Executive Summary
Summary | |
---|---|
Title | Oracle JRE/JDK: Multiple vulnerabilities |
Informations | |||
---|---|---|---|
Name | GLSA-201502-12 | First vendor Publication | 2015-02-15 |
Vendor | Gentoo | Last vendor Modification | 2015-02-15 |
Severity (Vendor) | Normal | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Synopsis Multiple vulnerabilities have been found in Oracle's Java SE Development Kit and Runtime Environment, the worst of which could lead to execution of arbitrary code. Background Description Impact Workaround Resolution All Oracle JDK 1.7 users should upgrade to the latest version: All users of the precompiled 32-bit Oracle JRE should upgrade to the latest version: References Availability http://security.gentoo.org/glsa/glsa-201502-12.xml |
Original Source
Url : http://security.gentoo.org/glsa/glsa-201502-12.xml |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:23968 | |||
Oval ID: | oval:org.mitre.oval:def:23968 | ||
Title: | DEPRECATED: ELSA-2014:0408: java-1.6.0-openjdk security and bug fix update (Important) | ||
Description: | The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2014-0429) Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-0457, CVE-2014-0461) Multiple improper permission check issues were discovered in the AWT, JAX-WS, JAXB, Libraries, and Sound components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-0446, CVE-2014-2427) Multiple flaws were identified in the Java Naming and Directory Interface (JNDI) DNS client. These flaws could make it easier for a remote attacker to perform DNS spoofing attacks. (CVE-2014-0460) It was discovered that the JAXP component did not properly prevent access to arbitrary files when a SecurityManager was present. This flaw could cause a Java application using JAXP to leak sensitive information, or affect application availability. (CVE-2014-2403) It was discovered that the Security component in OpenJDK could leak some timing information when performing PKCS#1 unpadding. This could possibly lead to the disclosure of some information that was meant to be protected by encryption. (CVE-2014-0453) It was discovered that the fix for CVE-2013-5797 did not properly resolve input sanitization flaws in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting (XSS) attacks. (CVE-2014-2398) An insecure temporary file use flaw was found in the way the unpack200 utility created log files. A local attacker could possibly use this flaw to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running unpack200. (CVE-2014-1876) This update also fixes the following bug: * The OpenJDK update to IcedTea version 1.13 introduced a regression related to the handling of the jdk_version_info variable. This variable was not properly zeroed out before being passed to the Java Virtual Machine, resulting in a memory leak in the java.lang.ref.Finalizer class. This update fixes this issue, and memory leaks no longer occur. (BZ#1085373) All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2014:0408-00 CVE-2014-0429 CVE-2014-0446 CVE-2014-0451 CVE-2014-0452 CVE-2014-0453 CVE-2014-0456 CVE-2014-0457 CVE-2014-0458 CVE-2014-0460 CVE-2014-0461 CVE-2014-1876 CVE-2014-2397 CVE-2014-2398 CVE-2014-2403 CVE-2014-2412 CVE-2014-2414 CVE-2014-2421 CVE-2014-2423 CVE-2014-2427 | Version: | 5 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | java-1.6.0-openjdk |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23985 | |||
Oval ID: | oval:org.mitre.oval:def:23985 | ||
Title: | ELSA-2014:0408: java-1.6.0-openjdk security and bug fix update (Important) | ||
Description: | The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2014-0429) Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-0457, CVE-2014-0461) Multiple improper permission check issues were discovered in the AWT, JAX-WS, JAXB, Libraries, and Sound components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-0446, CVE-2014-2427) Multiple flaws were identified in the Java Naming and Directory Interface (JNDI) DNS client. These flaws could make it easier for a remote attacker to perform DNS spoofing attacks. (CVE-2014-0460) It was discovered that the JAXP component did not properly prevent access to arbitrary files when a SecurityManager was present. This flaw could cause a Java application using JAXP to leak sensitive information, or affect application availability. (CVE-2014-2403) It was discovered that the Security component in OpenJDK could leak some timing information when performing PKCS#1 unpadding. This could possibly lead to the disclosure of some information that was meant to be protected by encryption. (CVE-2014-0453) It was discovered that the fix for CVE-2013-5797 did not properly resolve input sanitization flaws in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting (XSS) attacks. (CVE-2014-2398) An insecure temporary file use flaw was found in the way the unpack200 utility created log files. A local attacker could possibly use this flaw to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running unpack200. (CVE-2014-1876) This update also fixes the following bug: * The OpenJDK update to IcedTea version 1.13 introduced a regression related to the handling of the jdk_version_info variable. This variable was not properly zeroed out before being passed to the Java Virtual Machine, resulting in a memory leak in the java.lang.ref.Finalizer class. This update fixes this issue, and memory leaks no longer occur. (BZ#1085373) All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2014:0408-00 CVE-2014-0429 CVE-2014-0446 CVE-2014-0451 CVE-2014-0452 CVE-2014-0453 CVE-2014-0456 CVE-2014-0457 CVE-2014-0458 CVE-2014-0460 CVE-2014-0461 CVE-2014-1876 CVE-2014-2397 CVE-2014-2398 CVE-2014-2403 CVE-2014-2412 CVE-2014-2414 CVE-2014-2421 CVE-2014-2423 CVE-2014-2427 | Version: | 5 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | java-1.6.0-openjdk |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:24013 | |||
Oval ID: | oval:org.mitre.oval:def:24013 | ||
Title: | Unspecified vulnerability in Oracle Java SE 7u51 and 8 allows remote attackers to affect availability via unknown vectors related to 2D | ||
Description: | Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect availability via unknown vectors related to 2D. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-0459 | Version: | 4 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:24169 | |||
Oval ID: | oval:org.mitre.oval:def:24169 | ||
Title: | Unspecified vulnerability in Oracle Java SE 7u51 and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment | ||
Description: | Unspecified vulnerability in Oracle Java SE 7u51 and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-0448 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:24201 | |||
Oval ID: | oval:org.mitre.oval:def:24201 | ||
Title: | Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and JRockit R27.8.1 and R28.3.1 allows remote authenticated users to affect integrity via unknown vectors related to Javadoc | ||
Description: | Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and JRockit R27.8.1 and R28.3.1 allows remote authenticated users to affect integrity via unknown vectors related to Javadoc. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-2398 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment JRockit JavaFX |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:24226 | |||
Oval ID: | oval:org.mitre.oval:def:24226 | ||
Title: | Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8 allows remote attackers to affect integrity via unknown vectors related to Deployment | ||
Description: | Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect integrity via unknown vectors related to Deployment. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-2420 | Version: | 4 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:24228 | |||
Oval ID: | oval:org.mitre.oval:def:24228 | ||
Title: | Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS | ||
Description: | Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0452 and CVE-2014-2423. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-0458 | Version: | 4 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:24276 | |||
Oval ID: | oval:org.mitre.oval:def:24276 | ||
Title: | ELSA-2014:0406: java-1.7.0-openjdk security update (Critical) | ||
Description: | The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2014-0429) Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-0457, CVE-2014-0455, CVE-2014-0461) Multiple improper permission check issues were discovered in the AWT, JAX-WS, JAXB, Libraries, Security, Sound, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-2402, CVE-2014-0446, CVE-2014-2413, CVE-2014-0454, CVE-2014-2427, CVE-2014-0459) Multiple flaws were identified in the Java Naming and Directory Interface (JNDI) DNS client. These flaws could make it easier for a remote attacker to perform DNS spoofing attacks. (CVE-2014-0460) It was discovered that the JAXP component did not properly prevent access to arbitrary files when a SecurityManager was present. This flaw could cause a Java application using JAXP to leak sensitive information, or affect application availability. (CVE-2014-2403) It was discovered that the Security component in OpenJDK could leak some timing information when performing PKCS#1 unpadding. This could possibly lead to the disclosure of some information that was meant to be protected by encryption. (CVE-2014-0453) It was discovered that the fix for CVE-2013-5797 did not properly resolve input sanitization flaws in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting (XSS) attacks. (CVE-2014-2398) An insecure temporary file use flaw was found in the way the unpack200 utility created log files. A local attacker could possibly use this flaw to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running unpack200. (CVE-2014-1876) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2014:0406-00 CVE-2014-0429 CVE-2014-0446 CVE-2014-0451 CVE-2014-0452 CVE-2014-0453 CVE-2014-0454 CVE-2014-0455 CVE-2014-0456 CVE-2014-0457 CVE-2014-0458 CVE-2014-0459 CVE-2014-0460 CVE-2014-0461 CVE-2014-1876 CVE-2014-2397 CVE-2014-2398 CVE-2014-2402 CVE-2014-2403 CVE-2014-2412 CVE-2014-2413 CVE-2014-2414 CVE-2014-2421 CVE-2014-2423 CVE-2014-2427 | Version: | 5 |
Platform(s): | Oracle Linux 6 | Product(s): | java-1.7.0-openjdk |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:24307 | |||
Oval ID: | oval:org.mitre.oval:def:24307 | ||
Title: | Unspecified vulnerability in Oracle Java SE 8 allows remote attackers to affect confidentiality via unknown vectors related to Scripting | ||
Description: | Unspecified vulnerability in Oracle Java SE 8 allows remote attackers to affect confidentiality via unknown vectors related to Scripting, a different vulnerability than CVE-2014-0463. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-0464 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:24366 | |||
Oval ID: | oval:org.mitre.oval:def:24366 | ||
Title: | Unspecified vulnerability in Oracle Java SE 7u51 and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries | ||
Description: | Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-0432 and CVE-2014-0455. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-2402 | Version: | 4 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:24376 | |||
Oval ID: | oval:org.mitre.oval:def:24376 | ||
Title: | Unspecified vulnerability in Oracle Java SE 7u51 and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot | ||
Description: | Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-2397 | Version: | 4 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:24440 | |||
Oval ID: | oval:org.mitre.oval:def:24440 | ||
Title: | RHSA-2014:0889: java-1.7.0-openjdk security update (Critical) | ||
Description: | The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. (CVE-2014-4216, CVE-2014-4219) A format string flaw was discovered in the Hotspot component event logger in OpenJDK. An untrusted Java application or applet could use this flaw to crash the Java Virtual Machine or, potentially, execute arbitrary code with the privileges of the Java Virtual Machine. (CVE-2014-2490) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-4223, CVE-2014-4262, CVE-2014-2483) Multiple flaws were discovered in the JMX, Libraries, Security, and Serviceability components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-4209, CVE-2014-4218, CVE-2014-4221, CVE-2014-4252, CVE-2014-4266) It was discovered that the RSA algorithm in the Security component in OpenJDK did not sufficiently perform blinding while performing operations that were using private keys. An attacker able to measure timing differences of those operations could possibly leak information about the used keys. (CVE-2014-4244) The Diffie-Hellman (DH) key exchange algorithm implementation in the Security component in OpenJDK failed to validate public DH parameters properly. This could cause OpenJDK to accept and use weak parameters, allowing an attacker to recover the negotiated key. (CVE-2014-4263) The CVE-2014-4262 issue was discovered by Florian Weimer of Red Hat Product Security. Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2014:0889-00 CESA-2014:0889 CVE-2014-2483 CVE-2014-2490 CVE-2014-4209 CVE-2014-4216 CVE-2014-4218 CVE-2014-4219 CVE-2014-4221 CVE-2014-4223 CVE-2014-4244 CVE-2014-4252 CVE-2014-4262 CVE-2014-4263 CVE-2014-4266 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 CentOS Linux 6 CentOS Linux 7 | Product(s): | java-1.7.0-openjdk |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:24441 | |||
Oval ID: | oval:org.mitre.oval:def:24441 | ||
Title: | Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security | ||
Description: | Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-0453 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment JRockit |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:24444 | |||
Oval ID: | oval:org.mitre.oval:def:24444 | ||
Title: | RHSA-2014:0408: java-1.6.0-openjdk security and bug fix update (Important) | ||
Description: | The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2014-0429) Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-0457, CVE-2014-0461) Multiple improper permission check issues were discovered in the AWT, JAX-WS, JAXB, Libraries, and Sound components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-0446, CVE-2014-2427) Multiple flaws were identified in the Java Naming and Directory Interface (JNDI) DNS client. These flaws could make it easier for a remote attacker to perform DNS spoofing attacks. (CVE-2014-0460) It was discovered that the JAXP component did not properly prevent access to arbitrary files when a SecurityManager was present. This flaw could cause a Java application using JAXP to leak sensitive information, or affect application availability. (CVE-2014-2403) It was discovered that the Security component in OpenJDK could leak some timing information when performing PKCS#1 unpadding. This could possibly lead to the disclosure of some information that was meant to be protected by encryption. (CVE-2014-0453) It was discovered that the fix for CVE-2013-5797 did not properly resolve input sanitization flaws in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting (XSS) attacks. (CVE-2014-2398) An insecure temporary file use flaw was found in the way the unpack200 utility created log files. A local attacker could possibly use this flaw to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running unpack200. (CVE-2014-1876) This update also fixes the following bug: * The OpenJDK update to IcedTea version 1.13 introduced a regression related to the handling of the jdk_version_info variable. This variable was not properly zeroed out before being passed to the Java Virtual Machine, resulting in a memory leak in the java.lang.ref.Finalizer class. This update fixes this issue, and memory leaks no longer occur. (BZ#1085373) All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2014:0408-00 CESA-2014:0408 CVE-2014-0429 CVE-2014-0446 CVE-2014-0451 CVE-2014-0452 CVE-2014-0453 CVE-2014-0456 CVE-2014-0457 CVE-2014-0458 CVE-2014-0460 CVE-2014-0461 CVE-2014-1876 CVE-2014-2397 CVE-2014-2398 CVE-2014-2403 CVE-2014-2412 CVE-2014-2414 CVE-2014-2421 CVE-2014-2423 CVE-2014-2427 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 CentOS Linux 5 CentOS Linux 6 | Product(s): | java-1.6.0-openjdk |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:24471 | |||
