Oracle released 45 security patches on Tuesday as part of its latest quarterly patch update, one less than expected.

The updates cover various flaws in products including Oracle Database, Application Server, and E-Business Suite, among others. Some of the patches cover flaws in multiple products.

Nineteen of the security updates include fixes for versions of Oracle's database, two of which might be remotely exploited without requiring login credentials.

Six of the 14 flaws in Oracle's E-Business Suite might also be remotely exploited by hackers. Three of four bugs in Oracle's Application Server carry the same risk. More details can be found in Oracle's quarterly advisory here.

Last year Oracle began rating the severity of bugs in its applications according to the Common Vulnerability Scoring System (CVSS), an industry-wide initiative to standardise vulnerability ratings. Oracle rates the worst of this quarter's patch batch (two bugs affecting Oracle PeopleSoft Enterprise) at 4.8.

Due to the threat posed by attacks based on the flaws, Oracle strongly recommends that fixes are applied as soon as possible. ®

Related stories

• Oracle preps summer patch cluster (11 July 2008)
• Databases still open to basic attack (15 November 2007)
• Oracle readies mega-update patching 51 security holes (13 October 2007)
• Word vuln stars in Patch Tuesday litter (10 October 2007)
• Security conferences versus practical knowledge (19 July 2007)
• Oracle preps July patch blitz (13 July 2007)
• Oracle 11g’s new toys (13 July 2007)
• Oracle blocks 51 security holes (17 January 2007)
• Oracle's mega-patch shuts 101 doors (18 October 2006)
• Oracle to provide clearer vulnerability ratings (13 October 2006)
• Oracle in war of words with security researcher (26 January 2006)