KLA11340
Multiple vulnerabilities in Oracle Java SE

Multiple serious vulnerabilities were found in Oracle Java SE. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, cause denial of service, bypass security restrictions.

Below is a complete list of vulnerabilities:

1. An unspecified vulnerability in Scripting component can be exploited remotely to execute arbitrary code;
2. An unspecified vulnerability in JavaFX component can be exploited remotely to execute arbitrary code;
3. An unspecified vulnerability in Hotspot component can be exploited remotely to execute arbitrary code;
4. An unspecified vulnerability in JNDI component can be exploited locally to execute arbitrary code;
5. An unspecified vulnerability in Serviceability component can be exploited remotely to obtain sensitive information;
6. An unspecified vulnerability in JSSE component can be exploited remotely to obtain sensitive information;
7. An unspecified vulnerability in Sound component can be exploited remotely to cause denial of service;
8. An unspecified vulnerability in Sound component can be exploited remotely to obtain sensitive information;
9. An unspecified vulnerability in Utility component can be exploited remotely to bypass security restrictions;
10. An unspecified vulnerability in libpng can be exploited remotely to cause denial of service;
11. An unspecified vulnerability in Security component can be exploited remotely to bypass security restrictions;
12. An unspecified vulnerability in Networking component can be exploited remotely to bypass security restrictions;

Java SE 6u201 and earlier
Java SE 7u191 and earlier
Java SE 8u182 and earlier
Java SE 11 and earlier
Java SE Embedded 8u181 and earlier
JRockit R28.3.19 and earlier

Update to the latest version
Oracle software downloads

https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixJAVA