![\"\"](\"\/wp-content\/uploads\/2015\/11\/highlights_new.jpg\")
<\/p>\nOracle released patches for 390 security vulnerabilities in April 2021. We analyzed these weaknesses and spotlighted important vulnerabilities that ought to be patched on priority.<\/p>\n
<\/p>\n
In April, Oracle patched 390 vulnerabilities including 29 known exploits \u2013<\/p>\n
RCE\/PE:<\/strong>\u00a0 Oracle has fixed \u2013<\/p>\n 1 CVE that has RCE capabilities<\/p>\n<\/li>\n 1 CVE with Privilege Escalation capabilities<\/p>\n<\/li>\n 12 CVEs with Cross Site Scripting vulnerabilities<\/p>\n<\/li>\n 4 CVEs with Prototype pollution.<\/p>\n<\/li>\n<\/ul>\n Old Vulnerabilities:\u00a0<\/strong>Oracle issued patches for 201 old vulnerabilities ranging from the year 2016 \u2013 2020. These security updates include zerologon vulnerability (CVE-2020-1472) which was one of the actively exploited Privilege Escalation vulnerabilities associated with Cryptomix ransomware strain.<\/p>\n Four old vulnerabilities have been red flagged by CISA (CVE-2019-0228, CVE-2020-5421, CVE-2020-8203, CVE-2020-5421), therefore patching them would be essential. Among the 201 CVEs, 19 have rated critical and 108 are of high severity.<\/p>\n CISA Alerts:\u00a0<\/strong>Eight CVEs have featured in CISA Alerts (CVE-2021-2207, CVE-2019-0228, CVE-2020-5421, CVE-2020-8203, CVE-2021-2200, CVE-2021-2183, CVE-2021-2206, CVE-2021-2259).<\/p>\n Two CVEs are rated critical, and two CVEs are of high severity with one weaponized vulnerability (CVE-2020-8203) among them.<\/p>\n\n
![\"\"](\"\/wp-content\/uploads\/2015\/11\/old-vulnerabilities-1.jpg\")
<\/p>\n![\"\"](\"\/wp-content\/uploads\/2015\/11\/product-analysis-01.png\")
<\/p>\n