A number of the bugs affect more than one product, and customers are advised to apply the patches as soon as possible, Oracle said.

Four fixes are for Oracle's database. Three of the database vulnerabilities involved can be exploited by an attacker over a network without the need for login credentials, according to Thursday's notice.

Oracle is also set to release 22 patches for its Fusion Middleware family, eight of which can be remotely exploited without a username or password, Oracle said.

The company uses the CVSS (Common Vulnerability Scoring System) to rank the seriousness of its patches. One of the fixes, for the Fusion Middleware product JRockit, has a CVSS score of 10.0, the highest on the scale.

Another 25 fixes cover weaknesses in Oracle's Sun product family, including the GlassFish application server and Solaris OS.