Multiple vulnerabilities in Oracle Java SE and GraalVM

Description

Multiple vulnerabilities were found in Oracle Java SE and GraalVM. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, obtain sensitive information.

Below is a complete list of vulnerabilities:

1. Code execution vulnerability in Networking can be exploited to execute arbitrary code.
2. Denial of service vulnerability in 2D (Harfbuzz) can be exploited to cause denial of service.
3. Information disclosure vulnerability in Hotspot can be exploited to obtain sensitive information.
4. Code execution vulnerability in JavaFX can be exploited to execute arbitrary code.
5. Code execution vulnerability in Libraries can be exploited to execute arbitrary code.
6. Denial of service vulnerability in Utility can be exploited to cause denial of service.

Original advisories

• Oracle Critical Patch Update Advisory – July 2023

Related products

• Oracle-Java-JRE-1.7.x
• Oracle-Java-JRE-1.8.x

CVE list

• CVE-2023-25193
  critical
• CVE-2023-22006
  warning
• CVE-2023-22041
  high
• CVE-2023-22044
  warning
• CVE-2023-22043
  high
• CVE-2023-22049
  warning
• CVE-2023-22045
  warning
• CVE-2023-22036
  warning

Read more

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com