Oval ID: | oval:org.mitre.oval:def:24471 | ||
Title: | Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51 allows remote attackers to affect confidentiality via unknown vectors related to 2D | ||
Description: | Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality via unknown vectors related to 2D. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-2401 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment JavaFX |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:24482 | |||
Oval ID: | oval:org.mitre.oval:def:24482 | ||
Title: | Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D | ||
Description: | Unspecified vulnerability in Oracle Java SE 5.0u61, SE 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-0457 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment JavaFX |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:24502 | |||
Oval ID: | oval:org.mitre.oval:def:24502 | ||
Title: | Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries | ||
Description: | Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-0446 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:24510 | |||
Oval ID: | oval:org.mitre.oval:def:24510 | ||
Title: | Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound | ||
Description: | Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-2427 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:24513 | |||
Oval ID: | oval:org.mitre.oval:def:24513 | ||
Title: | Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8 allows remote attackers to affect confidentiality via unknown vectors related to Deployment | ||
Description: | Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality via unknown vectors related to Deployment. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-0449 | Version: | 4 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:24518 | |||
Oval ID: | oval:org.mitre.oval:def:24518 | ||
Title: | Unspecified vulnerability in Oracle Java SE 7u51 and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries | ||
Description: | Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-0432 and CVE-2014-2402. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-0455 | Version: | 4 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:24520 | |||
Oval ID: | oval:org.mitre.oval:def:24520 | ||
Title: | Unspecified vulnerability in Oracle Java SE 5.0u61, SE 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries | ||
Description: | Unspecified vulnerability in Oracle Java SE 5.0u61, SE 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-0457 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment JRockit |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:24522 | |||
Oval ID: | oval:org.mitre.oval:def:24522 | ||
Title: | Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries | ||
Description: | Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-0461 | Version: | 4 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:24523 | |||
Oval ID: | oval:org.mitre.oval:def:24523 | ||
Title: | Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, SE 7u51, and 8 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT | ||
Description: | Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, SE 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT, a different vulnerability than CVE-2014-0451. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-2412 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:24535 | |||
Oval ID: | oval:org.mitre.oval:def:24535 | ||
Title: | Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot | ||
Description: | Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-0456 | Version: | 4 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:24544 | |||
Oval ID: | oval:org.mitre.oval:def:24544 | ||
Title: | Unspecified vulnerability in Oracle Java SE 7u51 and 8, and JavaFX 2.2.51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors | ||
Description: | Unspecified vulnerability in Oracle Java SE 7u51 and 8, and JavaFX 2.2.51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-2422 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment JavaFX |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:24587 | |||
Oval ID: | oval:org.mitre.oval:def:24587 | ||
Title: | Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXB | ||
Description: | Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXB. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-2414 | Version: | 4 |
Platform(s): | Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:24591 | |||
Oval ID: | oval:org.mitre.oval:def:24591 | ||
Title: | Unspecified vulnerability in Oracle Java SE 8 allows remote attackers to affect confidentiality via unknown vectors related to Scripting | ||
Description: | Unspecified vulnerability in Oracle Java SE 8 allows remote attackers to affect confidentiality via unknown vectors related to Scripting, a different vulnerability than CVE-2014-0464. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-0463 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:24614 | |||
Oval ID: | oval:org.mitre.oval:def:24614 | ||
Title: | DEPRECATED: RHSA-2014:0889: java-1.7.0-openjdk security update (Critical) | ||
Description: | The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. (CVE-2014-4216, CVE-2014-4219) A format string flaw was discovered in the Hotspot component event logger in OpenJDK. An untrusted Java application or applet could use this flaw to crash the Java Virtual Machine or, potentially, execute arbitrary code with the privileges of the Java Virtual Machine. (CVE-2014-2490) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-4223, CVE-2014-4262, CVE-2014-2483) Multiple flaws were discovered in the JMX, Libraries, Security, and Serviceability components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-4209, CVE-2014-4218, CVE-2014-4221, CVE-2014-4252, CVE-2014-4266) It was discovered that the RSA algorithm in the Security component in OpenJDK did not sufficiently perform blinding while performing operations that were using private keys. An attacker able to measure timing differences of those operations could possibly leak information about the used keys. (CVE-2014-4244) The Diffie-Hellman (DH) key exchange algorithm implementation in the Security component in OpenJDK failed to validate public DH parameters properly. This could cause OpenJDK to accept and use weak parameters, allowing an attacker to recover the negotiated key. (CVE-2014-4263) The CVE-2014-4262 issue was discovered by Florian Weimer of Red Hat Product Security. Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2014:0889-00 CESA-2014:0889 CVE-2014-2483 CVE-2014-2490 CVE-2014-4209 CVE-2014-4216 CVE-2014-4218 CVE-2014-4219 CVE-2014-4221 CVE-2014-4223 CVE-2014-4244 CVE-2014-4252 CVE-2014-4262 CVE-2014-4263 CVE-2014-4266 | Version: | 4 |
Platform(s): | Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 CentOS Linux 6 CentOS Linux 7 | Product(s): | java-1.7.0-openjdk |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:24619 | |||
Oval ID: | oval:org.mitre.oval:def:24619 | ||
Title: | Unspecified vulnerability in Oracle Java SE 7u51 and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security | ||
Description: | Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-0454 | Version: | 4 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:24622 | |||
Oval ID: | oval:org.mitre.oval:def:24622 | ||
Title: | Unspecified vulnerability in Oracle Java SE 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX | ||
Description: | Unspecified vulnerability in Oracle Java SE 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-2410 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:24623 | |||
Oval ID: | oval:org.mitre.oval:def:24623 | ||
Title: | Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8 allows remote attackers to affect confidentiality via vectors related to JAXP | ||
Description: | Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality via vectors related to JAXP. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-2403 | Version: | 4 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:24636 | |||
Oval ID: | oval:org.mitre.oval:def:24636 | ||
Title: | Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS | ||
Description: | Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0452 and CVE-2014-0458. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-2423 | Version: | 4 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:24641 | |||
Oval ID: | oval:org.mitre.oval:def:24641 | ||
Title: | RHSA-2014:0407: java-1.7.0-openjdk security update (Important) | ||
Description: | The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2014-0429) Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-0457, CVE-2014-0455, CVE-2014-0461) Multiple improper permission check issues were discovered in the AWT, JAX-WS, JAXB, Libraries, Security, Sound, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-2402, CVE-2014-0446, CVE-2014-2413, CVE-2014-0454, CVE-2014-2427, CVE-2014-0459) Multiple flaws were identified in the Java Naming and Directory Interface (JNDI) DNS client. These flaws could make it easier for a remote attacker to perform DNS spoofing attacks. (CVE-2014-0460) It was discovered that the JAXP component did not properly prevent access to arbitrary files when a SecurityManager was present. This flaw could cause a Java application using JAXP to leak sensitive information, or affect application availability. (CVE-2014-2403) It was discovered that the Security component in OpenJDK could leak some timing information when performing PKCS#1 unpadding. This could possibly lead to the disclosure of some information that was meant to be protected by encryption. (CVE-2014-0453) It was discovered that the fix for CVE-2013-5797 did not properly resolve input sanitization flaws in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting (XSS) attacks. (CVE-2014-2398) An insecure temporary file use flaw was found in the way the unpack200 utility created log files. A local attacker could possibly use this flaw to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running unpack200. (CVE-2014-1876) All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2014:0407-00 CESA-2014:0407 CVE-2014-0429 CVE-2014-0446 CVE-2014-0451 CVE-2014-0452 CVE-2014-0453 CVE-2014-0454 CVE-2014-0455 CVE-2014-0456 CVE-2014-0457 CVE-2014-0458 CVE-2014-0459 CVE-2014-0460 CVE-2014-0461 CVE-2014-1876 CVE-2014-2397 CVE-2014-2398 CVE-2014-2402 CVE-2014-2403 CVE-2014-2412 CVE-2014-2413 CVE-2014-2414 CVE-2014-2421 CVE-2014-2423 CVE-2014-2427 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | java-1.7.0-openjdk |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:24646 | |||
Oval ID: | oval:org.mitre.oval:def:24646 | ||
Title: | Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Deployment | ||
Description: | Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Deployment. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-2409 | Version: | 4 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:24649 | |||
Oval ID: | oval:org.mitre.oval:def:24649 | ||
Title: | Unspecified vulnerability in Oracle Java SE 7u51 and 8 allows remote attackers to affect integrity via unknown vectors related to Libraries | ||
Description: | Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect integrity via unknown vectors related to Libraries. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-2413 | Version: | 4 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:24652 | |||
Oval ID: | oval:org.mitre.oval:def:24652 | ||
Title: | Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment | ||
Description: | Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-2428 | Version: | 4 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:24662 | |||
Oval ID: | oval:org.mitre.oval:def:24662 | ||
Title: | ELSA-2014:0407: java-1.7.0-openjdk security update (Important) | ||
Description: | The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2014-0429) Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-0457, CVE-2014-0455, CVE-2014-0461) Multiple improper permission check issues were discovered in the AWT, JAX-WS, JAXB, Libraries, Security, Sound, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-2402, CVE-2014-0446, CVE-2014-2413, CVE-2014-0454, CVE-2014-2427, CVE-2014-0459) Multiple flaws were identified in the Java Naming and Directory Interface (JNDI) DNS client. These flaws could make it easier for a remote attacker to perform DNS spoofing attacks. (CVE-2014-0460) It was discovered that the JAXP component did not properly prevent access to arbitrary files when a SecurityManager was present. This flaw could cause a Java application using JAXP to leak sensitive information, or affect application availability. (CVE-2014-2403) It was discovered that the Security component in OpenJDK could leak some timing information when performing PKCS#1 unpadding. This could possibly lead to the disclosure of some information that was meant to be protected by encryption. (CVE-2014-0453) It was discovered that the fix for CVE-2013-5797 did not properly resolve input sanitization flaws in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting (XSS) attacks. (CVE-2014-2398) An insecure temporary file use flaw was found in the way the unpack200 utility created log files. A local attacker could possibly use this flaw to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running unpack200. (CVE-2014-1876) All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2014:0407-00 CVE-2014-0429 CVE-2014-0446 CVE-2014-0451 CVE-2014-0452 CVE-2014-0453 CVE-2014-0454 CVE-2014-0455 CVE-2014-0456 CVE-2014-0457 CVE-2014-0458 CVE-2014-0459 CVE-2014-0460 CVE-2014-0461 CVE-2014-1876 CVE-2014-2397 CVE-2014-2398 CVE-2014-2402 CVE-2014-2403 CVE-2014-2412 CVE-2014-2413 CVE-2014-2414 CVE-2014-2421 CVE-2014-2423 CVE-2014-2427 | Version: | 5 |
Platform(s): | Oracle Linux 5 | Product(s): | java-1.7.0-openjdk |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:24666 | |||
Oval ID: | oval:org.mitre.oval:def:24666 | ||
Title: | RHSA-2014:0406: java-1.7.0-openjdk security update (Critical) | ||
