Thursday, June 13, 2024

Oracle Patches 32 Critical Flaws in MySQL, WebLogic Server, & VirtualBox VM

Oracle has released a list of security patches for more than 130+ products. These products were used in several industries, including banking, communication, enterprise, development, and others. 

Oracle has released the severity rating and categorized them as critical, high, medium, and low based on their CVSS 3.1 score. Over 508 new security patches and CVE IDs were released, of which 76 of them had Critical severity.

Patches and Products

The latest update for Oracle Financial Services Applications included approximately 147 patches, with 115 of them being susceptible to remote exploitation through network access.

This update addressed over 18 high-risk vulnerabilities that were deemed critical.

Oracle Communications recently received 77 security patches, with 57 of them being remotely exploitable.

Among these patches, there were over 10 critical severity vulnerabilities and 41 high severity vulnerabilities that have been successfully patched.

Recently, Oracle Fusion Middleware was patched with 60 security updates, 40 of which were identified as remotely exploitable. Among these updates, 9 were considered critical and 24 were deemed of high severity.

There are a total of 40 security patches for Oracle Communications Applications, out of which 30 can be exploited remotely. Analytics has 32 security patches, with 23 vulnerabilities that can also be exploited remotely.

MySQL has 21 security patches, with 11 of them remotely exploitable. Furthermore, a dozen products and third-party patches were released by Oracle. These products were related to JavaSE, Retail applications, Construction engineering, E-Business Suite, PeopleSoft, Siebel, etc.

In addition to these, several lists of CVE IDs with High, medium, and low severities were released by Oracle as part of its July 2023 patch.

For detailed information on the affected products, CVE IDs, fixed versions, and CVSS base score, please follow the Oracle security advisory.

Users of these products are recommended to upgrade to the latest version to prevent threat actors from exploiting them.

Stay up-to-date with the latest Cyber Security News; follow us on GoogleNewsLinkedinTwitterand Facebook.


Latest articles

Ivanti EPM SQL Injection Flaw Let Attackers Execute Remote Code

In May 24, 2024, Zero-Day Initiative released a security advisory for Ivanti EPM which...

CISA Warns of Scammers Impersonating as CISA Employees

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about a surge...

Microsoft Windows Ntqueryinformationtoken Flaw Let Attackers Escalate Privileges

Microsoft has disclosed a critical vulnerability identified as CVE-2024-30088.With a CVSS score of 8.8, this flaw affects Microsoft...

256,000+ Publicly Exposed Windows Servers Vulnerable to MSMQ RCE Flaw

Cybersecurity watchdog Shadowserver has identified 256,000+ publicly exposed servers vulnerable to a critical Remote...

Indian National Jailed For Hacked Servers Of Company That Fired Him

An Indian national was sentenced to two years and eight months in jail for...

JetBrains Warns of GitHub Plugin that Exposes Access Tokens

A critical vulnerability (CVE-2024-37051) in the JetBrains GitHub plugin for IntelliJ-based IDEs (2023.1 and...

Critical Flaw In Apple Ecosystems Let Attackers Gain Unauthorized Access

Hackers go for Apple due to its massive user base along with rich customers,...
Eswar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles