Oracle announced late Monday that it will release 37 security fixes as part of its quarterly critical patch update scheduled for Tuesday.

Thirteen of the patches address vulnerabilities in the widely deployed Oracle Database, with the highest severity rating a seven out of 10, according to a company announcement. Three of the vulnerabilities may be remotely exploitable without user authentication, making them particularly serious.

Additionally, Oracle is releasing two patches for Enterprise Manager and one each for WorkFlow Cartridge, Secure Enterprise Search and the Ultra Search component that is bundled with Oracle Database.

Another five fixes are slated for the Oracle Application Server, but the most serious of those vulnerabilities carries just a 4.2 out of 10 rating, according to Oracle, although attackers can remotely exploit two of the bugs.

The company plans an additional 11 fixes for the E-Business Suite, with two of the flaws being remotely exploitable. The most critical rating for those is also 4.2. Two patches also are slated for the Enterprise Manager and PeopleSoft Enterprise Tools.

Meanwhile, one patch each is planned for PeopleSoft Enterprise Human Capital Management and the JD Edwards EnterpriseOne and OneWorld tools.

The 37 fixes nearly match the number delivered in last April’s quarterly release, when the database giant offered 36 patches. It pales in comparison to the 101-fix release in October.

Click here to email reporter Dan Kaplan.


Looking for a new job? has the latest IT security job opportunities. Click here for our jobs page.