Oracle has released its Critical Patch Update for October 2018 that addresses 301 vulnerabilities across multiple product families.
Of the 301 vulnerabilities, nearly 50 have a CVSS score of 9.0 or higher (10.0 being the highest).
The Critical Patch Update contains 65 new security fixes for Oracle Fusion Middleware.
“56 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials,” Oracle said.
In addition, new security fixes were made available for Oracle Database Server (7), Oracle Java SE (12), Oracle MySQL (38) and Oracle PeopleSoft Products (24), to name just a few of the product families.
Two of the Oracle Database vulnerabilities can be remotely exploitable without authentication. One of those fixes is for Java VM (CVE-2018-3259).
One of the fixed vulnerabilities (CVE-2018-2913) impacts Oracle GoldenGate Monitoring Manager and is rated 10.0.
See the full Oracle security update here.