This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Oracle First view 2012-02-15
Product Javafx Last view 2013-10-16
Version 1.2 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:oracle:javafx

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
2.6 2013-10-16 CVE-2013-5854

Unspecified vulnerability in Oracle Java SE 7u40 and earlier and JavaFX 2.2.40 and earlier allows remote attackers to affect confidentiality via unknown vectors.

5 2013-10-16 CVE-2013-5848

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and JavaFX 2.2.40 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment.

9.3 2013-10-16 CVE-2013-5846

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, and JavaFX 2.2.40 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX.

9.3 2013-10-16 CVE-2013-5844

Unspecified vulnerability in Oracle Java SE 7u40 and earlier and JavaFX 2.2.40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX.

10 2013-10-16 CVE-2013-5843

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JavaFX 2.2.40 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.

9.3 2013-10-16 CVE-2013-5810

Unspecified vulnerability in Oracle Java SE 7u40 and earlier and JavaFX 2.2.40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

3.5 2013-10-16 CVE-2013-5797

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and JavaFX 2.2.40 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Javadoc.

9.3 2013-10-16 CVE-2013-5777

Unspecified vulnerability in the Java SE and JavaFX components in Oracle Java SE 7u40 and earlier and JavaFX 2.2.40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2013-5775.

7.5 2013-10-16 CVE-2013-5775

Unspecified vulnerability in the Java SE and JavaFX components in Oracle Java SE 7u40 and earlier and JavaFX 2.2.40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2013-5777.

5 2013-06-18 CVE-2013-2444

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier; JavaFX 2.2.21 and earlier; and OpenJDK 7 allows remote attackers to affect availability via vectors related to AWT. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue does not "properly manage and restrict certain resources related to the processing of fonts," possibly involving temporary files.

4.3 2013-06-18 CVE-2013-1571

Unspecified vulnerability in the Javadoc component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier; JavaFX 2.2.21 and earlier; and OpenJDK 7 allows remote attackers to affect integrity via unknown vectors related to Javadoc. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to frame injection in HTML that is generated by Javadoc.

6.9 2013-04-17 CVE-2013-2439

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Install.

10 2013-04-17 CVE-2013-2434

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.

10 2013-04-17 CVE-2013-2432

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-2394 and CVE-2013-1491.

7.6 2013-04-17 CVE-2013-2430

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; JavaFX 2.2.7 and earlier; and OpenJDK 6 and 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to ImageIO. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "JPEGImageReader state corruption" when using native code.

10 2013-04-17 CVE-2013-2428

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX, a different vulnerability than CVE-2013-0402, CVE-2013-2414, and CVE-2013-2427.

10 2013-04-17 CVE-2013-2427

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX, a different vulnerability than CVE-2013-0402, CVE-2013-2414, and CVE-2013-2428.

10 2013-04-17 CVE-2013-2414

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX, a different vulnerability than CVE-2013-0402, CVE-2013-2427, and CVE-2013-2428.

7.6 2013-04-17 CVE-2013-2394

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-2432 and CVE-2013-1491.

5 2013-04-17 CVE-2013-1564

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to affect integrity via unknown vectors related to JavaFX.

7.6 2013-04-17 CVE-2013-1563

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install.

5 2013-04-17 CVE-2013-1561

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality via unknown vectors related to JavaFX.

10 2013-03-08 CVE-2013-0402

Heap-based buffer overflow in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to execute arbitrary code via unspecified vectors related to JavaFX, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013.

10 2013-02-01 CVE-2013-1483

Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the February 2013 CPU.

10 2013-02-01 CVE-2013-1482

Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the February 2013 CPU.

CWE : Common Weakness Enumeration

%idName
100% (1) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

SAINT Exploits

Description Link
Java Web Start initial heap size command injection More info here

