Thursday, February 22, 2024

Oracle Patches 32 Critical Flaws in MySQL, WebLogic Server, & VirtualBox VM

Oracle has released a list of security patches for more than 130+ products. These products were used in several industries, including banking, communication, enterprise, development, and others. 

Oracle has released the severity rating and categorized them as critical, high, medium, and low based on their CVSS 3.1 score. Over 508 new security patches and CVE IDs were released, of which 76 of them had Critical severity.

Patches and Products

The latest update for Oracle Financial Services Applications included approximately 147 patches, with 115 of them being susceptible to remote exploitation through network access.

This update addressed over 18 high-risk vulnerabilities that were deemed critical.

Oracle Communications recently received 77 security patches, with 57 of them being remotely exploitable.

Among these patches, there were over 10 critical severity vulnerabilities and 41 high severity vulnerabilities that have been successfully patched.

Recently, Oracle Fusion Middleware was patched with 60 security updates, 40 of which were identified as remotely exploitable. Among these updates, 9 were considered critical and 24 were deemed of high severity.

There are a total of 40 security patches for Oracle Communications Applications, out of which 30 can be exploited remotely. Analytics has 32 security patches, with 23 vulnerabilities that can also be exploited remotely.

MySQL has 21 security patches, with 11 of them remotely exploitable. Furthermore, a dozen products and third-party patches were released by Oracle. These products were related to JavaSE, Retail applications, Construction engineering, E-Business Suite, PeopleSoft, Siebel, etc.

In addition to these, several lists of CVE IDs with High, medium, and low severities were released by Oracle as part of its July 2023 patch.

For detailed information on the affected products, CVE IDs, fixed versions, and CVSS base score, please follow the Oracle security advisory.

Users of these products are recommended to upgrade to the latest version to prevent threat actors from exploiting them.

Stay up-to-date with the latest Cyber Security News; follow us on GoogleNewsLinkedinTwitterand Facebook.


Latest articles

Beware of New AsukaStealer Steal Browser Passwords & Desktop Screens

An updated version of the ObserverStealer known as AsukaStealer was observed to be advertised as...

US to Pay $15M for Info About Lockbit Ransomware Operator Data

In a significant move against cybercrime, the U.S. government has announced a bounty of...

Earth Preta Hackers Abuses Google Drive to Deploy DOPLUGS Malware

Threat actors abuse Google Drive for several malicious activities due to its widespread use,...

Swiggy Account Hacked, Hackers Placed Orders Worth Rs 97,000

In a startling incident underscoring the growing menace of cybercrime, a woman's Swiggy account...

Beware of VietCredCare Malware that Steals businesses’ Facebook Accounts

A new cybersecurity threat targeting Facebook advertisers in Vietnam, known as VietCredCare, has emerged....

Google Chrome 122 Update Addresses Critical Security Vulnerabilities

Google has recently unveiled Chrome 122, a significant milestone for the widely used web...

New Malicious PyPI Packages Use DLL Sideloading In A Supply Chain Attack

Researchers have discovered that threat actors have been using open-source platforms and codes for...
Eswar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Live Account Takeover Attack Simulation

Live Account Take Over Attack

Live Webinar on How do hackers bypass 2FA ,Detecting ATO attacks, A demo of credential stuffing, brute force and session jacking-based ATO attacks, Identifying attacks with behaviour-based analysis and Building custom protection for applications and APIs.

Related Articles