Description: | The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2014-0429) Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-0457, CVE-2014-0455, CVE-2014-0461) Multiple improper permission check issues were discovered in the AWT, JAX-WS, JAXB, Libraries, Security, Sound, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-2402, CVE-2014-0446, CVE-2014-2413, CVE-2014-0454, CVE-2014-2427, CVE-2014-0459) Multiple flaws were identified in the Java Naming and Directory Interface (JNDI) DNS client. These flaws could make it easier for a remote attacker to perform DNS spoofing attacks. (CVE-2014-0460) It was discovered that the JAXP component did not properly prevent access to arbitrary files when a SecurityManager was present. This flaw could cause a Java application using JAXP to leak sensitive information, or affect application availability. (CVE-2014-2403) It was discovered that the Security component in OpenJDK could leak some timing information when performing PKCS#1 unpadding. This could possibly lead to the disclosure of some information that was meant to be protected by encryption. (CVE-2014-0453) It was discovered that the fix for CVE-2013-5797 did not properly resolve input sanitization flaws in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting (XSS) attacks. (CVE-2014-2398) An insecure temporary file use flaw was found in the way the unpack200 utility created log files. A local attacker could possibly use this flaw to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running unpack200. (CVE-2014-1876) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2014:0406-00 CESA-2014:0406 CVE-2014-0429 CVE-2014-0446 CVE-2014-0451 CVE-2014-0452 CVE-2014-0453 CVE-2014-0454 CVE-2014-0455 CVE-2014-0456 CVE-2014-0457 CVE-2014-0458 CVE-2014-0459 CVE-2014-0460 CVE-2014-0461 CVE-2014-1876 CVE-2014-2397 CVE-2014-2398 CVE-2014-2402 CVE-2014-2403 CVE-2014-2412 CVE-2014-2413 CVE-2014-2414 CVE-2014-2421 CVE-2014-2423 CVE-2014-2427 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 6 CentOS Linux 6 | Product(s): | java-1.7.0-openjdk |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:24672 | |||
Oval ID: | oval:org.mitre.oval:def:24672 | ||
Title: | Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D | ||
Description: | Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-0429 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment JRockit |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:24676 | |||
Oval ID: | oval:org.mitre.oval:def:24676 | ||
Title: | Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT | ||
Description: | Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT, a different vulnerability than CVE-2014-2412. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-0451 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:24686 | |||
Oval ID: | oval:org.mitre.oval:def:24686 | ||
Title: | Unspecified vulnerability in Oracle Java SE 7u51 and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries | ||
Description: | Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-0455 and CVE-2014-2402. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-0432 | Version: | 4 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:24694 | |||
Oval ID: | oval:org.mitre.oval:def:24694 | ||
Title: | DSA-2980-1 -- openjdk-6 - security update | ||
Description: | Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the executionof arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2980-1 CVE-2014-2490 CVE-2014-4209 CVE-2014-4216 CVE-2014-4218 CVE-2014-4219 CVE-2014-4244 CVE-2014-4252 CVE-2014-4262 CVE-2014-4263 CVE-2014-4266 CVE-2014-4268 | Version: | 5 |
Platform(s): | Debian GNU/Linux 7 Debian GNU/kFreeBSD 7 | Product(s): | openjdk-6 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:24709 | |||
Oval ID: | oval:org.mitre.oval:def:24709 | ||
Title: | Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; allows remote attackers to affect confidentiality and integrity via vectors related to JNDI | ||
Description: | Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via vectors related to JNDI. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-0460 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment JRockit |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:24719 | |||
Oval ID: | oval:org.mitre.oval:def:24719 | ||
Title: | Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS | ||
Description: | Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0458 and CVE-2014-2423. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-0452 | Version: | 4 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:24729 | |||
Oval ID: | oval:org.mitre.oval:def:24729 | ||
Title: | Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect integrity (CVE-2014-4208) | ||
Description: | Unspecified vulnerability in the Java SE component in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4220. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-4208 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment Java Development Kit |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:24751 | |||
Oval ID: | oval:org.mitre.oval:def:24751 | ||
Title: | DSA-2912-1 openjdk-6 - security update | ||
Description: | Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2912-1 CVE-2014-0429 CVE-2014-0446 CVE-2014-0451 CVE-2014-0452 CVE-2014-0453 CVE-2014-0456 CVE-2014-0457 CVE-2014-0458 CVE-2014-0459 CVE-2014-0460 CVE-2014-0461 CVE-2014-0462 CVE-2014-1876 CVE-2014-2397 CVE-2014-2398 CVE-2014-2403 CVE-2014-2405 CVE-2014-2412 CVE-2014-2414 CVE-2014-2421 CVE-2014-2423 CVE-2014-2427 | Version: | 5 |
Platform(s): | Debian GNU/Linux 6.0 Debian GNU/Linux 7 Debian GNU/kFreeBSD 6.0 Debian GNU/kFreeBSD 7 | Product(s): | openjdk-6 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:24806 | |||
Oval ID: | oval:org.mitre.oval:def:24806 | ||
Title: | Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability (CVE-2014-4262) | ||
Description: | Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-4262 | Version: | 8 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment Java Development Kit |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:24827 | |||
Oval ID: | oval:org.mitre.oval:def:24827 | ||
Title: | Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality (CVE-2014-4268) | ||
Description: | Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Swing. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-4268 | Version: | 8 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment Java Development Kit |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:24828 | |||
Oval ID: | oval:org.mitre.oval:def:24828 | ||
Title: | Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect integrity (CVE-2014-4218) | ||
Description: | Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect integrity via unknown vectors related to Libraries. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-4218 | Version: | 8 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment Java Development Kit |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:24873 | |||
Oval ID: | oval:org.mitre.oval:def:24873 | ||
Title: | Unspecified vulnerability in Oracle Java SE 7u60 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries (CVE-2014-4223) | ||
Description: | Unspecified vulnerability in Oracle Java SE 7u60 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-2483. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-4223 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment Java Development Kit |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:24880 | |||
Oval ID: | oval:org.mitre.oval:def:24880 | ||
Title: | RHSA-2014:0675: java-1.7.0-openjdk security update (Critical) | ||
Description: | The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2014-0429) Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-0457, CVE-2014-0455, CVE-2014-0461) Multiple improper permission check issues were discovered in the AWT, JAX-WS, JAXB, Libraries, Security, Sound, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-2402, CVE-2014-0446, CVE-2014-2413, CVE-2014-0454, CVE-2014-2427, CVE-2014-0459) Multiple flaws were identified in the Java Naming and Directory Interface (JNDI) DNS client. These flaws could make it easier for a remote attacker to perform DNS spoofing attacks. (CVE-2014-0460) It was discovered that the JAXP component did not properly prevent access to arbitrary files when a SecurityManager was present. This flaw could cause a Java application using JAXP to leak sensitive information, or affect application availability. (CVE-2014-2403) It was discovered that the Security component in OpenJDK could leak some timing information when performing PKCS#1 unpadding. This could possibly lead to the disclosure of some information that was meant to be protected by encryption. (CVE-2014-0453) It was discovered that the fix for CVE-2013-5797 did not properly resolve input sanitization flaws in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting (XSS) attacks. (CVE-2014-2398) An insecure temporary file use flaw was found in the way the unpack200 utility created log files. A local attacker could possibly use this flaw to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running unpack200. (CVE-2014-1876) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2014:0675-00 CVE-2014-0429 CVE-2014-0446 CVE-2014-0451 CVE-2014-0452 CVE-2014-0453 CVE-2014-0454 CVE-2014-0455 CVE-2014-0456 CVE-2014-0457 CVE-2014-0458 CVE-2014-0459 CVE-2014-0460 CVE-2014-0461 CVE-2014-1876 CVE-2014-2397 CVE-2014-2398 CVE-2014-2402 CVE-2014-2403 CVE-2014-2412 CVE-2014-2413 CVE-2014-2414 CVE-2014-2421 CVE-2014-2423 CVE-2014-2427 | Version: | 4 |
Platform(s): | Red Hat Enterprise Linux 7 CentOS Linux 7 | Product(s): | java-1.7.0-openjdk |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:24964 | |||
Oval ID: | oval:org.mitre.oval:def:24964 | ||
Title: | DEPRECATED: RHSA-2014:0890: java-1.7.0-openjdk security update (Important) | ||
Description: | The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. (CVE-2014-4216, CVE-2014-4219) A format string flaw was discovered in the Hotspot component event logger in OpenJDK. An untrusted Java application or applet could use this flaw to crash the Java Virtual Machine or, potentially, execute arbitrary code with the privileges of the Java Virtual Machine. (CVE-2014-2490) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-4223, CVE-2014-4262, CVE-2014-2483) Multiple flaws were discovered in the JMX, Libraries, Security, and Serviceability components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-4209, CVE-2014-4218, CVE-2014-4221, CVE-2014-4252, CVE-2014-4266) It was discovered that the RSA algorithm in the Security component in OpenJDK did not sufficiently perform blinding while performing operations that were using private keys. An attacker able to measure timing differences of those operations could possibly leak information about the used keys. (CVE-2014-4244) The Diffie-Hellman (DH) key exchange algorithm implementation in the Security component in OpenJDK failed to validate public DH parameters properly. This could cause OpenJDK to accept and use weak parameters, allowing an attacker to recover the negotiated key. (CVE-2014-4263) The CVE-2014-4262 issue was discovered by Florian Weimer of Red Hat Product Security. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2014:0890-00 CESA-2014:0890 CVE-2014-2483 CVE-2014-2490 CVE-2014-4209 CVE-2014-4216 CVE-2014-4218 CVE-2014-4219 CVE-2014-4221 CVE-2014-4223 CVE-2014-4244 CVE-2014-4252 CVE-2014-4262 CVE-2014-4263 CVE-2014-4266 | Version: | 4 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | java-1.7.0-openjdk |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:24985 | |||
Oval ID: | oval:org.mitre.oval:def:24985 | ||
Title: | Unspecified vulnerability in Oracle Java SE 7u60 and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries (CVE-2014-2483) | ||
Description: | Unspecified vulnerability in the Java SE component in Oracle Java SE Java SE 7u60 and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-4223. NOTE: the previous information is from the July 2014 CPU. Oracle has not commented on another vendor's claim that the issue is related to improper restriction of the "use of privileged annotations." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-2483 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment Java Development Kit |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:25066 | |||
Oval ID: | oval:org.mitre.oval:def:25066 | ||
Title: | Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and R28.3.2, allows remote attackers to affect confidentiality and integrity (CVE-2014-4263) | ||
Description: | Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and R28.3.2, allows remote attackers to affect confidentiality and integrity via unknown vectors related to "Diffie-Hellman key agreement." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-4263 | Version: | 8 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment Java Development Kit |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:25092 | |||
Oval ID: | oval:org.mitre.oval:def:25092 | ||
Title: | Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability (CVE-2014-4219) | ||
Description: | Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-4219 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment Java Development Kit |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:25104 | |||
Oval ID: | oval:org.mitre.oval:def:25104 | ||
Title: | Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect integrity (CVE-2014-4220) | ||
Description: | Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4208. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-4220 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment Java Development Kit |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:25136 | |||
Oval ID: | oval:org.mitre.oval:def:25136 | ||
Title: | Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality and integrity (CVE-2014-4209) | ||
Description: | Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality and integrity via vectors related to JMX. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-4209 | Version: | 8 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment Java Development Kit |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:25149 | |||
Oval ID: | oval:org.mitre.oval:def:25149 | ||
Title: | Unspecified vulnerability in Oracle Java SE 8u5 allows remote attackers to affect confidentiality, integrity, and availability (CVE-2014-4247) | ||
Description: | Unspecified vulnerability in Oracle Java SE 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-4247 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment Java Development Kit |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:25154 | |||
Oval ID: | oval:org.mitre.oval:def:25154 | ||
Title: | Unspecified vulnerability in Oracle Java SE 7u60 and SE 8u5 allows remote attackers to affect confidentiality, integrity, and availability | ||
Description: | Unspecified vulnerability in the Java SE component in Oracle Java SE 7u60 and SE 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-2490 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment Java Development Kit |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:25160 | |||
Oval ID: | oval:org.mitre.oval:def:25160 | ||
Title: | Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability (CVE-2014-4216) | ||
