Summary
| Detail | |||
|---|---|---|---|
| Vendor | Oracle | First view | 2011-10-19 |
| Product | Javafx | Last view | 2015-10-21 |
| Version | Type | ||
| Update | |||
| Edition | |||
| Language | |||
| Sofware Edition | |||
| Target Software | |||
| Target Hardware | |||
| Other | |||
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 5 | 2015-10-21 | CVE-2015-4916 | Unspecified vulnerability in Oracle Java SE 8u60 and JavaFX 2.2.85 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2015-4906 and CVE-2015-4908. |
| 5 | 2015-10-21 | CVE-2015-4908 | Unspecified vulnerability in Oracle Java SE 8u60 and JavaFX 2.2.85 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2015-4906 and CVE-2015-4916. |
| 5 | 2015-10-21 | CVE-2015-4906 | Unspecified vulnerability in Oracle Java SE 8u60 and JavaFX 2.2.85 allows remote attackers to affect confidentiality via unknown vectors related to JavaFX, a different vulnerability than CVE-2015-4908 and CVE-2015-4916. |
| 10 | 2015-07-16 | CVE-2015-2638 | Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JavaFX 2.2.80; and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. |
| 5 | 2015-07-16 | CVE-2015-2637 | Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JavaFX 2.2.80; and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via unknown vectors related to 2D. |
| 5 | 2015-07-16 | CVE-2015-2619 | Unspecified vulnerability in Oracle Java SE 7u80 and 8u45, JavaFX 2.2.80, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via unknown vectors related to 2D. |
| 9.3 | 2015-04-16 | CVE-2015-0492 | Unspecified vulnerability in Oracle Java SE 7u76 and 8u40, and JavaFX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-0484. |
| 10 | 2015-04-16 | CVE-2015-0491 | Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and Java FX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2015-0459. |
| 6.8 | 2015-04-16 | CVE-2015-0484 | Unspecified vulnerability in Oracle Java SE 7u76 and 8u40, and Java FX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-0492. |
| 10 | 2015-04-16 | CVE-2015-0459 | Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JavaFX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2015-0491. |
| 6.8 | 2014-04-15 | CVE-2014-2422 | Unspecified vulnerability in Oracle Java SE 7u51 and 8, and JavaFX 2.2.51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. |
| 5 | 2014-04-15 | CVE-2014-2401 | Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality via unknown vectors related to 2D. |
| 3.5 | 2014-04-15 | CVE-2014-2398 | Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and JRockit R27.8.1 and R28.3.1 allows remote authenticated users to affect integrity via unknown vectors related to Javadoc. |
| 9.3 | 2014-01-15 | CVE-2014-0417 | Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JavaFX 2.2.45; and Java SE Embedded 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. |
| 4.3 | 2014-01-15 | CVE-2014-0382 | Unspecified vulnerability in Oracle Java SE 7u45 and JavaFX 2.2.45 allows remote attackers to affect availability via unknown vectors related to JavaFX. |
| 5 | 2014-01-15 | CVE-2013-5895 | Unspecified vulnerability in Oracle Java SE 7u45 and JavaFX 2.2.45 allows remote attackers to affect confidentiality via unknown vectors related to JavaFX. |
| 6.8 | 2014-01-15 | CVE-2013-5870 | Unspecified vulnerability in Oracle Java SE 7u45 and JavaFX 2.2.45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX. |
| 2.6 | 2013-10-16 | CVE-2013-5854 | Unspecified vulnerability in Oracle Java SE 7u40 and earlier and JavaFX 2.2.40 and earlier allows remote attackers to affect confidentiality via unknown vectors. |
| 5 | 2013-10-16 | CVE-2013-5848 | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and JavaFX 2.2.40 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment. |
| 9.3 | 2013-10-16 | CVE-2013-5846 | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, and JavaFX 2.2.40 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX. |
| 9.3 | 2013-10-16 | CVE-2013-5844 | Unspecified vulnerability in Oracle Java SE 7u40 and earlier and JavaFX 2.2.40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX. |
