Oracle plans to release 51 security fixes across hundreds of its products next week as part of its quarterly Critical Patch Update (CPU).
Oracle said the CPU contains 27 fixes for the Oracle Database, five of which may be exploited remotely without the need for a username and password. The fixes address flaws in the core relational database management system, SQL execution, Oracle Database Vault, and advanced queuing.
Oracle added that 11 security fixes plug holes in the Oracle Application Server, seven of which may be remotely exploitable without the need for a username and password. The fixes repair flaws in Oracle HTTP Server, Oracle Portal, Oracle Single Sign-On and Oracle Containers for J2EE.