Description: | Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-4216 | Version: | 8 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment Java Development Kit |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:25202 | |||
Oval ID: | oval:org.mitre.oval:def:25202 | ||
Title: | Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect integrity (CVE-2014-4266) | ||
Description: | Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect integrity via unknown vectors related to Serviceability. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-4266 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment Java Development Kit |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:25203 | |||
Oval ID: | oval:org.mitre.oval:def:25203 | ||
Title: | Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect integrity (CVE-2014-4265) | ||
Description: | Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect integrity via unknown vectors related to Deployment. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-4265 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment Java Development Kit |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:25216 | |||
Oval ID: | oval:org.mitre.oval:def:25216 | ||
Title: | Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect availability (CVE-2014-4264) | ||
Description: | Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect availability via unknown vectors related to Security. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-4264 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment Java Development Kit |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:25220 | |||
Oval ID: | oval:org.mitre.oval:def:25220 | ||
Title: | RHSA-2014:0685: java-1.6.0-openjdk security update (Important) | ||
Description: | The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2014-0429) Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-0457, CVE-2014-0461) Multiple improper permission check issues were discovered in the AWT, JAX-WS, JAXB, Libraries, and Sound components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-0446, CVE-2014-2427) Multiple flaws were identified in the Java Naming and Directory Interface (JNDI) DNS client. These flaws could make it easier for a remote attacker to perform DNS spoofing attacks. (CVE-2014-0460) It was discovered that the JAXP component did not properly prevent access to arbitrary files when a SecurityManager was present. This flaw could cause a Java application using JAXP to leak sensitive information, or affect application availability. (CVE-2014-2403) It was discovered that the Security component in OpenJDK could leak some timing information when performing PKCS#1 unpadding. This could possibly lead to the disclosure of some information that was meant to be protected by encryption. (CVE-2014-0453) It was discovered that the fix for CVE-2013-5797 did not properly resolve input sanitization flaws in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting (XSS) attacks. (CVE-2014-2398) An insecure temporary file use flaw was found in the way the unpack200 utility created log files. A local attacker could possibly use this flaw to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running unpack200. (CVE-2014-1876) All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2014:0685-00 CVE-2014-0429 CVE-2014-0446 CVE-2014-0451 CVE-2014-0452 CVE-2014-0453 CVE-2014-0456 CVE-2014-0457 CVE-2014-0458 CVE-2014-0460 CVE-2014-0461 CVE-2014-1876 CVE-2014-2397 CVE-2014-2398 CVE-2014-2403 CVE-2014-2412 CVE-2014-2414 CVE-2014-2421 CVE-2014-2423 CVE-2014-2427 | Version: | 4 |
Platform(s): | Red Hat Enterprise Linux 7 CentOS Linux 7 | Product(s): | java-1.6.0-openjdk |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:25224 | |||
Oval ID: | oval:org.mitre.oval:def:25224 | ||
Title: | Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and JRockit R28.3.2, allows remote attackers to affect confidentiality and integrity (CVE-2014-4244) | ||
Description: | Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and JRockit R28.3.2, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-4244 | Version: | 8 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment Java Development Kit |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:25249 | |||
Oval ID: | oval:org.mitre.oval:def:25249 | ||
Title: | RHSA-2014:0890: java-1.7.0-openjdk security update (Important) | ||
Description: | The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. (CVE-2014-4216, CVE-2014-4219) A format string flaw was discovered in the Hotspot component event logger in OpenJDK. An untrusted Java application or applet could use this flaw to crash the Java Virtual Machine or, potentially, execute arbitrary code with the privileges of the Java Virtual Machine. (CVE-2014-2490) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-4223, CVE-2014-4262, CVE-2014-2483) Multiple flaws were discovered in the JMX, Libraries, Security, and Serviceability components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-4209, CVE-2014-4218, CVE-2014-4221, CVE-2014-4252, CVE-2014-4266) It was discovered that the RSA algorithm in the Security component in OpenJDK did not sufficiently perform blinding while performing operations that were using private keys. An attacker able to measure timing differences of those operations could possibly leak information about the used keys. (CVE-2014-4244) The Diffie-Hellman (DH) key exchange algorithm implementation in the Security component in OpenJDK failed to validate public DH parameters properly. This could cause OpenJDK to accept and use weak parameters, allowing an attacker to recover the negotiated key. (CVE-2014-4263) The CVE-2014-4262 issue was discovered by Florian Weimer of Red Hat Product Security. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2014:0890-00 CESA-2014:0890 CVE-2014-2483 CVE-2014-2490 CVE-2014-4209 CVE-2014-4216 CVE-2014-4218 CVE-2014-4219 CVE-2014-4221 CVE-2014-4223 CVE-2014-4244 CVE-2014-4252 CVE-2014-4262 CVE-2014-4263 CVE-2014-4266 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | java-1.7.0-openjdk |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:25250 | |||
Oval ID: | oval:org.mitre.oval:def:25250 | ||
Title: | Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability (CVE-2014-4227) | ||
Description: | Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-4227 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment Java Development Kit |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:25273 | |||
Oval ID: | oval:org.mitre.oval:def:25273 | ||
Title: | Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality (CVE-2014-4252) | ||
Description: | Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Security. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-4252 | Version: | 8 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment Java Development Kit |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:25281 | |||
Oval ID: | oval:org.mitre.oval:def:25281 | ||
Title: | Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect confidentiality (CVE-2014-4221) | ||
Description: | Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Libraries. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-4221 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment Java Development Kit |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:25312 | |||
Oval ID: | oval:org.mitre.oval:def:25312 | ||
Title: | RHSA-2014:0902: java-1.7.0-oracle security update (Critical) | ||
Description: | Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2014-4219, CVE-2014-2490, CVE-2014-4216, CVE-2014-4223, CVE-2014-4262, CVE-2014-2483, CVE-2014-4209, CVE-2014-4218, CVE-2014-4252, CVE-2014-4266, CVE-2014-4221, CVE-2014-4244, CVE-2014-4263, CVE-2014-4227, CVE-2014-4265, CVE-2014-4220, CVE-2014-4208, CVE-2014-4264) The CVE-2014-4262 issue was discovered by Florian Weimer of Red Hat Product Security. Note: The way in which the Oracle Java SE packages are delivered has changed. They now reside in a separate channel/repository that requires action from the user to perform prior to getting updated packages. For information on subscribing to the new channel/repository please refer to: https://access.redhat.com/solutions/732883 All users of java-1.7.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 7 Update 65 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2014:0902-00 CVE-2014-2483 CVE-2014-2490 CVE-2014-4208 CVE-2014-4209 CVE-2014-4216 CVE-2014-4218 CVE-2014-4219 CVE-2014-4220 CVE-2014-4221 CVE-2014-4223 CVE-2014-4227 CVE-2014-4244 CVE-2014-4252 CVE-2014-4262 CVE-2014-4263 CVE-2014-4264 CVE-2014-4265 CVE-2014-4266 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 5 | Product(s): | java-1.7.0-oracle |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:25315 | |||
Oval ID: | oval:org.mitre.oval:def:25315 | ||
Title: | SUSE-SU-2014:0639-1 -- Security update for OpenJDK | ||
Description: | This java-1_7_0-openjdk update to version 2.4.7 fixes the following security and non-security issues: * Security fixes o S8023046: Enhance splashscreen support o S8025005: Enhance CORBA initializations o S8025010, CVE-2014-2412: Enhance AWT contexts o S8025030, CVE-2014-2414: Enhance stream handling o S8025152, CVE-2014-0458: Enhance activation set up o S8026067: Enhance signed jar verification o S8026163, CVE-2014-2427: Enhance media provisioning o S8026188, CVE-2014-2423: Enhance envelope factory o S8026200: Enhance RowSet Factory o S8026716, CVE-2014-2402: (aio) Enhance asynchronous channel handling o S8026736, CVE-2014-2398: Enhance Javadoc pages o S8026797, CVE-2014-0451: Enhance data transfers o S8026801, CVE-2014-0452: Enhance endpoint addressing o S8027766, CVE-2014-0453: Enhance RSA processing o S8027775: Enhance ICU code. o S8027841, CVE-2014-0429: Enhance pixel manipulations o S8028385: Enhance RowSet Factory o S8029282, CVE-2014-2403: Enhance CharInfo set up o S8029286: Enhance subject delegation o S8029699: Update Poller demo o S8029730: Improve audio device additions o S8029735: Enhance service mgmt natives o S8029740, CVE-2014-0446: Enhance handling of loggers o S8029745, CVE-2014-0454: Enhance algorithm checking o S8029750: Enhance LCMS color processing (in-tree LCMS) o S8029760, CVE-2013-6629: Enhance AWT image libraries (in-tree libjpeg) o S8029844, CVE-2014-0455: Enhance argument validation o S8029854, CVE-2014-2421: Enhance JPEG decodings o S8029858, CVE-2014-0456: Enhance array copies o S8030731, CVE-2014-0460: Improve name service robustness o S8031330: Refactor ObjectFactory o S8031335, CVE-2014-0459: Better color profiling (in-tree LCMS) o S8031352, CVE-2013-6954: Enhance PNG handling (in-tree libpng) o S8031394, CVE-2014-0457: (sl) Fix exception handling in ServiceLoader o S8031395: Enhance LDAP processing o S8032686, CVE-2014-2413: Issues with method invoke o S8033618, CVE-2014-1876: Correct logging output o S8034926, CVE-2014-2397: Attribute classes properly o S8036794, CVE-2014-0461: Manage JavaScript instances * Backports o S8004145: New improved hgforest.sh, ctrl-c now properly terminates mercurial processes. o S8007625: race with nested repos in /common/bin/hgforest.sh o S8011178: improve common/bin/hgforest.sh python detection (MacOS) o S8011342: hgforest.sh : 'python --version' not supported on older python o S8011350: hgforest.sh uses non-POSIX sh features that may fail with some shells o S8024200: handle hg wrapper with space after #! o S8025796: hgforest.sh could trigger unbuffered output from hg without complicated machinations o S8028388: 9 jaxws tests failed in nightly build with java.lang.ClassCastException o S8031477: [macosx] Loading AWT native library fails o S8032370: No "Truncated file" warning from IIOReadWarningListener on JPEGImageReader o S8035834: InetAddress.getLocalHost() can hang after JDK-8030731 was fixed * Bug fixes o PR1393: JPEG support in build is broken on non-system-libjpeg builds o PR1726: configure fails looking for ecj.jar before even trying to find javac o Red Hat local: Fix for repo with path statting with / . o Remove unused hgforest script | ||
Family: | unix | Class: | patch |
Reference(s): | SUSE-SU-2014:0639-1 CVE-2014-2412 CVE-2014-2414 CVE-2014-0458 CVE-2014-2427 CVE-2014-2423 CVE-2014-2402 CVE-2014-2398 CVE-2014-0451 CVE-2014-0452 CVE-2014-0453 CVE-2014-0429 CVE-2014-2403 CVE-2014-0446 CVE-2014-0454 CVE-2013-6629 CVE-2014-0455 CVE-2014-2421 CVE-2014-0456 CVE-2014-0460 CVE-2014-0459 CVE-2013-6954 CVE-2014-0457 CVE-2014-2413 CVE-2014-1876 CVE-2014-2397 CVE-2014-0461 | Version: | 3 |
Platform(s): | SUSE Linux Enterprise Desktop 11 | Product(s): | OpenJDK |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:25358 | |||
Oval ID: | oval:org.mitre.oval:def:25358 | ||
Title: | RHSA-2014:0907: java-1.6.0-openjdk security and bug fix update (Important) | ||
Description: | The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. (CVE-2014-4216, CVE-2014-4219) A format string flaw was discovered in the Hotspot component event logger in OpenJDK. An untrusted Java application or applet could use this flaw to crash the Java Virtual Machine or, potentially, execute arbitrary code with the privileges of the Java Virtual Machine. (CVE-2014-2490) An improper permission check issue was discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2014-4262) Multiple flaws were discovered in the JMX, Libraries, Security, and Serviceability components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-4209, CVE-2014-4218, CVE-2014-4252, CVE-2014-4266) It was discovered that the RSA algorithm in the Security component in OpenJDK did not sufficiently perform blinding while performing operations that were using private keys. An attacker able to measure timing differences of those operations could possibly leak information about the used keys. (CVE-2014-4244) The Diffie-Hellman (DH) key exchange algorithm implementation in the Security component in OpenJDK failed to validate public DH parameters properly. This could cause OpenJDK to accept and use weak parameters, allowing an attacker to recover the negotiated key. (CVE-2014-4263) The CVE-2014-4262 issue was discovered by Florian Weimer of Red Hat Product Security. This update also fixes the following bug: * Prior to this update, an application accessing an unsynchronized HashMap could potentially enter an infinite loop and consume an excessive amount of CPU resources. This update resolves this issue. (BZ#1115580) All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2014:0907-00 CESA-2014:0907 CVE-2014-2490 CVE-2014-4209 CVE-2014-4216 CVE-2014-4218 CVE-2014-4219 CVE-2014-4244 CVE-2014-4252 CVE-2014-4262 CVE-2014-4263 CVE-2014-4266 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 CentOS Linux 5 CentOS Linux 6 CentOS Linux 7 | Product(s): | java-1.6.0-openjdk |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:25428 | |||
Oval ID: | oval:org.mitre.oval:def:25428 | ||
Title: | RHSA-2014:0908: java-1.6.0-sun security update (Important) | ||
