Oracle announced the release of 387 new security fixes as part of the October 2023 CPU on Tuesday, to address vulnerabilities in its own code and third-party components. According to Oracle’s advice, more than 40 security fixes address critical-severity weaknesses, and more than 200 fix bugs that can be abused remotely without authentication.
Oracle’s October 2023 CPU contains 185 unique CVEs, many of which affect numerous products, according to SecurityWeek. Not all are new CVEs, and many are not exploitable in the Oracle products affected. Financial Services Applications is the Oracle product that has gotten the most security patches, with 103 fixes. 49 of these address vulnerabilities that can be exploited remotely without authentication.