10 - GLSA-201502-12

Executive Summary

Summary
Title	Oracle JRE/JDK: Multiple vulnerabilities

Informations
Name	GLSA-201502-12	First vendor Publication	2015-02-15
Vendor	Gentoo	Last vendor Modification	2015-02-15
Severity (Vendor)	Normal	Revision	N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score	10	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Synopsis

Multiple vulnerabilities have been found in Oracle's Java SE Development Kit and Runtime Environment, the worst of which could lead to execution of arbitrary code.

Background

Oracle's Java SE Development Kit and Runtime Environment

Description

Multiple vulnerabilities have been discovered in Oracle's Java SE Development Kit and Runtime Environment. Please review the CVE identifiers referenced below for details.

Impact

A context-dependent attacker may be able to execute arbitrary code, disclose, update, insert, or delete certain data.

Workaround

There is no known workaround at this time.

Resolution

All Oracle JRE 1.7 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=dev-java/oracle-jre-bin-1.7.0.71"

All Oracle JDK 1.7 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=dev-java/oracle-jdk-bin-1.7.0.71"

All users of the precompiled 32-bit Oracle JRE should upgrade to the latest version:
# emerge --sync
# emerge -a -1 -v ">=app-emulation/emul-linux-x86-java-1.7.0.71"

References

[ 1 ] CVE-2014-0429 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0429
[ 2 ] CVE-2014-0432 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0432
[ 3 ] CVE-2014-0446 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0446
[ 4 ] CVE-2014-0448 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0448
[ 5 ] CVE-2014-0449 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0449
[ 6 ] CVE-2014-0451 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0451
[ 7 ] CVE-2014-0452 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0452
[ 8 ] CVE-2014-0453 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0453
[ 9 ] CVE-2014-0454 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0454
[ 10 ] CVE-2014-0455 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0455
[ 11 ] CVE-2014-0456 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0456
[ 12 ] CVE-2014-0457 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0457
[ 13 ] CVE-2014-0458 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0458
[ 14 ] CVE-2014-0459 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0459
[ 15 ] CVE-2014-0460 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0460
[ 16 ] CVE-2014-0461 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0461
[ 17 ] CVE-2014-0463 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0463
[ 18 ] CVE-2014-0464 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0464
[ 19 ] CVE-2014-2397 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2397
[ 20 ] CVE-2014-2398 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2398
[ 21 ] CVE-2014-2401 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2401
[ 22 ] CVE-2014-2402 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2402
[ 23 ] CVE-2014-2403 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2403
[ 24 ] CVE-2014-2409 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2409
[ 25 ] CVE-2014-2410 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2410
[ 26 ] CVE-2014-2412 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2412
[ 27 ] CVE-2014-2413 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2413
[ 28 ] CVE-2014-2414 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2414
[ 29 ] CVE-2014-2420 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2420
[ 30 ] CVE-2014-2421 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2421
[ 31 ] CVE-2014-2422 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2422
[ 32 ] CVE-2014-2423 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2423
[ 33 ] CVE-2014-2427 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2427
[ 34 ] CVE-2014-2428 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2428
[ 35 ] CVE-2014-2483 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2483
[ 36 ] CVE-2014-2490 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2490
[ 37 ] CVE-2014-4208 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4208
[ 38 ] CVE-2014-4209 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4209
[ 39 ] CVE-2014-4216 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4216
[ 40 ] CVE-2014-4218 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4218
[ 41 ] CVE-2014-4219 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4219
[ 42 ] CVE-2014-4220 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4220
[ 43 ] CVE-2014-4221 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4221
[ 44 ] CVE-2014-4223 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4223
[ 45 ] CVE-2014-4227 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4227
[ 46 ] CVE-2014-4244 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4244
[ 47 ] CVE-2014-4247 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4247
[ 48 ] CVE-2014-4252 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4252
[ 49 ] CVE-2014-4262 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4262
[ 50 ] CVE-2014-4263 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4263
[ 51 ] CVE-2014-4264 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4264
[ 52 ] CVE-2014-4265 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4265
[ 53 ] CVE-2014-4266 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4266
[ 54 ] CVE-2014-4268 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4268
[ 55 ] CVE-2014-4288 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4288
[ 56 ] CVE-2014-6456 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6456
[ 57 ] CVE-2014-6457 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6457
[ 58 ] CVE-2014-6458 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6458
[ 59 ] CVE-2014-6466 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6466
[ 60 ] CVE-2014-6468 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6468
[ 61 ] CVE-2014-6476 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6476
[ 62 ] CVE-2014-6485 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6485
[ 63 ] CVE-2014-6492 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6492
[ 64 ] CVE-2014-6493 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6493
[ 65 ] CVE-2014-6502 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6502
[ 66 ] CVE-2014-6503 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6503
[ 67 ] CVE-2014-6504 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6504
[ 68 ] CVE-2014-6506 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6506
[ 69 ] CVE-2014-6511 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6511
[ 70 ] CVE-2014-6512 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6512
[ 71 ] CVE-2014-6513 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6513
[ 72 ] CVE-2014-6515 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6515
[ 73 ] CVE-2014-6517 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6517
[ 74 ] CVE-2014-6519 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6519
[ 75 ] CVE-2014-6527 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6527
[ 76 ] CVE-2014-6531 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6531
[ 77 ] CVE-2014-6532 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6532
[ 78 ] CVE-2014-6558 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6558
[ 79 ] CVE-2014-6562 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6562

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201502-12.xml

Original Source

Url : http://security.gentoo.org/glsa/glsa-201502-12.xml

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:23781

Oval ID:	oval:org.mitre.oval:def:23781
Title:	DEPRECATED: ELSA-2014:0412: java-1.7.0-oracle security update (Critical)
Description:	Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2013-6629, CVE-2013-6954, CVE-2014-0429, CVE-2014-0432, CVE-2014-0446, CVE-2014-0448, CVE-2014-0449, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0454, CVE-2014-0455, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458, CVE-2014-0459, CVE-2014-0460, CVE-2014-0461, CVE-2014-1876, CVE-2014-2397, CVE-2014-2398, CVE-2014-2401, CVE-2014-2402, CVE-2014-2403, CVE-2014-2409, CVE-2014-2412, CVE-2014-2413, CVE-2014-2414, CVE-2014-2420, CVE-2014-2421, CVE-2014-2422, CVE-2014-2423, CVE-2014-2427, CVE-2014-2428) All users of java-1.7.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 7 Update 55 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect.
Family:	unix	Class:	patch
Reference(s):	ELSA-2014:0412-00 CVE-2013-6629 CVE-2013-6954 CVE-2014-0429 CVE-2014-0432 CVE-2014-0446 CVE-2014-0448 CVE-2014-0449 CVE-2014-0451 CVE-2014-0452 CVE-2014-0453 CVE-2014-0454 CVE-2014-0455 CVE-2014-0456 CVE-2014-0457 CVE-2014-0458 CVE-2014-0459 CVE-2014-0460 CVE-2014-0461 CVE-2014-1876 CVE-2014-2397 CVE-2014-2398 CVE-2014-2401 CVE-2014-2402 CVE-2014-2403 CVE-2014-2409 CVE-2014-2412 CVE-2014-2413 CVE-2014-2414 CVE-2014-2420 CVE-2014-2421 CVE-2014-2422 CVE-2014-2423 CVE-2014-2427 CVE-2014-2428	Version:	5
Platform(s):	Oracle Linux 6 Oracle Linux 5	Product(s):	java-1.7.0-oracle
Definition Synopsis:
rpm test Oracle Linux 5.x AND rpm test java-1.7.0-oracle-plugin is earlier than 1:1.7.0.55-1jpp.2.el5_10 AND java-1.7.0-oracle-devel is earlier than 1:1.7.0.55-1jpp.2.el5_10 AND java-1.7.0-oracle-src is earlier than 1:1.7.0.55-1jpp.2.el5_10 AND java-1.7.0-oracle-javafx is earlier than 1:1.7.0.55-1jpp.2.el5_10 AND java-1.7.0-oracle-jdbc is earlier than 1:1.7.0.55-1jpp.2.el5_10 AND java-1.7.0-oracle is earlier than 1:1.7.0.55-1jpp.2.el5_10 OR rpm test Oracle Linux 6.x AND rpm test java-1.7.0-oracle-plugin is earlier than 1:1.7.0.55-1jpp.1.el6_5 AND java-1.7.0-oracle-devel is earlier than 1:1.7.0.55-1jpp.1.el6_5 AND java-1.7.0-oracle-src is earlier than 1:1.7.0.55-1jpp.1.el6_5 AND java-1.7.0-oracle-javafx is earlier than 1:1.7.0.55-1jpp.1.el6_5 AND java-1.7.0-oracle-jdbc is earlier than 1:1.7.0.55-1jpp.1.el6_5 AND java-1.7.0-oracle is earlier than 1:1.7.0.55-1jpp.1.el6_5

Definition Id: oval:org.mitre.oval:def:23870

Oval ID:	oval:org.mitre.oval:def:23870
Title:	RHSA-2014:0486: java-1.7.0-ibm security update (Critical)
Description:	IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2014-0457, CVE-2014-2421, CVE-2014-0429, CVE-2014-0461, CVE-2014-0455, CVE-2014-2428, CVE-2014-0448, CVE-2014-0454, CVE-2014-0446, CVE-2014-0452, CVE-2014-0451, CVE-2014-2402, CVE-2014-2423, CVE-2014-2427, CVE-2014-0458, CVE-2014-2414, CVE-2014-2412, CVE-2014-2409, CVE-2014-0460, CVE-2013-6954, CVE-2013-6629, CVE-2014-2401, CVE-2014-0449, CVE-2014-0459, CVE-2014-0453, CVE-2014-2398, CVE-2014-1876, CVE-2014-2420) All users of java-1.7.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 7 SR7 release. All running instances of IBM Java must be restarted for the update to take effect.
Family:	unix	Class:	patch
Reference(s):	RHSA-2014:0486-00 CVE-2013-6629 CVE-2013-6954 CVE-2014-0429 CVE-2014-0446 CVE-2014-0448 CVE-2014-0449 CVE-2014-0451 CVE-2014-0452 CVE-2014-0453 CVE-2014-0454 CVE-2014-0455 CVE-2014-0457 CVE-2014-0458 CVE-2014-0459 CVE-2014-0460 CVE-2014-0461 CVE-2014-1876 CVE-2014-2398 CVE-2014-2401 CVE-2014-2402 CVE-2014-2409 CVE-2014-2412 CVE-2014-2414 CVE-2014-2420 CVE-2014-2421 CVE-2014-2423 CVE-2014-2427 CVE-2014-2428	Version:	3
Platform(s):	Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6	Product(s):	java-1.7.0-ibm
Definition Synopsis:
Operation system section The operating system installed on the system is Red Hat Enterprise Linux 5 Packages section java-1.7.0-ibm-demo is earlier than 1:1.7.0.7.0-1jpp.1.el5_10 AND java-1.7.0-ibm-src is earlier than 1:1.7.0.7.0-1jpp.1.el5_10 AND java-1.7.0-ibm-devel is earlier than 1:1.7.0.7.0-1jpp.1.el5_10 AND java-1.7.0-ibm is earlier than 1:1.7.0.7.0-1jpp.1.el5_10 AND java-1.7.0-ibm-plugin is earlier than 1:1.7.0.7.0-1jpp.1.el5_10 AND java-1.7.0-ibm-jdbc is earlier than 1:1.7.0.7.0-1jpp.1.el5_10 AND Operation system section The operating system installed on the system is Red Hat Enterprise Linux 6 Packages section java-1.7.0-ibm-demo is earlier than 1:1.7.0.7.0-1jpp.1.el6_5 AND java-1.7.0-ibm-src is earlier than 1:1.7.0.7.0-1jpp.1.el6_5 AND java-1.7.0-ibm-devel is earlier than 1:1.7.0.7.0-1jpp.1.el6_5 AND java-1.7.0-ibm is earlier than 1:1.7.0.7.0-1jpp.1.el6_5 AND java-1.7.0-ibm-plugin is earlier than 1:1.7.0.7.0-1jpp.1.el6_5 AND java-1.7.0-ibm-jdbc is earlier than 1:1.7.0.7.0-1jpp.1.el6_5

Definition Id: oval:org.mitre.oval:def:23968

Oval ID:	oval:org.mitre.oval:def:23968
Title:	DEPRECATED: ELSA-2014:0408: java-1.6.0-openjdk security and bug fix update (Important)
Description:	The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2014-0429) Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-0457, CVE-2014-0461) Multiple improper permission check issues were discovered in the AWT, JAX-WS, JAXB, Libraries, and Sound components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-0446, CVE-2014-2427) Multiple flaws were identified in the Java Naming and Directory Interface (JNDI) DNS client. These flaws could make it easier for a remote attacker to perform DNS spoofing attacks. (CVE-2014-0460) It was discovered that the JAXP component did not properly prevent access to arbitrary files when a SecurityManager was present. This flaw could cause a Java application using JAXP to leak sensitive information, or affect application availability. (CVE-2014-2403) It was discovered that the Security component in OpenJDK could leak some timing information when performing PKCS#1 unpadding. This could possibly lead to the disclosure of some information that was meant to be protected by encryption. (CVE-2014-0453) It was discovered that the fix for CVE-2013-5797 did not properly resolve input sanitization flaws in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting (XSS) attacks. (CVE-2014-2398) An insecure temporary file use flaw was found in the way the unpack200 utility created log files. A local attacker could possibly use this flaw to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running unpack200. (CVE-2014-1876) This update also fixes the following bug: * The OpenJDK update to IcedTea version 1.13 introduced a regression related to the handling of the jdk_version_info variable. This variable was not properly zeroed out before being passed to the Java Virtual Machine, resulting in a memory leak in the java.lang.ref.Finalizer class. This update fixes this issue, and memory leaks no longer occur. (BZ#1085373) All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
Family:	unix	Class:	patch
Reference(s):	ELSA-2014:0408-00 CVE-2014-0429 CVE-2014-0446 CVE-2014-0451 CVE-2014-0452 CVE-2014-0453 CVE-2014-0456 CVE-2014-0457 CVE-2014-0458 CVE-2014-0460 CVE-2014-0461 CVE-2014-1876 CVE-2014-2397 CVE-2014-2398 CVE-2014-2403 CVE-2014-2412 CVE-2014-2414 CVE-2014-2421 CVE-2014-2423 CVE-2014-2427	Version:	5
Platform(s):	Oracle Linux 5 Oracle Linux 6	Product(s):	java-1.6.0-openjdk
Definition Synopsis:
rpm test Oracle Linux 5.x AND rpm test java-1.6.0-openjdk-devel is earlier than 1:1.6.0.0-5.1.13.3.el5_10 AND java-1.6.0-openjdk is earlier than 1:1.6.0.0-5.1.13.3.el5_10 AND java-1.6.0-openjdk-demo is earlier than 1:1.6.0.0-5.1.13.3.el5_10 AND java-1.6.0-openjdk-javadoc is earlier than 1:1.6.0.0-5.1.13.3.el5_10 AND java-1.6.0-openjdk-src is earlier than 1:1.6.0.0-5.1.13.3.el5_10 OR rpm test Oracle Linux 6.x AND rpm test java-1.6.0-openjdk-devel is earlier than 1:1.6.0.0-5.1.13.3.el6_5 AND java-1.6.0-openjdk is earlier than 1:1.6.0.0-5.1.13.3.el6_5 AND java-1.6.0-openjdk-demo is earlier than 1:1.6.0.0-5.1.13.3.el6_5 AND java-1.6.0-openjdk-javadoc is earlier than 1:1.6.0.0-5.1.13.3.el6_5 AND java-1.6.0-openjdk-src is earlier than 1:1.6.0.0-5.1.13.3.el6_5

Definition Id: oval:org.mitre.oval:def:23985

Oval ID:	oval:org.mitre.oval:def:23985
Title:	ELSA-2014:0408: java-1.6.0-openjdk security and bug fix update (Important)
Description:	The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2014-0429) Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-0457, CVE-2014-0461) Multiple improper permission check issues were discovered in the AWT, JAX-WS, JAXB, Libraries, and Sound components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-0446, CVE-2014-2427) Multiple flaws were identified in the Java Naming and Directory Interface (JNDI) DNS client. These flaws could make it easier for a remote attacker to perform DNS spoofing attacks. (CVE-2014-0460) It was discovered that the JAXP component did not properly prevent access to arbitrary files when a SecurityManager was present. This flaw could cause a Java application using JAXP to leak sensitive information, or affect application availability. (CVE-2014-2403) It was discovered that the Security component in OpenJDK could leak some timing information when performing PKCS#1 unpadding. This could possibly lead to the disclosure of some information that was meant to be protected by encryption. (CVE-2014-0453) It was discovered that the fix for CVE-2013-5797 did not properly resolve input sanitization flaws in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting (XSS) attacks. (CVE-2014-2398) An insecure temporary file use flaw was found in the way the unpack200 utility created log files. A local attacker could possibly use this flaw to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running unpack200. (CVE-2014-1876) This update also fixes the following bug: * The OpenJDK update to IcedTea version 1.13 introduced a regression related to the handling of the jdk_version_info variable. This variable was not properly zeroed out before being passed to the Java Virtual Machine, resulting in a memory leak in the java.lang.ref.Finalizer class. This update fixes this issue, and memory leaks no longer occur. (BZ#1085373) All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
Family:	unix	Class:	patch
Reference(s):	ELSA-2014:0408-00 CVE-2014-0429 CVE-2014-0446 CVE-2014-0451 CVE-2014-0452 CVE-2014-0453 CVE-2014-0456 CVE-2014-0457 CVE-2014-0458 CVE-2014-0460 CVE-2014-0461 CVE-2014-1876 CVE-2014-2397 CVE-2014-2398 CVE-2014-2403 CVE-2014-2412 CVE-2014-2414 CVE-2014-2421 CVE-2014-2423 CVE-2014-2427	Version:	5
Platform(s):	Oracle Linux 5 Oracle Linux 6	Product(s):	java-1.6.0-openjdk
Definition Synopsis:
rpm test Oracle Linux 5.x AND rpm test java-1.6.0-openjdk-devel is earlier than 1:1.6.0.0-5.1.13.3.el5_10 AND java-1.6.0-openjdk is earlier than 1:1.6.0.0-5.1.13.3.el5_10 AND java-1.6.0-openjdk-demo is earlier than 1:1.6.0.0-5.1.13.3.el5_10 AND java-1.6.0-openjdk-javadoc is earlier than 1:1.6.0.0-5.1.13.3.el5_10 AND java-1.6.0-openjdk-src is earlier than 1:1.6.0.0-5.1.13.3.el5_10 OR rpm test Oracle Linux 6.x AND rpm test java-1.6.0-openjdk-devel is earlier than 1:1.6.0.0-5.1.13.3.el6_5 AND java-1.6.0-openjdk is earlier than 1:1.6.0.0-5.1.13.3.el6_5 AND java-1.6.0-openjdk-demo is earlier than 1:1.6.0.0-5.1.13.3.el6_5 AND java-1.6.0-openjdk-javadoc is earlier than 1:1.6.0.0-5.1.13.3.el6_5 AND java-1.6.0-openjdk-src is earlier than 1:1.6.0.0-5.1.13.3.el6_5

Definition Id: oval:org.mitre.oval:def:24013

Oval ID:	oval:org.mitre.oval:def:24013
Title:	Unspecified vulnerability in Oracle Java SE 7u51 and 8 allows remote attackers to affect availability via unknown vectors related to 2D
Description:	Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect availability via unknown vectors related to 2D.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2014-0459	Version:	4
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	Java Runtime Environment
Definition Synopsis:
Determine if the version of Java Runtime Environment equals 1.7.0:update_51 Determine if the version of Java Runtime Environment equals 1.7.0:update_51 AND Java SE Runtime Environment 7 is installed OR Determine if the version of Java Runtime Environment equals 1.8.0 Determine if the version of Java Runtime Environment equals 1.8.0 AND Java SE Runtime Environment 8 is installed

Definition Id: oval:org.mitre.oval:def:24169

Oval ID:	oval:org.mitre.oval:def:24169
Title:	Unspecified vulnerability in Oracle Java SE 7u51 and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment
Description:	Unspecified vulnerability in Oracle Java SE 7u51 and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2014-0448	Version:	3
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	Java Runtime Environment
Definition Synopsis:
Determine if the version of Java Runtime Environment equals 1.7.0:update_51 Determine if the version of Java Runtime Environment equals 1.7.0:update_51 AND Java SE Runtime Environment 7 is installed OR Determine if the version of Java Runtime Environment equals 1.8.0 Determine if the version of Java Runtime Environment equals 1.8.0 AND Java SE Runtime Environment 8 is installed

Definition Id: oval:org.mitre.oval:def:24201

Oval ID:	oval:org.mitre.oval:def:24201
Title:	Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and JRockit R27.8.1 and R28.3.1 allows remote authenticated users to affect integrity via unknown vectors related to Javadoc
Description:	Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and JRockit R27.8.1 and R28.3.1 allows remote authenticated users to affect integrity via unknown vectors related to Javadoc.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2014-2398	Version:	5
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	Java Runtime Environment JRockit JavaFX
Definition Synopsis:
Determine if the version of JRockit is less than R28.3.1 and is greater than or equal to R28.0.0 Determine if the version of JRockit equals R28.3.1 AND JRockit R28 is installed OR Determine if the version of JRockit is less than R27.8.1 and is greater than or equal to R27.0.0 Determine if the version of JRockit equals R27.8.1 AND JRockit R27 is installed OR Determine if the version of Java Runtime Environment is less than 1.5.0:update_51 and is greater than or equal to 1.5.0 Determine if the version of Java Runtime Environment equals 1.5.0:update_51 AND Java SE Runtime Environment 5 is installed OR Determine if the version of Java Runtime Environment is less than 1.6.0:update_71 and is greater than or equal to 1.6.0 Determine if the version of Java Runtime Environment equals 1.6.0:update_71 AND Java SE Runtime Environment 6 is installed OR Determine if the version of Java Runtime Environment is less than 1.7.0:update_51 and is greater than or equal to 1.7.0 Determine if the version of Java Runtime Environment equals 1.7.0:update_51 AND Java SE Runtime Environment 7 is installed OR Determine if the version of Java Runtime Environment equals 1.8.0 Determine if the version of Java Runtime Environment equals 1.8.0 AND Java SE Runtime Environment 8 is installed OR Determine if the version of JavaFX equals 2.2.51 Determine if the version of JavaFX is less than 2.2.51 (JRE 1.7.0:update_6 and later) AND JavaFX 2.x is installed

Definition Id: oval:org.mitre.oval:def:24226

Oval ID:	oval:org.mitre.oval:def:24226
Title:	Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8 allows remote attackers to affect integrity via unknown vectors related to Deployment
Description:	Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect integrity via unknown vectors related to Deployment.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2014-2420	Version:	4
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	Java Runtime Environment
Definition Synopsis:
Determine if the version of Java Runtime Environment is less than 1.6.0:update_71 and is greater than or equal to 1.6.0 Determine if the version of Java Runtime Environment equals 1.6.0:update_71 AND Java SE Runtime Environment 6 is installed OR Determine if the version of Java Runtime Environment is less than 1.7.0:update_51 and is greater than or equal to 1.7.0 Determine if the version of Java Runtime Environment equals 1.7.0:update_51 AND Java SE Runtime Environment 7 is installed OR Determine if the version of Java Runtime Environment equals 1.8.0 Determine if the version of Java Runtime Environment equals 1.8.0 AND Java SE Runtime Environment 8 is installed

Definition Id: oval:org.mitre.oval:def:24228

Oval ID:	oval:org.mitre.oval:def:24228
Title:	Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS
Description:	Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0452 and CVE-2014-2423.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2014-0458	Version:	4
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	Java Runtime Environment
Definition Synopsis:
Determine if the version of Java Runtime Environment equals 1.6.0:update_71 Determine if the version of Java Runtime Environment equals 1.6.0:update_71 AND Java SE Runtime Environment 6 is installed OR Determine if the version of Java Runtime Environment equals 1.7.0:update_51 Determine if the version of Java Runtime Environment equals 1.7.0:update_51 AND Java SE Runtime Environment 7 is installed OR Determine if the version of Java Runtime Environment equals 1.8.0 Determine if the version of Java Runtime Environment equals 1.8.0 AND Java SE Runtime Environment 8 is installed

Definition Id: oval:org.mitre.oval:def:24276

Oval ID:	oval:org.mitre.oval:def:24276
Title:	ELSA-2014:0406: java-1.7.0-openjdk security update (Critical)
Description:	The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2014-0429) Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-0457, CVE-2014-0455, CVE-2014-0461) Multiple improper permission check issues were discovered in the AWT, JAX-WS, JAXB, Libraries, Security, Sound, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-2402, CVE-2014-0446, CVE-2014-2413, CVE-2014-0454, CVE-2014-2427, CVE-2014-0459) Multiple flaws were identified in the Java Naming and Directory Interface (JNDI) DNS client. These flaws could make it easier for a remote attacker to perform DNS spoofing attacks. (CVE-2014-0460) It was discovered that the JAXP component did not properly prevent access to arbitrary files when a SecurityManager was present. This flaw could cause a Java application using JAXP to leak sensitive information, or affect application availability. (CVE-2014-2403) It was discovered that the Security component in OpenJDK could leak some timing information when performing PKCS#1 unpadding. This could possibly lead to the disclosure of some information that was meant to be protected by encryption. (CVE-2014-0453) It was discovered that the fix for CVE-2013-5797 did not properly resolve input sanitization flaws in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting (XSS) attacks. (CVE-2014-2398) An insecure temporary file use flaw was found in the way the unpack200 utility created log files. A local attacker could possibly use this flaw to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running unpack200. (CVE-2014-1876) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
Family:	unix	Class:	patch
Reference(s):	ELSA-2014:0406-00 CVE-2014-0429 CVE-2014-0446 CVE-2014-0451 CVE-2014-0452 CVE-2014-0453 CVE-2014-0454 CVE-2014-0455 CVE-2014-0456 CVE-2014-0457 CVE-2014-0458 CVE-2014-0459 CVE-2014-0460 CVE-2014-0461 CVE-2014-1876 CVE-2014-2397 CVE-2014-2398 CVE-2014-2402 CVE-2014-2403 CVE-2014-2412 CVE-2014-2413 CVE-2014-2414 CVE-2014-2421 CVE-2014-2423 CVE-2014-2427	Version:	5
Platform(s):	Oracle Linux 6	Product(s):	java-1.7.0-openjdk
Definition Synopsis:
Oracle Linux 6.x rpm test java-1.7.0-openjdk-demo is earlier than 1:1.7.0.55-2.4.7.1.el6_5 AND java-1.7.0-openjdk-devel is earlier than 1:1.7.0.55-2.4.7.1.el6_5 AND java-1.7.0-openjdk-src is earlier than 1:1.7.0.55-2.4.7.1.el6_5 AND java-1.7.0-openjdk-javadoc is earlier than 1:1.7.0.55-2.4.7.1.el6_5 AND java-1.7.0-openjdk is earlier than 1:1.7.0.55-2.4.7.1.el6_5