Description: | Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch page, listed in the References section. (CVE-2014-4219, CVE-2014-4216, CVE-2014-4262, CVE-2014-4209, CVE-2014-4218, CVE-2014-4252, CVE-2014-4244, CVE-2014-4263, CVE-2014-4227, CVE-2014-4265) The CVE-2014-4262 issue was discovered by Florian Weimer of Red Hat Product Security. Note: The way in which the Oracle Java SE packages are delivered has changed. They now reside in a separate channel/repository that requires action from the user to perform prior to getting updated packages. For information on subscribing to the new channel/repository please refer to: https://access.redhat.com/solutions/732883 All users of java-1.6.0-sun are advised to upgrade to these updated packages, which provide Oracle Java 6 Update 81 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2014:0908-00 CVE-2014-4209 CVE-2014-4216 CVE-2014-4218 CVE-2014-4219 CVE-2014-4227 CVE-2014-4244 CVE-2014-4252 CVE-2014-4262 CVE-2014-4263 CVE-2014-4265 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 | Product(s): | java-1.6.0-sun |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:25648 | |||
Oval ID: | oval:org.mitre.oval:def:25648 | ||
Title: | DSA-2987-1 -- openjdk-7 - security update | ||
Description: | Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2987-1 CVE-2014-2483 CVE-2014-2490 CVE-2014-4209 CVE-2014-4216 CVE-2014-4218 CVE-2014-4219 CVE-2014-4221 CVE-2014-4223 CVE-2014-4244 CVE-2014-4252 CVE-2014-4262 CVE-2014-4263 CVE-2014-4264 CVE-2014-4266 CVE-2014-4268 | Version: | 5 |
Platform(s): | Debian GNU/Linux 7 Debian GNU/kFreeBSD 7 | Product(s): | openjdk-7 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:26067 | |||
Oval ID: | oval:org.mitre.oval:def:26067 | ||
Title: | USN-2319-3 -- openjdk-7 update | ||
Description: | This update provides stability updates for OpenJDK 7. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-2319-3 CVE-2014-2483 CVE-2014-2490 CVE-2014-4216 CVE-2014-4219 CVE-2014-4223 CVE-2014-4262 CVE-2014-4209 CVE-2014-4244 CVE-2014-4263 CVE-2014-4218 CVE-2014-4266 CVE-2014-4264 CVE-2014-4221 CVE-2014-4252 CVE-2014-4268 | Version: | 3 |
Platform(s): | Ubuntu 14.04 | Product(s): | openjdk-7 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:26182 | |||
Oval ID: | oval:org.mitre.oval:def:26182 | ||
Title: | SUSE-SU-2014:0961-1 -- Security update for openjdk | ||
Description: | This Critical Patch Update contains 20 new security fixes for Oracle Java SE. | ||
Family: | unix | Class: | patch |
Reference(s): | SUSE-SU-2014:0961-1 CVE-2014-4227 CVE-2014-4219 CVE-2014-2490 CVE-2014-4216 CVE-2014-4247 CVE-2014-2483 CVE-2014-4223 CVE-2014-4262 CVE-2014-4209 CVE-2014-4265 CVE-2014-4220 CVE-2014-4218 CVE-2014-4252 CVE-2014-4266 CVE-2014-4268 CVE-2014-4264 CVE-2014-4221 CVE-2014-4244 CVE-2014-4263 CVE-2014-4208 | Version: | 3 |
Platform(s): | SUSE Linux Enterprise Desktop 11 | Product(s): | openjdk |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:26198 | |||
Oval ID: | oval:org.mitre.oval:def:26198 | ||
Title: | USN-2319-2 -- openjdk-7 regression | ||
Description: | USN-2319-1 introduced a regression in OpenJDK 7. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-2319-2 CVE-2014-2483 CVE-2014-2490 CVE-2014-4216 CVE-2014-4219 CVE-2014-4223 CVE-2014-4262 CVE-2014-4209 CVE-2014-4244 CVE-2014-4263 CVE-2014-4218 CVE-2014-4266 CVE-2014-4264 CVE-2014-4221 CVE-2014-4252 CVE-2014-4268 | Version: | 3 |
Platform(s): | Ubuntu 14.04 | Product(s): | openjdk-7 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:26257 | |||
Oval ID: | oval:org.mitre.oval:def:26257 | ||
Title: | HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
Description: | Unspecified vulnerability in Oracle Java SE 5.0u61, SE 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2014-0457 | Version: | 8 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:26513 | |||
Oval ID: | oval:org.mitre.oval:def:26513 | ||
Title: | USN-2319-1 -- openjdk-7 vulnerabilities | ||
Description: | Several security issues were fixed in OpenJDK 7. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-2319-1 CVE-2014-2483 CVE-2014-2490 CVE-2014-4216 CVE-2014-4219 CVE-2014-4223 CVE-2014-4262 CVE-2014-4209 CVE-2014-4244 CVE-2014-4263 CVE-2014-4218 CVE-2014-4266 CVE-2014-4264 CVE-2014-4221 CVE-2014-4252 CVE-2014-4268 | Version: | 3 |
Platform(s): | Ubuntu 14.04 | Product(s): | openjdk-7 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:26557 | |||
Oval ID: | oval:org.mitre.oval:def:26557 | ||
Title: | SUSE-SU-2014:1055-1 -- Security update for IBM Java | ||
Description: | java-1_6_0-ibm has been updated to fix several security issues. | ||
Family: | unix | Class: | patch |
Reference(s): | SUSE-SU-2014:1055-1 CVE-2014-4227 CVE-2014-4262 CVE-2014-4219 CVE-2014-4209 CVE-2014-4268 CVE-2014-4218 CVE-2014-4252 CVE-2014-4265 CVE-2014-4263 CVE-2014-4244 | Version: | 3 |
Platform(s): | SUSE Linux Enterprise Server 11 | Product(s): | IBM Java |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:26653 | |||
Oval ID: | oval:org.mitre.oval:def:26653 | ||
Title: | HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
Description: | Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2014-0429 | Version: | 8 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:26705 | |||
Oval ID: | oval:org.mitre.oval:def:26705 | ||
Title: | SUSE-SU-2014:1037-1 -- Security update for IBM Java 1.7.0 | ||
Description: | IBM Java 1.7.0 has been updated to fix 14 security issues. | ||
Family: | unix | Class: | patch |
Reference(s): | SUSE-SU-2014:1037-1 CVE-2014-4227 CVE-2014-4262 CVE-2014-4219 CVE-2014-4209 CVE-2014-4220 CVE-2014-4268 CVE-2014-4218 CVE-2014-4252 CVE-2014-4266 CVE-2014-4265 CVE-2014-4221 CVE-2014-4263 CVE-2014-4244 CVE-2014-4208 | Version: | 3 |
Platform(s): | SUSE Linux Enterprise Server 11 | Product(s): | IBM Java 1.7.0 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:26796 | |||
Oval ID: | oval:org.mitre.oval:def:26796 | ||
Title: | ELSA-2014-1633 -- java-1.7.0-openjdk security and bug fix update | ||
Description: | [1:1.7.0.71-2.5.3.1.0.1.el5_11] - Add oracle-enterprise.patch - Fix DISTRO_NAME to 'Enterprise Linux' [1:1.7.0.71-2.5.3.1] - Bump to 2.5.3 with security updates. - Remove obsolete patches which are now included upstream. - Disable LCMS via environment variables rather than maintaining a patch. - Resolves: rhbz#1148890 | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2014-1633 CVE-2014-6457 CVE-2014-6502 CVE-2014-6504 CVE-2014-6506 CVE-2014-6511 CVE-2014-6512 CVE-2014-6517 CVE-2014-6519 CVE-2014-6531 CVE-2014-6558 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | java-1.7.0-openjdk |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:26866 | |||
Oval ID: | oval:org.mitre.oval:def:26866 | ||
Title: | DEPRECATED: SUSE-SU-2014:1037-1 -- Security update for IBM Java 1.7.0 | ||
Description: | IBM Java 1.7.0 has been updated to fix 14 security issues. | ||
Family: | unix | Class: | patch |
Reference(s): | SUSE-SU-2014:1037-1 CVE-2014-4227 CVE-2014-4262 CVE-2014-4219 CVE-2014-4209 CVE-2014-4220 CVE-2014-4268 CVE-2014-4218 CVE-2014-4252 CVE-2014-4266 CVE-2014-4265 CVE-2014-4221 CVE-2014-4263 CVE-2014-4244 CVE-2014-4208 | Version: | 4 |
Platform(s): | SUSE Linux Enterprise Server 11 | Product(s): | IBM Java 1.7.0 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:26947 | |||
Oval ID: | oval:org.mitre.oval:def:26947 | ||
Title: | RHSA-2014:1636: java-1.8.0-openjdk security update (Important) | ||
Description: | The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. It was discovered that the Libraries component in OpenJDK failed to properly handle ZIP archives that contain entries with a NUL byte used in the file names. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2014-6562) Multiple flaws were discovered in the Libraries, 2D, and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-6506, CVE-2014-6531, CVE-2014-6502, CVE-2014-6511, CVE-2014-6504, CVE-2014-6519) It was discovered that the StAX XML parser in the JAXP component in OpenJDK performed expansion of external parameter entities even when external entity substitution was disabled. A remote attacker could use this flaw to perform XML eXternal Entity (XXE) attack against applications using the StAX parser to parse untrusted XML documents. (CVE-2014-6517) It was discovered that the Hotspot component in OpenJDK failed to properly handle malformed Shared Archive files. A local attacker able to modify a Shared Archive file used by a virtual machine of a different user could possibly use this flaw to escalate their privileges. (CVE-2014-6468) It was discovered that the DatagramSocket implementation in OpenJDK failed to perform source address checks for packets received on a connected socket. A remote attacker could use this flaw to have their packets processed as if they were received from the expected source. (CVE-2014-6512) It was discovered that the TLS/SSL implementation in the JSSE component in OpenJDK failed to properly verify the server identity during the renegotiation following session resumption, making it possible for malicious TLS/SSL servers to perform a Triple Handshake attack against clients using JSSE and client certificate authentication. (CVE-2014-6457) It was discovered that the CipherInputStream class implementation in OpenJDK did not properly handle certain exceptions. This could possibly allow an attacker to affect the integrity of an encrypted stream handled by this class. (CVE-2014-6558) The CVE-2014-6512 was discovered by Florian Weimer of Red Hat Product Security. All users of java-1.8.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2014:1636-00 CVE-2014-6457 CVE-2014-6468 CVE-2014-6502 CVE-2014-6504 CVE-2014-6506 CVE-2014-6511 CVE-2014-6512 CVE-2014-6517 CVE-2014-6519 CVE-2014-6531 CVE-2014-6558 CVE-2014-6562 CESA-2014:1636 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 6 CentOS Linux 6 | Product(s): | java-1.8.0-openjdk |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:26967 | |||
Oval ID: | oval:org.mitre.oval:def:26967 | ||
Title: | DEPRECATED: SUSE-SU-2014:1055-1 -- Security update for IBM Java | ||
Description: | java-1_6_0-ibm has been updated to fix several security issues. | ||
Family: | unix | Class: | patch |
Reference(s): | SUSE-SU-2014:1055-1 CVE-2014-4227 CVE-2014-4262 CVE-2014-4219 CVE-2014-4209 CVE-2014-4268 CVE-2014-4218 CVE-2014-4252 CVE-2014-4265 CVE-2014-4263 CVE-2014-4244 | Version: | 4 |
Platform(s): | SUSE Linux Enterprise Server 11 | Product(s): | IBM Java |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:26995 | |||
Oval ID: | oval:org.mitre.oval:def:26995 | ||
Title: | ELSA-2014-0890 -- java-1.7.0-openjdk security update (important) | ||
Description: | [1.7.0.65-2.5.1.2.0.1.el5_10] - Add oracle-enterprise.patch - Fix DISTRO_NAME to 'Enterprise Linux' [1.7.0.65-2.5.1.2] - added and applied fix for samrtcard io patch405, pr1864_smartcardIO.patch - Resolves: rhbz#1115872 [1.7.0.65-2.5.1.1.el5] - updated to security patched icedtea7-forest 2.5.1 - Resolves: rhbz#1115872 [1.7.0.60-2.5.0.1.el5] - update to icedtea7-forest 2.5.0 (rh1114937) - Resolves: rhbz#1115872 | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2014-0890 CVE-2014-2483 CVE-2014-2490 CVE-2014-4209 CVE-2014-4216 CVE-2014-4218 CVE-2014-4219 CVE-2014-4221 CVE-2014-4223 CVE-2014-4244 CVE-2014-4252 CVE-2014-4262 CVE-2014-4263 CVE-2014-4266 | Version: | 5 |
Platform(s): | Oracle Linux 5 | Product(s): | java-1.7.0-openjdk |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27028 | |||
Oval ID: | oval:org.mitre.oval:def:27028 | ||
Title: | USN-2388-2 -- OpenJDK 7 vulnerabilities | ||
Description: | USN-2388-1 fixed vulnerabilities in OpenJDK 7 for Ubuntu 14.04 LTS. This update provides the corresponding updates for Ubuntu 14.10. Original advisory details: A vulnerability was discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit this to expose sensitive data over the network. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-6457">CVE-2014-6457</a>) Several vulnerabilities were discovered in the OpenJDK JRE related to data integrity. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-6502">CVE-2014-6502</a>, <a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-6512">CVE-2014-6512</a>, <a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-6519">CVE-2014-6519</a>, <a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-6527">CVE-2014-6527</a>, <a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-6558">CVE-2014-6558</a>) Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure. An attacker could exploit these to expose sensitive data over the network. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-6504">CVE-2014-6504</a>, <a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-6511">CVE-2014-6511</a>, <a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-6517">CVE-2014-6517</a>, <a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-6531">CVE-2014-6531</a>) Two vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-6506">CVE-2014-6506</a>, <a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-6513">CVE-2014-6513</a>) | ||
Family: | unix | Class: | patch |
Reference(s): | USN-2388-2 CVE-2014-6457 CVE-2014-6502 CVE-2014-6512 CVE-2014-6519 CVE-2014-6527 CVE-2014-6558 CVE-2014-6504 CVE-2014-6511 CVE-2014-6517 CVE-2014-6531 CVE-2014-6506 CVE-2014-6513 | Version: | 3 |
Platform(s): | Ubuntu 14.10 | Product(s): | openjdk-7 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27128 | |||
Oval ID: | oval:org.mitre.oval:def:27128 | ||
Title: | USN-2386-1 -- OpenJDK 6 vulnerabilities | ||
Description: | A vulnerability was discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit this to expose sensitive data over the network. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-6457">CVE-2014-6457</a>) Several vulnerabilities were discovered in the OpenJDK JRE related to data integrity. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-6502">CVE-2014-6502</a>, <a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-6512">CVE-2014-6512</a>, <a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-6519">CVE-2014-6519</a>, <a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-6558">CVE-2014-6558</a>) Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure. An attacker could exploit these to expose sensitive data over the network. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-6504">CVE-2014-6504</a>, <a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-6511">CVE-2014-6511</a>, <a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-6517">CVE-2014-6517</a>, <a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-6531">CVE-2014-6531</a>) Two vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-6506">CVE-2014-6506</a>, <a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-6513">CVE-2014-6513</a>) | ||
Family: | unix | Class: | patch |
Reference(s): | USN-2386-1 CVE-2014-6457 CVE-2014-6502 CVE-2014-6512 CVE-2014-6519 CVE-2014-6558 CVE-2014-6504 CVE-2014-6511 CVE-2014-6517 CVE-2014-6531 CVE-2014-6506 CVE-2014-6513 | Version: | 3 |
Platform(s): | Ubuntu 12.04 Ubuntu 10.04 | Product(s): | openjdk-6 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27144 | |||
Oval ID: | oval:org.mitre.oval:def:27144 | ||
Title: | RHSA-2014:1633: java-1.7.0-openjdk security and bug fix update (Important) | ||
