Oracle included 104 security fixes in its Critical Patch Update (CPU) for April.
The list of affected products includes Database, Fusion Middleware, Access Manager, Containers for J2EE, Data Integrator, Endeca Server, Event Processing, OpenSSO, WebCenter Portal, WebLogic Server, Hyperion Common Admin, E-Business Suite, Agile PLM Framework, Transportation Management, PeopleSoft Enterprise, Java SE, MySQL Server and others.
While it will not come as a surprise to anyone, quite a few of the vulnerabilities deal with Java SE. Of the 37 Java SE security holes, 35 can suffer from remote exploitation by an attacker without the need of authentication credentials.
The patches for many of the products are cumulative, which means they include the all the fixes from previous CPUs as well.
The vulnerabilities fixed with the April 2014 CPU have been reported by Andrea Micalizzi (rgod); Borked of the Google Security Team; Christopher Meyer of Ruhr-University Bochum; Ilja van Sprundel of ioactive.com; Jörg Delker, the Red Hat Security Response Team, Timo Warns, Yuki Chen of Trend Micro, among others.
Oracle advises customers to update their installations as soon as possible. The next update will be July 15.
Click here for additional details on the Oracle Critical Patch Update Advisory.