| 10 | 2013-10-16 | CVE-2013-5843 | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JavaFX 2.2.40 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. |
| 9.3 | 2013-10-16 | CVE-2013-5810 | Unspecified vulnerability in Oracle Java SE 7u40 and earlier and JavaFX 2.2.40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. |
| 3.5 | 2013-10-16 | CVE-2013-5797 | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and JavaFX 2.2.40 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Javadoc. |
| 9.3 | 2013-10-16 | CVE-2013-5777 | Unspecified vulnerability in the Java SE and JavaFX components in Oracle Java SE 7u40 and earlier and JavaFX 2.2.40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2013-5775. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 100% (1) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
Oval Markup Language : Definitions
| OvalID | Name |
|---|---|
| oval:org.mitre.oval:def:19337 | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, an... |
| oval:org.mitre.oval:def:14291 | Unspecified vulnerability in the Java Runtime Environment component in Oracle... |
| oval:org.mitre.oval:def:22009 | RHSA-2011:1384: java-1.6.0-sun security update (Critical) |
| oval:org.mitre.oval:def:20940 | RHSA-2012:0034: java-1.6.0-ibm security update (Critical) |
| oval:org.mitre.oval:def:19361 | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, an... |
| oval:org.mitre.oval:def:14274 | Unspecified vulnerability in the Java Runtime Environment component in Oracle... |
| oval:org.mitre.oval:def:23332 | ELSA-2011:1384: java-1.6.0-sun security update (Critical) |
| oval:org.mitre.oval:def:23157 | ELSA-2012:0034: java-1.6.0-ibm security update (Critical) |
| oval:org.mitre.oval:def:23119 | DEPRECATED: ELSA-2011:1384: java-1.6.0-sun security update (Critical) |
| oval:org.mitre.oval:def:22859 | DEPRECATED: ELSA-2012:0034: java-1.6.0-ibm security update (Critical) |
| oval:org.mitre.oval:def:19800 | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, an... |
| oval:org.mitre.oval:def:14878 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in ... |
| oval:org.mitre.oval:def:19583 | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, an... |
| oval:org.mitre.oval:def:14844 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in ... |
| oval:org.mitre.oval:def:19868 | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, an... |
| oval:org.mitre.oval:def:16502 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in ... |
| oval:org.mitre.oval:def:19411 | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, an... |
| oval:org.mitre.oval:def:16546 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in ... |
| oval:org.mitre.oval:def:16308 | Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.... |
| oval:org.mitre.oval:def:16221 | Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.... |
| oval:org.mitre.oval:def:15827 | Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.... |
| oval:org.mitre.oval:def:19917 | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, an... |
| oval:org.mitre.oval:def:16544 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in ... |
| oval:org.mitre.oval:def:16673 | Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.... |
| oval:org.mitre.oval:def:16180 | Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.... |
SAINT Exploits
| Description | Link |
|---|---|
| Java Web Start initial heap size command injection | More info here |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 76513 | Oracle Java SE JRE Deployment Component Unspecified Remote Information Disclo... |
| 76509 | Oracle Java SE JRE Deployment Component Unspecified Remote Issue (2011-3546) |
ExploitDB Exploits
| id | Description |
|---|---|
| 26123 | Java Web Start Double Quote Injection Remote Code Execution |
OpenVAS Exploits
| id | Description |
|---|---|
| 2012-12-13 | Name : SuSE Update for java-1_6_0-openjdk openSUSE-SU-2012:0828-1 (java-1_6_0-openjdk) File : nvt/gb_suse_2012_0828_1.nasl |
| 2012-10-29 | Name : Ubuntu Update for openjdk-7 USN-1619-1 File : nvt/gb_ubuntu_USN_1619_1.nasl |
| 2012-10-19 | Name : Oracle Java SE JRE Multiple Unspecified Vulnerabilities-02 oct12 (Windows) File : nvt/gb_oracle_java_se_mult_vuln02_oct12_win.nasl |
