Oracle Company scheduled release of updates to their products (Critical Patch Update), aimed at eliminating critical problems and vulnerabilities. In the July update, the amount eliminated .
In issues fixed 10 security issues. 9 vulnerabilities can be exploited remotely without authentication. The highest assigned severity level is 6.8 (vulnerability in libpng). High and critical issues that allow an unauthenticated user to compromise Java SE applications over the network have not been identified.
In addition to issues in Java SE, vulnerabilities have been made public in other Oracle products, including:
- in MySQL (maximum severity level 9.8, indicating a critical problem). The most dangerous problem
() associated with in the NTLM header parsing code in the libcurl library, which can be used to remotely attack the MySQL server by an unauthenticated user. Almost all other problems appear only with authenticated access to the DBMS. The only exception is the vulnerability in Shell: Admin / InnoDB Cluster, which is assigned a severity level of 7.5. Issues will be fixed in releases . - in VirtualBox, of which 3 have a high degree of danger (CVSS Score 8.2 and 8.8). Vulnerabilities fixed in updates the fact of elimination of security problems is not advertised by the release). Details are not reported, but, judging by the level of CVSS, vulnerabilities have been eliminated that allow code to be executed from the guest system environment on the host side;
- on Solaris (maximum severity 9.1 -
An IPv6-related kernel vulnerability (CVE-2019-5597) that could allow a remote attack (no details provided). Two vulnerabilities also have a critical severity level of 8.8 - locally exploited problems in the Common Desktop Environment and client utilities for LDAP. Of the problems with a severity level above 7, one can also note remotely exploited vulnerabilities in the ICMPv6 and NFS handlers in the Solaris kernel, and local problems in the file system and Gnuplot.
Source: opennet.ru