ojdbc7 is vulnerable to remote code execution (RCE). The vulnerability exists in the JDBC component of the Oracle Database Server.
www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html
www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
www.securityfocus.com/bid/91787
www.securityfocus.com/bid/91867
www.securitytracker.com/id/1036363