Definition Id: oval:org.mitre.oval:def:24307

Oval ID:	oval:org.mitre.oval:def:24307
Title:	Unspecified vulnerability in Oracle Java SE 8 allows remote attackers to affect confidentiality via unknown vectors related to Scripting
Description:	Unspecified vulnerability in Oracle Java SE 8 allows remote attackers to affect confidentiality via unknown vectors related to Scripting, a different vulnerability than CVE-2014-0463.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2014-0464	Version:	3
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	Java Runtime Environment
Definition Synopsis:
Determine if the version of Java Runtime Environment equals 1.8.0 AND Java SE Runtime Environment 8 is installed

Definition Id: oval:org.mitre.oval:def:24366

Oval ID:	oval:org.mitre.oval:def:24366
Title:	Unspecified vulnerability in Oracle Java SE 7u51 and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries
Description:	Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-0432 and CVE-2014-0455.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2014-2402	Version:	4
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	Java Runtime Environment
Definition Synopsis:
Determine if the version of Java Runtime Environment equals 1.7.0:update_51 Determine if the version of Java Runtime Environment equals 1.7.0:update_51 AND Java SE Runtime Environment 7 is installed OR Determine if the version of Java Runtime Environment equals 1.8.0 Determine if the version of Java Runtime Environment equals 1.8.0 AND Java SE Runtime Environment 8 is installed

Definition Id: oval:org.mitre.oval:def:24376

Oval ID:	oval:org.mitre.oval:def:24376
Title:	Unspecified vulnerability in Oracle Java SE 7u51 and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot
Description:	Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2014-2397	Version:	4
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	Java Runtime Environment
Definition Synopsis:
Determine if the version of Java Runtime Environment equals 1.7.0:update_51 Determine if the version of Java Runtime Environment equals 1.7.0:update_51 AND Java SE Runtime Environment 7 is installed OR Determine if the version of Java Runtime Environment equals 1.8.0 Determine if the version of Java Runtime Environment equals 1.8.0 AND Java SE Runtime Environment 8 is installed

Definition Id: oval:org.mitre.oval:def:24411

Oval ID:	oval:org.mitre.oval:def:24411
Title:	ELSA-2014:0412: java-1.7.0-oracle security update (Critical)
Description:	Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2013-6629, CVE-2013-6954, CVE-2014-0429, CVE-2014-0432, CVE-2014-0446, CVE-2014-0448, CVE-2014-0449, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0454, CVE-2014-0455, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458, CVE-2014-0459, CVE-2014-0460, CVE-2014-0461, CVE-2014-1876, CVE-2014-2397, CVE-2014-2398, CVE-2014-2401, CVE-2014-2402, CVE-2014-2403, CVE-2014-2409, CVE-2014-2412, CVE-2014-2413, CVE-2014-2414, CVE-2014-2420, CVE-2014-2421, CVE-2014-2422, CVE-2014-2423, CVE-2014-2427, CVE-2014-2428) All users of java-1.7.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 7 Update 55 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect.
Family:	unix	Class:	patch
Reference(s):	ELSA-2014:0412-00 CVE-2013-6629 CVE-2013-6954 CVE-2014-0429 CVE-2014-0432 CVE-2014-0446 CVE-2014-0448 CVE-2014-0449 CVE-2014-0451 CVE-2014-0452 CVE-2014-0453 CVE-2014-0454 CVE-2014-0455 CVE-2014-0456 CVE-2014-0457 CVE-2014-0458 CVE-2014-0459 CVE-2014-0460 CVE-2014-0461 CVE-2014-1876 CVE-2014-2397 CVE-2014-2398 CVE-2014-2401 CVE-2014-2402 CVE-2014-2403 CVE-2014-2409 CVE-2014-2412 CVE-2014-2413 CVE-2014-2414 CVE-2014-2420 CVE-2014-2421 CVE-2014-2422 CVE-2014-2423 CVE-2014-2427 CVE-2014-2428	Version:	5
Platform(s):	Oracle Linux 6 Oracle Linux 5	Product(s):	java-1.7.0-oracle
Definition Synopsis:
rpm test Oracle Linux 5.x AND rpm test java-1.7.0-oracle-plugin is earlier than 1:1.7.0.55-1jpp.2.el5_10 AND java-1.7.0-oracle-devel is earlier than 1:1.7.0.55-1jpp.2.el5_10 AND java-1.7.0-oracle-src is earlier than 1:1.7.0.55-1jpp.2.el5_10 AND java-1.7.0-oracle-javafx is earlier than 1:1.7.0.55-1jpp.2.el5_10 AND java-1.7.0-oracle-jdbc is earlier than 1:1.7.0.55-1jpp.2.el5_10 AND java-1.7.0-oracle is earlier than 1:1.7.0.55-1jpp.2.el5_10 OR rpm test Oracle Linux 6.x AND rpm test java-1.7.0-oracle-plugin is earlier than 1:1.7.0.55-1jpp.1.el6_5 AND java-1.7.0-oracle-devel is earlier than 1:1.7.0.55-1jpp.1.el6_5 AND java-1.7.0-oracle-src is earlier than 1:1.7.0.55-1jpp.1.el6_5 AND java-1.7.0-oracle-javafx is earlier than 1:1.7.0.55-1jpp.1.el6_5 AND java-1.7.0-oracle-jdbc is earlier than 1:1.7.0.55-1jpp.1.el6_5 AND java-1.7.0-oracle is earlier than 1:1.7.0.55-1jpp.1.el6_5

Definition Id: oval:org.mitre.oval:def:24440

Oval ID:	oval:org.mitre.oval:def:24440
Title:	RHSA-2014:0889: java-1.7.0-openjdk security update (Critical)
Description:	The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. (CVE-2014-4216, CVE-2014-4219) A format string flaw was discovered in the Hotspot component event logger in OpenJDK. An untrusted Java application or applet could use this flaw to crash the Java Virtual Machine or, potentially, execute arbitrary code with the privileges of the Java Virtual Machine. (CVE-2014-2490) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-4223, CVE-2014-4262, CVE-2014-2483) Multiple flaws were discovered in the JMX, Libraries, Security, and Serviceability components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-4209, CVE-2014-4218, CVE-2014-4221, CVE-2014-4252, CVE-2014-4266) It was discovered that the RSA algorithm in the Security component in OpenJDK did not sufficiently perform blinding while performing operations that were using private keys. An attacker able to measure timing differences of those operations could possibly leak information about the used keys. (CVE-2014-4244) The Diffie-Hellman (DH) key exchange algorithm implementation in the Security component in OpenJDK failed to validate public DH parameters properly. This could cause OpenJDK to accept and use weak parameters, allowing an attacker to recover the negotiated key. (CVE-2014-4263) The CVE-2014-4262 issue was discovered by Florian Weimer of Red Hat Product Security. Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
Family:	unix	Class:	patch
Reference(s):	RHSA-2014:0889-00 CESA-2014:0889 CVE-2014-2483 CVE-2014-2490 CVE-2014-4209 CVE-2014-4216 CVE-2014-4218 CVE-2014-4219 CVE-2014-4221 CVE-2014-4223 CVE-2014-4244 CVE-2014-4252 CVE-2014-4262 CVE-2014-4263 CVE-2014-4266	Version:	3
Platform(s):	Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 CentOS Linux 6 CentOS Linux 7	Product(s):	java-1.7.0-openjdk
Definition Synopsis:
Operation system section Redhat 6 or Centos 6 release The operating system installed on the system is Red Hat Enterprise Linux 6 AND The operating system installed on the system is CentOS Linux 6.x Packages section java-1.7.0-openjdk is earlier than 1:1.7.0.65-2.5.1.2.el6_5 AND java-1.7.0-openjdk-demo is earlier than 1:1.7.0.65-2.5.1.2.el6_5 AND java-1.7.0-openjdk-devel is earlier than 1:1.7.0.65-2.5.1.2.el6_5 AND java-1.7.0-openjdk-javadoc is earlier than 1:1.7.0.65-2.5.1.2.el6_5 AND java-1.7.0-openjdk-src is earlier than 1:1.7.0.65-2.5.1.2.el6_5 AND Operation system section Redhat 7 or Centos 7 release The operating system installed on the system is Red Hat Enterprise Linux 7 AND The operating system installed on the system is CentOS Linux 7.x Packages section java-1.7.0-openjdk is earlier than 1:1.7.0.65-2.5.1.2.el7_0 AND java-1.7.0-openjdk-accessibility is earlier than 1:1.7.0.65-2.5.1.2.el7_0 AND java-1.7.0-openjdk-demo is earlier than 1:1.7.0.65-2.5.1.2.el7_0 AND java-1.7.0-openjdk-devel is earlier than 1:1.7.0.65-2.5.1.2.el7_0 AND java-1.7.0-openjdk-headless is earlier than 1:1.7.0.65-2.5.1.2.el7_0 AND java-1.7.0-openjdk-javadoc is earlier than 1:1.7.0.65-2.5.1.2.el7_0 AND java-1.7.0-openjdk-src is earlier than 1:1.7.0.65-2.5.1.2.el7_0

Definition Id: oval:org.mitre.oval:def:24441

Oval ID:	oval:org.mitre.oval:def:24441
Title:	Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security
Description:	Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2014-0453	Version:	6
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	Java Runtime Environment JRockit
Definition Synopsis:
Determine if the version of JRockit is less than R28.3.1 and is greater than or equal to R28.0.0 Determine if the version of JRockit equals R28.3.1 AND JRockit R28 is installed OR Determine if the version of JRockit is less than R27.8.1 and is greater than or equal to R27.0.0 Determine if the version of JRockit equals R27.8.1 AND JRockit R27 is installed OR Determine if the version of Java Runtime Environment is less than 1.5.0:update_51 and is greater than or equal to 1.5.0 Determine if the version of Java Runtime Environment equals 1.5.0:update_51 AND Java SE Runtime Environment 5 is installed OR Determine if the version of Java Runtime Environment is less than 1.6.0:update_71 and is greater than or equal to 1.6.0 Determine if the version of Java Runtime Environment equals 1.6.0:update_71 AND Java SE Runtime Environment 6 is installed OR Determine if the version of Java Runtime Environment is less than 1.7.0:update_51 and is greater than or equal to 1.7.0 Determine if the version of Java Runtime Environment equals 1.7.0:update_51 AND Java SE Runtime Environment 7 is installed OR Determine if the version of Java Runtime Environment equals 1.8.0 Determine if the version of Java Runtime Environment equals 1.8.0 AND Java SE Runtime Environment 8 is installed

Definition Id: oval:org.mitre.oval:def:24444

Oval ID:	oval:org.mitre.oval:def:24444
Title:	RHSA-2014:0408: java-1.6.0-openjdk security and bug fix update (Important)
Description:	The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2014-0429) Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-0457, CVE-2014-0461) Multiple improper permission check issues were discovered in the AWT, JAX-WS, JAXB, Libraries, and Sound components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-0446, CVE-2014-2427) Multiple flaws were identified in the Java Naming and Directory Interface (JNDI) DNS client. These flaws could make it easier for a remote attacker to perform DNS spoofing attacks. (CVE-2014-0460) It was discovered that the JAXP component did not properly prevent access to arbitrary files when a SecurityManager was present. This flaw could cause a Java application using JAXP to leak sensitive information, or affect application availability. (CVE-2014-2403) It was discovered that the Security component in OpenJDK could leak some timing information when performing PKCS#1 unpadding. This could possibly lead to the disclosure of some information that was meant to be protected by encryption. (CVE-2014-0453) It was discovered that the fix for CVE-2013-5797 did not properly resolve input sanitization flaws in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting (XSS) attacks. (CVE-2014-2398) An insecure temporary file use flaw was found in the way the unpack200 utility created log files. A local attacker could possibly use this flaw to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running unpack200. (CVE-2014-1876) This update also fixes the following bug: * The OpenJDK update to IcedTea version 1.13 introduced a regression related to the handling of the jdk_version_info variable. This variable was not properly zeroed out before being passed to the Java Virtual Machine, resulting in a memory leak in the java.lang.ref.Finalizer class. This update fixes this issue, and memory leaks no longer occur. (BZ#1085373) All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
Family:	unix	Class:	patch
Reference(s):	RHSA-2014:0408-00 CESA-2014:0408 CVE-2014-0429 CVE-2014-0446 CVE-2014-0451 CVE-2014-0452 CVE-2014-0453 CVE-2014-0456 CVE-2014-0457 CVE-2014-0458 CVE-2014-0460 CVE-2014-0461 CVE-2014-1876 CVE-2014-2397 CVE-2014-2398 CVE-2014-2403 CVE-2014-2412 CVE-2014-2414 CVE-2014-2421 CVE-2014-2423 CVE-2014-2427	Version:	3
Platform(s):	Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 CentOS Linux 5 CentOS Linux 6	Product(s):	java-1.6.0-openjdk
Definition Synopsis:
Operation system section Redhat 5 or Centos 5 release The operating system installed on the system is Red Hat Enterprise Linux 5 AND The operating system installed on the system is CentOS Linux 5.x Packages section java-1.6.0-openjdk-devel is earlier than 1:1.6.0.0-5.1.13.3.el5_10 AND java-1.6.0-openjdk is earlier than 1:1.6.0.0-5.1.13.3.el5_10 AND java-1.6.0-openjdk-demo is earlier than 1:1.6.0.0-5.1.13.3.el5_10 AND java-1.6.0-openjdk-javadoc is earlier than 1:1.6.0.0-5.1.13.3.el5_10 AND java-1.6.0-openjdk-src is earlier than 1:1.6.0.0-5.1.13.3.el5_10 AND Operation system section Redhat 6 or Centos 6 release The operating system installed on the system is Red Hat Enterprise Linux 6 AND The operating system installed on the system is CentOS Linux 6.x Packages section java-1.6.0-openjdk-devel is earlier than 1:1.6.0.0-5.1.13.3.el6_5 AND java-1.6.0-openjdk is earlier than 1:1.6.0.0-5.1.13.3.el6_5 AND java-1.6.0-openjdk-demo is earlier than 1:1.6.0.0-5.1.13.3.el6_5 AND java-1.6.0-openjdk-javadoc is earlier than 1:1.6.0.0-5.1.13.3.el6_5 AND java-1.6.0-openjdk-src is earlier than 1:1.6.0.0-5.1.13.3.el6_5

Definition Id: oval:org.mitre.oval:def:24446

Oval ID:	oval:org.mitre.oval:def:24446
Title:	RHSA-2014:0508: java-1.6.0-ibm security update (Critical)
Description:	IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2014-0457, CVE-2014-2421, CVE-2014-0429, CVE-2014-0461, CVE-2014-2428, CVE-2014-0446, CVE-2014-0452, CVE-2014-0451, CVE-2014-2423, CVE-2014-2427, CVE-2014-0458, CVE-2014-2414, CVE-2014-2412, CVE-2014-2409, CVE-2014-0460, CVE-2013-6954, CVE-2013-6629, CVE-2014-2401, CVE-2014-0449, CVE-2014-0453, CVE-2014-2398, CVE-2014-1876, CVE-2014-2420) All users of java-1.6.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 6 SR16 release. All running instances of IBM Java must be restarted for the update to take effect.
Family:	unix	Class:	patch
Reference(s):	RHSA-2014:0508-00 CVE-2013-6629 CVE-2013-6954 CVE-2014-0429 CVE-2014-0446 CVE-2014-0449 CVE-2014-0451 CVE-2014-0452 CVE-2014-0453 CVE-2014-0457 CVE-2014-0458 CVE-2014-0460 CVE-2014-0461 CVE-2014-1876 CVE-2014-2398 CVE-2014-2401 CVE-2014-2409 CVE-2014-2412 CVE-2014-2414 CVE-2014-2420 CVE-2014-2421 CVE-2014-2423 CVE-2014-2427 CVE-2014-2428	Version:	3
Platform(s):	Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6	Product(s):	java-1.6.0-ibm
Definition Synopsis:
Operation system section The operating system installed on the system is Red Hat Enterprise Linux 5 Packages section java-1.6.0-ibm-javacomm is earlier than 1:1.6.0.16.0-1jpp.1.el5_10 AND java-1.6.0-ibm is earlier than 1:1.6.0.16.0-1jpp.1.el5_10 AND java-1.6.0-ibm-plugin is earlier than 1:1.6.0.16.0-1jpp.1.el5_10 AND java-1.6.0-ibm-demo is earlier than 1:1.6.0.16.0-1jpp.1.el5_10 AND java-1.6.0-ibm-devel is earlier than 1:1.6.0.16.0-1jpp.1.el5_10 AND java-1.6.0-ibm-src is earlier than 1:1.6.0.16.0-1jpp.1.el5_10 AND java-1.6.0-ibm-accessibility is earlier than 1:1.6.0.16.0-1jpp.1.el5_10 AND java-1.6.0-ibm-jdbc is earlier than 1:1.6.0.16.0-1jpp.1.el5_10 AND Operation system section The operating system installed on the system is Red Hat Enterprise Linux 6 Packages section java-1.6.0-ibm-javacomm is earlier than 1:1.6.0.16.0-1jpp.1.el6_5 AND java-1.6.0-ibm is earlier than 1:1.6.0.16.0-1jpp.1.el6_5 AND java-1.6.0-ibm-plugin is earlier than 1:1.6.0.16.0-1jpp.1.el6_5 AND java-1.6.0-ibm-demo is earlier than 1:1.6.0.16.0-1jpp.1.el6_5 AND java-1.6.0-ibm-devel is earlier than 1:1.6.0.16.0-1jpp.1.el6_5 AND java-1.6.0-ibm-src is earlier than 1:1.6.0.16.0-1jpp.1.el6_5 AND java-1.6.0-ibm-jdbc is earlier than 1:1.6.0.16.0-1jpp.1.el6_5

Definition Id: oval:org.mitre.oval:def:24471

Oval ID:	oval:org.mitre.oval:def:24471
Title:	Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51 allows remote attackers to affect confidentiality via unknown vectors related to 2D
Description:	Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality via unknown vectors related to 2D.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2014-2401	Version:	6
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	Java Runtime Environment JavaFX
Definition Synopsis:
Determine if the version of Java Runtime Environment equals 1.5.0:update_51 Determine if the version of Java Runtime Environment equals 1.5.0:update_51 AND Java SE Runtime Environment 5 is installed OR Determine if the version of Java Runtime Environment equals 1.6.0:update_71 Determine if the version of Java Runtime Environment equals 1.6.0:update_71 AND Java SE Runtime Environment 6 is installed OR Determine if the version of Java Runtime Environment equals 1.7.0:update_51 Determine if the version of Java Runtime Environment equals 1.7.0:update_51 AND Java SE Runtime Environment 7 is installed OR Determine if the version of Java Runtime Environment equals 1.8.0 Determine if the version of Java Runtime Environment equals 1.8.0 AND Java SE Runtime Environment 8 is installed OR Determine if the version of JavaFX equals 2.2.51 Determine if the version of JavaFX is less than 2.2.51 (JRE 1.7.0:update_6 and later) AND JavaFX 2.x is installed

Definition Id: oval:org.mitre.oval:def:24482

Oval ID:	oval:org.mitre.oval:def:24482
Title:	Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D
Description:	Unspecified vulnerability in Oracle Java SE 5.0u61, SE 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2014-0457	Version:	6
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	Java Runtime Environment JavaFX
Definition Synopsis:
Determine if the version of Java Runtime Environment equals 1.5.0:update_51 Determine if the version of Java Runtime Environment equals 1.5.0:update_51 AND Java SE Runtime Environment 5 is installed OR Determine if the version of Java Runtime Environment equals 1.6.0:update_71 Determine if the version of Java Runtime Environment equals 1.6.0:update_71 AND Java SE Runtime Environment 6 is installed OR Determine if the version of Java Runtime Environment equals 1.7.0:update_51 Determine if the version of Java Runtime Environment equals 1.7.0:update_51 AND Java SE Runtime Environment 7 is installed OR Determine if the version of Java Runtime Environment equals 1.8.0 Determine if the version of Java Runtime Environment equals 1.8.0 AND Java SE Runtime Environment 8 is installed OR Determine if the version of JavaFX equals 2.2.51 Determine if the version of JavaFX is less than 2.2.51 (JRE 1.7.0:update_6 and later) AND JavaFX 2.x is installed

Definition Id: oval:org.mitre.oval:def:24489

Oval ID:	oval:org.mitre.oval:def:24489
Title:	RHSA-2014:0412: java-1.7.0-oracle security update (Critical)
Description:	Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2013-6629, CVE-2013-6954, CVE-2014-0429, CVE-2014-0432, CVE-2014-0446, CVE-2014-0448, CVE-2014-0449, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0454, CVE-2014-0455, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458, CVE-2014-0459, CVE-2014-0460, CVE-2014-0461, CVE-2014-1876, CVE-2014-2397, CVE-2014-2398, CVE-2014-2401, CVE-2014-2402, CVE-2014-2403, CVE-2014-2409, CVE-2014-2412, CVE-2014-2413, CVE-2014-2414, CVE-2014-2420, CVE-2014-2421, CVE-2014-2422, CVE-2014-2423, CVE-2014-2427, CVE-2014-2428) All users of java-1.7.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 7 Update 55 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect.
Family:	unix	Class:	patch
Reference(s):	RHSA-2014:0412-00 CVE-2013-6629 CVE-2013-6954 CVE-2014-0429 CVE-2014-0432 CVE-2014-0446 CVE-2014-0448 CVE-2014-0449 CVE-2014-0451 CVE-2014-0452 CVE-2014-0453 CVE-2014-0454 CVE-2014-0455 CVE-2014-0456 CVE-2014-0457 CVE-2014-0458 CVE-2014-0459 CVE-2014-0460 CVE-2014-0461 CVE-2014-1876 CVE-2014-2397 CVE-2014-2398 CVE-2014-2401 CVE-2014-2402 CVE-2014-2403 CVE-2014-2409 CVE-2014-2412 CVE-2014-2413 CVE-2014-2414 CVE-2014-2420 CVE-2014-2421 CVE-2014-2422 CVE-2014-2423 CVE-2014-2427 CVE-2014-2428	Version:	3
Platform(s):	Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 5	Product(s):	java-1.7.0-oracle
Definition Synopsis:
Operation system section The operating system installed on the system is Red Hat Enterprise Linux 5 Packages section java-1.7.0-oracle-plugin is earlier than 1:1.7.0.55-1jpp.2.el5_10 AND java-1.7.0-oracle-devel is earlier than 1:1.7.0.55-1jpp.2.el5_10 AND java-1.7.0-oracle-src is earlier than 1:1.7.0.55-1jpp.2.el5_10 AND java-1.7.0-oracle-javafx is earlier than 1:1.7.0.55-1jpp.2.el5_10 AND java-1.7.0-oracle-jdbc is earlier than 1:1.7.0.55-1jpp.2.el5_10 AND java-1.7.0-oracle is earlier than 1:1.7.0.55-1jpp.2.el5_10 AND Operation system section The operating system installed on the system is Red Hat Enterprise Linux 6 Packages section java-1.7.0-oracle-plugin is earlier than 1:1.7.0.55-1jpp.1.el6_5 AND java-1.7.0-oracle-devel is earlier than 1:1.7.0.55-1jpp.1.el6_5 AND java-1.7.0-oracle-src is earlier than 1:1.7.0.55-1jpp.1.el6_5 AND java-1.7.0-oracle-javafx is earlier than 1:1.7.0.55-1jpp.1.el6_5 AND java-1.7.0-oracle-jdbc is earlier than 1:1.7.0.55-1jpp.1.el6_5 AND java-1.7.0-oracle is earlier than 1:1.7.0.55-1jpp.1.el6_5

Definition Id: oval:org.mitre.oval:def:24495

Oval ID:	oval:org.mitre.oval:def:24495
Title:	USN-2191-1 -- openjdk-6 vulnerabilities
Description:	Several security issues were fixed in OpenJDK 6.
Family:	unix	Class:	patch
Reference(s):	USN-2191-1 CVE-2014-0429 CVE-2014-0446 CVE-2014-0451 CVE-2014-0452 CVE-2014-0456 CVE-2014-0457 CVE-2014-0458 CVE-2014-0461 CVE-2014-0462 CVE-2014-2397 CVE-2014-2405 CVE-2014-2412 CVE-2014-2414 CVE-2014-2421 CVE-2014-2423 CVE-2014-2427 CVE-2014-0453 CVE-2014-0460 CVE-2014-0459 CVE-2014-1876 CVE-2014-2398 CVE-2014-2403	Version:	5
Platform(s):	Ubuntu 12.04 Ubuntu 10.04	Product(s):	openjdk-6
Definition Synopsis:
Ubuntu 12.04 release section Ubuntu 12.04 is installed Packages match section icedtea-6-jre-cacao DPKG is earlier than 0:6b31-1.13.3-1ubuntu1~0.12.04.2 AND icedtea-6-jre-jamvm DPKG is earlier than 0:6b31-1.13.3-1ubuntu1~0.12.04.2 AND openjdk-6-jre DPKG is earlier than 0:6b31-1.13.3-1ubuntu1~0.12.04.2 AND openjdk-6-jre-headless DPKG is earlier than 0:6b31-1.13.3-1ubuntu1~0.12.04.2 AND openjdk-6-jre-lib DPKG is earlier than 0:6b31-1.13.3-1ubuntu1~0.12.04.2 AND openjdk-6-jre-zero DPKG is earlier than 0:6b31-1.13.3-1ubuntu1~0.12.04.2 AND Ubuntu 10.04 release section Ubuntu 10.04 is installed Packages match section icedtea-6-jre-cacao DPKG is earlier than 0:6b31-1.13.3-1ubuntu1~0.10.04.1 AND openjdk-6-jre DPKG is earlier than 0:6b31-1.13.3-1ubuntu1~0.10.04.1 AND openjdk-6-jre-headless DPKG is earlier than 0:6b31-1.13.3-1ubuntu1~0.10.04.1 AND openjdk-6-jre-lib DPKG is earlier than 0:6b31-1.13.3-1ubuntu1~0.10.04.1 AND openjdk-6-jre-zero DPKG is earlier than 0:6b31-1.13.3-1ubuntu1~0.10.04.1

