Two new Java zero-day vulnerabilities reported to Oracle