Saturday, October 5, 2024
HomeCVE/vulnerabilityOracle Critical Patch Update Addresses 405 New Security Vulnerabilities - April 2020

Oracle Critical Patch Update Addresses 405 New Security Vulnerabilities – April 2020

Published on

Oracle released an emergency security update for another critical remote code execution vulnerability that can be exploited by the remote attacker to gain control over the system.

A pre-release announcement released by Oracle on Tuesday, April 14, 2020. The patch update addresses 405 new security vulnerabilities.

Here is the list of the products updated, Oracle recommends customers to apply a critical patch as soon as possible.

- Advertisement - EHA

Here is the List of Affected products

9 new security vulnerabilities patched with Oracle Database Server. Out of them, 2 vulnerabilities can be exploited by a remote attacker without authentication.

The update covers 1 critical security vulnerability with Oracle Global Lifecycle Management, attackers can exploit the vulnerability by only having the user credentials.

1 vulnerability that exists with Oracle Secure Backup is patched, this vulnerability can be exploited by attackers remotely without authentication.

Oracle Communications Applications receive a high number of fixes, in total 39 security patches provided, out of the 35 can be exploited remotely without authentication.

Oracle Construction and Engineering receive patches for 12 security vulnerabilities, out of the 9 can be exploited remotely without authentication.

Among others Oracle E-Business Suite receives a high number of patches, in total, it has received 74 security patches, 71 of them can be exploited remotely.

Oracle Financial Services Applications receives 34 new security patches and the Oracle Fusion Middleware receives 56 new security patches.

The update covers 45 new security vulnerabilities with Oracle MySQL and the Oracle virtualization server patches for 19 security vulnerabilities.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Prince Ransomware Hits UK and US via Royal Mail Phishing Scam

A new ransomware campaign targeting individuals and organizations in the UK and the US...

Microsoft, DOJ Dismantle Domains Used by Russian FSB-Linked Hacking Group

Microsoft and the U.S. Department of Justice (DOJ) have successfully dismantled a network of...

Cloud Penetration Testing Checklist – 2024

Cloud Penetration Testing is a method of actively checking and examining the Cloud system...

Linux Malware perfctl Attacking Millions of Linux Servers

Researchers have uncovered a sophisticated Linux malware, dubbed "perfctl," actively targeting millions of Linux...

Free Webinar

Decoding Compliance | What CISOs Need to Know

Non-compliance can result in substantial financial penalties, with average fines reaching up to $4.5 million for GDPR breaches alone.

Join us for an insightful panel discussion with Chandan Pani, CISO - LTIMindtree and Ashish Tandon, Founder & CEO – Indusface, as we explore the multifaceted role of compliance in securing modern enterprises.

Discussion points

The Role of Compliance
The Alphabet Soup of Compliance
Compliance
SaaS and Compliance
Indusface's Approach to Compliance

More like this

Hackers Now Exploit Ivanti Endpoint Manager Vulnerability to Launch Cyber Attacks

The Cybersecurity and Infrastructure Security Agency (CISA) has announced the addition of a new...

CISA Warns of Four Vulnerabilities that Exploited Actively in the Wild

The Cybersecurity and Infrastructure Security Agency (CISA) has warned about four critical vulnerabilities currently...

RansomHub Ransomware Using Multiple Techniques To Disable EDR And Antivirus

The RansomHub ransomware group tracked as Water Bakunawa, employs targeted spear-phishing to exploit the...