Definition Id: oval:org.mitre.oval:def:24502

Oval ID:	oval:org.mitre.oval:def:24502
Title:	Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries
Description:	Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2014-0446	Version:	6
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	Java Runtime Environment
Definition Synopsis:
Determine if the version of Java Runtime Environment equals 1.5.0:update_51 Determine if the version of Java Runtime Environment equals 1.5.0:update_51 AND Java SE Runtime Environment 5 is installed OR Determine if the version of Java Runtime Environment equals 1.6.0:update_71 Determine if the version of Java Runtime Environment equals 1.6.0:update_71 AND Java SE Runtime Environment 6 is installed OR Determine if the version of Java Runtime Environment equals 1.7.0:update_51 Determine if the version of Java Runtime Environment equals 1.7.0:update_51 AND Java SE Runtime Environment 7 is installed OR Determine if the version of Java Runtime Environment equals 1.8.0 Determine if the version of Java Runtime Environment equals 1.8.0 AND Java SE Runtime Environment 8 is installed

Definition Id: oval:org.mitre.oval:def:24505

Oval ID:	oval:org.mitre.oval:def:24505
Title:	USN-2187-1 -- openjdk-7 vulnerabilities
Description:	Several security issues were fixed in OpenJDK 7.
Family:	unix	Class:	patch
Reference(s):	USN-2187-1 CVE-2014-0429 CVE-2014-0446 CVE-2014-0451 CVE-2014-0452 CVE-2014-0454 CVE-2014-0455 CVE-2014-0456 CVE-2014-0457 CVE-2014-0458 CVE-2014-0461 CVE-2014-2397 CVE-2014-2402 CVE-2014-2412 CVE-2014-2414 CVE-2014-2421 CVE-2014-2423 CVE-2014-2427 CVE-2014-0453 CVE-2014-0460 CVE-2014-0459 CVE-2014-1876 CVE-2014-2398 CVE-2014-2413 CVE-2014-2403	Version:	5
Platform(s):	Ubuntu 14.04 Ubuntu 13.10 Ubuntu 12.10	Product(s):	openjdk-7
Definition Synopsis:
Ubuntu 14.04 release section Ubuntu 14.04 is installed Packages match section icedtea-7-jre-jamvm DPKG is earlier than 0:7u55-2.4.7-1ubuntu1 AND openjdk-7-jre DPKG is earlier than 0:7u55-2.4.7-1ubuntu1 AND openjdk-7-jre-headless DPKG is earlier than 0:7u55-2.4.7-1ubuntu1 AND openjdk-7-jre-lib DPKG is earlier than 0:7u55-2.4.7-1ubuntu1 AND openjdk-7-jre-zero DPKG is earlier than 0:7u55-2.4.7-1ubuntu1 AND Ubuntu 13.10 release section Ubuntu 13.10 is installed Packages match section icedtea-7-jre-jamvm DPKG is earlier than 0:7u55-2.4.7-1ubuntu1~0.13.10.1 AND openjdk-7-jre DPKG is earlier than 0:7u55-2.4.7-1ubuntu1~0.13.10.1 AND openjdk-7-jre-headless DPKG is earlier than 0:7u55-2.4.7-1ubuntu1~0.13.10.1 AND openjdk-7-jre-lib DPKG is earlier than 0:7u55-2.4.7-1ubuntu1~0.13.10.1 AND openjdk-7-jre-zero DPKG is earlier than 0:7u55-2.4.7-1ubuntu1~0.13.10.1 AND Ubuntu 12.10 release section Ubuntu 12.10 is installed Packages match section icedtea-7-jre-cacao DPKG is earlier than 0:7u55-2.4.7-1ubuntu1~0.12.10.1 AND icedtea-7-jre-jamvm DPKG is earlier than 0:7u55-2.4.7-1ubuntu1~0.12.10.1 AND openjdk-7-jre DPKG is earlier than 0:7u55-2.4.7-1ubuntu1~0.12.10.1 AND openjdk-7-jre-headless DPKG is earlier than 0:7u55-2.4.7-1ubuntu1~0.12.10.1 AND openjdk-7-jre-lib DPKG is earlier than 0:7u55-2.4.7-1ubuntu1~0.12.10.1 AND openjdk-7-jre-zero DPKG is earlier than 0:7u55-2.4.7-1ubuntu1~0.12.10.1

Definition Id: oval:org.mitre.oval:def:24510

Oval ID:	oval:org.mitre.oval:def:24510
Title:	Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound
Description:	Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2014-2427	Version:	6
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	Java Runtime Environment
Definition Synopsis:
Determine if the version of Java Runtime Environment equals 1.5.0:update_51 Determine if the version of Java Runtime Environment equals 1.5.0:update_51 AND Java SE Runtime Environment 5 is installed OR Determine if the version of Java Runtime Environment equals 1.6.0:update_71 Determine if the version of Java Runtime Environment equals 1.6.0:update_71 AND Java SE Runtime Environment 6 is installed OR Determine if the version of Java Runtime Environment equals 1.7.0:update_51 Determine if the version of Java Runtime Environment equals 1.7.0:update_51 AND Java SE Runtime Environment 7 is installed OR Determine if the version of Java Runtime Environment equals 1.8.0 Determine if the version of Java Runtime Environment equals 1.8.0 AND Java SE Runtime Environment 8 is installed

Definition Id: oval:org.mitre.oval:def:24513

Oval ID:	oval:org.mitre.oval:def:24513
Title:	Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8 allows remote attackers to affect confidentiality via unknown vectors related to Deployment
Description:	Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality via unknown vectors related to Deployment.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2014-0449	Version:	4
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	Java Runtime Environment
Definition Synopsis:
Determine if the version of Java Runtime Environment equals 1.6.0:update_71 Determine if the version of Java Runtime Environment equals 1.6.0:update_71 AND Java SE Runtime Environment 6 is installed OR Determine if the version of Java Runtime Environment equals 1.7.0:update_51 Determine if the version of Java Runtime Environment equals 1.7.0:update_51 AND Java SE Runtime Environment 7 is installed OR Determine if the version of Java Runtime Environment equals 1.8.0 Determine if the version of Java Runtime Environment equals 1.8.0 AND Java SE Runtime Environment 8 is installed

Definition Id: oval:org.mitre.oval:def:24518

Oval ID:	oval:org.mitre.oval:def:24518
Title:	Unspecified vulnerability in Oracle Java SE 7u51 and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries
Description:	Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-0432 and CVE-2014-2402.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2014-0455	Version:	4
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	Java Runtime Environment
Definition Synopsis:
Determine if the version of Java Runtime Environment equals 1.7.0:update_51 Determine if the version of Java Runtime Environment equals 1.7.0:update_51 AND Java SE Runtime Environment 7 is installed OR Determine if the version of Java Runtime Environment equals 1.8.0 Determine if the version of Java Runtime Environment equals 1.8.0 AND Java SE Runtime Environment 8 is installed

Definition Id: oval:org.mitre.oval:def:24520

Oval ID:	oval:org.mitre.oval:def:24520
Title:	Unspecified vulnerability in Oracle Java SE 5.0u61, SE 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries
Description:	Unspecified vulnerability in Oracle Java SE 5.0u61, SE 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2014-0457	Version:	6
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	Java Runtime Environment JRockit
Definition Synopsis:
Determine if the version of JRockit is less than R28.3.1 and is greater than or equal to R28.0.0 Determine if the version of JRockit equals R28.3.1 AND JRockit R28 is installed OR Determine if the version of JRockit is less than R27.8.1 and is greater than or equal to R27.0.0 Determine if the version of JRockit equals R27.8.1 AND JRockit R27 is installed OR Determine if the version of Java Runtime Environment equals 1.5.0:update_51 Determine if the version of Java Runtime Environment equals 1.5.0:update_51 AND Java SE Runtime Environment 5 is installed OR Determine if the version of Java Runtime Environment equals 1.6.0:update_71 Determine if the version of Java Runtime Environment equals 1.6.0:update_71 AND Java SE Runtime Environment 6 is installed OR Determine if the version of Java Runtime Environment equals 1.7.0:update_51 Determine if the version of Java Runtime Environment equals 1.7.0:update_51 AND Java SE Runtime Environment 7 is installed OR Determine if the version of Java Runtime Environment equals 1.8.0 Determine if the version of Java Runtime Environment equals 1.8.0 AND Java SE Runtime Environment 8 is installed

Definition Id: oval:org.mitre.oval:def:24522

Oval ID:	oval:org.mitre.oval:def:24522
Title:	Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries
Description:	Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2014-0461	Version:	4
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	Java Runtime Environment
Definition Synopsis:
Determine if the version of Java Runtime Environment equals 1.6.0:update_71 Determine if the version of Java Runtime Environment equals 1.6.0:update_71 AND Java SE Runtime Environment 6 is installed OR Determine if the version of Java Runtime Environment equals 1.7.0:update_51 Determine if the version of Java Runtime Environment equals 1.7.0:update_51 AND Java SE Runtime Environment 7 is installed OR Determine if the version of Java Runtime Environment equals 1.8.0 Determine if the version of Java Runtime Environment equals 1.8.0 AND Java SE Runtime Environment 8 is installed

Definition Id: oval:org.mitre.oval:def:24523

Oval ID:	oval:org.mitre.oval:def:24523
Title:	Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, SE 7u51, and 8 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT
Description:	Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, SE 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT, a different vulnerability than CVE-2014-0451.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2014-2412	Version:	6
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	Java Runtime Environment
Definition Synopsis:
Determine if the version of Java Runtime Environment equals 1.5.0:update_51 Determine if the version of Java Runtime Environment equals 1.5.0:update_51 AND Java SE Runtime Environment 5 is installed OR Determine if the version of Java Runtime Environment equals 1.6.0:update_71 Determine if the version of Java Runtime Environment equals 1.6.0:update_71 AND Java SE Runtime Environment 6 is installed OR Determine if the version of Java Runtime Environment equals 1.7.0:update_51 Determine if the version of Java Runtime Environment equals 1.7.0:update_51 AND Java SE Runtime Environment 7 is installed OR Determine if the version of Java Runtime Environment equals 1.8.0 Determine if the version of Java Runtime Environment equals 1.8.0 AND Java SE Runtime Environment 8 is installed

Definition Id: oval:org.mitre.oval:def:24535

Oval ID:	oval:org.mitre.oval:def:24535
Title:	Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot
Description:	Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2014-0456	Version:	4
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	Java Runtime Environment
Definition Synopsis:
Determine if the version of Java Runtime Environment equals 1.6.0:update_71 Determine if the version of Java Runtime Environment equals 1.6.0:update_71 AND Java SE Runtime Environment 6 is installed OR Determine if the version of Java Runtime Environment equals 1.7.0:update_51 Determine if the version of Java Runtime Environment equals 1.7.0:update_51 AND Java SE Runtime Environment 7 is installed OR Determine if the version of Java Runtime Environment equals 1.8.0 Determine if the version of Java Runtime Environment equals 1.8.0 AND Java SE Runtime Environment 8 is installed

Definition Id: oval:org.mitre.oval:def:24544

Oval ID:	oval:org.mitre.oval:def:24544
Title:	Unspecified vulnerability in Oracle Java SE 7u51 and 8, and JavaFX 2.2.51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors
Description:	Unspecified vulnerability in Oracle Java SE 7u51 and 8, and JavaFX 2.2.51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2014-2422	Version:	3
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	Java Runtime Environment JavaFX
Definition Synopsis:
Determine if the version of Java Runtime Environment equals 1.7.0:update_51 Determine if the version of Java Runtime Environment equals 1.7.0:update_51 AND Java SE Runtime Environment 7 is installed OR Determine if the version of Java Runtime Environment equals 1.8.0 Determine if the version of Java Runtime Environment equals 1.8.0 AND Java SE Runtime Environment 8 is installed OR Determine if the version of JavaFX equals 2.2.51 Determine if the version of JavaFX is less than 2.2.51 (JRE 1.7.0:update_6 and later) AND JavaFX 2.x is installed

Definition Id: oval:org.mitre.oval:def:24557

Oval ID:	oval:org.mitre.oval:def:24557
Title:	RHSA-2014:0414: java-1.6.0-sun security update (Important)
Description:	Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory pages, listed in the References section. (CVE-2013-1500, CVE-2013-1571, CVE-2013-2407, CVE-2013-2412, CVE-2013-2437, CVE-2013-2442, CVE-2013-2443, CVE-2013-2444, CVE-2013-2445, CVE-2013-2446, CVE-2013-2447, CVE-2013-2448, CVE-2013-2450, CVE-2013-2451, CVE-2013-2452, CVE-2013-2453, CVE-2013-2454, CVE-2013-2455, CVE-2013-2456, CVE-2013-2457, CVE-2013-2459, CVE-2013-2461, CVE-2013-2463, CVE-2013-2464, CVE-2013-2465, CVE-2013-2466, CVE-2013-2468, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473, CVE-2013-3743, CVE-2013-3829, CVE-2013-4002, CVE-2013-5772, CVE-2013-5774, CVE-2013-5776, CVE-2013-5778, CVE-2013-5780, CVE-2013-5782, CVE-2013-5783, CVE-2013-5784, CVE-2013-5787, CVE-2013-5789, CVE-2013-5790, CVE-2013-5797, CVE-2013-5801, CVE-2013-5802, CVE-2013-5803, CVE-2013-5804, CVE-2013-5809, CVE-2013-5812, CVE-2013-5814, CVE-2013-5817, CVE-2013-5818, CVE-2013-5819, CVE-2013-5820, CVE-2013-5823, CVE-2013-5824, CVE-2013-5825, CVE-2013-5829, CVE-2013-5830, CVE-2013-5831, CVE-2013-5832, CVE-2013-5840, CVE-2013-5842, CVE-2013-5843, CVE-2013-5848, CVE-2013-5849, CVE-2013-5850, CVE-2013-5852, CVE-2013-5878, CVE-2013-5884, CVE-2013-5887, CVE-2013-5888, CVE-2013-5889, CVE-2013-5896, CVE-2013-5898, CVE-2013-5899, CVE-2013-5902, CVE-2013-5905, CVE-2013-5906, CVE-2013-5907, CVE-2013-5910, CVE-2013-6629, CVE-2013-6954, CVE-2014-0368, CVE-2014-0373, CVE-2014-0375, CVE-2014-0376, CVE-2014-0387, CVE-2014-0403, CVE-2014-0410, CVE-2014-0411, CVE-2014-0415, CVE-2014-0416, CVE-2014-0417, CVE-2014-0418, CVE-2014-0422, CVE-2014-0423, CVE-2014-0424, CVE-2014-0428, CVE-2014-0429, CVE-2014-0446, CVE-2014-0449, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458, CVE-2014-0460, CVE-2014-0461, CVE-2014-1876, CVE-2014-2398, CVE-2014-2401, CVE-2014-2403, CVE-2014-2409, CVE-2014-2412, CVE-2014-2414, CVE-2014-2420, CVE-2014-2421, CVE-2014-2423, CVE-2014-2427, CVE-2014-2428) All users of java-1.6.0-sun are advised to upgrade to these updated packages, which provide Oracle Java 6 Update 75 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect.
Family:	unix	Class:	patch
Reference(s):	RHSA-2014:0414-00 CVE-2013-1500 CVE-2013-1571 CVE-2013-2407 CVE-2013-2412 CVE-2013-2437 CVE-2013-2442 CVE-2013-2443 CVE-2013-2444 CVE-2013-2445 CVE-2013-2446 CVE-2013-2447 CVE-2013-2448 CVE-2013-2450 CVE-2013-2451 CVE-2013-2452 CVE-2013-2453 CVE-2013-2454 CVE-2013-2455 CVE-2013-2456 CVE-2013-2457 CVE-2013-2459 CVE-2013-2461 CVE-2013-2463 CVE-2013-2464 CVE-2013-2465 CVE-2013-2466 CVE-2013-2468 CVE-2013-2469 CVE-2013-2470 CVE-2013-2471 CVE-2013-2472 CVE-2013-2473 CVE-2013-3743 CVE-2013-3829 CVE-2013-4002 CVE-2013-5772 CVE-2013-5774 CVE-2013-5776 CVE-2013-5778 CVE-2013-5780 CVE-2013-5782 CVE-2013-5783 CVE-2013-5784 CVE-2013-5787 CVE-2013-5789 CVE-2013-5790 CVE-2013-5797 CVE-2013-5801 CVE-2013-5802 CVE-2013-5803 CVE-2013-5804 CVE-2013-5809 CVE-2013-5812 CVE-2013-5814 CVE-2013-5817 CVE-2013-5818 CVE-2013-5819 CVE-2013-5820 CVE-2013-5823 CVE-2013-5824 CVE-2013-5825 CVE-2013-5829 CVE-2013-5830 CVE-2013-5831 CVE-2013-5832 CVE-2013-5840 CVE-2013-5842 CVE-2013-5843 CVE-2013-5848 CVE-2013-5849 CVE-2013-5850 CVE-2013-5852 CVE-2013-5878 CVE-2013-5884 CVE-2013-5887 CVE-2013-5888 CVE-2013-5889 CVE-2013-5896 CVE-2013-5898 CVE-2013-5899 CVE-2013-5902 CVE-2013-5905 CVE-2013-5906 CVE-2013-5907 CVE-2013-5910 CVE-2013-6629 CVE-2013-6954 CVE-2014-0368 CVE-2014-0373 CVE-2014-0375 CVE-2014-0376 CVE-2014-0387 CVE-2014-0403 CVE-2014-0410 CVE-2014-0411 CVE-2014-0415 CVE-2014-0416 CVE-2014-0417 CVE-2014-0418 CVE-2014-0422 CVE-2014-0423 CVE-2014-0424 CVE-2014-0428 CVE-2014-0429 CVE-2014-0446 CVE-2014-0449 CVE-2014-0451 CVE-2014-0452 CVE-2014-0453 CVE-2014-0456 CVE-2014-0457 CVE-2014-0458 CVE-2014-0460 CVE-2014-0461 CVE-2014-1876 CVE-2014-2398 CVE-2014-2401 CVE-2014-2403 CVE-2014-2409 CVE-2014-2412 CVE-2014-2414 CVE-2014-2420 CVE-2014-2421 CVE-2014-2423 CVE-2014-2427 CVE-2014-2428	Version:	3
Platform(s):	Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 5	Product(s):	java-1.6.0-sun
Definition Synopsis:
Operation system section The operating system installed on the system is Red Hat Enterprise Linux 6 Packages section java-1.6.0-sun-devel is earlier than 1:1.6.0.75-1jpp.1.el6_5 AND java-1.6.0-sun-demo is earlier than 1:1.6.0.75-1jpp.1.el6_5 AND java-1.6.0-sun-jdbc is earlier than 1:1.6.0.75-1jpp.1.el6_5 AND java-1.6.0-sun-src is earlier than 1:1.6.0.75-1jpp.1.el6_5 AND java-1.6.0-sun-plugin is earlier than 1:1.6.0.75-1jpp.1.el6_5 AND java-1.6.0-sun is earlier than 1:1.6.0.75-1jpp.1.el6_5 AND Operation system section The operating system installed on the system is Red Hat Enterprise Linux 5 Packages section java-1.6.0-sun-devel is earlier than 1:1.6.0.75-1jpp.3.el5_10 AND java-1.6.0-sun-demo is earlier than 1:1.6.0.75-1jpp.3.el5_10 AND java-1.6.0-sun-jdbc is earlier than 1:1.6.0.75-1jpp.3.el5_10 AND java-1.6.0-sun-plugin is earlier than 1:1.6.0.75-1jpp.3.el5_10 AND java-1.6.0-sun-src is earlier than 1:1.6.0.75-1jpp.3.el5_10 AND java-1.6.0-sun is earlier than 1:1.6.0.75-1jpp.3.el5_10

Definition Id: oval:org.mitre.oval:def:24586

Oval ID:	oval:org.mitre.oval:def:24586
Title:	DEPRECATED: ELSA-2014:0413: java-1.7.0-oracle security update (Critical)
Description:	Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2013-6629, CVE-2013-6954, CVE-2014-0429, CVE-2014-0432, CVE-2014-0446, CVE-2014-0448, CVE-2014-0449, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0454, CVE-2014-0455, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458, CVE-2014-0459, CVE-2014-0460, CVE-2014-0461, CVE-2014-1876, CVE-2014-2397, CVE-2014-2398, CVE-2014-2401, CVE-2014-2402, CVE-2014-2403, CVE-2014-2409, CVE-2014-2412, CVE-2014-2413, CVE-2014-2414, CVE-2014-2420, CVE-2014-2421, CVE-2014-2422, CVE-2014-2423, CVE-2014-2427, CVE-2014-2428) All users of java-1.7.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 7 Update 55 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect.
Family:	unix	Class:	patch
Reference(s):	ELSA-2014:0413-00 CVE-2013-6629 CVE-2013-6954 CVE-2014-0429 CVE-2014-0432 CVE-2014-0446 CVE-2014-0448 CVE-2014-0449 CVE-2014-0451 CVE-2014-0452 CVE-2014-0453 CVE-2014-0454 CVE-2014-0455 CVE-2014-0456 CVE-2014-0457 CVE-2014-0458 CVE-2014-0459 CVE-2014-0460 CVE-2014-0461 CVE-2014-1876 CVE-2014-2397 CVE-2014-2398 CVE-2014-2401 CVE-2014-2402 CVE-2014-2403 CVE-2014-2409 CVE-2014-2412 CVE-2014-2413 CVE-2014-2414 CVE-2014-2420 CVE-2014-2421 CVE-2014-2422 CVE-2014-2423 CVE-2014-2427 CVE-2014-2428	Version:	5
Platform(s):	Oracle Linux 6 Oracle Linux 5	Product(s):	java-1.7.0-oracle
Definition Synopsis:
rpm test Oracle Linux 5.x AND rpm test java-1.7.0-oracle-plugin is earlier than 1:1.7.0.55-1jpp.2.el5_10 AND java-1.7.0-oracle-devel is earlier than 1:1.7.0.55-1jpp.2.el5_10 AND java-1.7.0-oracle-src is earlier than 1:1.7.0.55-1jpp.2.el5_10 AND java-1.7.0-oracle-javafx is earlier than 1:1.7.0.55-1jpp.2.el5_10 AND java-1.7.0-oracle-jdbc is earlier than 1:1.7.0.55-1jpp.2.el5_10 AND java-1.7.0-oracle is earlier than 1:1.7.0.55-1jpp.2.el5_10 OR rpm test Oracle Linux 6.x AND rpm test java-1.7.0-oracle-plugin is earlier than 1:1.7.0.55-1jpp.1.el6_5 AND java-1.7.0-oracle-devel is earlier than 1:1.7.0.55-1jpp.1.el6_5 AND java-1.7.0-oracle-src is earlier than 1:1.7.0.55-1jpp.1.el6_5 AND java-1.7.0-oracle-javafx is earlier than 1:1.7.0.55-1jpp.1.el6_5 AND java-1.7.0-oracle-jdbc is earlier than 1:1.7.0.55-1jpp.1.el6_5 AND java-1.7.0-oracle is earlier than 1:1.7.0.55-1jpp.1.el6_5

Definition Id: oval:org.mitre.oval:def:24587

Oval ID:	oval:org.mitre.oval:def:24587
Title:	Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXB
Description:	Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXB.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2014-2414	Version:	4
Platform(s):	Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	Java Runtime Environment
Definition Synopsis:
Determine if the version of Java Runtime Environment equals 1.6.0:update_71 Determine if the version of Java Runtime Environment equals 1.6.0:update_71 AND Java SE Runtime Environment 6 is installed OR Determine if the version of Java Runtime Environment equals 1.7.0:update_51 Determine if the version of Java Runtime Environment equals 1.7.0:update_51 AND Java SE Runtime Environment 7 is installed OR Determine if the version of Java Runtime Environment equals 1.8.0 Determine if the version of Java Runtime Environment equals 1.8.0 AND Java SE Runtime Environment 8 is installed

Definition Id: oval:org.mitre.oval:def:24591

Oval ID:	oval:org.mitre.oval:def:24591
Title:	Unspecified vulnerability in Oracle Java SE 8 allows remote attackers to affect confidentiality via unknown vectors related to Scripting
Description:	Unspecified vulnerability in Oracle Java SE 8 allows remote attackers to affect confidentiality via unknown vectors related to Scripting, a different vulnerability than CVE-2014-0464.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2014-0463	Version:	3
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	Java Runtime Environment
Definition Synopsis:
Determine if the version of Java Runtime Environment equals 1.8.0 AND Java SE Runtime Environment 8 is installed

