Today, Oracle released their April 2017 Critical Patch Update, or CPU, that resolves a record breaking 299 vulnerabilities across all of their products. According to a report by ERPScan, this is the largest CPU released by Oracle.
Of these 299 vulnerabilities, over 100 are remotely exploitable without authentication. This means that it is possible to remotely exploit the vulnerability through malicious web sites or via a remote attack depending on the particular software. Once an attack successfully exploits a vulnerability, the attacker may be able to execute commands on the affected computer without the victim's knowledge or permission.
The three products with the most security updates are Oracle Financial Services Applications with 47 vulnerabilities and Oracle Retail Applications and Oracle MySQL, which are tied at 39 fixes. Java, which is notorious for being used by exploit kits to install malware on vulnerable systems had 8 new security fixes, with 7 of them being remotely exploitable.