Controller 2 Macoron 1 Cloud Infrastructure Cli 1 Cloud Native Environment Command Line Interface 1 Communications User Data Repository 1 Weblogic Server 1 Linux 1

All Oracle CVEs

Recent Highest Score Oldest
CVE-2022-21282
5.3 medium

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows un

Graalvm Jan 19, 2022
CVE-2022-21277
5.3 medium

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticat

Graalvm Jan 19, 2022
CVE-2021-35556
5.3 medium

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated att

Graalvm Oct 20, 2021
CVE-2016-0778
8.1 high

The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-b

Linux Jan 14, 2016
CVE-2015-2808
10.0 critical

The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that

Communications Application Session Controller Apr 1, 2015
CVE-2014-2532
4.2 medium

sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character.

Communications User Data Repository Mar 18, 2014
CVE-2013-2566
5.9 medium

The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext.

Communications Application Session Controller Mar 15, 2013