Oracle Company scheduled release of updates to their products (Critical Patch Update), aimed at eliminating critical problems and vulnerabilities. In the January update, the amount eliminated .
In issues eliminated . All vulnerabilities can be exploited remotely without authentication. The highest severity level is 8.1, which is assigned to a serialization issue (CVE-2020-2604) that allows Java SE applications to be compromised by passing specially crafted serialized data. Three vulnerabilities have a severity level of 7.5. These issues are present in JavaFX and are caused by vulnerabilities in SQLite and libxslt.
In addition to issues in Java SE, vulnerabilities have been made public in other Oracle products, including:
- in MySQL server and
3 vulnerabilities in MySQL client implementation (C API). The highest severity level of 6.5 is assigned to three problems in the MySQL parser and optimizer.
Issues fixed in releases . - in VirtualBox, of which 6 have a high degree of danger (CVSS Score 8.2 and 7.5). Vulnerabilities will be fixed in updates that are expected today.
- in Solaris. Maximum Severity 8.8 is a locally exploited issue in the Common Desktop Environment. Of the problems with a severity level above 7, local vulnerabilities in Consolidation Infrastructure and the file system can also be noted. Issues fixed in yesterday's update .
Source: opennet.ru