Definition Id: oval:org.mitre.oval:def:24610

Oval ID:	oval:org.mitre.oval:def:24610
Title:	DEPRECATED: ELSA-2014:0414: java-1.6.0-sun security update (Important)
Description:	Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory pages, listed in the References section. (CVE-2013-1500, CVE-2013-1571, CVE-2013-2407, CVE-2013-2412, CVE-2013-2437, CVE-2013-2442, CVE-2013-2443, CVE-2013-2444, CVE-2013-2445, CVE-2013-2446, CVE-2013-2447, CVE-2013-2448, CVE-2013-2450, CVE-2013-2451, CVE-2013-2452, CVE-2013-2453, CVE-2013-2454, CVE-2013-2455, CVE-2013-2456, CVE-2013-2457, CVE-2013-2459, CVE-2013-2461, CVE-2013-2463, CVE-2013-2464, CVE-2013-2465, CVE-2013-2466, CVE-2013-2468, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473, CVE-2013-3743, CVE-2013-3829, CVE-2013-4002, CVE-2013-5772, CVE-2013-5774, CVE-2013-5776, CVE-2013-5778, CVE-2013-5780, CVE-2013-5782, CVE-2013-5783, CVE-2013-5784, CVE-2013-5787, CVE-2013-5789, CVE-2013-5790, CVE-2013-5797, CVE-2013-5801, CVE-2013-5802, CVE-2013-5803, CVE-2013-5804, CVE-2013-5809, CVE-2013-5812, CVE-2013-5814, CVE-2013-5817, CVE-2013-5818, CVE-2013-5819, CVE-2013-5820, CVE-2013-5823, CVE-2013-5824, CVE-2013-5825, CVE-2013-5829, CVE-2013-5830, CVE-2013-5831, CVE-2013-5832, CVE-2013-5840, CVE-2013-5842, CVE-2013-5843, CVE-2013-5848, CVE-2013-5849, CVE-2013-5850, CVE-2013-5852, CVE-2013-5878, CVE-2013-5884, CVE-2013-5887, CVE-2013-5888, CVE-2013-5889, CVE-2013-5896, CVE-2013-5898, CVE-2013-5899, CVE-2013-5902, CVE-2013-5905, CVE-2013-5906, CVE-2013-5907, CVE-2013-5910, CVE-2013-6629, CVE-2013-6954, CVE-2014-0368, CVE-2014-0373, CVE-2014-0375, CVE-2014-0376, CVE-2014-0387, CVE-2014-0403, CVE-2014-0410, CVE-2014-0411, CVE-2014-0415, CVE-2014-0416, CVE-2014-0417, CVE-2014-0418, CVE-2014-0422, CVE-2014-0423, CVE-2014-0424, CVE-2014-0428, CVE-2014-0429, CVE-2014-0446, CVE-2014-0449, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458, CVE-2014-0460, CVE-2014-0461, CVE-2014-1876, CVE-2014-2398, CVE-2014-2401, CVE-2014-2403, CVE-2014-2409, CVE-2014-2412, CVE-2014-2414, CVE-2014-2420, CVE-2014-2421, CVE-2014-2423, CVE-2014-2427, CVE-2014-2428) All users of java-1.6.0-sun are advised to upgrade to these updated packages, which provide Oracle Java 6 Update 75 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect.
Family:	unix	Class:	patch
Reference(s):	ELSA-2014:0414-00 CVE-2013-1500 CVE-2013-1571 CVE-2013-2407 CVE-2013-2412 CVE-2013-2437 CVE-2013-2442 CVE-2013-2443 CVE-2013-2444 CVE-2013-2445 CVE-2013-2446 CVE-2013-2447 CVE-2013-2448 CVE-2013-2450 CVE-2013-2451 CVE-2013-2452 CVE-2013-2453 CVE-2013-2454 CVE-2013-2455 CVE-2013-2456 CVE-2013-2457 CVE-2013-2459 CVE-2013-2461 CVE-2013-2463 CVE-2013-2464 CVE-2013-2465 CVE-2013-2466 CVE-2013-2468 CVE-2013-2469 CVE-2013-2470 CVE-2013-2471 CVE-2013-2472 CVE-2013-2473 CVE-2013-3743 CVE-2013-3829 CVE-2013-4002 CVE-2013-5772 CVE-2013-5774 CVE-2013-5776 CVE-2013-5778 CVE-2013-5780 CVE-2013-5782 CVE-2013-5783 CVE-2013-5784 CVE-2013-5787 CVE-2013-5789 CVE-2013-5790 CVE-2013-5797 CVE-2013-5801 CVE-2013-5802 CVE-2013-5803 CVE-2013-5804 CVE-2013-5809 CVE-2013-5812 CVE-2013-5814 CVE-2013-5817 CVE-2013-5818 CVE-2013-5819 CVE-2013-5820 CVE-2013-5823 CVE-2013-5824 CVE-2013-5825 CVE-2013-5829 CVE-2013-5830 CVE-2013-5831 CVE-2013-5832 CVE-2013-5840 CVE-2013-5842 CVE-2013-5843 CVE-2013-5848 CVE-2013-5849 CVE-2013-5850 CVE-2013-5852 CVE-2013-5878 CVE-2013-5884 CVE-2013-5887 CVE-2013-5888 CVE-2013-5889 CVE-2013-5896 CVE-2013-5898 CVE-2013-5899 CVE-2013-5902 CVE-2013-5905 CVE-2013-5906 CVE-2013-5907 CVE-2013-5910 CVE-2013-6629 CVE-2013-6954 CVE-2014-0368 CVE-2014-0373 CVE-2014-0375 CVE-2014-0376 CVE-2014-0387 CVE-2014-0403 CVE-2014-0410 CVE-2014-0411 CVE-2014-0415 CVE-2014-0416 CVE-2014-0417 CVE-2014-0418 CVE-2014-0422 CVE-2014-0423 CVE-2014-0424 CVE-2014-0428 CVE-2014-0429 CVE-2014-0446 CVE-2014-0449 CVE-2014-0451 CVE-2014-0452 CVE-2014-0453 CVE-2014-0456 CVE-2014-0457 CVE-2014-0458 CVE-2014-0460 CVE-2014-0461 CVE-2014-1876 CVE-2014-2398 CVE-2014-2401 CVE-2014-2403 CVE-2014-2409 CVE-2014-2412 CVE-2014-2414 CVE-2014-2420 CVE-2014-2421 CVE-2014-2423 CVE-2014-2427 CVE-2014-2428	Version:	5
Platform(s):	Oracle Linux 6 Oracle Linux 5	Product(s):	java-1.6.0-sun
Definition Synopsis:
rpm test Oracle Linux 5.x AND rpm test java-1.6.0-sun-devel is earlier than 1:1.6.0.75-1jpp.3.el5_10 AND java-1.6.0-sun-demo is earlier than 1:1.6.0.75-1jpp.3.el5_10 AND java-1.6.0-sun-jdbc is earlier than 1:1.6.0.75-1jpp.3.el5_10 AND java-1.6.0-sun-plugin is earlier than 1:1.6.0.75-1jpp.3.el5_10 AND java-1.6.0-sun-src is earlier than 1:1.6.0.75-1jpp.3.el5_10 AND java-1.6.0-sun is earlier than 1:1.6.0.75-1jpp.3.el5_10 OR rpm test Oracle Linux 6.x AND rpm test java-1.6.0-sun-devel is earlier than 1:1.6.0.75-1jpp.1.el6_5 AND java-1.6.0-sun-demo is earlier than 1:1.6.0.75-1jpp.1.el6_5 AND java-1.6.0-sun-jdbc is earlier than 1:1.6.0.75-1jpp.1.el6_5 AND java-1.6.0-sun-src is earlier than 1:1.6.0.75-1jpp.1.el6_5 AND java-1.6.0-sun-plugin is earlier than 1:1.6.0.75-1jpp.1.el6_5 AND java-1.6.0-sun is earlier than 1:1.6.0.75-1jpp.1.el6_5

Definition Id: oval:org.mitre.oval:def:24614

Oval ID:	oval:org.mitre.oval:def:24614
Title:	DEPRECATED: RHSA-2014:0889: java-1.7.0-openjdk security update (Critical)
Description:	The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. (CVE-2014-4216, CVE-2014-4219) A format string flaw was discovered in the Hotspot component event logger in OpenJDK. An untrusted Java application or applet could use this flaw to crash the Java Virtual Machine or, potentially, execute arbitrary code with the privileges of the Java Virtual Machine. (CVE-2014-2490) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-4223, CVE-2014-4262, CVE-2014-2483) Multiple flaws were discovered in the JMX, Libraries, Security, and Serviceability components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-4209, CVE-2014-4218, CVE-2014-4221, CVE-2014-4252, CVE-2014-4266) It was discovered that the RSA algorithm in the Security component in OpenJDK did not sufficiently perform blinding while performing operations that were using private keys. An attacker able to measure timing differences of those operations could possibly leak information about the used keys. (CVE-2014-4244) The Diffie-Hellman (DH) key exchange algorithm implementation in the Security component in OpenJDK failed to validate public DH parameters properly. This could cause OpenJDK to accept and use weak parameters, allowing an attacker to recover the negotiated key. (CVE-2014-4263) The CVE-2014-4262 issue was discovered by Florian Weimer of Red Hat Product Security. Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
Family:	unix	Class:	patch
Reference(s):	RHSA-2014:0889-00 CESA-2014:0889 CVE-2014-2483 CVE-2014-2490 CVE-2014-4209 CVE-2014-4216 CVE-2014-4218 CVE-2014-4219 CVE-2014-4221 CVE-2014-4223 CVE-2014-4244 CVE-2014-4252 CVE-2014-4262 CVE-2014-4263 CVE-2014-4266	Version:	4
Platform(s):	Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 CentOS Linux 6 CentOS Linux 7	Product(s):	java-1.7.0-openjdk
Definition Synopsis:
Operation system section Redhat 6 or Centos 6 release The operating system installed on the system is Red Hat Enterprise Linux 6 AND The operating system installed on the system is CentOS Linux 6.x Packages section java-1.7.0-openjdk is earlier than 1:1.7.0.65-2.5.1.2.el6_5 AND java-1.7.0-openjdk-demo is earlier than 1:1.7.0.65-2.5.1.2.el6_5 AND java-1.7.0-openjdk-devel is earlier than 1:1.7.0.65-2.5.1.2.el6_5 AND java-1.7.0-openjdk-javadoc is earlier than 1:1.7.0.65-2.5.1.2.el6_5 AND java-1.7.0-openjdk-src is earlier than 1:1.7.0.65-2.5.1.2.el6_5 AND Operation system section Redhat 7 or Centos 7 release The operating system installed on the system is Red Hat Enterprise Linux 7 AND The operating system installed on the system is CentOS Linux 7.x Packages section java-1.7.0-openjdk is earlier than 1:1.7.0.65-2.5.1.2.el7_0 AND java-1.7.0-openjdk-accessibility is earlier than 1:1.7.0.65-2.5.1.2.el7_0 AND java-1.7.0-openjdk-demo is earlier than 1:1.7.0.65-2.5.1.2.el7_0 AND java-1.7.0-openjdk-devel is earlier than 1:1.7.0.65-2.5.1.2.el7_0 AND java-1.7.0-openjdk-headless is earlier than 1:1.7.0.65-2.5.1.2.el7_0 AND java-1.7.0-openjdk-javadoc is earlier than 1:1.7.0.65-2.5.1.2.el7_0 AND java-1.7.0-openjdk-src is earlier than 1:1.7.0.65-2.5.1.2.el7_0

Definition Id: oval:org.mitre.oval:def:24619

Oval ID:	oval:org.mitre.oval:def:24619
Title:	Unspecified vulnerability in Oracle Java SE 7u51 and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security
Description:	Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2014-0454	Version:	4
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	Java Runtime Environment
Definition Synopsis:
Determine if the version of Java Runtime Environment equals 1.7.0:update_51 Determine if the version of Java Runtime Environment equals 1.7.0:update_51 AND Java SE Runtime Environment 7 is installed OR Determine if the version of Java Runtime Environment equals 1.8.0 Determine if the version of Java Runtime Environment equals 1.8.0 AND Java SE Runtime Environment 8 is installed

Definition Id: oval:org.mitre.oval:def:24622

Oval ID:	oval:org.mitre.oval:def:24622
Title:	Unspecified vulnerability in Oracle Java SE 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX
Description:	Unspecified vulnerability in Oracle Java SE 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2014-2410	Version:	3
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	Java Runtime Environment
Definition Synopsis:
Determine if the version of Java Runtime Environment equals 1.8.0 AND Java SE Runtime Environment 8 is installed

Definition Id: oval:org.mitre.oval:def:24623

Oval ID:	oval:org.mitre.oval:def:24623
Title:	Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8 allows remote attackers to affect confidentiality via vectors related to JAXP
Description:	Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality via vectors related to JAXP.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2014-2403	Version:	4
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	Java Runtime Environment
Definition Synopsis:
Determine if the version of Java Runtime Environment equals 1.6.0:update_71 Determine if the version of Java Runtime Environment equals 1.6.0:update_71 AND Java SE Runtime Environment 6 is installed OR Determine if the version of Java Runtime Environment equals 1.7.0:update_51 Determine if the version of Java Runtime Environment equals 1.7.0:update_51 AND Java SE Runtime Environment 7 is installed OR Determine if the version of Java Runtime Environment equals 1.8.0 Determine if the version of Java Runtime Environment equals 1.8.0 AND Java SE Runtime Environment 8 is installed

Definition Id: oval:org.mitre.oval:def:24636

Oval ID:	oval:org.mitre.oval:def:24636
Title:	Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS
Description:	Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0452 and CVE-2014-0458.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2014-2423	Version:	4
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	Java Runtime Environment
Definition Synopsis:
Determine if the version of Java Runtime Environment equals 1.6.0:update_71 Determine if the version of Java Runtime Environment equals 1.6.0:update_71 AND Java SE Runtime Environment 6 is installed OR Determine if the version of Java Runtime Environment equals 1.7.0:update_51 Determine if the version of Java Runtime Environment equals 1.7.0:update_51 AND Java SE Runtime Environment 7 is installed OR Determine if the version of Java Runtime Environment equals 1.8.0 Determine if the version of Java Runtime Environment equals 1.8.0 AND Java SE Runtime Environment 8 is installed

Definition Id: oval:org.mitre.oval:def:24641

Oval ID:	oval:org.mitre.oval:def:24641
Title:	RHSA-2014:0407: java-1.7.0-openjdk security update (Important)
Description:	The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2014-0429) Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-0457, CVE-2014-0455, CVE-2014-0461) Multiple improper permission check issues were discovered in the AWT, JAX-WS, JAXB, Libraries, Security, Sound, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-2402, CVE-2014-0446, CVE-2014-2413, CVE-2014-0454, CVE-2014-2427, CVE-2014-0459) Multiple flaws were identified in the Java Naming and Directory Interface (JNDI) DNS client. These flaws could make it easier for a remote attacker to perform DNS spoofing attacks. (CVE-2014-0460) It was discovered that the JAXP component did not properly prevent access to arbitrary files when a SecurityManager was present. This flaw could cause a Java application using JAXP to leak sensitive information, or affect application availability. (CVE-2014-2403) It was discovered that the Security component in OpenJDK could leak some timing information when performing PKCS#1 unpadding. This could possibly lead to the disclosure of some information that was meant to be protected by encryption. (CVE-2014-0453) It was discovered that the fix for CVE-2013-5797 did not properly resolve input sanitization flaws in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting (XSS) attacks. (CVE-2014-2398) An insecure temporary file use flaw was found in the way the unpack200 utility created log files. A local attacker could possibly use this flaw to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running unpack200. (CVE-2014-1876) All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
Family:	unix	Class:	patch
Reference(s):	RHSA-2014:0407-00 CESA-2014:0407 CVE-2014-0429 CVE-2014-0446 CVE-2014-0451 CVE-2014-0452 CVE-2014-0453 CVE-2014-0454 CVE-2014-0455 CVE-2014-0456 CVE-2014-0457 CVE-2014-0458 CVE-2014-0459 CVE-2014-0460 CVE-2014-0461 CVE-2014-1876 CVE-2014-2397 CVE-2014-2398 CVE-2014-2402 CVE-2014-2403 CVE-2014-2412 CVE-2014-2413 CVE-2014-2414 CVE-2014-2421 CVE-2014-2423 CVE-2014-2427	Version:	3
Platform(s):	Red Hat Enterprise Linux 5 CentOS Linux 5	Product(s):	java-1.7.0-openjdk
Definition Synopsis:
Redhat 5 or Centos 5 release The operating system installed on the system is Red Hat Enterprise Linux 5 AND The operating system installed on the system is CentOS Linux 5.x Packages section java-1.7.0-openjdk-devel is earlier than 1:1.7.0.55-2.4.7.1.el5_10 AND java-1.7.0-openjdk-demo is earlier than 1:1.7.0.55-2.4.7.1.el5_10 AND java-1.7.0-openjdk-javadoc is earlier than 1:1.7.0.55-2.4.7.1.el5_10 AND java-1.7.0-openjdk-src is earlier than 1:1.7.0.55-2.4.7.1.el5_10 AND java-1.7.0-openjdk is earlier than 1:1.7.0.55-2.4.7.1.el5_10

Definition Id: oval:org.mitre.oval:def:24646

Oval ID:	oval:org.mitre.oval:def:24646
Title:	Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Deployment
Description:	Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Deployment.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2014-2409	Version:	4
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	Java Runtime Environment
Definition Synopsis:
Determine if the version of Java Runtime Environment equals 1.6.0:update_71 Determine if the version of Java Runtime Environment equals 1.6.0:update_71 AND Java SE Runtime Environment 6 is installed OR Determine if the version of Java Runtime Environment equals 1.7.0:update_51 Determine if the version of Java Runtime Environment equals 1.7.0:update_51 AND Java SE Runtime Environment 7 is installed OR Determine if the version of Java Runtime Environment equals 1.8.0 Determine if the version of Java Runtime Environment equals 1.8.0 AND Java SE Runtime Environment 8 is installed

Definition Id: oval:org.mitre.oval:def:24649

Oval ID:	oval:org.mitre.oval:def:24649
Title:	Unspecified vulnerability in Oracle Java SE 7u51 and 8 allows remote attackers to affect integrity via unknown vectors related to Libraries
Description:	Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect integrity via unknown vectors related to Libraries.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2014-2413	Version:	4
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	Java Runtime Environment
Definition Synopsis:
Determine if the version of Java Runtime Environment equals 1.7.0:update_51 Determine if the version of Java Runtime Environment equals 1.7.0:update_51 AND Java SE Runtime Environment 7 is installed OR Determine if the version of Java Runtime Environment equals 1.8.0 Determine if the version of Java Runtime Environment equals 1.8.0 AND Java SE Runtime Environment 8 is installed

Definition Id: oval:org.mitre.oval:def:24652

Oval ID:	oval:org.mitre.oval:def:24652
Title:	Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment
Description:	Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2014-2428	Version:	4
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	Java Runtime Environment
Definition Synopsis:
Determine if the version of Java Runtime Environment equals 1.6.0:update_71 Determine if the version of Java Runtime Environment equals 1.6.0:update_71 AND Java SE Runtime Environment 6 is installed OR Determine if the version of Java Runtime Environment equals 1.7.0:update_51 Determine if the version of Java Runtime Environment equals 1.7.0:update_51 AND Java SE Runtime Environment 7 is installed OR Determine if the version of Java Runtime Environment equals 1.8.0 Determine if the version of Java Runtime Environment equals 1.8.0 AND Java SE Runtime Environment 8 is installed

Definition Id: oval:org.mitre.oval:def:24662

Oval ID:	oval:org.mitre.oval:def:24662
Title:	ELSA-2014:0407: java-1.7.0-openjdk security update (Important)
Description:	The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2014-0429) Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-0457, CVE-2014-0455, CVE-2014-0461) Multiple improper permission check issues were discovered in the AWT, JAX-WS, JAXB, Libraries, Security, Sound, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-2402, CVE-2014-0446, CVE-2014-2413, CVE-2014-0454, CVE-2014-2427, CVE-2014-0459) Multiple flaws were identified in the Java Naming and Directory Interface (JNDI) DNS client. These flaws could make it easier for a remote attacker to perform DNS spoofing attacks. (CVE-2014-0460) It was discovered that the JAXP component did not properly prevent access to arbitrary files when a SecurityManager was present. This flaw could cause a Java application using JAXP to leak sensitive information, or affect application availability. (CVE-2014-2403) It was discovered that the Security component in OpenJDK could leak some timing information when performing PKCS#1 unpadding. This could possibly lead to the disclosure of some information that was meant to be protected by encryption. (CVE-2014-0453) It was discovered that the fix for CVE-2013-5797 did not properly resolve input sanitization flaws in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting (XSS) attacks. (CVE-2014-2398) An insecure temporary file use flaw was found in the way the unpack200 utility created log files. A local attacker could possibly use this flaw to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running unpack200. (CVE-2014-1876) All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
Family:	unix	Class:	patch
Reference(s):	ELSA-2014:0407-00 CVE-2014-0429 CVE-2014-0446 CVE-2014-0451 CVE-2014-0452 CVE-2014-0453 CVE-2014-0454 CVE-2014-0455 CVE-2014-0456 CVE-2014-0457 CVE-2014-0458 CVE-2014-0459 CVE-2014-0460 CVE-2014-0461 CVE-2014-1876 CVE-2014-2397 CVE-2014-2398 CVE-2014-2402 CVE-2014-2403 CVE-2014-2412 CVE-2014-2413 CVE-2014-2414 CVE-2014-2421 CVE-2014-2423 CVE-2014-2427	Version:	5
Platform(s):	Oracle Linux 5	Product(s):	java-1.7.0-openjdk
Definition Synopsis:
Oracle Linux 5.x rpm test java-1.7.0-openjdk-devel is earlier than 1:1.7.0.55-2.4.7.1.el5_10 AND java-1.7.0-openjdk-demo is earlier than 1:1.7.0.55-2.4.7.1.el5_10 AND java-1.7.0-openjdk-javadoc is earlier than 1:1.7.0.55-2.4.7.1.el5_10 AND java-1.7.0-openjdk-src is earlier than 1:1.7.0.55-2.4.7.1.el5_10 AND java-1.7.0-openjdk is earlier than 1:1.7.0.55-2.4.7.1.el5_10

Definition Id: oval:org.mitre.oval:def:24666

Oval ID:	oval:org.mitre.oval:def:24666
Title:	RHSA-2014:0406: java-1.7.0-openjdk security update (Critical)
Description:	The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2014-0429) Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-0457, CVE-2014-0455, CVE-2014-0461) Multiple improper permission check issues were discovered in the AWT, JAX-WS, JAXB, Libraries, Security, Sound, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-2402, CVE-2014-0446, CVE-2014-2413, CVE-2014-0454, CVE-2014-2427, CVE-2014-0459) Multiple flaws were identified in the Java Naming and Directory Interface (JNDI) DNS client. These flaws could make it easier for a remote attacker to perform DNS spoofing attacks. (CVE-2014-0460) It was discovered that the JAXP component did not properly prevent access to arbitrary files when a SecurityManager was present. This flaw could cause a Java application using JAXP to leak sensitive information, or affect application availability. (CVE-2014-2403) It was discovered that the Security component in OpenJDK could leak some timing information when performing PKCS#1 unpadding. This could possibly lead to the disclosure of some information that was meant to be protected by encryption. (CVE-2014-0453) It was discovered that the fix for CVE-2013-5797 did not properly resolve input sanitization flaws in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting (XSS) attacks. (CVE-2014-2398) An insecure temporary file use flaw was found in the way the unpack200 utility created log files. A local attacker could possibly use this flaw to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running unpack200. (CVE-2014-1876) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
Family:	unix	Class:	patch
Reference(s):	RHSA-2014:0406-00 CESA-2014:0406 CVE-2014-0429 CVE-2014-0446 CVE-2014-0451 CVE-2014-0452 CVE-2014-0453 CVE-2014-0454 CVE-2014-0455 CVE-2014-0456 CVE-2014-0457 CVE-2014-0458 CVE-2014-0459 CVE-2014-0460 CVE-2014-0461 CVE-2014-1876 CVE-2014-2397 CVE-2014-2398 CVE-2014-2402 CVE-2014-2403 CVE-2014-2412 CVE-2014-2413 CVE-2014-2414 CVE-2014-2421 CVE-2014-2423 CVE-2014-2427	Version:	3
Platform(s):	Red Hat Enterprise Linux 6 CentOS Linux 6	Product(s):	java-1.7.0-openjdk
Definition Synopsis:
Redhat 6 or Centos 6 release The operating system installed on the system is Red Hat Enterprise Linux 6 AND The operating system installed on the system is CentOS Linux 6.x Packages section java-1.7.0-openjdk-demo is earlier than 1:1.7.0.55-2.4.7.1.el6_5 AND java-1.7.0-openjdk-devel is earlier than 1:1.7.0.55-2.4.7.1.el6_5 AND java-1.7.0-openjdk-src is earlier than 1:1.7.0.55-2.4.7.1.el6_5 AND java-1.7.0-openjdk-javadoc is earlier than 1:1.7.0.55-2.4.7.1.el6_5 AND java-1.7.0-openjdk is earlier than 1:1.7.0.55-2.4.7.1.el6_5

Definition Id: oval:org.mitre.oval:def:24672

Oval ID:	oval:org.mitre.oval:def:24672
Title:	Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D
Description:	Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2014-0429	Version:	6
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	Java Runtime Environment JRockit
Definition Synopsis:
Determine if the version of JRockit is less than R28.3.1 and is greater than or equal to R28.0.0 Determine if the version of JRockit equals R28.3.1 AND JRockit R28 is installed OR Determine if the version of JRockit is less than R27.8.1 and is greater than or equal to R27.0.0 Determine if the version of JRockit equals R27.8.1 AND JRockit R27 is installed OR Determine if the version of Java Runtime Environment is less than 1.5.0:update_51 and is greater than or equal to 1.5.0 Determine if the version of Java Runtime Environment equals 1.5.0:update_51 AND Java SE Runtime Environment 5 is installed OR Determine if the version of Java Runtime Environment is less than 1.6.0:update_71 and is greater than or equal to 1.6.0 Determine if the version of Java Runtime Environment equals 1.6.0:update_71 AND Java SE Runtime Environment 6 is installed OR Determine if the version of Java Runtime Environment is less than 1.7.0:update_51 and is greater than or equal to 1.7.0 Determine if the version of Java Runtime Environment equals 1.7.0:update_51 AND Java SE Runtime Environment 7 is installed

Definition Id: oval:org.mitre.oval:def:24676

Oval ID:	oval:org.mitre.oval:def:24676
Title:	Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT
Description:	Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT, a different vulnerability than CVE-2014-2412.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2014-0451	Version:	6
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	Java Runtime Environment
Definition Synopsis:
Determine if the version of Java Runtime Environment equals 1.5.0:update_51 Determine if the version of Java Runtime Environment equals 1.5.0:update_51 AND Java SE Runtime Environment 5 is installed OR Determine if the version of Java Runtime Environment equals 1.6.0:update_71 Determine if the version of Java Runtime Environment equals 1.6.0:update_71 AND Java SE Runtime Environment 6 is installed OR Determine if the version of Java Runtime Environment equals 1.7.0:update_51 Determine if the version of Java Runtime Environment equals 1.7.0:update_51 AND Java SE Runtime Environment 7 is installed OR Determine if the version of Java Runtime Environment equals 1.8.0 Determine if the version of Java Runtime Environment equals 1.8.0 AND Java SE Runtime Environment 8 is installed

Definition Id: oval:org.mitre.oval:def:24686

Oval ID:	oval:org.mitre.oval:def:24686
Title:	Unspecified vulnerability in Oracle Java SE 7u51 and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries
Description:	Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-0455 and CVE-2014-2402.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2014-0432	Version:	4
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	Java Runtime Environment
Definition Synopsis:
Determine if the version of Java Runtime Environment equals 1.7.0:update_51 Determine if the version of Java Runtime Environment equals 1.7.0:update_51 AND Java SE Runtime Environment 7 is installed OR Determine if the version of Java Runtime Environment equals 1.8.0 Determine if the version of Java Runtime Environment equals 1.8.0 AND Java SE Runtime Environment 8 is installed

Definition Id: oval:org.mitre.oval:def:24694

Oval ID:	oval:org.mitre.oval:def:24694
Title:	DSA-2980-1 -- openjdk-6 - security update
Description:	Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the executionof arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service.
Family:	unix	Class:	patch
Reference(s):	DSA-2980-1 CVE-2014-2490 CVE-2014-4209 CVE-2014-4216 CVE-2014-4218 CVE-2014-4219 CVE-2014-4244 CVE-2014-4252 CVE-2014-4262 CVE-2014-4263 CVE-2014-4266 CVE-2014-4268	Version:	5
Platform(s):	Debian GNU/Linux 7 Debian GNU/kFreeBSD 7	Product(s):	openjdk-6
Definition Synopsis:
Debian 7 Debian 7 is installed AND GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND openjdk-6 DPKG is earlier than 0:6b32-1.13.4-1~deb7u1