| 2012-09-06 | Name : Ubuntu Update for icedtea-web USN-1505-2 File : nvt/gb_ubuntu_USN_1505_2.nasl |
| 2012-08-30 | Name : Fedora Update for java-1.7.0-openjdk FEDORA-2012-9590 File : nvt/gb_fedora_2012_9590_java-1.7.0-openjdk_fc17.nasl |
| 2012-08-22 | Name : Oracle Java SE Java Runtime Environment Multiple Unspecified Vulnerabilities ... File : nvt/gb_oracle_java_se_mult_unspecified_vuln_aug12_win.nasl |
| 2012-08-10 | Name : Debian Security Advisory DSA 2507-1 (openjdk-6) File : nvt/deb_2507_1.nasl |
| 2012-08-03 | Name : Mandriva Update for java-1.6.0-openjdk MDVSA-2012:095 (java-1.6.0-openjdk) File : nvt/gb_mandriva_MDVSA_2012_095.nasl |
| 2012-07-30 | Name : CentOS Update for java CESA-2012:0729 centos6 File : nvt/gb_CESA-2012_0729_java_centos6.nasl |
| 2012-07-30 | Name : CentOS Update for java CESA-2012:0730 centos5 File : nvt/gb_CESA-2012_0730_java_centos5.nasl |
| 2012-07-30 | Name : CentOS Update for java CESA-2012:1009 centos6 File : nvt/gb_CESA-2012_1009_java_centos6.nasl |
| 2012-07-16 | Name : Ubuntu Update for openjdk-6 USN-1505-1 File : nvt/gb_ubuntu_USN_1505_1.nasl |
| 2012-06-22 | Name : RedHat Update for java-1.7.0-openjdk RHSA-2012:1009-01 File : nvt/gb_RHSA-2012_1009-01_java-1.7.0-openjdk.nasl |
| 2012-06-19 | Name : Fedora Update for java-1.7.0-openjdk FEDORA-2012-9593 File : nvt/gb_fedora_2012_9593_java-1.7.0-openjdk_fc16.nasl |
| 2012-06-19 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2012-9541 File : nvt/gb_fedora_2012_9541_java-1.6.0-openjdk_fc15.nasl |
| 2012-06-19 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2012-9545 File : nvt/gb_fedora_2012_9545_java-1.6.0-openjdk_fc16.nasl |
| 2012-06-15 | Name : RedHat Update for java-1.6.0-openjdk RHSA-2012:0730-01 File : nvt/gb_RHSA-2012_0730-01_java-1.6.0-openjdk.nasl |
| 2012-06-15 | Name : RedHat Update for java-1.6.0-openjdk RHSA-2012:0729-01 File : nvt/gb_RHSA-2012_0729-01_java-1.6.0-openjdk.nasl |
| 2012-04-09 | Name : Java Runtime Environment Multiple Vulnerabilities (MAC OS X) File : nvt/gb_jre_mult_vuln_macosx.nasl |
| 2012-02-21 | Name : Oracle Java SE JRE Multiple Vulnerabilities - February 2012 (Windows - 01) File : nvt/gb_oracle_java_se_mult_vuln_feb12_win_01.nasl |
| 2012-02-21 | Name : Oracle Java SE JRE Multiple Vulnerabilities - February 2012 (Windows - 02) File : nvt/gb_oracle_java_se_mult_vuln_feb12_win_02.nasl |
| 2012-02-21 | Name : Oracle Java SE JDK Multiple Vulnerabilities - February 2012 (Windows - 02) File : nvt/gb_oracle_java_se_jdk_mult_vuln_feb12_win_02.nasl |
| 2012-02-21 | Name : Oracle Java SE JDK Multiple Vulnerabilities - February 2012 (Windows - 01) File : nvt/gb_oracle_java_se_jdk_mult_vuln_feb12_win_01.nasl |
| 2012-02-21 | Name : Mandriva Update for java-1.6.0-openjdk MDVSA-2012:021 (java-1.6.0-openjdk) File : nvt/gb_mandriva_MDVSA_2012_021.nasl |
| 2012-02-12 | Name : Gentoo Security Advisory GLSA 201111-02 (sun-jre-bin sun-jdk emul-linux-x86-j... File : nvt/glsa_201111_02.nasl |
Information Assurance Vulnerability Management (IAVM)
| id | Description |
|---|---|
| 2015-A-0158 | Multiple Vulnerabilities in Oracle Java SE Severity: Category I - VMSKEY: V0061089 |
| 2014-A-0056 | Multiple Vulnerabilities in Oracle Java SE Severity: Category I - VMSKEY: V0049583 |
| 2014-B-0019 | Multiple Vulnerabilities in Apache Tomcat Severity: Category I - VMSKEY: V0044527 |
| 2014-A-0010 | Multiple Vulnerabilities in Oracle Java SE Severity: Category I - VMSKEY: V0043398 |
| 2013-A-0191 | Multiple Vulnerabilities in Java for Mac OS X Severity: Category I - VMSKEY: V0040779 |
| 2013-A-0200 | Multiple Vulnerabilities in Oracle Java Severity: Category I - VMSKEY: V0040783 |
| 2012-A-0153 | Multiple Vulnerabilities in VMware ESX 4.0 and ESXi 4.0 Severity: Category I - VMSKEY: V0033884 |
| 2012-A-0146 | Multiple Vulnerabilities in VMware vCenter Update Manager 4.1 Severity: Category I - VMSKEY: V0033792 |
| 2012-A-0147 | Multiple Vulnerabilities in VMware vCenter Server 4.1 Severity: Category I - VMSKEY: V0033793 |
| 2012-A-0148 | Multiple Vulnerabilities in VMware ESXi 4.1 and ESX 4.1 Severity: Category I - VMSKEY: V0033794 |
