Tuesday, December 24, 2024
HomeVulnerabilityOracle Patches 32 Critical Flaws in MySQL, WebLogic Server, & VirtualBox VM

Oracle Patches 32 Critical Flaws in MySQL, WebLogic Server, & VirtualBox VM

Published on

SIEM as a Service

Oracle has released a list of security patches for more than 130+ products. These products were used in several industries, including banking, communication, enterprise, development, and others. 

Oracle has released the severity rating and categorized them as critical, high, medium, and low based on their CVSS 3.1 score. Over 508 new security patches and CVE IDs were released, of which 76 of them had Critical severity.

Patches and Products

The latest update for Oracle Financial Services Applications included approximately 147 patches, with 115 of them being susceptible to remote exploitation through network access.

- Advertisement - SIEM as a Service

This update addressed over 18 high-risk vulnerabilities that were deemed critical.

Oracle Communications recently received 77 security patches, with 57 of them being remotely exploitable.

Among these patches, there were over 10 critical severity vulnerabilities and 41 high severity vulnerabilities that have been successfully patched.

Recently, Oracle Fusion Middleware was patched with 60 security updates, 40 of which were identified as remotely exploitable. Among these updates, 9 were considered critical and 24 were deemed of high severity.

There are a total of 40 security patches for Oracle Communications Applications, out of which 30 can be exploited remotely. Analytics has 32 security patches, with 23 vulnerabilities that can also be exploited remotely.

MySQL has 21 security patches, with 11 of them remotely exploitable. Furthermore, a dozen products and third-party patches were released by Oracle. These products were related to JavaSE, Retail applications, Construction engineering, E-Business Suite, PeopleSoft, Siebel, etc.

In addition to these, several lists of CVE IDs with High, medium, and low severities were released by Oracle as part of its July 2023 patch.

For detailed information on the affected products, CVE IDs, fixed versions, and CVSS base score, please follow the Oracle security advisory.

Users of these products are recommended to upgrade to the latest version to prevent threat actors from exploiting them.

Stay up-to-date with the latest Cyber Security News; follow us on GoogleNewsLinkedinTwitterand Facebook.

Eswar
Eswar
Eswar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Latest articles

Node.js systeminformation Package Vulnerability Exposes Millions of Systems to RCE Attacks

A critical command injection vulnerability in the popular systeminformation npm package has recently been disclosed, exposing...

Skuld Malware Using Weaponized Windows Utilities Packages To Deliver Malware

Researchers discovered a malware campaign targeting the npm ecosystem, distributing the Skuld info stealer...

BellaCiao, A new .NET Malware With Advanced Sophisticated Techniques

An investigation revealed an intrusion in Asia involving the BellaCiao .NET malware, as the...

Malicious Apps On Amazon Appstore Records Screen And Interecpt OTP Verifications

A seemingly benign health app, "BMI CalculationVsn," was found on the Amazon App Store,...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

Node.js systeminformation Package Vulnerability Exposes Millions of Systems to RCE Attacks

A critical command injection vulnerability in the popular systeminformation npm package has recently been disclosed, exposing...

Hackers Exploiting PLC Controllers In US Water Management System To Gain Remote Access

A joint Cybersecurity Advisory (CSA) warns of ongoing exploitation attempts by Iranian Islamic Revolutionary...

Siemens UMC Vulnerability Allows Arbitrary Remote Code Execution

A critical vulnerability has been identified in Siemens' User Management Component (UMC), which could...