Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Oracle Patches Over 200 Vulnerabilities With October 2024 CPU

Oracle has released 334 new security patches to address roughly 220 unique CVEs as part of its October 2024 Critical Patch Update.

Oracle on Tuesday announced 334 new security patches as part of its October 2024 Critical Patch Update (CPU), including 186 fixes for vulnerabilities that can be exploited remotely without authentication.

SecurityWeek has identified roughly 220 unique CVEs in Oracle’s October 2024 CPU. Approximately three dozen security patches resolve critical-severity flaws.

The same as in April and July 2024, Oracle Communications received the largest number of security patches. Out of 100 fixes, 81 address unauthenticated, remotely exploitable bugs.

On Tuesday, Oracle also announced large numbers of patches for MySQL (45 fixes – 12 for issues that can be exploited remotely without authentication), Fusion Middleware (32 – 25), Financial Services Applications (20 – 15), and E-Business Suite (18 – 1).

Several other products received roughly a dozen new security patches each, including Communications Applications (13 fixes – 10 for unauthenticated, remotely exploitable flaws), Analytics (12 – 7), and PeopleSoft (12 – 2).

At least half a dozen fixes were announced for Oracle Commerce, Java SE, Blockchain Platform, Enterprise Manager, Systems, and Database Server.

Oracle released a small number of patches for Application Express, Essbase, GoldenGate, NoSQL Database, Food and Beverage Applications, Hospitality Applications, Hyperion, Retail Applications, Secure Backup, SQL Developer, Siebel CRM, Supply Chain, Utilities Applications, and Virtualization.

In its advisory, Oracle revealed that the patches for multiple vulnerabilities also resolve additional CVEs, and that fixes for non-exploitable CVEs in its products were also rolled out. Patches for third-party components were also released.

Advertisement. Scroll to continue reading.

For some products, no new security patches for exploitable vulnerabilities were released, but fixes were rolled out for non-exploitable CVEs.

Oracle customers should apply the security patches as soon as possible, as threat actors are known to have exploited flaws in Oracle products for which mitigations had been released.

According to the tech giant, it continues to receive reports of customers falling victim to cyberattacks because patches for Oracle products were not deployed in a timely manner.

On Tuesday, the company also announced 5 new security patches for Oracle Solaris, 383 new security patches for Oracle Linux, 13 new security patches for Oracle VM Server for x86.

Related: Palo Alto Networks Patches Dozens of Vulnerabilities

Related: Top Cryptographers Flag ‘Devastating’ Flaws in MEGA Cloud Storage

Related: Oracle Says it Will Move HQ From Silicon Valley to Texas

Related: Researchers Resurrect Decade-Old Oracle Solaris Vulnerability

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack demonstration to learn how hackers operate and gain the knowledge to strengthen your defenses.

Register

Join us as we share best practices for uncovering risks and determining next steps when vetting external resources, implementing solutions, and procuring post-installation support.

Register

People on the Move

Mike Byron has been named Chief Financial Officer (CFO) at Exabeam.

Ex-GitHub chief technology officer Mike Hanley has joined GM as CISO.

Network security and compliance assurance firm Titania has appointed Victoria Dimmick as CEO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.