Java Critical Patch update on Jan 14, 2014

"This Critical Patch Update Pre-Release Announcement provides advance information about the Oracle Critical Patch Update for January 2014, which will be released on Tuesday, January 14, 2014. While this Pre-Release Announcement is as accurate as possible at the time of publication, the information it contains may change before publication of the Critical Patch Update Advisory.

A Critical Patch Update is a collection of patches for multiple security vulnerabilities. This Critical Patch Update contains 147 new security vulnerability fixes across hundreds of Oracle products. Some of the vulnerabilities addressed in this Critical Patch Update affect multiple products. Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Critical Patch Update fixes as soon as possible."
 
Affected Products and Components, including Oracle Java JDK and JRE, versions 5.0u55 and earlier, 6u65 and earlier, 7u45 and earlier

Oracle Java SE Executive Summary
This Critical Patch Update contains 36 new security fixes for Oracle Java SE. 34 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.

The highest CVSS Base Score of vulnerabilities affecting Oracle Java SE is 10.0. (Critical)

The Oracle Java SE components affected by vulnerabilities that are fixed in this Critical Patch Update are:
• Java SE
• Java SE Embedded
• JavaFX
• JRockit

Full details: Oracle Critical Patch Update Pre-Release Announcement - January 2014