Security firm Red Database Security has decided to publish in detail six vulnerabilities that Oracle has not fixed in over 650 days. The flaws range in severity, with three classified as high risk with the potential to compromise a server or overwrite files.
According to Alexander Kornbrust, CEO and principal researcher with the consultancy, Oracle’s lack of response to critical security bugs is unacceptable. “Oracle put their customers in danger,” says Kornblust. “At least one critical vulnerability can be abused (by) any attacker via the Internet.” read article.