Description: | The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Multiple flaws were discovered in the Libraries, 2D, and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-6506, CVE-2014-6531, CVE-2014-6502, CVE-2014-6511, CVE-2014-6504, CVE-2014-6519) It was discovered that the StAX XML parser in the JAXP component in OpenJDK performed expansion of external parameter entities even when external entity substitution was disabled. A remote attacker could use this flaw to perform XML eXternal Entity (XXE) attack against applications using the StAX parser to parse untrusted XML documents. (CVE-2014-6517) It was discovered that the DatagramSocket implementation in OpenJDK failed to perform source address checks for packets received on a connected socket. A remote attacker could use this flaw to have their packets processed as if they were received from the expected source. (CVE-2014-6512) It was discovered that the TLS/SSL implementation in the JSSE component in OpenJDK failed to properly verify the server identity during the renegotiation following session resumption, making it possible for malicious TLS/SSL servers to perform a Triple Handshake attack against clients using JSSE and client certificate authentication. (CVE-2014-6457) It was discovered that the CipherInputStream class implementation in OpenJDK did not properly handle certain exceptions. This could possibly allow an attacker to affect the integrity of an encrypted stream handled by this class. (CVE-2014-6558) The CVE-2014-6512 was discovered by Florian Weimer of Red Hat Product Security. This update also fixes the following bug: * The TLS/SSL implementation in OpenJDK previously failed to handle Diffie-Hellman (DH) keys with more than 1024 bits. This caused client applications using JSSE to fail to establish TLS/SSL connections to servers using larger DH keys during the connection handshake. This update adds support for DH keys with size up to 2048 bits. (BZ#1148309) All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2014:1633-00 CESA-2014:1633 CVE-2014-6457 CVE-2014-6502 CVE-2014-6504 CVE-2014-6506 CVE-2014-6511 CVE-2014-6512 CVE-2014-6517 CVE-2014-6519 CVE-2014-6531 CVE-2014-6558 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | java-1.7.0-openjdk |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27150 | |||
Oval ID: | oval:org.mitre.oval:def:27150 | ||
Title: | RHSA-2014:1620: java-1.7.0-openjdk security and bug fix update (Important) | ||
Description: | The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Multiple flaws were discovered in the Libraries, 2D, and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-6506, CVE-2014-6531, CVE-2014-6502, CVE-2014-6511, CVE-2014-6504, CVE-2014-6519) It was discovered that the StAX XML parser in the JAXP component in OpenJDK performed expansion of external parameter entities even when external entity substitution was disabled. A remote attacker could use this flaw to perform XML eXternal Entity (XXE) attack against applications using the StAX parser to parse untrusted XML documents. (CVE-2014-6517) It was discovered that the DatagramSocket implementation in OpenJDK failed to perform source address checks for packets received on a connected socket. A remote attacker could use this flaw to have their packets processed as if they were received from the expected source. (CVE-2014-6512) It was discovered that the TLS/SSL implementation in the JSSE component in OpenJDK failed to properly verify the server identity during the renegotiation following session resumption, making it possible for malicious TLS/SSL servers to perform a Triple Handshake attack against clients using JSSE and client certificate authentication. (CVE-2014-6457) It was discovered that the CipherInputStream class implementation in OpenJDK did not properly handle certain exceptions. This could possibly allow an attacker to affect the integrity of an encrypted stream handled by this class. (CVE-2014-6558) The CVE-2014-6512 was discovered by Florian Weimer of Red Hat Product Security. Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. This update also fixes the following bug: * The TLS/SSL implementation in OpenJDK previously failed to handle Diffie-Hellman (DH) keys with more than 1024 bits. This caused client applications using JSSE to fail to establish TLS/SSL connections to servers using larger DH keys during the connection handshake. This update adds support for DH keys with size up to 2048 bits. (BZ#1148309) All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2014:1620-00 CESA-2014:1620 CVE-2014-6457 CVE-2014-6502 CVE-2014-6504 CVE-2014-6506 CVE-2014-6511 CVE-2014-6512 CVE-2014-6517 CVE-2014-6519 CVE-2014-6531 CVE-2014-6558 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 CentOS Linux 6 CentOS Linux 7 | Product(s): | java-1.7.0-openjdk |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27157 | |||
Oval ID: | oval:org.mitre.oval:def:27157 | ||
Title: | RHSA-2014:1634: java-1.6.0-openjdk security and bug fix update (Important) | ||
Description: | The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. Multiple flaws were discovered in the Libraries, 2D, and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-6506, CVE-2014-6531, CVE-2014-6502, CVE-2014-6511, CVE-2014-6504, CVE-2014-6519) It was discovered that the StAX XML parser in the JAXP component in OpenJDK performed expansion of external parameter entities even when external entity substitution was disabled. A remote attacker could use this flaw to perform XML eXternal Entity (XXE) attack against applications using the StAX parser to parse untrusted XML documents. (CVE-2014-6517) It was discovered that the DatagramSocket implementation in OpenJDK failed to perform source address checks for packets received on a connected socket. A remote attacker could use this flaw to have their packets processed as if they were received from the expected source. (CVE-2014-6512) It was discovered that the TLS/SSL implementation in the JSSE component in OpenJDK failed to properly verify the server identity during the renegotiation following session resumption, making it possible for malicious TLS/SSL servers to perform a Triple Handshake attack against clients using JSSE and client certificate authentication. (CVE-2014-6457) It was discovered that the CipherInputStream class implementation in OpenJDK did not properly handle certain exceptions. This could possibly allow an attacker to affect the integrity of an encrypted stream handled by this class. (CVE-2014-6558) The CVE-2014-6512 was discovered by Florian Weimer of Red Hat Product Security. This update also fixes the following bug: * The TLS/SSL implementation in OpenJDK previously failed to handle Diffie-Hellman (DH) keys with more than 1024 bits. This caused client applications using JSSE to fail to establish TLS/SSL connections to servers using larger DH keys during the connection handshake. This update adds support for DH keys with size up to 2048 bits. (BZ#1148309) All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2014:1634-00 CESA-2014:1634 CVE-2014-6457 CVE-2014-6502 CVE-2014-6504 CVE-2014-6506 CVE-2014-6511 CVE-2014-6512 CVE-2014-6517 CVE-2014-6519 CVE-2014-6531 CVE-2014-6558 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 5 CentOS Linux 5 CentOS Linux 6 CentOS Linux 7 | Product(s): | java-1.6.0-openjdk |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27170 | |||
Oval ID: | oval:org.mitre.oval:def:27170 | ||
Title: | USN-2388-1 -- OpenJDK 7 vulnerabilities | ||
Description: | A vulnerability was discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit this to expose sensitive data over the network. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-6457">CVE-2014-6457</a>) Several vulnerabilities were discovered in the OpenJDK JRE related to data integrity. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-6502">CVE-2014-6502</a>, <a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-6512">CVE-2014-6512</a>, <a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-6519">CVE-2014-6519</a>, <a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-6527">CVE-2014-6527</a>, <a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-6558">CVE-2014-6558</a>) Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure. An attacker could exploit these to expose sensitive data over the network. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-6504">CVE-2014-6504</a>, <a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-6511">CVE-2014-6511</a>, <a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-6517">CVE-2014-6517</a>, <a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-6531">CVE-2014-6531</a>) Two vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-6506">CVE-2014-6506</a>, <a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-6513">CVE-2014-6513</a>) | ||
Family: | unix | Class: | patch |
Reference(s): | USN-2388-1 CVE-2014-6457 CVE-2014-6502 CVE-2014-6512 CVE-2014-6519 CVE-2014-6527 CVE-2014-6558 CVE-2014-6504 CVE-2014-6511 CVE-2014-6517 CVE-2014-6531 CVE-2014-6506 CVE-2014-6513 | Version: | 3 |
Platform(s): | Ubuntu 14.04 | Product(s): | openjdk-7 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27224 | |||
Oval ID: | oval:org.mitre.oval:def:27224 | ||
Title: | ELSA-2014-1636 -- java-1.8.0-openjdk security update (important) | ||
Description: | [1:1.8.0.25-1.b17] - Update to October CPU patch update. - Resolves: RHBZ#1148896 | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2014-1636 CVE-2014-6457 CVE-2014-6502 CVE-2014-6504 CVE-2014-6506 CVE-2014-6511 CVE-2014-6512 CVE-2014-6517 CVE-2014-6519 CVE-2014-6531 CVE-2014-6558 CVE-2014-6468 CVE-2014-6562 | Version: | 3 |
Platform(s): | Oracle Linux 6 | Product(s): | java-1.8.0-openjdk |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27331 | |||
Oval ID: | oval:org.mitre.oval:def:27331 | ||
Title: | ELSA-2014-0675 -- java-1.7.0-openjdk security update (critical) | ||
Description: | [1.7.0.55-2.4.7.2.0.1.el7_0] - Update DISTRO_NAME in specfile [1.7.0.55-2.4.7.2] - Remove NSS patches. Issues with PKCS11 provider mean it shouldn't be enabled. - Always setup nss.cfg and depend on nss-devel at build-time to do so. - This allows users who wish to use PKCS11+NSS to just add it to java.security. - Patches to PKCS11 provider will be included upstream in 2.4.8 (ETA July 2014) - Resolves: rhbz#1099565 [1.7.0.55-2.4.7.0.el7] - bumped to future icedtea-forest 2.4.7 - updatever set to 55, buildver se to 13, release reset to 0 - removed upstreamed patch402 gstackbounds.patch - removed Requires: rhino, BuildRequires is enough - ppc64 repalced by power64 macro - patch111 applied as dry-run (6.6 forward port) - nss enabled, but notused as default (6.6 forward port) - Resolves: rhbz#1099565 | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2014-0675 CVE-2014-0454 CVE-2014-0455 CVE-2014-0456 CVE-2014-0457 CVE-2014-0458 CVE-2014-0459 CVE-2014-0460 CVE-2014-0461 CVE-2014-1876 CVE-2014-2397 CVE-2014-2398 CVE-2014-2402 CVE-2014-2403 CVE-2014-2412 CVE-2014-2413 CVE-2014-2414 CVE-2014-2421 CVE-2014-2423 CVE-2014-2427 CVE-2014-0429 CVE-2014-0446 CVE-2014-0451 CVE-2014-0452 CVE-2014-0453 | Version: | 5 |
Platform(s): | Oracle Linux 7 | Product(s): | java-1.7.0-openjdk |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27728 | |||
Oval ID: | oval:org.mitre.oval:def:27728 | ||
Title: | IBM SDK Java Technology Edition vulnerability | ||
Description: | Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6476. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2014-6527 | Version: | 4 |
Platform(s): | IBM AIX 6.1 IBM AIX 7.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27749 | |||
Oval ID: | oval:org.mitre.oval:def:27749 | ||
Title: | IBM SDK Java Technology Edition vulnerability | ||
Description: | Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Internet Explorer, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2014-6466 | Version: | 4 |
Platform(s): | IBM AIX 6.1 IBM AIX 7.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27911 | |||
Oval ID: | oval:org.mitre.oval:def:27911 | ||
Title: | IBM SDK Java Technology Edition vulnerability | ||
Description: | Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2014-6458 | Version: | 4 |
Platform(s): | IBM AIX 6.1 IBM AIX 7.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27929 | |||
Oval ID: | oval:org.mitre.oval:def:27929 | ||
Title: | IBM SDK Java Technology Edition vulnerability | ||
Description: | Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2014-6513 | Version: | 4 |
Platform(s): | IBM AIX 6.1 IBM AIX 7.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27938 | |||
Oval ID: | oval:org.mitre.oval:def:27938 | ||
Title: | IBM SDK Java Technology Edition vulnerability | ||
Description: | Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Firefox, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2014-6492 | Version: | 4 |
Platform(s): | IBM AIX 6.1 IBM AIX 7.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:28001 | |||
Oval ID: | oval:org.mitre.oval:def:28001 | ||
Title: | IBM SDK Java Technology Edition vulnerability | ||
Description: | Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Libraries. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2014-6512 | Version: | 4 |
Platform(s): | IBM AIX 6.1 IBM AIX 7.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:28025 | |||
Oval ID: | oval:org.mitre.oval:def:28025 | ||
Title: | IBM SDK Java Technology Edition vulnerability | ||
Description: | Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6527. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2014-6476 | Version: | 4 |
Platform(s): | IBM AIX 6.1 IBM AIX 7.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:28097 | |||
Oval ID: | oval:org.mitre.oval:def:28097 | ||
Title: | SUSE-SU-2014:1549-1 -- Security update for java-1_7_1-ibm (important) | ||
Description: | java-1_7_1-ibm was updated to version 1.7.1_sr1.2 to fix 21 security issues. These security issues were fixed: - Unspecified vulnerability in Oracle Java (CVE-2014-3065). - The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue (CVE-2014-3566). - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT (CVE-2014-6513). - Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors (CVE-2014-6456). - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6532 (CVE-2014-6503). - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6503 (CVE-2014-6532). - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6493, CVE-2014-6503, and CVE-2014-6532 (CVE-2014-4288). - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6503, and CVE-2014-6532 (CVE-2014-6493). - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Firefox, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment (CVE-2014-6492). - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment (CVE-2014-6458). - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Internet Explorer, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment (CVE-2014-6466). - Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries (CVE-2014-6506). - Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6527 (CVE-2014-6476). - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment (CVE-2014-6515). - Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality via unknown vectors related to 2D (CVE-2014-6511). - Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality via unknown vectors related to Libraries (CVE-2014-6531). - Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Libraries (CVE-2014-6512). - Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3, and R28.3.3 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE (CVE-2014-6457). - Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6476 (CVE-2014-6527). - Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Libraries (CVE-2014-6502). - Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and JRockit R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Security (CVE-2014-6558). | ||
