- What is the oracle CNA?
- oracle is a CVE Numbering Authority (CNA) — an organization authorized to assign CVE IDs to vulnerabilities in its scope. It has published 8,309 CVE records since 2008.
- How many CVEs has oracle published?
- oracle has published 8,309 CVE records, including 707 in the last two years.
- What is oracle's CVE data quality grade?
- RadicalNotion.AI grades oracle's CVE data quality as F, with an overall completeness score of 40.7%. This reflects how consistently its CVE records include vendor (60.3%), product (60.4%), CVSS (34.5%), and CWE (7.7%) information.
- What products does oracle publish CVEs for?
- oracle most frequently publishes CVEs for mysql, mysql-server, MySQL Server, jre, jdk.
- Which vendors does oracle cover?
- oracle publishes CVEs across 7 distinct vendors, most often Oracle Corporation, mysql, netapp, sun, canonical.
- Is oracle actively publishing CVEs?
- oracle is currently active, based on 707 CVEs in the last two years.
- What is the average severity of oracle's CVEs?
- The average CVSS base score across oracle's scored CVEs is 6.0.
- How many critical CVEs has oracle published?
- oracle has published 683 critical-severity CVEs and 2,022 high-severity CVEs.
- Are any of oracle's CVEs in CISA's Known Exploited Vulnerabilities catalog?
- Yes. 43 of oracle's CVEs are listed in CISA's Known Exploited Vulnerabilities (KEV) catalog, meaning they are confirmed to be exploited in the wild.
- What are the most common weakness types in oracle's CVEs?
- oracle's CVEs most often map to these CWE weakness types: CWE-284 (Improper Access Control), CWE-400 (Uncontrolled Resource Consumption), CWE-306 (Missing Authentication for Critical Function), CWE-863 (Incorrect Authorization).
- How does oracle rank among CNAs?
- By total CVE volume, oracle ranks #9 of 370 CNAs, and it reports more complete CVE records than 4% of all CNAs.