Definition Id: oval:org.mitre.oval:def:24709

Oval ID:	oval:org.mitre.oval:def:24709
Title:	Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; allows remote attackers to affect confidentiality and integrity via vectors related to JNDI
Description:	Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via vectors related to JNDI.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2014-0460	Version:	6
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	Java Runtime Environment JRockit
Definition Synopsis:
Determine if the version of JRockit is less than R28.3.1 and is greater than or equal to R28.0.0 Determine if the version of JRockit equals R28.3.1 AND JRockit R28 is installed OR Determine if the version of JRockit is less than R27.8.1 and is greater than or equal to R27.0.0 Determine if the version of JRockit equals R27.8.1 AND JRockit R27 is installed OR Determine if the version of Java Runtime Environment equals 1.5.0:update_51 Determine if the version of Java Runtime Environment equals 1.5.0:update_51 AND Java SE Runtime Environment 5 is installed OR Determine if the version of Java Runtime Environment equals 1.6.0:update_71 Determine if the version of Java Runtime Environment equals 1.6.0:update_71 AND Java SE Runtime Environment 6 is installed OR Determine if the version of Java Runtime Environment equals 1.7.0:update_51 Determine if the version of Java Runtime Environment equals 1.7.0:update_51 AND Java SE Runtime Environment 7 is installed OR Determine if the version of Java Runtime Environment equals 1.8.0 Determine if the version of Java Runtime Environment equals 1.8.0 AND Java SE Runtime Environment 8 is installed

Definition Id: oval:org.mitre.oval:def:24719

Oval ID:	oval:org.mitre.oval:def:24719
Title:	Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS
Description:	Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0458 and CVE-2014-2423.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2014-0452	Version:	4
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	Java Runtime Environment
Definition Synopsis:
Determine if the version of Java Runtime Environment equals 1.6.0:update_71 Determine if the version of Java Runtime Environment equals 1.6.0:update_71 AND Java SE Runtime Environment 6 is installed OR Determine if the version of Java Runtime Environment equals 1.7.0:update_51 Determine if the version of Java Runtime Environment equals 1.7.0:update_51 AND Java SE Runtime Environment 7 is installed OR Determine if the version of Java Runtime Environment equals 1.8.0 Determine if the version of Java Runtime Environment equals 1.8.0 AND Java SE Runtime Environment 8 is installed

Definition Id: oval:org.mitre.oval:def:24723

Oval ID:	oval:org.mitre.oval:def:24723
Title:	RHSA-2014:0413: java-1.7.0-oracle security update (Critical)
Description:	Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2013-6629, CVE-2013-6954, CVE-2014-0429, CVE-2014-0432, CVE-2014-0446, CVE-2014-0448, CVE-2014-0449, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0454, CVE-2014-0455, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458, CVE-2014-0459, CVE-2014-0460, CVE-2014-0461, CVE-2014-1876, CVE-2014-2397, CVE-2014-2398, CVE-2014-2401, CVE-2014-2402, CVE-2014-2403, CVE-2014-2409, CVE-2014-2412, CVE-2014-2413, CVE-2014-2414, CVE-2014-2420, CVE-2014-2421, CVE-2014-2422, CVE-2014-2423, CVE-2014-2427, CVE-2014-2428) All users of java-1.7.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 7 Update 55 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect.
Family:	unix	Class:	patch
Reference(s):	RHSA-2014:0413-00 CVE-2013-6629 CVE-2013-6954 CVE-2014-0429 CVE-2014-0432 CVE-2014-0446 CVE-2014-0448 CVE-2014-0449 CVE-2014-0451 CVE-2014-0452 CVE-2014-0453 CVE-2014-0454 CVE-2014-0455 CVE-2014-0456 CVE-2014-0457 CVE-2014-0458 CVE-2014-0459 CVE-2014-0460 CVE-2014-0461 CVE-2014-1876 CVE-2014-2397 CVE-2014-2398 CVE-2014-2401 CVE-2014-2402 CVE-2014-2403 CVE-2014-2409 CVE-2014-2412 CVE-2014-2413 CVE-2014-2414 CVE-2014-2420 CVE-2014-2421 CVE-2014-2422 CVE-2014-2423 CVE-2014-2427 CVE-2014-2428	Version:	3
Platform(s):	Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 5	Product(s):	java-1.7.0-oracle
Definition Synopsis:
Operation system section The operating system installed on the system is Red Hat Enterprise Linux 6 Packages section java-1.7.0-oracle-plugin is earlier than 1:1.7.0.55-1jpp.1.el6_5 AND java-1.7.0-oracle-devel is earlier than 1:1.7.0.55-1jpp.1.el6_5 AND java-1.7.0-oracle-src is earlier than 1:1.7.0.55-1jpp.1.el6_5 AND java-1.7.0-oracle-javafx is earlier than 1:1.7.0.55-1jpp.1.el6_5 AND java-1.7.0-oracle-jdbc is earlier than 1:1.7.0.55-1jpp.1.el6_5 AND java-1.7.0-oracle is earlier than 1:1.7.0.55-1jpp.1.el6_5 AND Operation system section The operating system installed on the system is Red Hat Enterprise Linux 5 Packages section java-1.7.0-oracle-plugin is earlier than 1:1.7.0.55-1jpp.2.el5_10 AND java-1.7.0-oracle-devel is earlier than 1:1.7.0.55-1jpp.2.el5_10 AND java-1.7.0-oracle-src is earlier than 1:1.7.0.55-1jpp.2.el5_10 AND java-1.7.0-oracle-javafx is earlier than 1:1.7.0.55-1jpp.2.el5_10 AND java-1.7.0-oracle-jdbc is earlier than 1:1.7.0.55-1jpp.2.el5_10 AND java-1.7.0-oracle is earlier than 1:1.7.0.55-1jpp.2.el5_10

Definition Id: oval:org.mitre.oval:def:24729

Oval ID:	oval:org.mitre.oval:def:24729
Title:	Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect integrity (CVE-2014-4208)
Description:	Unspecified vulnerability in the Java SE component in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4220.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2014-4208	Version:	6
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	Java Runtime Environment Java Development Kit
Definition Synopsis:
Determine if the version of Java Development Kit is less than 1.7.0:update_61 Determine if the version of Java Development Kit is less than 1.7.0:update_61 AND Java SE Development Kit 7 is installed OR Determine if the version of Java Runtime Environment is less than 1.7.0:update_61 Determine if the version of Java Runtime Environment is less than 1.7.0:update_61 AND Java SE Runtime Environment 7 is installed OR Determine if the version of Java Development Kit is less than 1.8.0:update_6 Determine if the version of Java Development Kit is less than 1.8.0:update_6 AND Java SE Development Kit 8 is installed OR Determine if the version of Java Runtime Environment is less than 1.8.0:update_6 Determine if the version of Java Runtime Environment is less than 1.8.0:update_6 AND Java SE Runtime Environment 8 is installed

Definition Id: oval:org.mitre.oval:def:24739

Oval ID:	oval:org.mitre.oval:def:24739
Title:	ELSA-2014:0414: java-1.6.0-sun security update (Important)
Description:	Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory pages, listed in the References section. (CVE-2013-1500, CVE-2013-1571, CVE-2013-2407, CVE-2013-2412, CVE-2013-2437, CVE-2013-2442, CVE-2013-2443, CVE-2013-2444, CVE-2013-2445, CVE-2013-2446, CVE-2013-2447, CVE-2013-2448, CVE-2013-2450, CVE-2013-2451, CVE-2013-2452, CVE-2013-2453, CVE-2013-2454, CVE-2013-2455, CVE-2013-2456, CVE-2013-2457, CVE-2013-2459, CVE-2013-2461, CVE-2013-2463, CVE-2013-2464, CVE-2013-2465, CVE-2013-2466, CVE-2013-2468, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473, CVE-2013-3743, CVE-2013-3829, CVE-2013-4002, CVE-2013-5772, CVE-2013-5774, CVE-2013-5776, CVE-2013-5778, CVE-2013-5780, CVE-2013-5782, CVE-2013-5783, CVE-2013-5784, CVE-2013-5787, CVE-2013-5789, CVE-2013-5790, CVE-2013-5797, CVE-2013-5801, CVE-2013-5802, CVE-2013-5803, CVE-2013-5804, CVE-2013-5809, CVE-2013-5812, CVE-2013-5814, CVE-2013-5817, CVE-2013-5818, CVE-2013-5819, CVE-2013-5820, CVE-2013-5823, CVE-2013-5824, CVE-2013-5825, CVE-2013-5829, CVE-2013-5830, CVE-2013-5831, CVE-2013-5832, CVE-2013-5840, CVE-2013-5842, CVE-2013-5843, CVE-2013-5848, CVE-2013-5849, CVE-2013-5850, CVE-2013-5852, CVE-2013-5878, CVE-2013-5884, CVE-2013-5887, CVE-2013-5888, CVE-2013-5889, CVE-2013-5896, CVE-2013-5898, CVE-2013-5899, CVE-2013-5902, CVE-2013-5905, CVE-2013-5906, CVE-2013-5907, CVE-2013-5910, CVE-2013-6629, CVE-2013-6954, CVE-2014-0368, CVE-2014-0373, CVE-2014-0375, CVE-2014-0376, CVE-2014-0387, CVE-2014-0403, CVE-2014-0410, CVE-2014-0411, CVE-2014-0415, CVE-2014-0416, CVE-2014-0417, CVE-2014-0418, CVE-2014-0422, CVE-2014-0423, CVE-2014-0424, CVE-2014-0428, CVE-2014-0429, CVE-2014-0446, CVE-2014-0449, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458, CVE-2014-0460, CVE-2014-0461, CVE-2014-1876, CVE-2014-2398, CVE-2014-2401, CVE-2014-2403, CVE-2014-2409, CVE-2014-2412, CVE-2014-2414, CVE-2014-2420, CVE-2014-2421, CVE-2014-2423, CVE-2014-2427, CVE-2014-2428) All users of java-1.6.0-sun are advised to upgrade to these updated packages, which provide Oracle Java 6 Update 75 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect.
Family:	unix	Class:	patch
Reference(s):	ELSA-2014:0414-00 CVE-2013-1500 CVE-2013-1571 CVE-2013-2407 CVE-2013-2412 CVE-2013-2437 CVE-2013-2442 CVE-2013-2443 CVE-2013-2444 CVE-2013-2445 CVE-2013-2446 CVE-2013-2447 CVE-2013-2448 CVE-2013-2450 CVE-2013-2451 CVE-2013-2452 CVE-2013-2453 CVE-2013-2454 CVE-2013-2455 CVE-2013-2456 CVE-2013-2457 CVE-2013-2459 CVE-2013-2461 CVE-2013-2463 CVE-2013-2464 CVE-2013-2465 CVE-2013-2466 CVE-2013-2468 CVE-2013-2469 CVE-2013-2470 CVE-2013-2471 CVE-2013-2472 CVE-2013-2473 CVE-2013-3743 CVE-2013-3829 CVE-2013-4002 CVE-2013-5772 CVE-2013-5774 CVE-2013-5776 CVE-2013-5778 CVE-2013-5780 CVE-2013-5782 CVE-2013-5783 CVE-2013-5784 CVE-2013-5787 CVE-2013-5789 CVE-2013-5790 CVE-2013-5797 CVE-2013-5801 CVE-2013-5802 CVE-2013-5803 CVE-2013-5804 CVE-2013-5809 CVE-2013-5812 CVE-2013-5814 CVE-2013-5817 CVE-2013-5818 CVE-2013-5819 CVE-2013-5820 CVE-2013-5823 CVE-2013-5824 CVE-2013-5825 CVE-2013-5829 CVE-2013-5830 CVE-2013-5831 CVE-2013-5832 CVE-2013-5840 CVE-2013-5842 CVE-2013-5843 CVE-2013-5848 CVE-2013-5849 CVE-2013-5850 CVE-2013-5852 CVE-2013-5878 CVE-2013-5884 CVE-2013-5887 CVE-2013-5888 CVE-2013-5889 CVE-2013-5896 CVE-2013-5898 CVE-2013-5899 CVE-2013-5902 CVE-2013-5905 CVE-2013-5906 CVE-2013-5907 CVE-2013-5910 CVE-2013-6629 CVE-2013-6954 CVE-2014-0368 CVE-2014-0373 CVE-2014-0375 CVE-2014-0376 CVE-2014-0387 CVE-2014-0403 CVE-2014-0410 CVE-2014-0411 CVE-2014-0415 CVE-2014-0416 CVE-2014-0417 CVE-2014-0418 CVE-2014-0422 CVE-2014-0423 CVE-2014-0424 CVE-2014-0428 CVE-2014-0429 CVE-2014-0446 CVE-2014-0449 CVE-2014-0451 CVE-2014-0452 CVE-2014-0453 CVE-2014-0456 CVE-2014-0457 CVE-2014-0458 CVE-2014-0460 CVE-2014-0461 CVE-2014-1876 CVE-2014-2398 CVE-2014-2401 CVE-2014-2403 CVE-2014-2409 CVE-2014-2412 CVE-2014-2414 CVE-2014-2420 CVE-2014-2421 CVE-2014-2423 CVE-2014-2427 CVE-2014-2428	Version:	5
Platform(s):	Oracle Linux 6 Oracle Linux 5	Product(s):	java-1.6.0-sun
Definition Synopsis:
rpm test Oracle Linux 5.x AND rpm test java-1.6.0-sun-devel is earlier than 1:1.6.0.75-1jpp.3.el5_10 AND java-1.6.0-sun-demo is earlier than 1:1.6.0.75-1jpp.3.el5_10 AND java-1.6.0-sun-jdbc is earlier than 1:1.6.0.75-1jpp.3.el5_10 AND java-1.6.0-sun-plugin is earlier than 1:1.6.0.75-1jpp.3.el5_10 AND java-1.6.0-sun-src is earlier than 1:1.6.0.75-1jpp.3.el5_10 AND java-1.6.0-sun is earlier than 1:1.6.0.75-1jpp.3.el5_10 OR rpm test Oracle Linux 6.x AND rpm test java-1.6.0-sun-devel is earlier than 1:1.6.0.75-1jpp.1.el6_5 AND java-1.6.0-sun-demo is earlier than 1:1.6.0.75-1jpp.1.el6_5 AND java-1.6.0-sun-jdbc is earlier than 1:1.6.0.75-1jpp.1.el6_5 AND java-1.6.0-sun-src is earlier than 1:1.6.0.75-1jpp.1.el6_5 AND java-1.6.0-sun-plugin is earlier than 1:1.6.0.75-1jpp.1.el6_5 AND java-1.6.0-sun is earlier than 1:1.6.0.75-1jpp.1.el6_5

Definition Id: oval:org.mitre.oval:def:24751

Oval ID:	oval:org.mitre.oval:def:24751
Title:	DSA-2912-1 openjdk-6 - security update
Description:	Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service.
Family:	unix	Class:	patch
Reference(s):	DSA-2912-1 CVE-2014-0429 CVE-2014-0446 CVE-2014-0451 CVE-2014-0452 CVE-2014-0453 CVE-2014-0456 CVE-2014-0457 CVE-2014-0458 CVE-2014-0459 CVE-2014-0460 CVE-2014-0461 CVE-2014-0462 CVE-2014-1876 CVE-2014-2397 CVE-2014-2398 CVE-2014-2403 CVE-2014-2405 CVE-2014-2412 CVE-2014-2414 CVE-2014-2421 CVE-2014-2423 CVE-2014-2427	Version:	5
Platform(s):	Debian GNU/Linux 6.0 Debian GNU/Linux 7 Debian GNU/kFreeBSD 6.0 Debian GNU/kFreeBSD 7	Product(s):	openjdk-6
Definition Synopsis:
Debian 6.0 release section Debian 6.0 is installed GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND openjdk-6 DPKG is earlier than 0:6b31-1.13.3-1~deb6u1 AND Debian 7.x release section Debian 7 is installed GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND openjdk-6 DPKG is earlier than 0:6b31-1.13.3-1~deb7u1

Definition Id: oval:org.mitre.oval:def:24759

Oval ID:	oval:org.mitre.oval:def:24759
Title:	ELSA-2014:0413: java-1.7.0-oracle security update (Critical)
Description:	Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2013-6629, CVE-2013-6954, CVE-2014-0429, CVE-2014-0432, CVE-2014-0446, CVE-2014-0448, CVE-2014-0449, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0454, CVE-2014-0455, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458, CVE-2014-0459, CVE-2014-0460, CVE-2014-0461, CVE-2014-1876, CVE-2014-2397, CVE-2014-2398, CVE-2014-2401, CVE-2014-2402, CVE-2014-2403, CVE-2014-2409, CVE-2014-2412, CVE-2014-2413, CVE-2014-2414, CVE-2014-2420, CVE-2014-2421, CVE-2014-2422, CVE-2014-2423, CVE-2014-2427, CVE-2014-2428) All users of java-1.7.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 7 Update 55 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect.
Family:	unix	Class:	patch
Reference(s):	ELSA-2014:0413-00 CVE-2013-6629 CVE-2013-6954 CVE-2014-0429 CVE-2014-0432 CVE-2014-0446 CVE-2014-0448 CVE-2014-0449 CVE-2014-0451 CVE-2014-0452 CVE-2014-0453 CVE-2014-0454 CVE-2014-0455 CVE-2014-0456 CVE-2014-0457 CVE-2014-0458 CVE-2014-0459 CVE-2014-0460 CVE-2014-0461 CVE-2014-1876 CVE-2014-2397 CVE-2014-2398 CVE-2014-2401 CVE-2014-2402 CVE-2014-2403 CVE-2014-2409 CVE-2014-2412 CVE-2014-2413 CVE-2014-2414 CVE-2014-2420 CVE-2014-2421 CVE-2014-2422 CVE-2014-2423 CVE-2014-2427 CVE-2014-2428	Version:	5
Platform(s):	Oracle Linux 6 Oracle Linux 5	Product(s):	java-1.7.0-oracle
Definition Synopsis:
rpm test Oracle Linux 5.x AND rpm test java-1.7.0-oracle-plugin is earlier than 1:1.7.0.55-1jpp.2.el5_10 AND java-1.7.0-oracle-devel is earlier than 1:1.7.0.55-1jpp.2.el5_10 AND java-1.7.0-oracle-src is earlier than 1:1.7.0.55-1jpp.2.el5_10 AND java-1.7.0-oracle-javafx is earlier than 1:1.7.0.55-1jpp.2.el5_10 AND java-1.7.0-oracle-jdbc is earlier than 1:1.7.0.55-1jpp.2.el5_10 AND java-1.7.0-oracle is earlier than 1:1.7.0.55-1jpp.2.el5_10 OR rpm test Oracle Linux 6.x AND rpm test java-1.7.0-oracle-plugin is earlier than 1:1.7.0.55-1jpp.1.el6_5 AND java-1.7.0-oracle-devel is earlier than 1:1.7.0.55-1jpp.1.el6_5 AND java-1.7.0-oracle-src is earlier than 1:1.7.0.55-1jpp.1.el6_5 AND java-1.7.0-oracle-javafx is earlier than 1:1.7.0.55-1jpp.1.el6_5 AND java-1.7.0-oracle-jdbc is earlier than 1:1.7.0.55-1jpp.1.el6_5 AND java-1.7.0-oracle is earlier than 1:1.7.0.55-1jpp.1.el6_5

Definition Id: oval:org.mitre.oval:def:24767

Oval ID:	oval:org.mitre.oval:def:24767
Title:	ELSA-2014:0486: java-1.7.0-ibm security update (Critical)
Description:	IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2014-0457, CVE-2014-2421, CVE-2014-0429, CVE-2014-0461, CVE-2014-0455, CVE-2014-2428, CVE-2014-0448, CVE-2014-0454, CVE-2014-0446, CVE-2014-0452, CVE-2014-0451, CVE-2014-2402, CVE-2014-2423, CVE-2014-2427, CVE-2014-0458, CVE-2014-2414, CVE-2014-2412, CVE-2014-2409, CVE-2014-0460, CVE-2013-6954, CVE-2013-6629, CVE-2014-2401, CVE-2014-0449, CVE-2014-0459, CVE-2014-0453, CVE-2014-2398, CVE-2014-1876, CVE-2014-2420) All users of java-1.7.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 7 SR7 release. All running instances of IBM Java must be restarted for the update to take effect.
Family:	unix	Class:	patch
Reference(s):	ELSA-2014:0486-01 CVE-2013-6629 CVE-2013-6954 CVE-2014-0429 CVE-2014-0446 CVE-2014-0448 CVE-2014-0449 CVE-2014-0451 CVE-2014-0452 CVE-2014-0453 CVE-2014-0454 CVE-2014-0455 CVE-2014-0457 CVE-2014-0458 CVE-2014-0459 CVE-2014-0460 CVE-2014-0461 CVE-2014-0878 CVE-2014-1876 CVE-2014-2398 CVE-2014-2401 CVE-2014-2402 CVE-2014-2409 CVE-2014-2412 CVE-2014-2414 CVE-2014-2420 CVE-2014-2421 CVE-2014-2423 CVE-2014-2427 CVE-2014-2428	Version:	4
Platform(s):	Oracle Linux 5 Oracle Linux 6	Product(s):	java-1.7.0-ibm
Definition Synopsis:
rpm test Oracle Linux 5.x AND rpm test java-1.7.0-ibm-jdbc is earlier than 1:1.7.0.7.0-1jpp.1.el5_10 AND java-1.7.0-ibm-demo is earlier than 1:1.7.0.7.0-1jpp.1.el5_10 AND java-1.7.0-ibm-plugin is earlier than 1:1.7.0.7.0-1jpp.1.el5_10 AND java-1.7.0-ibm-src is earlier than 1:1.7.0.7.0-1jpp.1.el5_10 AND java-1.7.0-ibm is earlier than 1:1.7.0.7.0-1jpp.1.el5_10 AND java-1.7.0-ibm-devel is earlier than 1:1.7.0.7.0-1jpp.1.el5_10 OR rpm test Oracle Linux 6.x AND rpm test java-1.7.0-ibm-jdbc is earlier than 1:1.7.0.7.0-1jpp.1.el6_5 AND java-1.7.0-ibm-demo is earlier than 1:1.7.0.7.0-1jpp.1.el6_5 AND java-1.7.0-ibm-plugin is earlier than 1:1.7.0.7.0-1jpp.1.el6_5 AND java-1.7.0-ibm-src is earlier than 1:1.7.0.7.0-1jpp.1.el6_5 AND java-1.7.0-ibm is earlier than 1:1.7.0.7.0-1jpp.1.el6_5 AND java-1.7.0-ibm-devel is earlier than 1:1.7.0.7.0-1jpp.1.el6_5

Definition Id: oval:org.mitre.oval:def:24794

Oval ID:	oval:org.mitre.oval:def:24794
Title:	RHSA-2014:0509: java-1.5.0-ibm security update (Important)
Description:	IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2014-0457, CVE-2014-2421, CVE-2014-0429, CVE-2014-0446, CVE-2014-0451, CVE-2014-2427, CVE-2014-2412, CVE-2014-0460, CVE-2013-6629, CVE-2014-2401, CVE-2014-0453, CVE-2014-2398, CVE-2014-1876) All users of java-1.5.0-ibm are advised to upgrade to these updated packages, containing the IBM J2SE 5.0 SR16-FP6 release. All running instances of IBM Java must be restarted for this update to take effect.
Family:	unix	Class:	patch
Reference(s):	RHSA-2014:0509-00 CVE-2013-6629 CVE-2014-0429 CVE-2014-0446 CVE-2014-0451 CVE-2014-0453 CVE-2014-0457 CVE-2014-0460 CVE-2014-1876 CVE-2014-2398 CVE-2014-2401 CVE-2014-2412 CVE-2014-2421 CVE-2014-2427	Version:	3
Platform(s):	Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6	Product(s):	java-1.5.0-ibm
Definition Synopsis:
Operation system section The operating system installed on the system is Red Hat Enterprise Linux 5 Packages section java-1.5.0-ibm-accessibility is earlier than 1:1.5.0.16.6-1jpp.1.el5_10 AND java-1.5.0-ibm-plugin is earlier than 1:1.5.0.16.6-1jpp.1.el5_10 AND java-1.5.0-ibm-devel is earlier than 1:1.5.0.16.6-1jpp.1.el5_10 AND java-1.5.0-ibm-javacomm is earlier than 1:1.5.0.16.6-1jpp.1.el5_10 AND java-1.5.0-ibm-jdbc is earlier than 1:1.5.0.16.6-1jpp.1.el5_10 AND java-1.5.0-ibm-src is earlier than 1:1.5.0.16.6-1jpp.1.el5_10 AND java-1.5.0-ibm is earlier than 1:1.5.0.16.6-1jpp.1.el5_10 AND java-1.5.0-ibm-demo is earlier than 1:1.5.0.16.6-1jpp.1.el5_10 AND Operation system section The operating system installed on the system is Red Hat Enterprise Linux 6 Packages section java-1.5.0-ibm-plugin is earlier than 1:1.5.0.16.6-1jpp.1.el6_5 AND java-1.5.0-ibm-devel is earlier than 1:1.5.0.16.6-1jpp.1.el6_5 AND java-1.5.0-ibm-javacomm is earlier than 1:1.5.0.16.6-1jpp.1.el6_5 AND java-1.5.0-ibm-jdbc is earlier than 1:1.5.0.16.6-1jpp.1.el6_5 AND java-1.5.0-ibm-src is earlier than 1:1.5.0.16.6-1jpp.1.el6_5 AND java-1.5.0-ibm is earlier than 1:1.5.0.16.6-1jpp.1.el6_5 AND java-1.5.0-ibm-demo is earlier than 1:1.5.0.16.6-1jpp.1.el6_5

Definition Id: oval:org.mitre.oval:def:24806

Oval ID:	oval:org.mitre.oval:def:24806
Title:	Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability (CVE-2014-4262)
Description:	Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2014-4262	Version:	8
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	Java Runtime Environment Java Development Kit
Definition Synopsis:
Determine if the version of Java Development Kit is less than 1.5.0:update_66 Determine if the version of Java Development Kit is less than 1.5.0:update_66 AND Java SE Development Kit 5 is installed OR Determine if the version of Java Runtime Environment is less than 1.5.0:update_66 Determine if the version of Java Runtime Environment is less than 1.5.0:update_66 AND Java SE Runtime Environment 5 is installed OR Determine if the version of Java Development Kit is less than 1.6.0:update_76 Determine if the version of Java Development Kit is less than 1.6.0:update_76 AND Java SE Development Kit 6 is installed OR Determine if the version of Java Runtime Environment is less than 1.6.0:update_76 Determine if the version of Java Runtime Environment is less than 1.6.0:update_76 AND Java SE Runtime Environment 6 is installed OR Determine if the version of Java Development Kit is less than 1.7.0:update_61 Determine if the version of Java Development Kit is less than 1.7.0:update_61 AND Java SE Development Kit 7 is installed OR Determine if the version of Java Runtime Environment is less than 1.7.0:update_61 Determine if the version of Java Runtime Environment is less than 1.7.0:update_61 AND Java SE Runtime Environment 7 is installed OR Determine if the version of Java Development Kit is less than 1.8.0:update_6 Determine if the version of Java Development Kit is less than 1.8.0:update_6 AND Java SE Development Kit 8 is installed OR Determine if the version of Java Runtime Environment is less than 1.8.0:update_6 Determine if the version of Java Runtime Environment is less than 1.8.0:update_6 AND Java SE Runtime Environment 8 is installed

