The highest risk issue is scored with a CVSS of 9 because it’s remotely exploitable without authentication. This vulnerability in the XML Parser in Oracle’s Database Server is part of a mixed bag of other vulnerabilities ranging from mild to serious.
Oracle Fusion middleware is seeing a lot of attention this quarter with 21 fixes, but nothing super critical. The highest CVSS score is 7.5.
Solaris is hit with two remote DoS attacks, plus a couple of local elevation of privilege issues.
With such a diverse range of products in this quarter’s patch, it's hard to tackle these from top to bottom with recommendations. I recommend patching any vulnerable Oracle Database Server instances ASAP and don’t neglect the stability or integrity of the Solaris deployment.
Ross Barrett, senior manager of security engineering at Rapid7.