Overall, 16 of the 17 Java flaws Oracle has patched are remotely exploitable without needing user logins, while five of the 27 MySQL flaws are remotely exploitable.