Oracle explains their use of CVSS scoring on this page. Scores range from 0.1 to 10.0, with 10.0 being as bad as it gets. CVSS is the Common Vulnerability Scoring System, maintained by the Department of Homeland Security National Cyber Security Division and NIST (the National Institite of Standards and Technology). On Tuesday we will likely have that number when the actual CVE numbers are released.Ĥ7 of the fixes are for vulnerabilities which can be exploited remotely without authentication, a measure of extreme severity and an indicator that the fix should be applied as soon as possible, as Oracle advises.ģ6 of the fixes will be for Java 7 SE products, 34 of them exploitable remotely without authentication.įor each product family, Oracle provides the highest CVSS Base Score of vulnerabilities affecting the products being updated.
There are a total of 147 vulnerability fixes some of the vulnerabilities affect multiple products, so the total number of vulnerabilities addressed is less than 147, but not specified.
This group of updates affects 47 products. As is their custom, Oracle will be releasing their January 2014 quarterly patches on Patch Tuesday, the same day as Microsoft.