| 2012-A-0048 | Multiple Vulnerabilities in VMware vCenter Update Manager 5.0 Severity: Category I - VMSKEY: V0031901 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-11-16 | Oracle Java Web Start arbitrary command execution attempt RuleID : 31946 - Type : FILE-JAVA - Revision : 2 |
| 2014-01-10 | Oracle Javadoc generated frame replacement attempt RuleID : 26994 - Type : BROWSER-PLUGINS - Revision : 4 |
| 2014-01-10 | Oracle Java Runtime true type font idef opcode heap buffer overflow attempt RuleID : 24915 - Type : FILE-JAVA - Revision : 8 |
| 2014-01-10 | Oracle Java Runtime true type font idef opcode heap buffer overflow attempt RuleID : 24701 - Type : FILE-JAVA - Revision : 12 |
| 2014-01-10 | Phoenix exploit kit post-compromise behavior RuleID : 21860 - Type : MALWARE-CNC - Revision : 5 |
| 2014-01-10 | Phoenix exploit kit landing page RuleID : 21640 - Type : EXPLOIT-KIT - Revision : 6 |
| 2014-01-10 | Oracle Java Web Start arbitrary command execution attempt RuleID : 21481 - Type : FILE-JAVA - Revision : 14 |
| 2014-01-10 | Oracle Java Web Start arbitrary command execution attempt RuleID : 16585 - Type : WEB-CLIENT - Revision : 5 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2016-03-14 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201603-11.nasl - Type: ACT_GATHER_INFO |
| 2016-03-04 | Name: The remote VMware ESX / ESXi host is missing a security-related patch. File: vmware_esx_VMSA-2013-0003_remote.nasl - Type: ACT_GATHER_INFO |
| 2016-03-04 | Name: The remote VMware ESX / ESXi host is missing a security-related patch. File: vmware_esx_VMSA-2013-0012_remote.nasl - Type: ACT_GATHER_INFO |
| 2016-03-03 | Name: The remote VMware ESXi / ESX host is missing a security-related patch. File: vmware_VMSA-2012-0005_remote.nasl - Type: ACT_GATHER_INFO |
| 2016-02-03 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2016-106.nasl - Type: ACT_GATHER_INFO |
| 2016-01-14 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2016-0113-1.nasl - Type: ACT_GATHER_INFO |
| 2015-12-16 | Name: The remote FreeBSD host is missing one or more security-related updates. File: freebsd_pkg_a5934ba8a37611e585e914dae9d210b8.nasl - Type: ACT_GATHER_INFO |
| 2015-12-16 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2015-2168-2.nasl - Type: ACT_GATHER_INFO |
| 2015-12-09 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2015-2216-1.nasl - Type: ACT_GATHER_INFO |
| 2015-12-04 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2015-2182-1.nasl - Type: ACT_GATHER_INFO |
| 2015-12-03 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2015-2166-1.nasl - Type: ACT_GATHER_INFO |
| 2015-12-03 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2015-2168-1.nasl - Type: ACT_GATHER_INFO |
| 2015-11-05 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2015-696.nasl - Type: ACT_GATHER_INFO |
| 2015-10-23 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2015-1926.nasl - Type: ACT_GATHER_INFO |
| 2015-10-22 | Name: The remote Windows host contains a programming platform that is affected by m... File: oracle_java_cpu_oct_2015.nasl - Type: ACT_GATHER_INFO |
| 2015-10-22 | Name: The remote Unix host contains a programming platform that is affected by mult... File: oracle_java_cpu_oct_2015_unix.nasl - Type: ACT_GATHER_INFO |
| 2015-09-09 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2015-1509-1.nasl - Type: ACT_GATHER_INFO |
| 2015-08-17 | Name: The remote AIX host has a version of Java SDK installed that is affected by m... File: aix_java_july2015_advisory.nasl - Type: ACT_GATHER_INFO |
| 2015-08-13 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2015-1604.nasl - Type: ACT_GATHER_INFO |
| 2015-08-13 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2015-1375-1.nasl - Type: ACT_GATHER_INFO |
| 2015-08-05 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2015-1544.nasl - Type: ACT_GATHER_INFO |
| 2015-08-04 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2015-1329-1.nasl - Type: ACT_GATHER_INFO |
| 2015-08-04 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2015-1331-1.nasl - Type: ACT_GATHER_INFO |
| 2015-07-31 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2015-1319-1.nasl - Type: ACT_GATHER_INFO |
| 2015-07-31 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2015-1320-1.nasl - Type: ACT_GATHER_INFO |
