Oracle plans to fix 40 vulnerabilities in a number of different components of Java SE. Nearly all of the vulnerabilities are remotely exploitable. The company said that it will post patches for flaws in several different versions of Java JDK and JRE. There are fixes for Java FX 2.2.21 and JDK 7 update 21 and earlier; JRE 6 update 45 and earlier, JRE 5 update 45. Oracle strongly recommends that customers apply Critical Patch Update fixes as soon as possible, saying 37 of the flaws are exploitable without authentication.
Source: https://threatpost.com/oracle-to-patch-40-java-bugs/100998/