Oracle’s quarterly Critical Patch Update (CPU) includes 98 fixes for vulnerabilities in Oracle products, including 14 that address Java SE issues.
Oracle uses the Common Vulnerability Scoring System (CVSS) to provide an open and standardized rating of the security holes it finds in its products.
Eleven of the Java SE fixes are for client-only vulnerabilities, which can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets. Two of the issues apply to Java Secure Socket Extension (JSSE) client and Server deployments, and one applies to Java client and Server deployments.