Highlights of Patch Watch Issue 5
- Oracle rolls out 402 security updates including 82 critical bugs.
- Adobe, Dell, Check Point, Palo Alto, FortiGuard, NetApp, RedHat, Siemens, VMware, HP, Oracle has published patches for 664 vulnerabilities (22 vulnerabilities are weaponized previously)
- CISA has issued alerts for 10 CVE’s.
- 199 old vulnerabiliites have been fixed.
- 272 vulnerabilities are remotely exploitable flaws with no authentication.
- 82 vulnerabilities have critical severity, in which two CVEs rank with CVSS V3 score of 10.
- 65 CVEs have CVSS V3 score between 9.4 and 9.8.
- In the quarterly patch bundle, oracle has released two advisories: a new one which details patches for security gaps in third-party components that are not exploitable as implemented in Oracle products and the traditional advisory.
- 7 Hotfixes, 417 Patches and, 240 Updates in this week
- 641 vulnerabilities are yet to be weaponized.
- 22 vulnerabilities have known exploits and are weaponized.
- Exploited vulnerabilities are associated with Remote Code Evaluation (RCE), WEB APP exploits, DoS/RCE, Privilege Execution, Denial of Service, and LOCAL Exploits.
- Furthermore, we have 199 old vulnerabilities ranging from 2015 to 2019 with 43 CVEs critical and 31 with high severity rating.
Table 1: Old Vulnerabilities
- CISA has published alerts and security advisory for 10 CVE’s containing all the technical details and mitigations.
Table 2: CISA Alerts
- The following CVEs have been issued security patches and updates for the second time in the same month. Know more about the previous updates –
Patch Watch Issue 3 CVEs
Patch Watch Issue 4 CVEs
Fixing weaponized vulnerabilities is essential as these vulnerabiliites have many known exploits and can be exploited easily.Table 3: Weaponized Vulnerabilities
Based on a security survey, 11,121 vulnerabilities has been disclosed in first half of this year in which Microsoft and Oracle are responsible for 818 vulnerabilities.
Table 4 Vulnerabilities yet to Be Weaponized
Threat actors this year have consistently gone after old vulnerabilities to deliver ransomware and malware infections which makes patching optimal to cyber hygiene.