A total of 308 vulnerabilities were patched in the Oracle product families during the JULY 2017 updates, with 168 deemed as highly critical to patch right away due to remote exploit potential

http://www.csoonline.com/article/3209969/vulnerabilities/oracle-s-monster-update-emphasizes-flaws-in-critical-business-applications.html

http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

Then there is Oracle’s gargantuan Critical Patch Update (CPU), which fixed a whopping 308 vulnerabilities across its entire product portfolio. Over half, or 168, of the fixes address vulnerabilities that could be remotely exploited without needing any kind of user authentication.  Oracle hasn’t been “just” a database company in a long time, and nowhere is that more evident than in its quarterly critical patch update release, where the bulk of the fixes are in business applications like PeopleSoft and E-Business Suite.