ExploitDB Exploits

id Description
26123 Java Web Start Double Quote Injection Remote Code Execution

OpenVAS Exploits

id Description
2012-12-13 Name : SuSE Update for java-1_6_0-openjdk openSUSE-SU-2012:0828-1 (java-1_6_0-openjdk)
File : nvt/gb_suse_2012_0828_1.nasl
2012-10-29 Name : Ubuntu Update for openjdk-7 USN-1619-1
File : nvt/gb_ubuntu_USN_1619_1.nasl
2012-10-19 Name : Oracle Java SE JRE Multiple Unspecified Vulnerabilities-02 oct12 (Windows)
File : nvt/gb_oracle_java_se_mult_vuln02_oct12_win.nasl
2012-09-06 Name : Ubuntu Update for icedtea-web USN-1505-2
File : nvt/gb_ubuntu_USN_1505_2.nasl
2012-08-30 Name : Fedora Update for java-1.7.0-openjdk FEDORA-2012-9590
File : nvt/gb_fedora_2012_9590_java-1.7.0-openjdk_fc17.nasl
2012-08-22 Name : Oracle Java SE Java Runtime Environment Multiple Unspecified Vulnerabilities ...
File : nvt/gb_oracle_java_se_mult_unspecified_vuln_aug12_win.nasl
2012-08-10 Name : Debian Security Advisory DSA 2507-1 (openjdk-6)
File : nvt/deb_2507_1.nasl
2012-08-03 Name : Mandriva Update for java-1.6.0-openjdk MDVSA-2012:095 (java-1.6.0-openjdk)
File : nvt/gb_mandriva_MDVSA_2012_095.nasl
2012-07-30 Name : CentOS Update for java CESA-2012:0729 centos6
File : nvt/gb_CESA-2012_0729_java_centos6.nasl
2012-07-30 Name : CentOS Update for java CESA-2012:1009 centos6
File : nvt/gb_CESA-2012_1009_java_centos6.nasl
2012-07-30 Name : CentOS Update for java CESA-2012:0730 centos5
File : nvt/gb_CESA-2012_0730_java_centos5.nasl
2012-07-16 Name : Ubuntu Update for openjdk-6 USN-1505-1
File : nvt/gb_ubuntu_USN_1505_1.nasl
2012-06-22 Name : RedHat Update for java-1.7.0-openjdk RHSA-2012:1009-01
File : nvt/gb_RHSA-2012_1009-01_java-1.7.0-openjdk.nasl
2012-06-19 Name : Fedora Update for java-1.6.0-openjdk FEDORA-2012-9545
File : nvt/gb_fedora_2012_9545_java-1.6.0-openjdk_fc16.nasl
2012-06-19 Name : Fedora Update for java-1.7.0-openjdk FEDORA-2012-9593
File : nvt/gb_fedora_2012_9593_java-1.7.0-openjdk_fc16.nasl
2012-06-19 Name : Fedora Update for java-1.6.0-openjdk FEDORA-2012-9541
File : nvt/gb_fedora_2012_9541_java-1.6.0-openjdk_fc15.nasl
2012-06-15 Name : RedHat Update for java-1.6.0-openjdk RHSA-2012:0730-01
File : nvt/gb_RHSA-2012_0730-01_java-1.6.0-openjdk.nasl
2012-06-15 Name : RedHat Update for java-1.6.0-openjdk RHSA-2012:0729-01
File : nvt/gb_RHSA-2012_0729-01_java-1.6.0-openjdk.nasl
2012-04-09 Name : Java Runtime Environment Multiple Vulnerabilities (MAC OS X)
File : nvt/gb_jre_mult_vuln_macosx.nasl
2012-02-21 Name : Mandriva Update for java-1.6.0-openjdk MDVSA-2012:021 (java-1.6.0-openjdk)
File : nvt/gb_mandriva_MDVSA_2012_021.nasl
2012-02-21 Name : Oracle Java SE JDK Multiple Vulnerabilities - February 2012 (Windows - 01)
File : nvt/gb_oracle_java_se_jdk_mult_vuln_feb12_win_01.nasl
2012-02-21 Name : Oracle Java SE JDK Multiple Vulnerabilities - February 2012 (Windows - 02)
File : nvt/gb_oracle_java_se_jdk_mult_vuln_feb12_win_02.nasl
2012-02-21 Name : Oracle Java SE JRE Multiple Vulnerabilities - February 2012 (Windows - 01)
File : nvt/gb_oracle_java_se_mult_vuln_feb12_win_01.nasl
2012-02-21 Name : Oracle Java SE JRE Multiple Vulnerabilities - February 2012 (Windows - 02)
File : nvt/gb_oracle_java_se_mult_vuln_feb12_win_02.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2014-B-0019 Multiple Vulnerabilities in Apache Tomcat
Severity: Category I - VMSKEY: V0044527
2013-A-0191 Multiple Vulnerabilities in Java for Mac OS X
Severity: Category I - VMSKEY: V0040779
2013-A-0200 Multiple Vulnerabilities in Oracle Java
Severity: Category I - VMSKEY: V0040783
2012-A-0153 Multiple Vulnerabilities in VMware ESX 4.0 and ESXi 4.0
Severity: Category I - VMSKEY: V0033884
2012-A-0146 Multiple Vulnerabilities in VMware vCenter Update Manager 4.1
Severity: Category I - VMSKEY: V0033792
2012-A-0147 Multiple Vulnerabilities in VMware vCenter Server 4.1
Severity: Category I - VMSKEY: V0033793
2012-A-0148 Multiple Vulnerabilities in VMware ESXi 4.1 and ESX 4.1
Severity: Category I - VMSKEY: V0033794

