There are lots of vulnerabilities DBAs must act upon ASAP, although it "only" addresses 38 vulnerabilities...

• 16 fixes address flaws in the Oracle database (six can be exploited remotely without user interaction)
• 3 fixes address flaws in the Oracle Application Server (two can be exploited remotely without user interaction)
• 8 fixes address flaws in the Oracle Applications Suite (five can be exploited remotely without user interaction)

More (advance) information in the pre-release announcement : http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2009.html