Definition Id: oval:org.mitre.oval:def:24827

Oval ID:	oval:org.mitre.oval:def:24827
Title:	Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality (CVE-2014-4268)
Description:	Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Swing.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2014-4268	Version:	8
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	Java Runtime Environment Java Development Kit
Definition Synopsis:
Determine if the version of Java Development Kit is less than 1.5.0:update_66 Determine if the version of Java Development Kit is less than 1.5.0:update_66 AND Java SE Development Kit 5 is installed OR Determine if the version of Java Runtime Environment is less than 1.5.0:update_66 Determine if the version of Java Runtime Environment is less than 1.5.0:update_66 AND Java SE Runtime Environment 5 is installed OR Determine if the version of Java Development Kit is less than 1.6.0:update_76 Determine if the version of Java Development Kit is less than 1.6.0:update_76 AND Java SE Development Kit 6 is installed OR Determine if the version of Java Runtime Environment is less than 1.6.0:update_76 Determine if the version of Java Runtime Environment is less than 1.6.0:update_76 AND Java SE Runtime Environment 6 is installed OR Determine if the version of Java Development Kit is less than 1.7.0:update_61 Determine if the version of Java Development Kit is less than 1.7.0:update_61 AND Java SE Development Kit 7 is installed OR Determine if the version of Java Runtime Environment is less than 1.7.0:update_61 Determine if the version of Java Runtime Environment is less than 1.7.0:update_61 AND Java SE Runtime Environment 7 is installed OR Determine if the version of Java Development Kit is less than 1.8.0:update_6 Determine if the version of Java Development Kit is less than 1.8.0:update_6 AND Java SE Development Kit 8 is installed OR Determine if the version of Java Runtime Environment is less than 1.8.0:update_6 Determine if the version of Java Runtime Environment is less than 1.8.0:update_6 AND Java SE Runtime Environment 8 is installed

Definition Id: oval:org.mitre.oval:def:24828

Oval ID:	oval:org.mitre.oval:def:24828
Title:	Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect integrity (CVE-2014-4218)
Description:	Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect integrity via unknown vectors related to Libraries.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2014-4218	Version:	8
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	Java Runtime Environment Java Development Kit
Definition Synopsis:
Determine if the version of Java Development Kit is less than 1.5.0:update_66 Determine if the version of Java Development Kit is less than 1.5.0:update_66 AND Java SE Development Kit 5 is installed OR Determine if the version of Java Runtime Environment is less than 1.5.0:update_66 Determine if the version of Java Runtime Environment is less than 1.5.0:update_66 AND Java SE Runtime Environment 5 is installed OR Determine if the version of Java Development Kit is less than 1.6.0:update_76 Determine if the version of Java Development Kit is less than 1.6.0:update_76 AND Java SE Development Kit 6 is installed OR Determine if the version of Java Runtime Environment is less than 1.6.0:update_76 Determine if the version of Java Runtime Environment is less than 1.6.0:update_76 AND Java SE Runtime Environment 6 is installed OR Determine if the version of Java Development Kit is less than 1.7.0:update_61 Determine if the version of Java Development Kit is less than 1.7.0:update_61 AND Java SE Development Kit 7 is installed OR Determine if the version of Java Runtime Environment is less than 1.7.0:update_61 Determine if the version of Java Runtime Environment is less than 1.7.0:update_61 AND Java SE Runtime Environment 7 is installed OR Determine if the version of Java Development Kit is less than 1.8.0:update_6 Determine if the version of Java Development Kit is less than 1.8.0:update_6 AND Java SE Development Kit 8 is installed OR Determine if the version of Java Runtime Environment is less than 1.8.0:update_6 Determine if the version of Java Runtime Environment is less than 1.8.0:update_6 AND Java SE Runtime Environment 8 is installed

Definition Id: oval:org.mitre.oval:def:24873

Oval ID:	oval:org.mitre.oval:def:24873
Title:	Unspecified vulnerability in Oracle Java SE 7u60 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries (CVE-2014-4223)
Description:	Unspecified vulnerability in Oracle Java SE 7u60 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-2483.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2014-4223	Version:	6
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	Java Runtime Environment Java Development Kit
Definition Synopsis:
Determine if the version of Java Development Kit is less than 1.7.0:update_61 Determine if the version of Java Development Kit is less than 1.7.0:update_61 AND Java SE Development Kit 7 is installed OR Determine if the version of Java Runtime Environment is less than 1.7.0:update_61 Determine if the version of Java Runtime Environment is less than 1.7.0:update_61 AND Java SE Runtime Environment 7 is installed

Definition Id: oval:org.mitre.oval:def:24880

Oval ID:	oval:org.mitre.oval:def:24880
Title:	RHSA-2014:0675: java-1.7.0-openjdk security update (Critical)
Description:	The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2014-0429) Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-0457, CVE-2014-0455, CVE-2014-0461) Multiple improper permission check issues were discovered in the AWT, JAX-WS, JAXB, Libraries, Security, Sound, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-2402, CVE-2014-0446, CVE-2014-2413, CVE-2014-0454, CVE-2014-2427, CVE-2014-0459) Multiple flaws were identified in the Java Naming and Directory Interface (JNDI) DNS client. These flaws could make it easier for a remote attacker to perform DNS spoofing attacks. (CVE-2014-0460) It was discovered that the JAXP component did not properly prevent access to arbitrary files when a SecurityManager was present. This flaw could cause a Java application using JAXP to leak sensitive information, or affect application availability. (CVE-2014-2403) It was discovered that the Security component in OpenJDK could leak some timing information when performing PKCS#1 unpadding. This could possibly lead to the disclosure of some information that was meant to be protected by encryption. (CVE-2014-0453) It was discovered that the fix for CVE-2013-5797 did not properly resolve input sanitization flaws in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting (XSS) attacks. (CVE-2014-2398) An insecure temporary file use flaw was found in the way the unpack200 utility created log files. A local attacker could possibly use this flaw to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running unpack200. (CVE-2014-1876) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
Family:	unix	Class:	patch
Reference(s):	RHSA-2014:0675-00 CVE-2014-0429 CVE-2014-0446 CVE-2014-0451 CVE-2014-0452 CVE-2014-0453 CVE-2014-0454 CVE-2014-0455 CVE-2014-0456 CVE-2014-0457 CVE-2014-0458 CVE-2014-0459 CVE-2014-0460 CVE-2014-0461 CVE-2014-1876 CVE-2014-2397 CVE-2014-2398 CVE-2014-2402 CVE-2014-2403 CVE-2014-2412 CVE-2014-2413 CVE-2014-2414 CVE-2014-2421 CVE-2014-2423 CVE-2014-2427	Version:	4
Platform(s):	Red Hat Enterprise Linux 7 CentOS Linux 7	Product(s):	java-1.7.0-openjdk
Definition Synopsis:
RHEL 7 The operating system installed on the system is Red Hat Enterprise Linux 7 AND Packages section java-1.7.0-openjdk-accessibility is earlier than 1:1.7.0.55-2.4.7.2.el7_0 AND java-1.7.0-openjdk-javadoc is earlier than 1:1.7.0.55-2.4.7.2.el7_0 AND java-1.7.0-openjdk is earlier than 1:1.7.0.55-2.4.7.2.el7_0 AND java-1.7.0-openjdk-src is earlier than 1:1.7.0.55-2.4.7.2.el7_0 AND java-1.7.0-openjdk-headless is earlier than 1:1.7.0.55-2.4.7.2.el7_0 AND java-1.7.0-openjdk-devel is earlier than 1:1.7.0.55-2.4.7.2.el7_0 AND java-1.7.0-openjdk-demo is earlier than 1:1.7.0.55-2.4.7.2.el7_0 OR CentOS 7 The operating system installed on the system is CentOS Linux 7.x AND java-1.7.0-openjdk is earlier than 1:1.7.0.55-2.4.7.2.el7_0

Definition Id: oval:org.mitre.oval:def:24881

Oval ID:	oval:org.mitre.oval:def:24881
Title:	ELSA-2014:0509: java-1.5.0-ibm security update (Important)
Description:	IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2014-0457, CVE-2014-2421, CVE-2014-0429, CVE-2014-0446, CVE-2014-0451, CVE-2014-2427, CVE-2014-2412, CVE-2014-0460, CVE-2013-6629, CVE-2014-2401, CVE-2014-0453, CVE-2014-2398, CVE-2014-1876) All users of java-1.5.0-ibm are advised to upgrade to these updated packages, containing the IBM J2SE 5.0 SR16-FP6 release. All running instances of IBM Java must be restarted for this update to take effect.
Family:	unix	Class:	patch
Reference(s):	ELSA-2014:0509-01 CVE-2013-6629 CVE-2014-0429 CVE-2014-0446 CVE-2014-0451 CVE-2014-0453 CVE-2014-0457 CVE-2014-0460 CVE-2014-0878 CVE-2014-1876 CVE-2014-2398 CVE-2014-2401 CVE-2014-2412 CVE-2014-2421 CVE-2014-2427	Version:	4
Platform(s):	Oracle Linux 5 Oracle Linux 6	Product(s):	java-1.5.0-ibm
Definition Synopsis:
rpm test Oracle Linux 5.x AND rpm test java-1.5.0-ibm is earlier than 1:1.5.0.16.6-1jpp.1.el5_10 AND java-1.5.0-ibm-plugin is earlier than 1:1.5.0.16.6-1jpp.1.el5_10 AND java-1.5.0-ibm-src is earlier than 1:1.5.0.16.6-1jpp.1.el5_10 AND java-1.5.0-ibm-devel is earlier than 1:1.5.0.16.6-1jpp.1.el5_10 AND java-1.5.0-ibm-accessibility is earlier than 1:1.5.0.16.6-1jpp.1.el5_10 AND java-1.5.0-ibm-demo is earlier than 1:1.5.0.16.6-1jpp.1.el5_10 AND java-1.5.0-ibm-jdbc is earlier than 1:1.5.0.16.6-1jpp.1.el5_10 AND java-1.5.0-ibm-javacomm is earlier than 1:1.5.0.16.6-1jpp.1.el5_10 OR rpm test Oracle Linux 6.x AND rpm test java-1.5.0-ibm is earlier than 1:1.5.0.16.6-1jpp.1.el6_5 AND java-1.5.0-ibm-devel is earlier than 1:1.5.0.16.6-1jpp.1.el6_5 AND java-1.5.0-ibm-plugin is earlier than 1:1.5.0.16.6-1jpp.1.el6_5 AND java-1.5.0-ibm-src is earlier than 1:1.5.0.16.6-1jpp.1.el6_5 AND java-1.5.0-ibm-demo is earlier than 1:1.5.0.16.6-1jpp.1.el6_5 AND java-1.5.0-ibm-jdbc is earlier than 1:1.5.0.16.6-1jpp.1.el6_5 AND java-1.5.0-ibm-javacomm is earlier than 1:1.5.0.16.6-1jpp.1.el6_5

Definition Id: oval:org.mitre.oval:def:24964

Oval ID:	oval:org.mitre.oval:def:24964
Title:	DEPRECATED: RHSA-2014:0890: java-1.7.0-openjdk security update (Important)
Description:	The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. (CVE-2014-4216, CVE-2014-4219) A format string flaw was discovered in the Hotspot component event logger in OpenJDK. An untrusted Java application or applet could use this flaw to crash the Java Virtual Machine or, potentially, execute arbitrary code with the privileges of the Java Virtual Machine. (CVE-2014-2490) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-4223, CVE-2014-4262, CVE-2014-2483) Multiple flaws were discovered in the JMX, Libraries, Security, and Serviceability components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-4209, CVE-2014-4218, CVE-2014-4221, CVE-2014-4252, CVE-2014-4266) It was discovered that the RSA algorithm in the Security component in OpenJDK did not sufficiently perform blinding while performing operations that were using private keys. An attacker able to measure timing differences of those operations could possibly leak information about the used keys. (CVE-2014-4244) The Diffie-Hellman (DH) key exchange algorithm implementation in the Security component in OpenJDK failed to validate public DH parameters properly. This could cause OpenJDK to accept and use weak parameters, allowing an attacker to recover the negotiated key. (CVE-2014-4263) The CVE-2014-4262 issue was discovered by Florian Weimer of Red Hat Product Security. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
Family:	unix	Class:	patch
Reference(s):	RHSA-2014:0890-00 CESA-2014:0890 CVE-2014-2483 CVE-2014-2490 CVE-2014-4209 CVE-2014-4216 CVE-2014-4218 CVE-2014-4219 CVE-2014-4221 CVE-2014-4223 CVE-2014-4244 CVE-2014-4252 CVE-2014-4262 CVE-2014-4263 CVE-2014-4266	Version:	4
Platform(s):	Red Hat Enterprise Linux 5 CentOS Linux 5	Product(s):	java-1.7.0-openjdk
Definition Synopsis:
Redhat 5 or Centos 5 release The operating system installed on the system is Red Hat Enterprise Linux 5 AND The operating system installed on the system is CentOS Linux 5.x Packages section java-1.7.0-openjdk is earlier than 1:1.7.0.65-2.5.1.2.el5_10 AND java-1.7.0-openjdk-demo is earlier than 1:1.7.0.65-2.5.1.2.el5_10 AND java-1.7.0-openjdk-devel is earlier than 1:1.7.0.65-2.5.1.2.el5_10 AND java-1.7.0-openjdk-javadoc is earlier than 1:1.7.0.65-2.5.1.2.el5_10 AND java-1.7.0-openjdk-src is earlier than 1:1.7.0.65-2.5.1.2.el5_10

Definition Id: oval:org.mitre.oval:def:24985

Oval ID:	oval:org.mitre.oval:def:24985
Title:	Unspecified vulnerability in Oracle Java SE 7u60 and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries (CVE-2014-2483)
Description:	Unspecified vulnerability in the Java SE component in Oracle Java SE Java SE 7u60 and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-4223. NOTE: the previous information is from the July 2014 CPU. Oracle has not commented on another vendor's claim that the issue is related to improper restriction of the "use of privileged annotations."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2014-2483	Version:	6
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	Java Runtime Environment Java Development Kit
Definition Synopsis:
Determine if the version of Java Development Kit is less than 1.7.0:update_61 Determine if the version of Java Development Kit is less than 1.7.0:update_61 AND Java SE Development Kit 7 is installed OR Determine if the version of Java Runtime Environment is less than 1.7.0:update_61 Determine if the version of Java Runtime Environment is less than 1.7.0:update_61 AND Java SE Runtime Environment 7 is installed

Definition Id: oval:org.mitre.oval:def:25066

Oval ID:	oval:org.mitre.oval:def:25066
Title:	Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and R28.3.2, allows remote attackers to affect confidentiality and integrity (CVE-2014-4263)
Description:	Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and R28.3.2, allows remote attackers to affect confidentiality and integrity via unknown vectors related to "Diffie-Hellman key agreement."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2014-4263	Version:	8
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	Java Runtime Environment Java Development Kit
Definition Synopsis:
Determine if the version of Java Development Kit is less than 1.5.0:update_66 Determine if the version of Java Development Kit is less than 1.5.0:update_66 AND Java SE Development Kit 5 is installed OR Determine if the version of Java Runtime Environment is less than 1.5.0:update_66 Determine if the version of Java Runtime Environment is less than 1.5.0:update_66 AND Java SE Runtime Environment 5 is installed OR Determine if the version of Java Development Kit is less than 1.6.0:update_76 Determine if the version of Java Development Kit is less than 1.6.0:update_76 AND Java SE Development Kit 6 is installed OR Determine if the version of Java Runtime Environment is less than 1.6.0:update_76 Determine if the version of Java Runtime Environment is less than 1.6.0:update_76 AND Java SE Runtime Environment 6 is installed OR Determine if the version of Java Development Kit is less than 1.7.0:update_61 Determine if the version of Java Development Kit is less than 1.7.0:update_61 AND Java SE Development Kit 7 is installed OR Determine if the version of Java Runtime Environment is less than 1.7.0:update_61 Determine if the version of Java Runtime Environment is less than 1.7.0:update_61 AND Java SE Runtime Environment 7 is installed OR Determine if the version of Java Development Kit is less than 1.8.0:update_6 Determine if the version of Java Development Kit is less than 1.8.0:update_6 AND Java SE Development Kit 8 is installed OR Determine if the version of Java Runtime Environment is less than 1.8.0:update_6 Determine if the version of Java Runtime Environment is less than 1.8.0:update_6 AND Java SE Runtime Environment 8 is installed

Definition Id: oval:org.mitre.oval:def:25092

Oval ID:	oval:org.mitre.oval:def:25092
Title:	Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability (CVE-2014-4219)
Description:	Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2014-4219	Version:	6
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	Java Runtime Environment Java Development Kit
Definition Synopsis:
Determine if the version of Java Development Kit is less than 1.6.0:update_76 Determine if the version of Java Development Kit is less than 1.6.0:update_76 AND Java SE Development Kit 6 is installed OR Determine if the version of Java Runtime Environment is less than 1.6.0:update_76 Determine if the version of Java Runtime Environment is less than 1.6.0:update_76 AND Java SE Runtime Environment 6 is installed OR Determine if the version of Java Development Kit is less than 1.7.0:update_61 Determine if the version of Java Development Kit is less than 1.7.0:update_61 AND Java SE Development Kit 7 is installed OR Determine if the version of Java Runtime Environment is less than 1.7.0:update_61 Determine if the version of Java Runtime Environment is less than 1.7.0:update_61 AND Java SE Runtime Environment 7 is installed OR Determine if the version of Java Development Kit is less than 1.8.0:update_6 Determine if the version of Java Development Kit is less than 1.8.0:update_6 AND Java SE Development Kit 8 is installed OR Determine if the version of Java Runtime Environment is less than 1.8.0:update_6 Determine if the version of Java Runtime Environment is less than 1.8.0:update_6 AND Java SE Runtime Environment 8 is installed

Definition Id: oval:org.mitre.oval:def:25104

Oval ID:	oval:org.mitre.oval:def:25104
Title:	Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect integrity (CVE-2014-4220)
Description:	Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4208.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2014-4220	Version:	6
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	Java Runtime Environment Java Development Kit
Definition Synopsis:
Determine if the version of Java Development Kit is less than 1.7.0:update_61 Determine if the version of Java Development Kit is less than 1.7.0:update_61 AND Java SE Development Kit 7 is installed OR Determine if the version of Java Runtime Environment is less than 1.7.0:update_61 Determine if the version of Java Runtime Environment is less than 1.7.0:update_61 AND Java SE Runtime Environment 7 is installed OR Determine if the version of Java Development Kit is less than 1.8.0:update_6 Determine if the version of Java Development Kit is less than 1.8.0:update_6 AND Java SE Development Kit 8 is installed OR Determine if the version of Java Runtime Environment is less than 1.8.0:update_6 Determine if the version of Java Runtime Environment is less than 1.8.0:update_6 AND Java SE Runtime Environment 8 is installed

Definition Id: oval:org.mitre.oval:def:25136

Oval ID:	oval:org.mitre.oval:def:25136
Title:	Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality and integrity (CVE-2014-4209)
Description:	Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality and integrity via vectors related to JMX.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2014-4209	Version:	8
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	Java Runtime Environment Java Development Kit
Definition Synopsis:
Determine if the version of Java Development Kit is less than 1.5.0:update_66 Determine if the version of Java Development Kit is less than 1.5.0:update_66 AND Java SE Development Kit 5 is installed OR Determine if the version of Java Runtime Environment is less than 1.5.0:update_66 Determine if the version of Java Runtime Environment is less than 1.5.0:update_66 AND Java SE Runtime Environment 5 is installed OR Determine if the version of Java Development Kit is less than 1.6.0:update_76 Determine if the version of Java Development Kit is less than 1.6.0:update_76 AND Java SE Development Kit 6 is installed OR Determine if the version of Java Runtime Environment is less than 1.6.0:update_76 Determine if the version of Java Runtime Environment is less than 1.6.0:update_76 AND Java SE Runtime Environment 6 is installed OR Determine if the version of Java Development Kit is less than 1.7.0:update_61 Determine if the version of Java Development Kit is less than 1.7.0:update_61 AND Java SE Development Kit 7 is installed OR Determine if the version of Java Runtime Environment is less than 1.7.0:update_61 Determine if the version of Java Runtime Environment is less than 1.7.0:update_61 AND Java SE Runtime Environment 7 is installed OR Determine if the version of Java Development Kit is less than 1.8.0:update_6 Determine if the version of Java Development Kit is less than 1.8.0:update_6 AND Java SE Development Kit 8 is installed OR Determine if the version of Java Runtime Environment is less than 1.8.0:update_6 Determine if the version of Java Runtime Environment is less than 1.8.0:update_6 AND Java SE Runtime Environment 8 is installed

Definition Id: oval:org.mitre.oval:def:25149

Oval ID:	oval:org.mitre.oval:def:25149
Title:	Unspecified vulnerability in Oracle Java SE 8u5 allows remote attackers to affect confidentiality, integrity, and availability (CVE-2014-4247)
Description:	Unspecified vulnerability in Oracle Java SE 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2014-4247	Version:	5
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	Java Runtime Environment Java Development Kit
Definition Synopsis:
Determine if the version of Java Development Kit is less than 1.8.0:update_6 Determine if the version of Java Development Kit is less than 1.8.0:update_6 AND Java SE Development Kit 8 is installed OR Determine if the version of Java Runtime Environment is less than 1.8.0:update_6 Determine if the version of Java Runtime Environment is less than 1.8.0:update_6 AND Java SE Runtime Environment 8 is installed

Definition Id: oval:org.mitre.oval:def:25154

Oval ID:	oval:org.mitre.oval:def:25154
Title:	Unspecified vulnerability in Oracle Java SE 7u60 and SE 8u5 allows remote attackers to affect confidentiality, integrity, and availability
Description:	Unspecified vulnerability in the Java SE component in Oracle Java SE 7u60 and SE 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2014-2490	Version:	6
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	Java Runtime Environment Java Development Kit
Definition Synopsis:
Determine if the version of Java Development Kit is less than 1.7.0:update_61 Determine if the version of Java Development Kit is less than 1.7.0:update_61 AND Java SE Development Kit 7 is installed OR Determine if the version of Java Runtime Environment is less than 1.7.0:update_61 Determine if the version of Java Runtime Environment is less than 1.7.0:update_61 AND Java SE Runtime Environment 7 is installed OR Determine if the version of Java Development Kit is less than 1.8.0:update_6 Determine if the version of Java Development Kit is less than 1.8.0:update_6 AND Java SE Development Kit 8 is installed OR Determine if the version of Java Runtime Environment is less than 1.8.0:update_6 Determine if the version of Java Runtime Environment is less than 1.8.0:update_6 AND Java SE Runtime Environment 8 is installed

Definition Id: oval:org.mitre.oval:def:25160

Oval ID:	oval:org.mitre.oval:def:25160
Title:	Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability (CVE-2014-4216)
Description:	Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2014-4216	Version:	8
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	Java Runtime Environment Java Development Kit
Definition Synopsis:
Determine if the version of Java Development Kit is less than 1.5.0:update_66 Determine if the version of Java Development Kit is less than 1.5.0:update_66 AND Java SE Development Kit 5 is installed OR Determine if the version of Java Runtime Environment is less than 1.5.0:update_66 Determine if the version of Java Runtime Environment is less than 1.5.0:update_66 AND Java SE Runtime Environment 5 is installed OR Determine if the version of Java Development Kit is less than 1.6.0:update_76 Determine if the version of Java Development Kit is less than 1.6.0:update_76 AND Java SE Development Kit 6 is installed OR Determine if the version of Java Runtime Environment is less than 1.6.0:update_76 Determine if the version of Java Runtime Environment is less than 1.6.0:update_76 AND Java SE Runtime Environment 6 is installed OR Determine if the version of Java Development Kit is less than 1.7.0:update_61 Determine if the version of Java Development Kit is less than 1.7.0:update_61 AND Java SE Development Kit 7 is installed OR Determine if the version of Java Runtime Environment is less than 1.7.0:update_61 Determine if the version of Java Runtime Environment is less than 1.7.0:update_61 AND Java SE Runtime Environment 7 is installed OR Determine if the version of Java Development Kit is less than 1.8.0:update_6 Determine if the version of Java Development Kit is less than 1.8.0:update_6 AND Java SE Development Kit 8 is installed OR Determine if the version of Java Runtime Environment is less than 1.8.0:update_6 Determine if the version of Java Runtime Environment is less than 1.8.0:update_6 AND Java SE Runtime Environment 8 is installed

Definition Id: oval:org.mitre.oval:def:25185

Oval ID:	oval:org.mitre.oval:def:25185
Title:	ELSA-2014:0508: java-1.6.0-ibm security update (Critical)
Description:	IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2014-0457, CVE-2014-2421, CVE-2014-0429, CVE-2014-0461, CVE-2014-2428, CVE-2014-0446, CVE-2014-0452, CVE-2014-0451, CVE-2014-2423, CVE-2014-2427, CVE-2014-0458, CVE-2014-2414, CVE-2014-2412, CVE-2014-2409, CVE-2014-0460, CVE-2013-6954, CVE-2013-6629, CVE-2014-2401, CVE-2014-0449, CVE-2014-0453, CVE-2014-2398, CVE-2014-1876, CVE-2014-2420) All users of java-1.6.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 6 SR16 release. All running instances of IBM Java must be restarted for the update to take effect.
Family:	unix	Class:	patch
Reference(s):	ELSA-2014:0508-01 CVE-2013-6629 CVE-2013-6954 CVE-2014-0429 CVE-2014-0446 CVE-2014-0449 CVE-2014-0451 CVE-2014-0452 CVE-2014-0453 CVE-2014-0457 CVE-2014-0458 CVE-2014-0460 CVE-2014-0461 CVE-2014-0878 CVE-2014-1876 CVE-2014-2398 CVE-2014-2401 CVE-2014-2409 CVE-2014-2412 CVE-2014-2414 CVE-2014-2420 CVE-2014-2421 CVE-2014-2423 CVE-2014-2427 CVE-2014-2428	Version:	4
Platform(s):	Oracle Linux 5 Oracle Linux 6	Product(s):	java-1.6.0-ibm
Definition Synopsis:
rpm test Oracle Linux 5.x AND rpm test java-1.6.0-ibm-demo is earlier than 1:1.6.0.16.0-1jpp.1.el5_10 AND java-1.6.0-ibm-devel is earlier than 1:1.6.0.16.0-1jpp.1.el5_10 AND java-1.6.0-ibm-accessibility is earlier than 1:1.6.0.16.0-1jpp.1.el5_10 AND java-1.6.0-ibm-jdbc is earlier than 1:1.6.0.16.0-1jpp.1.el5_10 AND java-1.6.0-ibm-src is earlier than 1:1.6.0.16.0-1jpp.1.el5_10 AND java-1.6.0-ibm-javacomm is earlier than 1:1.6.0.16.0-1jpp.1.el5_10 AND java-1.6.0-ibm-plugin is earlier than 1:1.6.0.16.0-1jpp.1.el5_10 AND java-1.6.0-ibm is earlier than 1:1.6.0.16.0-1jpp.1.el5_10 OR rpm test Oracle Linux 6.x AND rpm test java-1.6.0-ibm-devel is earlier than 1:1.6.0.16.0-1jpp.1.el6_5 AND java-1.6.0-ibm-demo is earlier than 1:1.6.0.16.0-1jpp.1.el6_5 AND java-1.6.0-ibm-jdbc is earlier than 1:1.6.0.16.0-1jpp.1.el6_5 AND java-1.6.0-ibm-src is earlier than 1:1.6.0.16.0-1jpp.1.el6_5 AND java-1.6.0-ibm-javacomm is earlier than 1:1.6.0.16.0-1jpp.1.el6_5 AND java-1.6.0-ibm-plugin is earlier than 1:1.6.0.16.0-1jpp.1.el6_5 AND java-1.6.0-ibm is earlier than 1:1.6.0.16.0-1jpp.1.el6_5