Family: | unix | Class: | patch |
Reference(s): | SUSE-SU-2014:1549-1 CVE-2014-3065 CVE-2014-3566 CVE-2014-6513 CVE-2014-6456 CVE-2014-4288 CVE-2014-6493 CVE-2014-6532 CVE-2014-6503 CVE-2014-6492 CVE-2014-6458 CVE-2014-6466 CVE-2014-6506 CVE-2014-6527 CVE-2014-6476 CVE-2014-6515 CVE-2014-6511 CVE-2014-6531 CVE-2014-6512 CVE-2014-6457 CVE-2014-6502 CVE-2014-6558 | Version: | 3 |
Platform(s): | SUSE Linux Enterprise Server 12 | Product(s): | java-1_7_1-ibm |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:28155 | |||
Oval ID: | oval:org.mitre.oval:def:28155 | ||
Title: | IBM SDK Java Technology Edition vulnerability | ||
Description: | Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6532. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2014-6503 | Version: | 4 |
Platform(s): | IBM AIX 6.1 IBM AIX 7.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:28214 | |||
Oval ID: | oval:org.mitre.oval:def:28214 | ||
Title: | IBM SDK Java Technology Edition vulnerability | ||
Description: | Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and JRockit R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Security. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2014-6558 | Version: | 4 |
Platform(s): | IBM AIX 6.1 IBM AIX 7.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:28228 | |||
Oval ID: | oval:org.mitre.oval:def:28228 | ||
Title: | IBM SDK Java Technology Edition vulnerability | ||
Description: | Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Libraries. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2014-6502 | Version: | 4 |
Platform(s): | IBM AIX 6.1 IBM AIX 7.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:28236 | |||
Oval ID: | oval:org.mitre.oval:def:28236 | ||
Title: | DSA-3077-1 -- openjdk-6 security update | ||
Description: | Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, information disclosure or denial of service. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-3077-1 CVE-2014-6457 CVE-2014-6502 CVE-2014-6504 CVE-2014-6506 CVE-2014-6511 CVE-2014-6512 CVE-2014-6517 CVE-2014-6519 CVE-2014-6531 CVE-2014-6558 | Version: | 3 |
Platform(s): | Debian GNU/Linux 7.0 Debian GNU/kFreeBSD 7.0 | Product(s): | openjdk-6 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:28277 | |||
Oval ID: | oval:org.mitre.oval:def:28277 | ||
Title: | SUSE-SU-2014:1392-1 -- Security update for Java OpenJDK (moderate) | ||
Description: | Oracle Critical Patch Update Advisory - October 2014 Description: A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Find more information here: http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html <http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html> | ||
Family: | unix | Class: | patch |
Reference(s): | SUSE-SU-2014:1392-1 CVE-2014-4288 CVE-2014-6456 CVE-2014-6457 CVE-2014-6458 CVE-2014-6466 CVE-2014-6468 CVE-2014-6476 CVE-2014-6485 CVE-2014-6492 CVE-2014-6493 CVE-2014-6502 CVE-2014-6503 CVE-2014-6504 CVE-2014-6506 CVE-2014-6511 CVE-2014-6512 CVE-2014-6513 CVE-2014-6515 CVE-2014-6517 CVE-2014-6519 CVE-2014-6527 CVE-2014-6531 CVE-2014-6532 CVE-2014-6558 CVE-2014-6562 | Version: | 3 |
Platform(s): | SUSE Linux Enterprise Desktop 11 | Product(s): | Java OpenJDK |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:28284 | |||
Oval ID: | oval:org.mitre.oval:def:28284 | ||
Title: | IBM SDK Java Technology Edition vulnerability | ||
Description: | Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality via unknown vectors related to 2D. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2014-6511 | Version: | 4 |
Platform(s): | IBM AIX 6.1 IBM AIX 7.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:28325 | |||
Oval ID: | oval:org.mitre.oval:def:28325 | ||
Title: | SUSE-SU-2014:1422-1 -- Security update for java-1_7_0-openjdk (important) | ||
Description: | OpenJDK was updated to icedtea 2.5.3 (OpenJDK 7u71) fixing security issues and bugs. * Security: - S8015256: Better class accessibility - S8022783, CVE-2014-6504: Optimize C2 optimizations - S8035162: Service printing service - S8035781: Improve equality for annotations - S8036805: Correct linker method lookup. - S8036810: Correct linker field lookup - S8036936: Use local locales - S8037066, CVE-2014-6457: Secure transport layer - S8037846, CVE-2014-6558: Ensure streaming of input cipher streams - S8038364: Use certificate exceptions correctly - S8038899: Safer safepoints - S8038903: More native monitor monitoring - S8038908: Make Signature more robust - S8038913: Bolster XML support - S8039509, CVE-2014-6512: Wrap sockets more thoroughly - S8039533, CVE-2014-6517: Higher resolution resolvers - S8041540, CVE-2014-6511: Better use of pages in font processing - S8041529: Better parameterization of parameter lists - S8041545: Better validation of generated rasters - S8041564, CVE-2014-6506: Improved management of logger resources - S8041717, CVE-2014-6519: Issue with class file parser - S8042609, CVE-2014-6513: Limit splashiness of splash images - S8042797, CVE-2014-6502: Avoid strawberries in LogRecord - S8044274, CVE-2014-6531: Proper property processing | ||
Family: | unix | Class: | patch |
Reference(s): | SUSE-SU-2014:1422-1 CVE-2014-6504 CVE-2014-6457 CVE-2014-6558 CVE-2014-6512 CVE-2014-6517 CVE-2014-6511 CVE-2014-6506 CVE-2014-6519 CVE-2014-6513 CVE-2014-6502 CVE-2014-6531 | Version: | 3 |
Platform(s): | SUSE Linux Enterprise Desktop 12 | Product(s): | java-1_7_0-openjdk |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:28342 | |||
Oval ID: | oval:org.mitre.oval:def:28342 | ||
Title: | DSA-3080-1 -- openjdk-7 security update | ||
Description: | Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, information disclosure or denial of service. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-3080-1 CVE-2014-6457 CVE-2014-6502 CVE-2014-6504 CVE-2014-6506 CVE-2014-6511 CVE-2014-6512 CVE-2014-6517 CVE-2014-6519 CVE-2014-6531 CVE-2014-6558 | Version: | 3 |
Platform(s): | Debian GNU/Linux 7.0 Debian GNU/kFreeBSD 7.0 | Product(s): | openjdk-7 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:28346 | |||
Oval ID: | oval:org.mitre.oval:def:28346 | ||
Title: | IBM SDK Java Technology Edition vulnerability | ||
Description: | Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2014-6515 | Version: | 4 |
Platform(s): | IBM AIX 6.1 IBM AIX 7.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:28350 | |||
Oval ID: | oval:org.mitre.oval:def:28350 | ||
Title: | IBM SDK Java Technology Edition vulnerability | ||
Description: | Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality via unknown vectors related to Libraries. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2014-6531 | Version: | 4 |
Platform(s): | IBM AIX 6.1 IBM AIX 7.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:28355 | |||
Oval ID: | oval:org.mitre.oval:def:28355 | ||
Title: | IBM SDK Java Technology Edition vulnerability | ||
Description: | Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2014-6506 | Version: | 4 |
Platform(s): | IBM AIX 6.1 IBM AIX 7.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:28367 | |||
Oval ID: | oval:org.mitre.oval:def:28367 | ||
Title: | IBM SDK Java Technology Edition vulnerability | ||
Description: | Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6503, and CVE-2014-6532. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2014-6493 | Version: | 4 |
Platform(s): | IBM AIX 6.1 IBM AIX 7.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:28400 | |||
Oval ID: | oval:org.mitre.oval:def:28400 | ||
Title: | IBM SDK Java Technology Edition vulnerability | ||
Description: | Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3, and R28.3.3 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2014-6457 | Version: | 4 |
Platform(s): | IBM AIX 6.1 IBM AIX 7.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:28409 | |||
Oval ID: | oval:org.mitre.oval:def:28409 | ||
Title: | DSA-2987-2 -- openjdk-7 regression update | ||
Description: | Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2987-2 CVE-2014-2483 CVE-2014-2490 CVE-2014-4209 CVE-2014-4216 CVE-2014-4218 CVE-2014-4219 CVE-2014-4221 CVE-2014-4223 CVE-2014-4244 CVE-2014-4252 CVE-2014-4262 CVE-2014-4263 CVE-2014-4264 CVE-2014-4266 CVE-2014-4268 | Version: | 3 |
Platform(s): | Debian GNU/Linux 7.0 Debian GNU/kFreeBSD 7.0 | Product(s): | openjdk-7 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:28424 | |||
Oval ID: | oval:org.mitre.oval:def:28424 | ||
Title: | IBM SDK Java Technology Edition vulnerability | ||
Description: | Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6503. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2014-6532 | Version: | 4 |
Platform(s): | IBM AIX 6.1 IBM AIX 7.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:28431 | |||
Oval ID: | oval:org.mitre.oval:def:28431 | ||
Title: | IBM SDK Java Technology Edition vulnerability | ||
Description: | Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6493, CVE-2014-6503, and CVE-2014-6532. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2014-4288 | Version: | 4 |
Platform(s): | IBM AIX 6.1 IBM AIX 7.1 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2015-01-22 | IAVM : 2015-B-0007 - Multiple Vulnerabilities in Juniper Secure Analytics (JSA) and Security Threa... Severity : Category I - VMSKEY : V0058213 |
2014-07-17 | IAVM : 2014-A-0105 - Multiple Vulnerabilities in Oracle Java Severity : Category I - VMSKEY : V0053191 |
2014-04-17 | IAVM : 2014-A-0056 - Multiple Vulnerabilities in Oracle Java SE Severity : Category I - VMSKEY : V0049583 |
Snort® IPS/IDS
Date | Description |
---|---|
2019-07-23 | Oracle Java AtomicReferenceFieldUpdater remote code execution attempt RuleID : 50460 - Revision : 1 - Type : FILE-JAVA |
2019-07-23 | Oracle Java AtomicReferenceFieldUpdater remote code execution attempt RuleID : 50459 - Revision : 1 - Type : FILE-JAVA |
2016-03-22 | Oracle Java IntegerInterleavedRaster integer overflow attempt RuleID : 37805 - Revision : 3 - Type : FILE-JAVA |
2016-03-22 | Oracle Java IntegerInterleavedRaster integer overflow attempt RuleID : 37804 - Revision : 4 - Type : FILE-JAVA |
2016-03-15 | Oracle Java ServiceLoader exception handling exploit attempt RuleID : 37665 - Revision : 3 - Type : FILE-JAVA |
2016-03-15 | Oracle Java ServiceLoader exception handling exploit attempt RuleID : 37664 - Revision : 4 - Type : FILE-JAVA |
2016-03-14 | Oracle Java System.arraycopy race condition attempt RuleID : 36240 - Revision : 2 - Type : FILE-JAVA |
2016-03-14 | Oracle Java System.arraycopy race condition attempt RuleID : 36239 - Revision : 2 - Type : FILE-JAVA |
2014-11-19 | Oracle Java ServiceLoader exception handling exploit attempt RuleID : 32235 - Revision : 6 - Type : FILE-JAVA |
2014-11-19 | Oracle Java ServiceLoader exception handling exploit attempt RuleID : 32234 - Revision : 7 - Type : FILE-JAVA |
2014-11-19 | Oracle Java ServiceLoader exception handling exploit attempt RuleID : 32233 - Revision : 6 - Type : FILE-JAVA |
2014-11-19 | Oracle Java ServiceLoader exception handling exploit attempt RuleID : 32232 - Revision : 7 - Type : FILE-JAVA |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-06-23 | Name : The remote device is affected by multiple vulnerabilities. File : juniper_space_jsa10698.nasl - Type : ACT_GATHER_INFO |
2015-05-20 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2014-0732-1.nasl - Type : ACT_GATHER_INFO |
2015-05-20 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2014-1422-1.nasl - Type : ACT_GATHER_INFO |
2015-03-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2015-107.nasl - Type : ACT_GATHER_INFO |
2015-03-26 | Name : The remote Debian host is missing a security update. File : debian_DLA-96.nasl - Type : ACT_GATHER_INFO |
2015-03-17 | Name : The remote application server is affected by multiple vulnerabilities. File : websphere_7_0_0_37.nasl - Type : ACT_GATHER_INFO |
2015-03-12 | Name : The remote host has software installed that is affected by multiple vulnerabi... File : ibm_rational_clearquest_8_0_1_6.nasl - Type : ACT_GATHER_INFO |
2015-02-25 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-0264.nasl - Type : ACT_GATHER_INFO |
2015-02-16 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201502-12.nasl - Type : ACT_GATHER_INFO |
2014-12-29 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201412-46.nasl - Type : ACT_GATHER_INFO |
2014-12-22 | Name : The remote device is affected by multiple vulnerabilities. File : juniper_space_jsa10659.nasl - Type : ACT_GATHER_INFO |
2014-12-16 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-772.nasl - Type : ACT_GATHER_INFO |
2014-12-16 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-773.nasl - Type : ACT_GATHER_INFO |
2014-12-12 | Name : The remote host has an update manager installed that is affected by multiple ... File : vmware_vcenter_update_mgr_vmsa-2014-0012.nasl - Type : ACT_GATHER_INFO |
2014-12-12 | Name : The remote host has a virtualization management application installed that is... File : vmware_vcenter_vmsa-2014-0012.nasl - Type : ACT_GATHER_INFO |
2014-12-01 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-3080.nasl - Type : ACT_GATHER_INFO |
2014-12-01 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-ibm-141119.nasl - Type : ACT_GATHER_INFO |
2014-12-01 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_7_0-ibm-141121.nasl - Type : ACT_GATHER_INFO |
2014-11-28 | Name : The remote AIX host has a version of Java SDK installed that is affected by m... File : aix_java_oct2014_advisory.nasl - Type : ACT_GATHER_INFO |
2014-11-27 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-3077.nasl - Type : ACT_GATHER_INFO |
2014-11-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1880.nasl - Type : ACT_GATHER_INFO |
2014-11-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1881.nasl - Type : ACT_GATHER_INFO |
2014-11-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1882.nasl - Type : ACT_GATHER_INFO |
2014-11-20 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1876.nasl - Type : ACT_GATHER_INFO |
2014-11-20 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1877.nasl - Type : ACT_GATHER_INFO |
2014-11-12 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-1636.nasl - Type : ACT_GATHER_INFO |
2014-11-12 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_7_0-openjdk-141024.nasl - Type : ACT_GATHER_INFO |
2014-11-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0908.nasl - Type : ACT_GATHER_INFO |
2014-11-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0413.nasl - Type : ACT_GATHER_INFO |
2014-11-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0414.nasl - Type : ACT_GATHER_INFO |
2014-11-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0902.nasl - Type : ACT_GATHER_INFO |
2014-11-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0982.nasl - Type : ACT_GATHER_INFO |
2014-11-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1657.nasl - Type : ACT_GATHER_INFO |
2014-11-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1658.nasl - Type : ACT_GATHER_INFO |
2014-11-04 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20141015_java_1_8_0_openjdk_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2014-10-27 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2014-209.nasl - Type : ACT_GATHER_INFO |
