The holes in current and previous versions of the company’s database software could allow intruders to gain control of databases without needing a password or user authentication.
The flaws were identified by UK security firm Next Generation Security Software.
‘If they can get access they can own it and the data on it,’ said the firm’s managing director David Litchfield, speaking to the Wall Street Journal.
Litchfield said he has found as many as 34 flaws.
Oracle says it is working on patches to fix the flaws but has not released any time scales.