Oracle released their quarterly patch updates last week, fixing a whopping 113 vulnerabilities. As is typical with Oracle, the fixes span the entire range of Oracle products, with the only eight critical vulnerabilities in Java Workstations (aka client deployment of Java).
Oracle Java has 20 vulnerabilities, of which eight are rated critical, most of them affecting the latest version of Java 8u5. All of the workstation vulnerabilites may be remotely exploitable without authentication.
There were three medium-severity Java vulnerabilities and a whole bundle of fixes for servers and business application software. Although none are rated critical, these vulnerabilities can lead to information disclosure, data corruption or denial-of-service to the vulnerable applications.
So, what do we have?
- 3 Java vulnerabilities that also impact server deployments of Java
- 5 vulnerabilities on Oracle Database
- 10 vulnerabilities on MySQL Database
- 29 vulnerabilities on various Fusion Middleware products, including Oracle HTTP Server, WebLogic Server and GlassFish Server
- 15 vulnerabilities on Oracle Virtualization solutions
- 7 vulnerabilities on Hyperionand its various components
- 4 vulnerabilities on Solaris OS
- 5 vulnerabilities on the E-Business Suite
- 3 vulnerabilities on Oracle Supply Chain Products Suite
- 5 vulnerabilities on PeopleSoft Enterprise products
- 6 vulnerabilities on Siebel CRM
- 1 vulnerability on Oracle Communications Applications
- vulnerability on Oracle Retail Applications
Now that Microsoft and Oracle have both released fixes, let’s take a fresh look at all 2014 critical vulnerabilities that were published so far. Of the 336 vulnerabilities, 97 percent have a fix; 11 critical vulnerabilities are still waiting for a fix (see table below).
Noticeably absent from this list are any of the top ten most vulnerable vendors mentioned in our blog post last week. The good news is that these vendors are diligent about fixing their vulnerabilities.
Critical Vulnerabilities with no fix per
|43749||Free Download Manager open-source|