Definition Id: oval:org.mitre.oval:def:25202

Oval ID:	oval:org.mitre.oval:def:25202
Title:	Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect integrity (CVE-2014-4266)
Description:	Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect integrity via unknown vectors related to Serviceability.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2014-4266	Version:	6
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	Java Runtime Environment Java Development Kit
Definition Synopsis:
Determine if the version of Java Development Kit is less than 1.7.0:update_61 Determine if the version of Java Development Kit is less than 1.7.0:update_61 AND Java SE Development Kit 7 is installed OR Determine if the version of Java Runtime Environment is less than 1.7.0:update_61 Determine if the version of Java Runtime Environment is less than 1.7.0:update_61 AND Java SE Runtime Environment 7 is installed OR Determine if the version of Java Development Kit is less than 1.8.0:update_6 Determine if the version of Java Development Kit is less than 1.8.0:update_6 AND Java SE Development Kit 8 is installed OR Determine if the version of Java Runtime Environment is less than 1.8.0:update_6 Determine if the version of Java Runtime Environment is less than 1.8.0:update_6 AND Java SE Runtime Environment 8 is installed

Definition Id: oval:org.mitre.oval:def:25203

Oval ID:	oval:org.mitre.oval:def:25203
Title:	Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect integrity (CVE-2014-4265)
Description:	Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect integrity via unknown vectors related to Deployment.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2014-4265	Version:	6
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	Java Runtime Environment Java Development Kit
Definition Synopsis:
Determine if the version of Java Development Kit is less than 1.6.0:update_76 Determine if the version of Java Development Kit is less than 1.6.0:update_76 AND Java SE Development Kit 6 is installed OR Determine if the version of Java Runtime Environment is less than 1.6.0:update_76 Determine if the version of Java Runtime Environment is less than 1.6.0:update_76 AND Java SE Runtime Environment 6 is installed OR Determine if the version of Java Development Kit is less than 1.7.0:update_61 Determine if the version of Java Development Kit is less than 1.7.0:update_61 AND Java SE Development Kit 7 is installed OR Determine if the version of Java Runtime Environment is less than 1.7.0:update_61 Determine if the version of Java Runtime Environment is less than 1.7.0:update_61 AND Java SE Runtime Environment 7 is installed OR Determine if the version of Java Development Kit is less than 1.8.0:update_6 Determine if the version of Java Development Kit is less than 1.8.0:update_6 AND Java SE Development Kit 8 is installed OR Determine if the version of Java Runtime Environment is less than 1.8.0:update_6 Determine if the version of Java Runtime Environment is less than 1.8.0:update_6 AND Java SE Runtime Environment 8 is installed

Definition Id: oval:org.mitre.oval:def:25216

Oval ID:	oval:org.mitre.oval:def:25216
Title:	Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect availability (CVE-2014-4264)
Description:	Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect availability via unknown vectors related to Security.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2014-4264	Version:	6
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	Java Runtime Environment Java Development Kit
Definition Synopsis:
Determine if the version of Java Development Kit is less than 1.7.0:update_61 Determine if the version of Java Development Kit is less than 1.7.0:update_61 AND Java SE Development Kit 7 is installed OR Determine if the version of Java Runtime Environment is less than 1.7.0:update_61 Determine if the version of Java Runtime Environment is less than 1.7.0:update_61 AND Java SE Runtime Environment 7 is installed OR Determine if the version of Java Development Kit is less than 1.8.0:update_6 Determine if the version of Java Development Kit is less than 1.8.0:update_6 AND Java SE Development Kit 8 is installed OR Determine if the version of Java Runtime Environment is less than 1.8.0:update_6 Determine if the version of Java Runtime Environment is less than 1.8.0:update_6 AND Java SE Runtime Environment 8 is installed

Definition Id: oval:org.mitre.oval:def:25220

Oval ID:	oval:org.mitre.oval:def:25220
Title:	RHSA-2014:0685: java-1.6.0-openjdk security update (Important)
Description:	The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2014-0429) Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-0457, CVE-2014-0461) Multiple improper permission check issues were discovered in the AWT, JAX-WS, JAXB, Libraries, and Sound components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-0446, CVE-2014-2427) Multiple flaws were identified in the Java Naming and Directory Interface (JNDI) DNS client. These flaws could make it easier for a remote attacker to perform DNS spoofing attacks. (CVE-2014-0460) It was discovered that the JAXP component did not properly prevent access to arbitrary files when a SecurityManager was present. This flaw could cause a Java application using JAXP to leak sensitive information, or affect application availability. (CVE-2014-2403) It was discovered that the Security component in OpenJDK could leak some timing information when performing PKCS#1 unpadding. This could possibly lead to the disclosure of some information that was meant to be protected by encryption. (CVE-2014-0453) It was discovered that the fix for CVE-2013-5797 did not properly resolve input sanitization flaws in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting (XSS) attacks. (CVE-2014-2398) An insecure temporary file use flaw was found in the way the unpack200 utility created log files. A local attacker could possibly use this flaw to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running unpack200. (CVE-2014-1876) All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
Family:	unix	Class:	patch
Reference(s):	RHSA-2014:0685-00 CVE-2014-0429 CVE-2014-0446 CVE-2014-0451 CVE-2014-0452 CVE-2014-0453 CVE-2014-0456 CVE-2014-0457 CVE-2014-0458 CVE-2014-0460 CVE-2014-0461 CVE-2014-1876 CVE-2014-2397 CVE-2014-2398 CVE-2014-2403 CVE-2014-2412 CVE-2014-2414 CVE-2014-2421 CVE-2014-2423 CVE-2014-2427	Version:	4
Platform(s):	Red Hat Enterprise Linux 7 CentOS Linux 7	Product(s):	java-1.6.0-openjdk
Definition Synopsis:
RHEL 7 The operating system installed on the system is Red Hat Enterprise Linux 7 AND Packages section java-1.6.0-openjdk-src is earlier than 1:1.6.0.0-6.1.13.3.el7_0 AND java-1.6.0-openjdk-devel is earlier than 1:1.6.0.0-6.1.13.3.el7_0 AND java-1.6.0-openjdk is earlier than 1:1.6.0.0-6.1.13.3.el7_0 AND java-1.6.0-openjdk-javadoc is earlier than 1:1.6.0.0-6.1.13.3.el7_0 AND java-1.6.0-openjdk-demo is earlier than 1:1.6.0.0-6.1.13.3.el7_0 OR CentOS 7 The operating system installed on the system is CentOS Linux 7.x AND java-1.6.0-openjdk is earlier than 1:1.6.0.0-6.1.13.3.el7_0

Definition Id: oval:org.mitre.oval:def:25224

Oval ID:	oval:org.mitre.oval:def:25224
Title:	Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and JRockit R28.3.2, allows remote attackers to affect confidentiality and integrity (CVE-2014-4244)
Description:	Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and JRockit R28.3.2, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2014-4244	Version:	8
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	Java Runtime Environment Java Development Kit
Definition Synopsis:
Determine if the version of Java Development Kit is less than 1.5.0:update_66 Determine if the version of Java Development Kit is less than 1.5.0:update_66 AND Java SE Development Kit 5 is installed OR Determine if the version of Java Runtime Environment is less than 1.5.0:update_66 Determine if the version of Java Runtime Environment is less than 1.5.0:update_66 AND Java SE Runtime Environment 5 is installed OR Determine if the version of Java Development Kit is less than 1.6.0:update_76 Determine if the version of Java Development Kit is less than 1.6.0:update_76 AND Java SE Development Kit 6 is installed OR Determine if the version of Java Runtime Environment is less than 1.6.0:update_76 Determine if the version of Java Runtime Environment is less than 1.6.0:update_76 AND Java SE Runtime Environment 6 is installed OR Determine if the version of Java Development Kit is less than 1.7.0:update_61 Determine if the version of Java Development Kit is less than 1.7.0:update_61 AND Java SE Development Kit 7 is installed OR Determine if the version of Java Runtime Environment is less than 1.7.0:update_61 Determine if the version of Java Runtime Environment is less than 1.7.0:update_61 AND Java SE Runtime Environment 7 is installed OR Determine if the version of Java Development Kit is less than 1.8.0:update_6 Determine if the version of Java Development Kit is less than 1.8.0:update_6 AND Java SE Development Kit 8 is installed OR Determine if the version of Java Runtime Environment is less than 1.8.0:update_6 Determine if the version of Java Runtime Environment is less than 1.8.0:update_6 AND Java SE Runtime Environment 8 is installed

Definition Id: oval:org.mitre.oval:def:25249

Oval ID:	oval:org.mitre.oval:def:25249
Title:	RHSA-2014:0890: java-1.7.0-openjdk security update (Important)
Description:	The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. (CVE-2014-4216, CVE-2014-4219) A format string flaw was discovered in the Hotspot component event logger in OpenJDK. An untrusted Java application or applet could use this flaw to crash the Java Virtual Machine or, potentially, execute arbitrary code with the privileges of the Java Virtual Machine. (CVE-2014-2490) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-4223, CVE-2014-4262, CVE-2014-2483) Multiple flaws were discovered in the JMX, Libraries, Security, and Serviceability components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-4209, CVE-2014-4218, CVE-2014-4221, CVE-2014-4252, CVE-2014-4266) It was discovered that the RSA algorithm in the Security component in OpenJDK did not sufficiently perform blinding while performing operations that were using private keys. An attacker able to measure timing differences of those operations could possibly leak information about the used keys. (CVE-2014-4244) The Diffie-Hellman (DH) key exchange algorithm implementation in the Security component in OpenJDK failed to validate public DH parameters properly. This could cause OpenJDK to accept and use weak parameters, allowing an attacker to recover the negotiated key. (CVE-2014-4263) The CVE-2014-4262 issue was discovered by Florian Weimer of Red Hat Product Security. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
Family:	unix	Class:	patch
Reference(s):	RHSA-2014:0890-00 CESA-2014:0890 CVE-2014-2483 CVE-2014-2490 CVE-2014-4209 CVE-2014-4216 CVE-2014-4218 CVE-2014-4219 CVE-2014-4221 CVE-2014-4223 CVE-2014-4244 CVE-2014-4252 CVE-2014-4262 CVE-2014-4263 CVE-2014-4266	Version:	3
Platform(s):	Red Hat Enterprise Linux 5 CentOS Linux 5	Product(s):	java-1.7.0-openjdk
Definition Synopsis:
Redhat 5 or Centos 5 release The operating system installed on the system is Red Hat Enterprise Linux 5 AND The operating system installed on the system is CentOS Linux 5.x Packages section java-1.7.0-openjdk is earlier than 1:1.7.0.65-2.5.1.2.el5_10 AND java-1.7.0-openjdk-demo is earlier than 1:1.7.0.65-2.5.1.2.el5_10 AND java-1.7.0-openjdk-devel is earlier than 1:1.7.0.65-2.5.1.2.el5_10 AND java-1.7.0-openjdk-javadoc is earlier than 1:1.7.0.65-2.5.1.2.el5_10 AND java-1.7.0-openjdk-src is earlier than 1:1.7.0.65-2.5.1.2.el5_10

Definition Id: oval:org.mitre.oval:def:25250

Oval ID:	oval:org.mitre.oval:def:25250
Title:	Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability (CVE-2014-4227)
Description:	Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2014-4227	Version:	6
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	Java Runtime Environment Java Development Kit
Definition Synopsis:
Determine if the version of Java Development Kit is less than 1.6.0:update_76 Determine if the version of Java Development Kit is less than 1.6.0:update_76 AND Java SE Development Kit 6 is installed OR Determine if the version of Java Runtime Environment is less than 1.6.0:update_76 Determine if the version of Java Runtime Environment is less than 1.6.0:update_76 AND Java SE Runtime Environment 6 is installed OR Determine if the version of Java Development Kit is less than 1.7.0:update_61 Determine if the version of Java Development Kit is less than 1.7.0:update_61 AND Java SE Development Kit 7 is installed OR Determine if the version of Java Runtime Environment is less than 1.7.0:update_61 Determine if the version of Java Runtime Environment is less than 1.7.0:update_61 AND Java SE Runtime Environment 7 is installed OR Determine if the version of Java Development Kit is less than 1.8.0:update_6 Determine if the version of Java Development Kit is less than 1.8.0:update_6 AND Java SE Development Kit 8 is installed OR Determine if the version of Java Runtime Environment is less than 1.8.0:update_6 Determine if the version of Java Runtime Environment is less than 1.8.0:update_6 AND Java SE Runtime Environment 8 is installed

Definition Id: oval:org.mitre.oval:def:25273

Oval ID:	oval:org.mitre.oval:def:25273
Title:	Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality (CVE-2014-4252)
Description:	Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Security.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2014-4252	Version:	8
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	Java Runtime Environment Java Development Kit
Definition Synopsis:
Determine if the version of Java Development Kit is less than 1.5.0:update_66 Determine if the version of Java Development Kit is less than 1.5.0:update_66 AND Java SE Development Kit 5 is installed OR Determine if the version of Java Runtime Environment is less than 1.5.0:update_66 Determine if the version of Java Runtime Environment is less than 1.5.0:update_66 AND Java SE Runtime Environment 5 is installed OR Determine if the version of Java Development Kit is less than 1.6.0:update_76 Determine if the version of Java Development Kit is less than 1.6.0:update_76 AND Java SE Development Kit 6 is installed OR Determine if the version of Java Runtime Environment is less than 1.6.0:update_76 Determine if the version of Java Runtime Environment is less than 1.6.0:update_76 AND Java SE Runtime Environment 6 is installed OR Determine if the version of Java Development Kit is less than 1.7.0:update_61 Determine if the version of Java Development Kit is less than 1.7.0:update_61 AND Java SE Development Kit 7 is installed OR Determine if the version of Java Runtime Environment is less than 1.7.0:update_61 Determine if the version of Java Runtime Environment is less than 1.7.0:update_61 AND Java SE Runtime Environment 7 is installed OR Determine if the version of Java Development Kit is less than 1.8.0:update_6 Determine if the version of Java Development Kit is less than 1.8.0:update_6 AND Java SE Development Kit 8 is installed OR Determine if the version of Java Runtime Environment is less than 1.8.0:update_6 Determine if the version of Java Runtime Environment is less than 1.8.0:update_6 AND Java SE Runtime Environment 8 is installed

Definition Id: oval:org.mitre.oval:def:25281

Oval ID:	oval:org.mitre.oval:def:25281
Title:	Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect confidentiality (CVE-2014-4221)
Description:	Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Libraries.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2014-4221	Version:	6
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	Java Runtime Environment Java Development Kit
Definition Synopsis:
Determine if the version of Java Development Kit is less than 1.7.0:update_61 Determine if the version of Java Development Kit is less than 1.7.0:update_61 AND Java SE Development Kit 7 is installed OR Determine if the version of Java Runtime Environment is less than 1.7.0:update_61 Determine if the version of Java Runtime Environment is less than 1.7.0:update_61 AND Java SE Runtime Environment 7 is installed OR Determine if the version of Java Development Kit is less than 1.8.0:update_6 Determine if the version of Java Development Kit is less than 1.8.0:update_6 AND Java SE Development Kit 8 is installed OR Determine if the version of Java Runtime Environment is less than 1.8.0:update_6 Determine if the version of Java Runtime Environment is less than 1.8.0:update_6 AND Java SE Runtime Environment 8 is installed

Definition Id: oval:org.mitre.oval:def:25312

Oval ID:	oval:org.mitre.oval:def:25312
Title:	RHSA-2014:0902: java-1.7.0-oracle security update (Critical)
Description:	Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2014-4219, CVE-2014-2490, CVE-2014-4216, CVE-2014-4223, CVE-2014-4262, CVE-2014-2483, CVE-2014-4209, CVE-2014-4218, CVE-2014-4252, CVE-2014-4266, CVE-2014-4221, CVE-2014-4244, CVE-2014-4263, CVE-2014-4227, CVE-2014-4265, CVE-2014-4220, CVE-2014-4208, CVE-2014-4264) The CVE-2014-4262 issue was discovered by Florian Weimer of Red Hat Product Security. Note: The way in which the Oracle Java SE packages are delivered has changed. They now reside in a separate channel/repository that requires action from the user to perform prior to getting updated packages. For information on subscribing to the new channel/repository please refer to: https://access.redhat.com/solutions/732883 All users of java-1.7.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 7 Update 65 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect.
Family:	unix	Class:	patch
Reference(s):	RHSA-2014:0902-00 CVE-2014-2483 CVE-2014-2490 CVE-2014-4208 CVE-2014-4209 CVE-2014-4216 CVE-2014-4218 CVE-2014-4219 CVE-2014-4220 CVE-2014-4221 CVE-2014-4223 CVE-2014-4227 CVE-2014-4244 CVE-2014-4252 CVE-2014-4262 CVE-2014-4263 CVE-2014-4264 CVE-2014-4265 CVE-2014-4266	Version:	3
Platform(s):	Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 5	Product(s):	java-1.7.0-oracle
Definition Synopsis:
Operation system section The operating system installed on the system is Red Hat Enterprise Linux 5 Packages section java-1.7.0-oracle is earlier than 1:1.7.0.65-1jpp.2.el5_10 AND java-1.7.0-oracle-devel is earlier than 1:1.7.0.65-1jpp.2.el5_10 AND java-1.7.0-oracle-javafx is earlier than 1:1.7.0.65-1jpp.2.el5_10 AND java-1.7.0-oracle-jdbc is earlier than 1:1.7.0.65-1jpp.2.el5_10 AND java-1.7.0-oracle-plugin is earlier than 1:1.7.0.65-1jpp.2.el5_10 AND java-1.7.0-oracle-src is earlier than 1:1.7.0.65-1jpp.2.el5_10 AND Operation system section The operating system installed on the system is Red Hat Enterprise Linux 6 Packages section java-1.7.0-oracle is earlier than 1:1.7.0.65-1jpp.1.el6_5 AND java-1.7.0-oracle-devel is earlier than 1:1.7.0.65-1jpp.1.el6_5 AND java-1.7.0-oracle-javafx is earlier than 1:1.7.0.65-1jpp.1.el6_5 AND java-1.7.0-oracle-jdbc is earlier than 1:1.7.0.65-1jpp.1.el6_5 AND java-1.7.0-oracle-plugin is earlier than 1:1.7.0.65-1jpp.1.el6_5 AND java-1.7.0-oracle-src is earlier than 1:1.7.0.65-1jpp.1.el6_5

Definition Id: oval:org.mitre.oval:def:25315

Oval ID:	oval:org.mitre.oval:def:25315
Title:	SUSE-SU-2014:0639-1 -- Security update for OpenJDK
Description:	This java-1_7_0-openjdk update to version 2.4.7 fixes the following security and non-security issues: * Security fixes o S8023046: Enhance splashscreen support o S8025005: Enhance CORBA initializations o S8025010, CVE-2014-2412: Enhance AWT contexts o S8025030, CVE-2014-2414: Enhance stream handling o S8025152, CVE-2014-0458: Enhance activation set up o S8026067: Enhance signed jar verification o S8026163, CVE-2014-2427: Enhance media provisioning o S8026188, CVE-2014-2423: Enhance envelope factory o S8026200: Enhance RowSet Factory o S8026716, CVE-2014-2402: (aio) Enhance asynchronous channel handling o S8026736, CVE-2014-2398: Enhance Javadoc pages o S8026797, CVE-2014-0451: Enhance data transfers o S8026801, CVE-2014-0452: Enhance endpoint addressing o S8027766, CVE-2014-0453: Enhance RSA processing o S8027775: Enhance ICU code. o S8027841, CVE-2014-0429: Enhance pixel manipulations o S8028385: Enhance RowSet Factory o S8029282, CVE-2014-2403: Enhance CharInfo set up o S8029286: Enhance subject delegation o S8029699: Update Poller demo o S8029730: Improve audio device additions o S8029735: Enhance service mgmt natives o S8029740, CVE-2014-0446: Enhance handling of loggers o S8029745, CVE-2014-0454: Enhance algorithm checking o S8029750: Enhance LCMS color processing (in-tree LCMS) o S8029760, CVE-2013-6629: Enhance AWT image libraries (in-tree libjpeg) o S8029844, CVE-2014-0455: Enhance argument validation o S8029854, CVE-2014-2421: Enhance JPEG decodings o S8029858, CVE-2014-0456: Enhance array copies o S8030731, CVE-2014-0460: Improve name service robustness o S8031330: Refactor ObjectFactory o S8031335, CVE-2014-0459: Better color profiling (in-tree LCMS) o S8031352, CVE-2013-6954: Enhance PNG handling (in-tree libpng) o S8031394, CVE-2014-0457: (sl) Fix exception handling in ServiceLoader o S8031395: Enhance LDAP processing o S8032686, CVE-2014-2413: Issues with method invoke o S8033618, CVE-2014-1876: Correct logging output o S8034926, CVE-2014-2397: Attribute classes properly o S8036794, CVE-2014-0461: Manage JavaScript instances * Backports o S8004145: New improved hgforest.sh, ctrl-c now properly terminates mercurial processes. o S8007625: race with nested repos in /common/bin/hgforest.sh o S8011178: improve common/bin/hgforest.sh python detection (MacOS) o S8011342: hgforest.sh : 'python --version' not supported on older python o S8011350: hgforest.sh uses non-POSIX sh features that may fail with some shells o S8024200: handle hg wrapper with space after #! o S8025796: hgforest.sh could trigger unbuffered output from hg without complicated machinations o S8028388: 9 jaxws tests failed in nightly build with java.lang.ClassCastException o S8031477: [macosx] Loading AWT native library fails o S8032370: No "Truncated file" warning from IIOReadWarningListener on JPEGImageReader o S8035834: InetAddress.getLocalHost() can hang after JDK-8030731 was fixed * Bug fixes o PR1393: JPEG support in build is broken on non-system-libjpeg builds o PR1726: configure fails looking for ecj.jar before even trying to find javac o Red Hat local: Fix for repo with path statting with / . o Remove unused hgforest script
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2014:0639-1 CVE-2014-2412 CVE-2014-2414 CVE-2014-0458 CVE-2014-2427 CVE-2014-2423 CVE-2014-2402 CVE-2014-2398 CVE-2014-0451 CVE-2014-0452 CVE-2014-0453 CVE-2014-0429 CVE-2014-2403 CVE-2014-0446 CVE-2014-0454 CVE-2013-6629 CVE-2014-0455 CVE-2014-2421 CVE-2014-0456 CVE-2014-0460 CVE-2014-0459 CVE-2013-6954 CVE-2014-0457 CVE-2014-2413 CVE-2014-1876 CVE-2014-2397 CVE-2014-0461	Version:	3
Platform(s):	SUSE Linux Enterprise Desktop 11	Product(s):	OpenJDK
Definition Synopsis:
SUSE Linux Enterprise Desktop 11.x is installed Packages match section java-1_7_0-openjdk RPM is earlier than 0:1.7.0.6-0.27.1 AND java-1_7_0-openjdk-demo RPM is earlier than 0:1.7.0.6-0.27.1 AND java-1_7_0-openjdk-devel RPM is earlier than 0:1.7.0.6-0.27.1

