Kaspersky Threats

Detect date

?

10/15/2019

Severity

?

High

Description

Multiple vulnerabilities were found in Oracle Java SE. Malicious users can exploit these vulnerabilities to bypass security restrictions.

Below is a complete list of vulnerabilities:

A vulnerability in Kerberos component can be exploited to bypass security restrictions;
A vulnerability in Networking component can be exploited to bypass security restrictions;
A vulnerability in Libraries component can be exploited to bypass security restrictions;
A vulnerability in JavaFX(libxslt) component can be exploited to bypass security restrictions;
A vulnerability in Hotspot component can be exploited to bypass security restrictions;
A vulnerability in Scripting component can be exploited to bypass security restrictions;
A vulnerability in Javadoc component can be exploited to bypass security restrictions;
A vulnerability in Deployment component can be exploited to bypass security restrictions;
A vulnerability in 2D component can be exploited to bypass security restrictions;
A vulnerability in Concurrency component can be exploited to bypass security restrictions;
A vulnerability in JAXP component can be exploited to bypass security restrictions;
A vulnerability in Security component can be exploited to bypass security restrictions;
A vulnerability in Serialization component can be exploited to bypass security restrictions;

Affected products

Java SE 7 version 7u231 and earlier
Java SE 8 version 8u221 and earlier
Java SE 11 version 11.0.4 and earlier
Java Embedded version 8u221 and earlier

Solution

Update to the latest version
Download Java

Original advisories

Oracle Java SE Risk Matrix

Impacts

?

SB

[?]

Detect date ?	10/15/2019
Severity ?	High
Description	Multiple vulnerabilities were found in Oracle Java SE. Malicious users can exploit these vulnerabilities to bypass security restrictions. Below is a complete list of vulnerabilities: A vulnerability in Kerberos component can be exploited to bypass security restrictions; A vulnerability in Networking component can be exploited to bypass security restrictions; A vulnerability in Libraries component can be exploited to bypass security restrictions; A vulnerability in JavaFX(libxslt) component can be exploited to bypass security restrictions; A vulnerability in Hotspot component can be exploited to bypass security restrictions; A vulnerability in Scripting component can be exploited to bypass security restrictions; A vulnerability in Javadoc component can be exploited to bypass security restrictions; A vulnerability in Deployment component can be exploited to bypass security restrictions; A vulnerability in 2D component can be exploited to bypass security restrictions; A vulnerability in Concurrency component can be exploited to bypass security restrictions; A vulnerability in JAXP component can be exploited to bypass security restrictions; A vulnerability in Security component can be exploited to bypass security restrictions; A vulnerability in Serialization component can be exploited to bypass security restrictions;
Affected products	Java SE 7 version 7u231 and earlier Java SE 8 version 8u221 and earlier Java SE 11 version 11.0.4 and earlier Java Embedded version 8u221 and earlier
Solution	Update to the latest version Download Java
Original advisories	Oracle Java SE Risk Matrix
Impacts ?	SB [?]
Related products	Oracle Java JRE 1.7.x Oracle Java JDK 1.7.x Oracle Java JDK 1.8.x Oracle Java JRE 1.8.x Oracle Java JRE 1.9.x Oracle Java JRE 1.10.x
CVE-IDS ?	CVE-2019-29490.0Unknown CVE-2019-29890.0Unknown CVE-2019-29580.0Unknown CVE-2019-110680.0Unknown CVE-2019-29770.0Unknown CVE-2019-29750.0Unknown CVE-2019-29990.0Unknown CVE-2019-29960.0Unknown CVE-2019-29870.0Unknown CVE-2019-29620.0Unknown CVE-2019-29880.0Unknown CVE-2019-29920.0Unknown CVE-2019-29640.0Unknown CVE-2019-29730.0Unknown CVE-2019-29810.0Unknown CVE-2019-29780.0Unknown CVE-2019-28940.0Unknown CVE-2019-29830.0Unknown CVE-2019-29330.0Unknown CVE-2019-29450.0Unknown

KLA11582Multiple vulnerabilities in Oracle Java SE

KLA11582
Multiple vulnerabilities in Oracle Java SE