Oracle on Tuesday announced 334 new security patches as part of its October 2024 Critical Patch Update (CPU), including 186 fixes for vulnerabilities that can be exploited remotely without authentication.
SecurityWeek has identified roughly 220 unique CVEs in Oracle’s October 2024 CPU. Approximately three dozen security patches resolve critical-severity flaws.
The same as in April and July 2024, Oracle Communications received the largest number of security patches. Out of 100 fixes, 81 address unauthenticated, remotely exploitable bugs.
On Tuesday, Oracle also announced large numbers of patches for MySQL (45 fixes – 12 for issues that can be exploited remotely without authentication), Fusion Middleware (32 – 25), Financial Services Applications (20 – 15), and E-Business Suite (18 – 1).
Several other products received roughly a dozen new security patches each, including Communications Applications (13 fixes – 10 for unauthenticated, remotely exploitable flaws), Analytics (12 – 7), and PeopleSoft (12 – 2).
At least half a dozen fixes were announced for Oracle Commerce, Java SE, Blockchain Platform, Enterprise Manager, Systems, and Database Server.
Oracle released a small number of patches for Application Express, Essbase, GoldenGate, NoSQL Database, Food and Beverage Applications, Hospitality Applications, Hyperion, Retail Applications, Secure Backup, SQL Developer, Siebel CRM, Supply Chain, Utilities Applications, and Virtualization.
In its advisory, Oracle revealed that the patches for multiple vulnerabilities also resolve additional CVEs, and that fixes for non-exploitable CVEs in its products were also rolled out. Patches for third-party components were also released.
For some products, no new security patches for exploitable vulnerabilities were released, but fixes were rolled out for non-exploitable CVEs.
Oracle customers should apply the security patches as soon as possible, as threat actors are known to have exploited flaws in Oracle products for which mitigations had been released.
According to the tech giant, it continues to receive reports of customers falling victim to cyberattacks because patches for Oracle products were not deployed in a timely manner.
On Tuesday, the company also announced 5 new security patches for Oracle Solaris, 383 new security patches for Oracle Linux, 13 new security patches for Oracle VM Server for x86.
Related: Palo Alto Networks Patches Dozens of Vulnerabilities
Related: Top Cryptographers Flag ‘Devastating’ Flaws in MEGA Cloud Storage
Related: Oracle Says it Will Move HQ From Silicon Valley to Texas
Related: Researchers Resurrect Decade-Old Oracle Solaris Vulnerability