Oracle fixed 136 vulnerabilities across 46 different products this week as part of its quarterly Critical Patch Update. More than half of the CVEs, 72, could be remotely exploitable without authentication. Seven of the vulnerabilities are rated 10.0 in criticality according to an older vulnerability system Oracle used, CVSS v2.0. Oracle switched to the most recent version of the Common Vulnerability Scoring System (CVSS v3.0) with April s CPU. Oracle is encouraging users, if they haven t done so already, to apply fixes from when it released an emergency alert for Java SE last month.
Source: https://threatpost.com/oracle-fixes-136-vulnerabilities-with-april-critical-patch-update/117548/