CPU patch files on Oracle server generate CVE in vulnerability scans

Data Loss Prevention Oracle Standard Edition 2 

CPU patch files were located in all update/installation folders 

Update folders should be ignored as they are just part of installing and uninstalling the patches that they have installed as such should be considered the same as a backup folder that is not executed. Only the active files used by the instance should be considered.

Check Oracle's public page on CVEs https://www.oracle.com/security-alerts/ 

If there is a question regarding a specific vulnerability that has not already been addressed by Oracle, please contact Symantec support.