Oracle have announced 154 new security vulnerabilities in its latest critical patch update — but says the most serious have not been successfully exploited “in the wild.”
The most severe vulnerability received a Common Vulnerability Scoring System Base Score of 10.0, the highest possible. Oracle’s software security assurance director Eric P. Maurice said the score denoted “a vulnerability that is remotely exploitable without authentication, which, if successfully exploited, can result in a full compromise of the targeted system.”
Among the seven other patches for the Oracle database, a further three critical vulnerabilities received a CVSS score of 9.
Also scoring a CVSS Base Score of 10 are vulnerabilities for Oracle Sun Systems Products Suite, Oracle Communications Applications, and Oracle Java SE.