Oracle Company scheduled release of updates to their products (Critical Patch Update), aimed at eliminating critical problems and vulnerabilities. In the January update, the amount eliminated .
In issues eliminated . All vulnerabilities can be exploited remotely without authentication. The highest severity level is 8.3, which is assigned to problems in libraries (CVE-2020-2803, CVE-2020-2805). Two vulnerabilities (in libxslt and JSSE) are rated 8.1 and 7.5.
In addition to issues in Java SE, vulnerabilities have been made public in other Oracle products, including:
- in MySQL server and
2 vulnerabilities in MySQL client implementation (C API). The highest severity level of 9.8 is assigned to the CVE-2019-5482 vulnerability, which manifests itself when compiling with cURL support. Issues fixed in releases . - , of which 7 problems have a critical severity level (CVSS is greater than 8). Including fixed vulnerabilities used in attacks demonstrated at the competition and allowing through manipulations on the side of the guest system to gain access to the host system and execute code with hypervisor rights. Vulnerabilities fixed in updates .
- in Solaris. Maximum Hazard Degree 8.8 - Locally Operated in the Common Desktop Environment, allowing an unprivileged user to have code run as root. Issues have also been fixed in the SMB kernel module, in Whodo, and in the SMF svcbundle command. Issues fixed in yesterday's update .
Source: opennet.ru