• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

Stellantis probes data breach linked to third-party provider

 | 

FBI alerts public to spoofed IC3 site used in fraud schemes

 | 

EU agency ENISA says ransomware attack behind airport disruptions

 | 

Researchers expose MalTerminal, an LLM-enabled malware pioneer

 | 

Beware: GitHub repos distributing Atomic Infostealer on macOS

 | 

ESET uncovers Gamaredon–Turla collaboration in Ukraine cyberattacks

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 63

 | 

Security Affairs newsletter Round 542 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

A cyberattack on Collins Aerospace disrupted operations at major European airports

 | 

Fortra addressed a maximum severity flaw in GoAnywhere MFT software

 | 

UK police arrested two teen Scattered Spider members linked to the 2024 attack on Transport for London

 | 

ShadowLeak: Radware Uncovers Zero-Click Attack on ChatGPT

 | 

SonicWall warns customers to reset credentials after MySonicWall backups were exposed

 | 

CVE-2025-10585 is the sixth actively exploited Chrome zero-day patched by Google in 2025

 | 

Jaguar Land Rover will extend its production halt into a third week following a cyberattack

 | 

China-linked APT41 targets government, think tanks, and academics tied to US-China trade and policy

 | 

Microsoft and Cloudflare teamed up to dismantle the RaccoonO365 phishing service

 | 

DoJ resentenced former BreachForums admin to three years in prison

 | 

Apple backports fix for actively exploited CVE-2025-43300

 | 

New supply chain attack hits npm registry, compromising 40+ packages

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Breaking News
  • Security
  • Oracle critical patch advisory addresses 284 flaws, 33 critical

Oracle critical patch advisory addresses 284 flaws, 33 critical

Pierluigi Paganini January 18, 2019

Oracle released the first critical patch advisory for 2019 that addresses a total of 284 vulnerabilities, 33 of them are rated “critical”.

Let’s give a close look at some of the vulnerabilities fixed by this patch advisory.

The advisory fixed the CVE-2016-1000031 flaw, a remote code execution (RCE) bug in the Apache Commons FileUpload,  disclosed in November last year. The Commons FileUpload library is the default file upload mechanism in Struts 2, the CVE-2016-1000031 was discovered two years ago by experts at Tenable.

The bug affected the OCA’s Diameter Signalling Router component and its Communications Services Gatekeeper. The flaw also affected the Financial Services Analytical Applications Infrastructure, the Fusion Middleware MapViewer, and four three Oracle Retail components.

A vulnerability in the Apache Log4j tracked as CVE-2017-5645 impacted the Oracle’s Converged Application Server – Service Controller, the OCA Online Mediation Controller Service Broker, the WebRTC Session Controller, the FLEXCUBE component in Oracle Financial Services Applications, the Fusion’s GoldenGate app adapters and SOA Suite, and also a Sun tape library component.

The CVE-2017-5645 flaw resides in the Codehaus versions of Groovy and affected OCA Unified Inventory Management.

The critical patch advisory for 2019 also fixed the CVE-2018-11776 vulnerability in the OCA’s Communications Policy Management Component, this issue was exploited in 2018 by threat actors to mine cryptocurrency.

Oracle also addressed an arbitrary file upload flaw (CVE-2018-9206) in the OCA’s Services Gatekeeper that also impacted Primavera P6 in the Construction and Engineering Suite, and Siebel CRM.

Another bug fixed by Big Red affected the Oracle E-Business’ Performance Management component, it was in CVE-2019-2453:

“Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Performance Management.” reads the description provided by

“Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Performance Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Performance Management accessible data. “

Oracle addressed the CVE-2016-4000 flaw, Jython provided a vector for arbitrary code, it is used by Oracle Enterprise Manager platform, Banking Platform, and Utilities Network Management System.

The list is very long, it also includes patches for a DoS in the Derby
Apache tool used in the WebLogic server (CVE-2015-1832) and an RCE bug in the Spring framework used by Oracle Tuxedo and the Sun Tape Library ACSLS component.

People interested in the full list could visit the following address:

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, critical patch advisory)

[adrotate banner=”5″]

[adrotate banner="13"]


facebook linkedin twitter

Oracle Pierluigi Paganini Security Affairs

you might also like

Pierluigi Paganini September 22, 2025
Stellantis probes data breach linked to third-party provider
Read more
Pierluigi Paganini September 22, 2025
FBI alerts public to spoofed IC3 site used in fraud schemes
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    Stellantis probes data breach linked to third-party provider

    Data Breach / September 22, 2025

    FBI alerts public to spoofed IC3 site used in fraud schemes

    Cyber Crime / September 22, 2025

    EU agency ENISA says ransomware attack behind airport disruptions

    Security / September 22, 2025

    Researchers expose MalTerminal, an LLM-enabled malware pioneer

    Malware / September 22, 2025

    Beware: GitHub repos distributing Atomic Infostealer on macOS

    Malware / September 22, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT