Multiple vulnerabilities in Oracle Java SE and GraalVM

Описание

Multiple vulnerabilities were found in Oracle Java SE and GraalVM. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, obtain sensitive information.

Below is a complete list of vulnerabilities:

1. Code execution vulnerability in Networking can be exploited to execute arbitrary code.
2. Denial of service vulnerability in 2D (Harfbuzz) can be exploited to cause denial of service.
3. Information disclosure vulnerability in Hotspot can be exploited to obtain sensitive information.
4. Code execution vulnerability in JavaFX can be exploited to execute arbitrary code.
5. Code execution vulnerability in Libraries can be exploited to execute arbitrary code.
6. Denial of service vulnerability in Utility can be exploited to cause denial of service.

Первичный источник обнаружения

• Oracle Critical Patch Update Advisory - July 2023
  

Связанные продукты

• Oracle-Java-JRE-1.7.x
• Oracle-Java-JRE-1.8.x

Список CVE

• CVE-2023-25193
  critical
• CVE-2023-22006
  warning
• CVE-2023-22041
  high
• CVE-2023-22044
  warning
• CVE-2023-22043
  high
• CVE-2023-22049
  warning
• CVE-2023-22045
  warning
• CVE-2023-22036
  warning

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com