2014-10-24 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2388-2.nasl - Type : ACT_GATHER_INFO |
2014-10-23 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-1636.nasl - Type : ACT_GATHER_INFO |
2014-10-23 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20141015_java_1_6_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2014-10-23 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20141015_java_1_7_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2014-10-23 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20141015_java_1_7_0_openjdk_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2014-10-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2388-1.nasl - Type : ACT_GATHER_INFO |
2014-10-20 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2014-430.nasl - Type : ACT_GATHER_INFO |
2014-10-20 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2014-431.nasl - Type : ACT_GATHER_INFO |
2014-10-20 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2014-432.nasl - Type : ACT_GATHER_INFO |
2014-10-17 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2386-1.nasl - Type : ACT_GATHER_INFO |
2014-10-16 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-1620.nasl - Type : ACT_GATHER_INFO |
2014-10-16 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-1633.nasl - Type : ACT_GATHER_INFO |
2014-10-16 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-1634.nasl - Type : ACT_GATHER_INFO |
2014-10-16 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-1620.nasl - Type : ACT_GATHER_INFO |
2014-10-16 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-1633.nasl - Type : ACT_GATHER_INFO |
2014-10-15 | Name : The remote Windows host contains a programming platform that is affected by m... File : oracle_java_cpu_oct_2014.nasl - Type : ACT_GATHER_INFO |
2014-10-15 | Name : The remote Unix host contains a programming platform that is affected by mult... File : oracle_java_cpu_oct_2014_unix.nasl - Type : ACT_GATHER_INFO |
2014-10-15 | Name : The remote Windows host contains a programming platform that is affected by m... File : oracle_jrockit_cpu_oct_2014.nasl - Type : ACT_GATHER_INFO |
2014-10-15 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-1634.nasl - Type : ACT_GATHER_INFO |
2014-10-15 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1620.nasl - Type : ACT_GATHER_INFO |
2014-10-15 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1633.nasl - Type : ACT_GATHER_INFO |
2014-10-15 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1634.nasl - Type : ACT_GATHER_INFO |
2014-10-15 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1636.nasl - Type : ACT_GATHER_INFO |
2014-10-12 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2014-383.nasl - Type : ACT_GATHER_INFO |
2014-10-12 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2014-387.nasl - Type : ACT_GATHER_INFO |
2014-09-23 | Name : The remote host has software installed that is affected by multiple vulnerabi... File : domino_9_0_1_fp2.nasl - Type : ACT_GATHER_INFO |
2014-09-23 | Name : The remote host has software installed that is affected by multiple vulnerabi... File : ibm_domino_9_0_1_fp2.nasl - Type : ACT_GATHER_INFO |
2014-09-23 | Name : The remote host has software installed that is affected by multiple vulnerabi... File : ibm_notes_9_0_1_fp2.nasl - Type : ACT_GATHER_INFO |
2014-09-17 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2319-3.nasl - Type : ACT_GATHER_INFO |
2014-09-17 | Name : The remote host has an update manager installed that is affected by multiple ... File : vmware_vcenter_update_mgr_vmsa-2014-0008.nasl - Type : ACT_GATHER_INFO |
2014-09-17 | Name : The remote host has a virtualization management application installed that is... File : vmware_vcenter_vmsa-2014-0008.nasl - Type : ACT_GATHER_INFO |
2014-08-29 | Name : The remote application server may be affected by multiple vulnerabilities. File : websphere_8_5_5_3.nasl - Type : ACT_GATHER_INFO |
2014-08-26 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2319-2.nasl - Type : ACT_GATHER_INFO |
2014-08-22 | Name : The remote AIX host has a version of Java SDK installed that is affected by m... File : aix_java_jul2014_advisory.nasl - Type : ACT_GATHER_INFO |
2014-08-22 | Name : The remote host is affected by multiple vulnerabilities. File : juniper_nsm_jsa10642.nasl - Type : ACT_GATHER_INFO |
2014-08-22 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-ibm-140815.nasl - Type : ACT_GATHER_INFO |
2014-08-20 | Name : A web application on the remote host is affected by multiple vulnerabilities. File : puppet_enterprise_331.nasl - Type : ACT_GATHER_INFO |
2014-08-20 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_7_0-ibm-140815.nasl - Type : ACT_GATHER_INFO |
2014-08-20 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2319-1.nasl - Type : ACT_GATHER_INFO |
2014-08-13 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2312-1.nasl - Type : ACT_GATHER_INFO |
2014-08-12 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1041.nasl - Type : ACT_GATHER_INFO |
2014-08-12 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1042.nasl - Type : ACT_GATHER_INFO |
2014-08-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1033.nasl - Type : ACT_GATHER_INFO |
2014-08-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1036.nasl - Type : ACT_GATHER_INFO |
2014-08-05 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_7_0-openjdk-140721.nasl - Type : ACT_GATHER_INFO |
2014-08-04 | Name : The remote application server is affected by multiple vulnerabilities. File : websphere_8_0_0_9.nasl - Type : ACT_GATHER_INFO |
2014-08-01 | Name : The remote application server is affected by multiple vulnerabilities. File : websphere_7_0_0_33.nasl - Type : ACT_GATHER_INFO |
2014-07-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2014-141.nasl - Type : ACT_GATHER_INFO |
2014-07-30 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0675.nasl - Type : ACT_GATHER_INFO |
2014-07-30 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0685.nasl - Type : ACT_GATHER_INFO |
2014-07-30 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0705.nasl - Type : ACT_GATHER_INFO |
2014-07-29 | Name : The remote Windows host contains a programming platform that is affected by m... File : oracle_jrockit_cpu_jul_2014.nasl - Type : ACT_GATHER_INFO |
2014-07-28 | Name : The remote AIX host has a version of Java SDK installed that is potentially a... File : aix_java_apr2014_advisory.nasl - Type : ACT_GATHER_INFO |
2014-07-26 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2987.nasl - Type : ACT_GATHER_INFO |
2014-07-24 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-0675.nasl - Type : ACT_GATHER_INFO |
2014-07-24 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-0685.nasl - Type : ACT_GATHER_INFO |
2014-07-23 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2980.nasl - Type : ACT_GATHER_INFO |
2014-07-22 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-0907.nasl - Type : ACT_GATHER_INFO |
2014-07-22 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-0907.nasl - Type : ACT_GATHER_INFO |
2014-07-22 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0907.nasl - Type : ACT_GATHER_INFO |
2014-07-22 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20140721_java_1_6_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2014-07-17 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-0889.nasl - Type : ACT_GATHER_INFO |
2014-07-17 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-0890.nasl - Type : ACT_GATHER_INFO |
2014-07-17 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-0889.nasl - Type : ACT_GATHER_INFO |
2014-07-17 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-0890.nasl - Type : ACT_GATHER_INFO |
2014-07-17 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20140716_java_1_7_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2014-07-17 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20140716_java_1_7_0_openjdk_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2014-07-16 | Name : The remote Windows host contains a programming platform that is affected by m... File : oracle_java_cpu_jul_2014.nasl - Type : ACT_GATHER_INFO |
2014-07-16 | Name : The remote Unix host contains a programming platform that is affected by mult... File : oracle_java_cpu_jul_2014_unix.nasl - Type : ACT_GATHER_INFO |
2014-07-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0889.nasl - Type : ACT_GATHER_INFO |
2014-07-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0890.nasl - Type : ACT_GATHER_INFO |
2014-06-30 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201406-32.nasl - Type : ACT_GATHER_INFO |
2014-06-03 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-ibm-140514.nasl - Type : ACT_GATHER_INFO |
2014-06-01 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_7_0-ibm-140515.nasl - Type : ACT_GATHER_INFO |
2014-05-19 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2014-100.nasl - Type : ACT_GATHER_INFO |
2014-05-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0508.nasl - Type : ACT_GATHER_INFO |
2014-05-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0509.nasl - Type : ACT_GATHER_INFO |
2014-05-14 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0486.nasl - Type : ACT_GATHER_INFO |
2014-05-14 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_7_0-openjdk-140508.nasl - Type : ACT_GATHER_INFO |
2014-05-06 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2923.nasl - Type : ACT_GATHER_INFO |
2014-05-02 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2191-1.nasl - Type : ACT_GATHER_INFO |
2014-05-01 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2187-1.nasl - Type : ACT_GATHER_INFO |
2014-04-25 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2912.nasl - Type : ACT_GATHER_INFO |
2014-04-23 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2014-326.nasl - Type : ACT_GATHER_INFO |
2014-04-23 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2014-327.nasl - Type : ACT_GATHER_INFO |
2014-04-18 | Name : The remote Windows host contains a programming platform that is potentially a... File : oracle_jrockit_cpu_apr_2014.nasl - Type : ACT_GATHER_INFO |
2014-04-18 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-0407.nasl - Type : ACT_GATHER_INFO |
2014-04-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0412.nasl - Type : ACT_GATHER_INFO |
2014-04-17 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-0406.nasl - Type : ACT_GATHER_INFO |
2014-04-17 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-0407.nasl - Type : ACT_GATHER_INFO |
2014-04-17 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-0408.nasl - Type : ACT_GATHER_INFO |
2014-04-17 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-0406.nasl - Type : ACT_GATHER_INFO |
2014-04-17 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-0408.nasl - Type : ACT_GATHER_INFO |
2014-04-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0406.nasl - Type : ACT_GATHER_INFO |
2014-04-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0407.nasl - Type : ACT_GATHER_INFO |
2014-04-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0408.nasl - Type : ACT_GATHER_INFO |
2014-04-17 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20140416_java_1_6_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2014-04-17 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20140416_java_1_7_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2014-04-17 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20140416_java_1_7_0_openjdk_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2014-04-16 | Name : The remote Windows host contains a programming platform that is potentially a... File : oracle_java_cpu_apr_2014.nasl - Type : ACT_GATHER_INFO |
2014-04-16 | Name : The remote Unix host contains a programming platform that is potentially affe... File : oracle_java_cpu_apr_2014_unix.nasl - Type : ACT_GATHER_INFO |
2007-10-12 | Name : The remote host is missing Sun Security Patch number 125136-97 File : solaris10_125136.nasl - Type : ACT_GATHER_INFO |
2007-10-12 | Name : The remote host is missing Sun Security Patch number 125137-97 File : solaris10_125137.nasl - Type : ACT_GATHER_INFO |
2007-10-12 | Name : The remote host is missing Sun Security Patch number 125138-97 File : solaris10_x86_125138.nasl - Type : ACT_GATHER_INFO |
2007-10-12 | Name : The remote host is missing Sun Security Patch number 125139-97 File : solaris10_x86_125139.nasl - Type : ACT_GATHER_INFO |
2007-10-12 | Name : The remote host is missing Sun Security Patch number 125136-97 File : solaris8_125136.nasl - Type : ACT_GATHER_INFO |
2007-10-12 | Name : The remote host is missing Sun Security Patch number 125137-97 File : solaris8_125137.nasl - Type : ACT_GATHER_INFO |
2007-10-12 | Name : The remote host is missing Sun Security Patch number 125138-97 File : solaris8_x86_125138.nasl - Type : ACT_GATHER_INFO |
2007-10-12 | Name : The remote host is missing Sun Security Patch number 125139-97 File : solaris8_x86_125139.nasl - Type : ACT_GATHER_INFO |
2007-10-12 | Name : The remote host is missing Sun Security Patch number 125136-97 File : solaris9_125136.nasl - Type : ACT_GATHER_INFO |
2007-10-12 | Name : The remote host is missing Sun Security Patch number 125137-97 File : solaris9_125137.nasl - Type : ACT_GATHER_INFO |
2007-10-12 | Name : The remote host is missing Sun Security Patch number 125138-97 File : solaris9_x86_125138.nasl - Type : ACT_GATHER_INFO |
2007-10-12 | Name : The remote host is missing Sun Security Patch number 125139-97 File : solaris9_x86_125139.nasl - Type : ACT_GATHER_INFO |
2005-09-06 | Name : The remote host is missing Sun Security Patch number 118669-86 File : solaris10_x86_118669.nasl - Type : ACT_GATHER_INFO |
2005-09-06 | Name : The remote host is missing Sun Security Patch number 118669-86 File : solaris8_x86_118669.nasl - Type : ACT_GATHER_INFO |
2005-09-06 | Name : The remote host is missing Sun Security Patch number 118669-86 File : solaris9_x86_118669.nasl - Type : ACT_GATHER_INFO |
2005-08-18 | Name : The remote host is missing Sun Security Patch number 118666-86 File : solaris10_118666.nasl - Type : ACT_GATHER_INFO |
2005-08-18 | Name : The remote host is missing Sun Security Patch number 118667-86 File : solaris10_118667.nasl - Type : ACT_GATHER_INFO |
2005-08-18 | Name : The remote host is missing Sun Security Patch number 118668-86 File : solaris10_x86_118668.nasl - Type : ACT_GATHER_INFO |
2005-08-18 | Name : The remote host is missing Sun Security Patch number 118666-86 File : solaris8_118666.nasl - Type : ACT_GATHER_INFO |
2005-08-18 | Name : The remote host is missing Sun Security Patch number 118667-86 File : solaris8_118667.nasl - Type : ACT_GATHER_INFO |
2005-08-18 | Name : The remote host is missing Sun Security Patch number 118668-86 File : solaris8_x86_118668.nasl - Type : ACT_GATHER_INFO |
2005-08-18 | Name : The remote host is missing Sun Security Patch number 118666-86 File : solaris9_118666.nasl - Type : ACT_GATHER_INFO |
2005-08-18 | Name : The remote host is missing Sun Security Patch number 118667-86 File : solaris9_118667.nasl - Type : ACT_GATHER_INFO |
2005-08-18 | Name : The remote host is missing Sun Security Patch number 118668-86 File : solaris9_x86_118668.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2015-02-17 13:25:09 |
|
2015-02-15 17:21:32 |
|