Snort® IPS/IDS

Date Description
2014-11-16 Oracle Java Web Start arbitrary command execution attempt
RuleID : 31946 - Type : FILE-JAVA - Revision : 2
2014-01-10 Oracle Javadoc generated frame replacement attempt
RuleID : 26994 - Type : BROWSER-PLUGINS - Revision : 4
2014-01-10 Oracle Java Runtime true type font idef opcode heap buffer overflow attempt
RuleID : 24915 - Type : FILE-JAVA - Revision : 8
2014-01-10 Oracle Java Runtime true type font idef opcode heap buffer overflow attempt
RuleID : 24701 - Type : FILE-JAVA - Revision : 12
2014-01-10 Phoenix exploit kit post-compromise behavior
RuleID : 21860 - Type : MALWARE-CNC - Revision : 5
2014-01-10 Phoenix exploit kit landing page
RuleID : 21640 - Type : EXPLOIT-KIT - Revision : 6
2014-01-10 Oracle Java Web Start arbitrary command execution attempt
RuleID : 21481 - Type : FILE-JAVA - Revision : 14
2014-01-10 Oracle Java Web Start arbitrary command execution attempt
RuleID : 16585 - Type : WEB-CLIENT - Revision : 5

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2016-03-04 Name: The remote VMware ESX / ESXi host is missing a security-related patch.
File: vmware_esx_VMSA-2013-0003_remote.nasl - Type: ACT_GATHER_INFO
2016-03-04 Name: The remote VMware ESX / ESXi host is missing a security-related patch.
File: vmware_esx_VMSA-2013-0012_remote.nasl - Type: ACT_GATHER_INFO
2015-05-20 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2012-1489-1.nasl - Type: ACT_GATHER_INFO
2015-05-20 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2012-1489-2.nasl - Type: ACT_GATHER_INFO
2015-05-20 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2012-1490-1.nasl - Type: ACT_GATHER_INFO
2015-05-20 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2013-1669-1.nasl - Type: ACT_GATHER_INFO
2015-01-19 Name: The remote Solaris system is missing a security patch for third-party software.
File: solaris11_tomcat_20140522.nasl - Type: ACT_GATHER_INFO
2014-11-08 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2012-1080.nasl - Type: ACT_GATHER_INFO
2014-11-08 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2012-1332.nasl - Type: ACT_GATHER_INFO
2014-11-08 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2013-1455.nasl - Type: ACT_GATHER_INFO
2014-11-08 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2013-1456.nasl - Type: ACT_GATHER_INFO
2014-11-08 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2013-1793.nasl - Type: ACT_GATHER_INFO
2014-11-08 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2014-0414.nasl - Type: ACT_GATHER_INFO
2014-11-06 Name: The remote host has a version of Java installed that is affected by multiple ...
File: macosx_java_2014-001.nasl - Type: ACT_GATHER_INFO
2014-07-30 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2014-0675.nasl - Type: ACT_GATHER_INFO
2014-07-30 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2014-0685.nasl - Type: ACT_GATHER_INFO
2014-07-24 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2014-0675.nasl - Type: ACT_GATHER_INFO
2014-07-24 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2014-0685.nasl - Type: ACT_GATHER_INFO
2014-07-22 Name: The remote Windows host contains a programming platform that is affected by m...
File: oracle_jrockit_cpu_apr_2012.nasl - Type: ACT_GATHER_INFO
2014-07-18 Name: The remote Windows host contains a programming platform that is potentially a...
File: oracle_jrockit_cpu_oct_2012.nasl - Type: ACT_GATHER_INFO
2014-06-30 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201406-32.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2012-368.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2013-402.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2013-410.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2013-426.nasl - Type: ACT_GATHER_INFO