Oracle reports:
This Critical Patch Update contains 25 new security fixes
for Oracle Java SE. 24 of these vulnerabilities may be remotely
exploitable without authentication, i.e., may be exploited over a
network without the need for a username and password.