Definition Id: oval:org.mitre.oval:def:25358

Oval ID:	oval:org.mitre.oval:def:25358
Title:	RHSA-2014:0907: java-1.6.0-openjdk security and bug fix update (Important)
Description:	The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. (CVE-2014-4216, CVE-2014-4219) A format string flaw was discovered in the Hotspot component event logger in OpenJDK. An untrusted Java application or applet could use this flaw to crash the Java Virtual Machine or, potentially, execute arbitrary code with the privileges of the Java Virtual Machine. (CVE-2014-2490) An improper permission check issue was discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2014-4262) Multiple flaws were discovered in the JMX, Libraries, Security, and Serviceability components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-4209, CVE-2014-4218, CVE-2014-4252, CVE-2014-4266) It was discovered that the RSA algorithm in the Security component in OpenJDK did not sufficiently perform blinding while performing operations that were using private keys. An attacker able to measure timing differences of those operations could possibly leak information about the used keys. (CVE-2014-4244) The Diffie-Hellman (DH) key exchange algorithm implementation in the Security component in OpenJDK failed to validate public DH parameters properly. This could cause OpenJDK to accept and use weak parameters, allowing an attacker to recover the negotiated key. (CVE-2014-4263) The CVE-2014-4262 issue was discovered by Florian Weimer of Red Hat Product Security. This update also fixes the following bug: * Prior to this update, an application accessing an unsynchronized HashMap could potentially enter an infinite loop and consume an excessive amount of CPU resources. This update resolves this issue. (BZ#1115580) All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
Family:	unix	Class:	patch
Reference(s):	RHSA-2014:0907-00 CESA-2014:0907 CVE-2014-2490 CVE-2014-4209 CVE-2014-4216 CVE-2014-4218 CVE-2014-4219 CVE-2014-4244 CVE-2014-4252 CVE-2014-4262 CVE-2014-4263 CVE-2014-4266	Version:	3
Platform(s):	Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 CentOS Linux 5 CentOS Linux 6 CentOS Linux 7	Product(s):	java-1.6.0-openjdk
Definition Synopsis:
Operation system section Redhat 5 or Centos 5 release The operating system installed on the system is Red Hat Enterprise Linux 5 AND The operating system installed on the system is CentOS Linux 5.x Packages section java-1.6.0-openjdk is earlier than 1:1.6.0.0-6.1.13.4.el5_10 AND java-1.6.0-openjdk-demo is earlier than 1:1.6.0.0-6.1.13.4.el5_10 AND java-1.6.0-openjdk-devel is earlier than 1:1.6.0.0-6.1.13.4.el5_10 AND java-1.6.0-openjdk-javadoc is earlier than 1:1.6.0.0-6.1.13.4.el5_10 AND java-1.6.0-openjdk-src is earlier than 1:1.6.0.0-6.1.13.4.el5_10 AND Operation system section Redhat 6 or Centos 6 release The operating system installed on the system is Red Hat Enterprise Linux 6 AND The operating system installed on the system is CentOS Linux 6.x Packages section java-1.6.0-openjdk is earlier than 1:1.6.0.0-6.1.13.4.el6_5 AND java-1.6.0-openjdk-demo is earlier than 1:1.6.0.0-6.1.13.4.el6_5 AND java-1.6.0-openjdk-devel is earlier than 1:1.6.0.0-6.1.13.4.el6_5 AND java-1.6.0-openjdk-javadoc is earlier than 1:1.6.0.0-6.1.13.4.el6_5 AND java-1.6.0-openjdk-src is earlier than 1:1.6.0.0-6.1.13.4.el6_5 AND Operation system section Redhat 7 or Centos 7 release The operating system installed on the system is Red Hat Enterprise Linux 7 AND The operating system installed on the system is CentOS Linux 7.x Packages section java-1.6.0-openjdk is earlier than 1:1.6.0.0-6.1.13.4.el7_0 AND java-1.6.0-openjdk-demo is earlier than 1:1.6.0.0-6.1.13.4.el7_0 AND java-1.6.0-openjdk-devel is earlier than 1:1.6.0.0-6.1.13.4.el7_0 AND java-1.6.0-openjdk-javadoc is earlier than 1:1.6.0.0-6.1.13.4.el7_0 AND java-1.6.0-openjdk-src is earlier than 1:1.6.0.0-6.1.13.4.el7_0

Definition Id: oval:org.mitre.oval:def:25428

Oval ID:	oval:org.mitre.oval:def:25428
Title:	RHSA-2014:0908: java-1.6.0-sun security update (Important)
Description:	Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch page, listed in the References section. (CVE-2014-4219, CVE-2014-4216, CVE-2014-4262, CVE-2014-4209, CVE-2014-4218, CVE-2014-4252, CVE-2014-4244, CVE-2014-4263, CVE-2014-4227, CVE-2014-4265) The CVE-2014-4262 issue was discovered by Florian Weimer of Red Hat Product Security. Note: The way in which the Oracle Java SE packages are delivered has changed. They now reside in a separate channel/repository that requires action from the user to perform prior to getting updated packages. For information on subscribing to the new channel/repository please refer to: https://access.redhat.com/solutions/732883 All users of java-1.6.0-sun are advised to upgrade to these updated packages, which provide Oracle Java 6 Update 81 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect.
Family:	unix	Class:	patch
Reference(s):	RHSA-2014:0908-00 CVE-2014-4209 CVE-2014-4216 CVE-2014-4218 CVE-2014-4219 CVE-2014-4227 CVE-2014-4244 CVE-2014-4252 CVE-2014-4262 CVE-2014-4263 CVE-2014-4265	Version:	3
Platform(s):	Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6	Product(s):	java-1.6.0-sun
Definition Synopsis:
Operation system section The operating system installed on the system is Red Hat Enterprise Linux 5 Packages section java-1.6.0-sun is earlier than 1:1.6.0.81-1jpp.1.el5_10 AND java-1.6.0-sun-demo is earlier than 1:1.6.0.81-1jpp.1.el5_10 AND java-1.6.0-sun-devel is earlier than 1:1.6.0.81-1jpp.1.el5_10 AND java-1.6.0-sun-jdbc is earlier than 1:1.6.0.81-1jpp.1.el5_10 AND java-1.6.0-sun-plugin is earlier than 1:1.6.0.81-1jpp.1.el5_10 AND java-1.6.0-sun-src is earlier than 1:1.6.0.81-1jpp.1.el5_10 AND Operation system section The operating system installed on the system is Red Hat Enterprise Linux 6 Packages section java-1.6.0-sun is earlier than 1:1.6.0.81-1jpp.1.el6_5 AND java-1.6.0-sun-demo is earlier than 1:1.6.0.81-1jpp.1.el6_5 AND java-1.6.0-sun-devel is earlier than 1:1.6.0.81-1jpp.1.el6_5 AND java-1.6.0-sun-jdbc is earlier than 1:1.6.0.81-1jpp.1.el6_5 AND java-1.6.0-sun-plugin is earlier than 1:1.6.0.81-1jpp.1.el6_5 AND java-1.6.0-sun-src is earlier than 1:1.6.0.81-1jpp.1.el6_5

Definition Id: oval:org.mitre.oval:def:25605

Oval ID:	oval:org.mitre.oval:def:25605
Title:	HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description:	Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and JRockit R27.8.1 and R28.3.1 allows remote authenticated users to affect integrity via unknown vectors related to Javadoc.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-2398	Version:	8
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
platforms HP-UX B.11.11 AND HP-UX B.11.23 AND HP-UX B.11.31 AND filesets test Jdk60.JDK60 version is less than 1.6.0.23.00 AND Jdk60.JDK60-COM version is less than 1.6.0.23.00 AND Jdk60.JDK60-IPF32 version is less than 1.6.0.23.00 AND Jdk60.JDK60-IPF64 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PNV2 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PWV2 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PA20 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PA20W version is less than 1.6.0.23.00 AND Jre60.JRE60-PNV2 version is less than 1.6.0.23.00 AND Jre60.JRE60-PNV2-H version is less than 1.6.0.23.00 AND Jre60.JRE60-PWV2 version is less than 1.6.0.23.00 AND Jre60.JRE60-PWV2-H version is less than 1.6.0.23.00 AND Jre60.JRE60-COM version is less than 1.6.0.23.00 AND Jre60.JRE60-COM-DOC version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20 version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20W version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20W-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF32 version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF32-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF64 version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF64-HS version is less than 1.6.0.23.00 AND Jdk70.JDK70-COM version is less than 1.7.0.10.00 AND Jdk70.JDK70-DEMO version is less than 1.7.0.10.00 AND Jdk70.JDK70-IPF32 version is less than 1.7.0.10.00 AND Jdk70.JDK70-IPF64 version is less than 1.7.0.10.00 AND Jre70.JRE70-COM version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF32 version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF32-HS version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF64 version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF64-HS version is less than 1.7.0.10.00

Definition Id: oval:org.mitre.oval:def:25648

Oval ID:	oval:org.mitre.oval:def:25648
Title:	DSA-2987-1 -- openjdk-7 - security update
Description:	Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service.
Family:	unix	Class:	patch
Reference(s):	DSA-2987-1 CVE-2014-2483 CVE-2014-2490 CVE-2014-4209 CVE-2014-4216 CVE-2014-4218 CVE-2014-4219 CVE-2014-4221 CVE-2014-4223 CVE-2014-4244 CVE-2014-4252 CVE-2014-4262 CVE-2014-4263 CVE-2014-4264 CVE-2014-4266 CVE-2014-4268	Version:	5
Platform(s):	Debian GNU/Linux 7 Debian GNU/kFreeBSD 7	Product(s):	openjdk-7
Definition Synopsis:
Debian 7 Debian 7 is installed AND GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND openjdk-7 DPKG is earlier than 0:7u65-2.5.1-2~deb7u1

Definition Id: oval:org.mitre.oval:def:25679

Oval ID:	oval:org.mitre.oval:def:25679
Title:	HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description:	Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality and integrity via vectors related to JMX.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-4209	Version:	8
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
platforms HP-UX B.11.11 AND HP-UX B.11.23 AND HP-UX B.11.31 AND filesets test Jdk60.JDK60 version is less than 1.6.0.23.00 AND Jdk60.JDK60-COM version is less than 1.6.0.23.00 AND Jdk60.JDK60-IPF32 version is less than 1.6.0.23.00 AND Jdk60.JDK60-IPF64 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PNV2 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PWV2 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PA20 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PA20W version is less than 1.6.0.23.00 AND Jre60.JRE60-PNV2 version is less than 1.6.0.23.00 AND Jre60.JRE60-PNV2-H version is less than 1.6.0.23.00 AND Jre60.JRE60-PWV2 version is less than 1.6.0.23.00 AND Jre60.JRE60-PWV2-H version is less than 1.6.0.23.00 AND Jre60.JRE60-COM version is less than 1.6.0.23.00 AND Jre60.JRE60-COM-DOC version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20 version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20W version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20W-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF32 version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF32-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF64 version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF64-HS version is less than 1.6.0.23.00 AND Jdk70.JDK70-COM version is less than 1.7.0.10.00 AND Jdk70.JDK70-DEMO version is less than 1.7.0.10.00 AND Jdk70.JDK70-IPF32 version is less than 1.7.0.10.00 AND Jdk70.JDK70-IPF64 version is less than 1.7.0.10.00 AND Jre70.JRE70-COM version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF32 version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF32-HS version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF64 version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF64-HS version is less than 1.7.0.10.00

Definition Id: oval:org.mitre.oval:def:25727

Oval ID:	oval:org.mitre.oval:def:25727
Title:	HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description:	Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-2397	Version:	8
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
platforms HP-UX B.11.11 AND HP-UX B.11.23 AND HP-UX B.11.31 AND filesets test Jdk60.JDK60 version is less than 1.6.0.23.00 AND Jdk60.JDK60-COM version is less than 1.6.0.23.00 AND Jdk60.JDK60-IPF32 version is less than 1.6.0.23.00 AND Jdk60.JDK60-IPF64 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PNV2 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PWV2 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PA20 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PA20W version is less than 1.6.0.23.00 AND Jre60.JRE60-PNV2 version is less than 1.6.0.23.00 AND Jre60.JRE60-PNV2-H version is less than 1.6.0.23.00 AND Jre60.JRE60-PWV2 version is less than 1.6.0.23.00 AND Jre60.JRE60-PWV2-H version is less than 1.6.0.23.00 AND Jre60.JRE60-COM version is less than 1.6.0.23.00 AND Jre60.JRE60-COM-DOC version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20 version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20W version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20W-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF32 version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF32-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF64 version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF64-HS version is less than 1.6.0.23.00

Definition Id: oval:org.mitre.oval:def:25797

Oval ID:	oval:org.mitre.oval:def:25797
Title:	HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description:	Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-2421	Version:	8
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
platforms HP-UX B.11.11 AND HP-UX B.11.23 AND HP-UX B.11.31 AND filesets test Jdk60.JDK60 version is less than 1.6.0.23.00 AND Jdk60.JDK60-COM version is less than 1.6.0.23.00 AND Jdk60.JDK60-IPF32 version is less than 1.6.0.23.00 AND Jdk60.JDK60-IPF64 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PNV2 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PWV2 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PA20 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PA20W version is less than 1.6.0.23.00 AND Jre60.JRE60-PNV2 version is less than 1.6.0.23.00 AND Jre60.JRE60-PNV2-H version is less than 1.6.0.23.00 AND Jre60.JRE60-PWV2 version is less than 1.6.0.23.00 AND Jre60.JRE60-PWV2-H version is less than 1.6.0.23.00 AND Jre60.JRE60-COM version is less than 1.6.0.23.00 AND Jre60.JRE60-COM-DOC version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20 version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20W version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20W-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF32 version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF32-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF64 version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF64-HS version is less than 1.6.0.23.00 AND Jdk70.JDK70-COM version is less than 1.7.0.10.00 AND Jdk70.JDK70-DEMO version is less than 1.7.0.10.00 AND Jdk70.JDK70-IPF32 version is less than 1.7.0.10.00 AND Jdk70.JDK70-IPF64 version is less than 1.7.0.10.00 AND Jre70.JRE70-COM version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF32 version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF32-HS version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF64 version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF64-HS version is less than 1.7.0.10.00

Definition Id: oval:org.mitre.oval:def:25817

Oval ID:	oval:org.mitre.oval:def:25817
Title:	HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description:	Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality via vectors related to JAXP.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-2403	Version:	8
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
platforms HP-UX B.11.11 AND HP-UX B.11.23 AND HP-UX B.11.31 AND filesets test Jdk60.JDK60 version is less than 1.6.0.23.00 AND Jdk60.JDK60-COM version is less than 1.6.0.23.00 AND Jdk60.JDK60-IPF32 version is less than 1.6.0.23.00 AND Jdk60.JDK60-IPF64 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PNV2 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PWV2 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PA20 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PA20W version is less than 1.6.0.23.00 AND Jre60.JRE60-PNV2 version is less than 1.6.0.23.00 AND Jre60.JRE60-PNV2-H version is less than 1.6.0.23.00 AND Jre60.JRE60-PWV2 version is less than 1.6.0.23.00 AND Jre60.JRE60-PWV2-H version is less than 1.6.0.23.00 AND Jre60.JRE60-COM version is less than 1.6.0.23.00 AND Jre60.JRE60-COM-DOC version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20 version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20W version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20W-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF32 version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF32-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF64 version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF64-HS version is less than 1.6.0.23.00 AND Jdk70.JDK70-COM version is less than 1.7.0.10.00 AND Jdk70.JDK70-DEMO version is less than 1.7.0.10.00 AND Jdk70.JDK70-IPF32 version is less than 1.7.0.10.00 AND Jdk70.JDK70-IPF64 version is less than 1.7.0.10.00 AND Jre70.JRE70-COM version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF32 version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF32-HS version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF64 version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF64-HS version is less than 1.7.0.10.00

Definition Id: oval:org.mitre.oval:def:25891

Oval ID:	oval:org.mitre.oval:def:25891
Title:	USN-2312-1 -- openjdk-6 vulnerabilities
Description:	Several security issues were fixed in OpenJDK 6.
Family:	unix	Class:	patch
Reference(s):	USN-2312-1 CVE-2014-2490 CVE-2014-4216 CVE-2014-4219 CVE-2014-4262 CVE-2014-4209 CVE-2014-4244 CVE-2014-4263 CVE-2014-4218 CVE-2014-4266 CVE-2014-4252 CVE-2014-4268	Version:	3
Platform(s):	Ubuntu 12.04 Ubuntu 10.04	Product(s):	openjdk-6
Definition Synopsis:
Ubuntu 12.04 release section Ubuntu 12.04 is installed Packages match section icedtea-6-jre-cacao DPKG is earlier than 0:6b32-1.13.4-4ubuntu0.12.04.2 AND icedtea-6-jre-jamvm DPKG is earlier than 0:6b32-1.13.4-4ubuntu0.12.04.2 AND openjdk-6-jre DPKG is earlier than 0:6b32-1.13.4-4ubuntu0.12.04.2 AND openjdk-6-jre-headless DPKG is earlier than 0:6b32-1.13.4-4ubuntu0.12.04.2 AND openjdk-6-jre-lib DPKG is earlier than 0:6b32-1.13.4-4ubuntu0.12.04.2 AND openjdk-6-jre-zero DPKG is earlier than 0:6b32-1.13.4-4ubuntu0.12.04.2 AND Ubuntu 10.04 release section Ubuntu 10.04 is installed Packages match section icedtea-6-jre-cacao DPKG is earlier than 0:6b32-1.13.4-4ubuntu0.10.04.2 AND openjdk-6-jre DPKG is earlier than 0:6b32-1.13.4-4ubuntu0.10.04.2 AND openjdk-6-jre-headless DPKG is earlier than 0:6b32-1.13.4-4ubuntu0.10.04.2 AND openjdk-6-jre-lib DPKG is earlier than 0:6b32-1.13.4-4ubuntu0.10.04.2 AND openjdk-6-jre-zero DPKG is earlier than 0:6b32-1.13.4-4ubuntu0.10.04.2

Definition Id: oval:org.mitre.oval:def:25939

Oval ID:	oval:org.mitre.oval:def:25939
Title:	HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description:	Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-0432 and CVE-2014-0455.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-2402	Version:	8
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
platforms HP-UX B.11.11 AND HP-UX B.11.23 AND HP-UX B.11.31 AND filesets test Jdk60.JDK60 version is less than 1.6.0.23.00 AND Jdk60.JDK60-COM version is less than 1.6.0.23.00 AND Jdk60.JDK60-IPF32 version is less than 1.6.0.23.00 AND Jdk60.JDK60-IPF64 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PNV2 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PWV2 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PA20 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PA20W version is less than 1.6.0.23.00 AND Jre60.JRE60-PNV2 version is less than 1.6.0.23.00 AND Jre60.JRE60-PNV2-H version is less than 1.6.0.23.00 AND Jre60.JRE60-PWV2 version is less than 1.6.0.23.00 AND Jre60.JRE60-PWV2-H version is less than 1.6.0.23.00 AND Jre60.JRE60-COM version is less than 1.6.0.23.00 AND Jre60.JRE60-COM-DOC version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20 version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20W version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20W-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF32 version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF32-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF64 version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF64-HS version is less than 1.6.0.23.00

Definition Id: oval:org.mitre.oval:def:25998

Oval ID:	oval:org.mitre.oval:def:25998
Title:	HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description:	Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-4219	Version:	8
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
platforms HP-UX B.11.11 AND HP-UX B.11.23 AND HP-UX B.11.31 AND filesets test Jdk70.JDK70-COM version is less than 1.7.0.10.00 AND Jdk70.JDK70-DEMO version is less than 1.7.0.10.00 AND Jdk70.JDK70-IPF32 version is less than 1.7.0.10.00 AND Jdk70.JDK70-IPF64 version is less than 1.7.0.10.00 AND Jre70.JRE70-COM version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF32 version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF32-HS version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF64 version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF64-HS version is less than 1.7.0.10.00

Definition Id: oval:org.mitre.oval:def:26042

Oval ID:	oval:org.mitre.oval:def:26042
Title:	RHSA-2014:1041: java-1.7.0-ibm security update (Critical)
Description:	IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2014-4208, CVE-2014-4209, CVE-2014-4218, CVE-2014-4219, CVE-2014-4220, CVE-2014-4221, CVE-2014-4227, CVE-2014-4244, CVE-2014-4252, CVE-2014-4262, CVE-2014-4263, CVE-2014-4265, CVE-2014-4266) The CVE-2014-4262 issue was discovered by Florian Weimer of Red Hat Product Security. All users of java-1.7.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 7 SR7-FP1 release. All running instances of IBM Java must be restarted for the update to take effect.
Family:	unix	Class:	patch
Reference(s):	RHSA-2014:1041-00 CVE-2014-4208 CVE-2014-4209 CVE-2014-4218 CVE-2014-4219 CVE-2014-4220 CVE-2014-4221 CVE-2014-4227 CVE-2014-4244 CVE-2014-4252 CVE-2014-4262 CVE-2014-4263 CVE-2014-4265 CVE-2014-4266	Version:	3
Platform(s):	Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6	Product(s):	java-1.7.0-ibm
Definition Synopsis:
Operation system section The operating system installed on the system is Red Hat Enterprise Linux 5 Packages section java-1.7.0-ibm is earlier than 1:1.7.0.7.1-1jpp.1.el5_10 AND java-1.7.0-ibm-demo is earlier than 1:1.7.0.7.1-1jpp.1.el5_10 AND java-1.7.0-ibm-devel is earlier than 1:1.7.0.7.1-1jpp.1.el5_10 AND java-1.7.0-ibm-jdbc is earlier than 1:1.7.0.7.1-1jpp.1.el5_10 AND java-1.7.0-ibm-plugin is earlier than 1:1.7.0.7.1-1jpp.1.el5_10 AND java-1.7.0-ibm-src is earlier than 1:1.7.0.7.1-1jpp.1.el5_10 AND Operation system section The operating system installed on the system is Red Hat Enterprise Linux 6 Packages section java-1.7.0-ibm is earlier than 1:1.7.0.7.1-1jpp.1.el6_5 AND java-1.7.0-ibm-demo is earlier than 1:1.7.0.7.1-1jpp.1.el6_5 AND java-1.7.0-ibm-devel is earlier than 1:1.7.0.7.1-1jpp.1.el6_5 AND java-1.7.0-ibm-jdbc is earlier than 1:1.7.0.7.1-1jpp.1.el6_5 AND java-1.7.0-ibm-plugin is earlier than 1:1.7.0.7.1-1jpp.1.el6_5 AND java-1.7.0-ibm-src is earlier than 1:1.7.0.7.1-1jpp.1.el6_5

Definition Id: oval:org.mitre.oval:def:26067

Oval ID:	oval:org.mitre.oval:def:26067
Title:	USN-2319-3 -- openjdk-7 update
Description:	This update provides stability updates for OpenJDK 7.
Family:	unix	Class:	patch
Reference(s):	USN-2319-3 CVE-2014-2483 CVE-2014-2490 CVE-2014-4216 CVE-2014-4219 CVE-2014-4223 CVE-2014-4262 CVE-2014-4209 CVE-2014-4244 CVE-2014-4263 CVE-2014-4218 CVE-2014-4266 CVE-2014-4264 CVE-2014-4221 CVE-2014-4252 CVE-2014-4268	Version:	3
Platform(s):	Ubuntu 14.04	Product(s):	openjdk-7
Definition Synopsis:
Ubuntu 14.04 is installed Packages match section icedtea-7-jre-jamvm DPKG is earlier than 0:7u65-2.5.2-3~14.04 AND openjdk-7-jre DPKG is earlier than 0:7u65-2.5.2-3~14.04 AND openjdk-7-jre-headless DPKG is earlier than 0:7u65-2.5.2-3~14.04 AND openjdk-7-jre-lib DPKG is earlier than 0:7u65-2.5.2-3~14.04 AND openjdk-7-jre-zero DPKG is earlier than 0:7u65-2.5.2-3~14.04

Definition Id: oval:org.mitre.oval:def:26076

Oval ID:	oval:org.mitre.oval:def:26076
Title:	HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description:	Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect availability via unknown vectors related to Security.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-4264	Version:	8
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
platforms HP-UX B.11.11 AND HP-UX B.11.23 AND HP-UX B.11.31 AND filesets test Jdk60.JDK60 version is less than 1.6.0.23.00 AND Jdk60.JDK60-COM version is less than 1.6.0.23.00 AND Jdk60.JDK60-IPF32 version is less than 1.6.0.23.00 AND Jdk60.JDK60-IPF64 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PNV2 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PWV2 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PA20 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PA20W version is less than 1.6.0.23.00 AND Jre60.JRE60-PNV2 version is less than 1.6.0.23.00 AND Jre60.JRE60-PNV2-H version is less than 1.6.0.23.00 AND Jre60.JRE60-PWV2 version is less than 1.6.0.23.00 AND Jre60.JRE60-PWV2-H version is less than 1.6.0.23.00 AND Jre60.JRE60-COM version is less than 1.6.0.23.00 AND Jre60.JRE60-COM-DOC version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20 version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20W version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20W-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF32 version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF32-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF64 version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF64-HS version is less than 1.6.0.23.00

Definition Id: oval:org.mitre.oval:def:26097

Oval ID:	oval:org.mitre.oval:def:26097
Title:	HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description:	Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect availability via unknown vectors related to 2D.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-0459	Version:	8
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
platforms HP-UX B.11.11 AND HP-UX B.11.23 AND HP-UX B.11.31 AND filesets test Jdk60.JDK60 version is less than 1.6.0.23.00 AND Jdk60.JDK60-COM version is less than 1.6.0.23.00 AND Jdk60.JDK60-IPF32 version is less than 1.6.0.23.00 AND Jdk60.JDK60-IPF64 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PNV2 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PWV2 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PA20 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PA20W version is less than 1.6.0.23.00 AND Jre60.JRE60-PNV2 version is less than 1.6.0.23.00 AND Jre60.JRE60-PNV2-H version is less than 1.6.0.23.00 AND Jre60.JRE60-PWV2 version is less than 1.6.0.23.00 AND Jre60.JRE60-PWV2-H version is less than 1.6.0.23.00 AND Jre60.JRE60-COM version is less than 1.6.0.23.00 AND Jre60.JRE60-COM-DOC version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20 version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20W version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20W-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF32 version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF32-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF64 version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF64-HS version is less than 1.6.0.23.00

Definition Id: oval:org.mitre.oval:def:26101

Oval ID:	oval:org.mitre.oval:def:26101
Title:	HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description:	Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect integrity via unknown vectors related to Libraries.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-4218	Version:	8
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
platforms HP-UX B.11.11 AND HP-UX B.11.23 AND HP-UX B.11.31 AND filesets test Jdk60.JDK60 version is less than 1.6.0.23.00 AND Jdk60.JDK60-COM version is less than 1.6.0.23.00 AND Jdk60.JDK60-IPF32 version is less than 1.6.0.23.00 AND Jdk60.JDK60-IPF64 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PNV2 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PWV2 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PA20 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PA20W version is less than 1.6.0.23.00 AND Jre60.JRE60-PNV2 version is less than 1.6.0.23.00 AND Jre60.JRE60-PNV2-H version is less than 1.6.0.23.00 AND Jre60.JRE60-PWV2 version is less than 1.6.0.23.00 AND Jre60.JRE60-PWV2-H version is less than 1.6.0.23.00 AND Jre60.JRE60-COM version is less than 1.6.0.23.00 AND Jre60.JRE60-COM-DOC version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20 version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20W version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20W-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF32 version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF32-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF64 version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF64-HS version is less than 1.6.0.23.00 AND Jdk70.JDK70-COM version is less than 1.7.0.10.00 AND Jdk70.JDK70-DEMO version is less than 1.7.0.10.00 AND Jdk70.JDK70-IPF32 version is less than 1.7.0.10.00 AND Jdk70.JDK70-IPF64 version is less than 1.7.0.10.00 AND Jre70.JRE70-COM version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF32 version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF32-HS version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF64 version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF64-HS version is less than 1.7.0.10.00

Definition Id: oval:org.mitre.oval:def:26122

Oval ID:	oval:org.mitre.oval:def:26122
Title:	HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description:	Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT, a different vulnerability than CVE-2014-2412.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-0451	Version:	8
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
platforms HP-UX B.11.11 AND HP-UX B.11.23 AND HP-UX B.11.31 AND filesets test Jdk60.JDK60 version is less than 1.6.0.23.00 AND Jdk60.JDK60-COM version is less than 1.6.0.23.00 AND Jdk60.JDK60-IPF32 version is less than 1.6.0.23.00 AND Jdk60.JDK60-IPF64 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PNV2 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PWV2 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PA20 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PA20W version is less than 1.6.0.23.00 AND Jre60.JRE60-PNV2 version is less than 1.6.0.23.00 AND Jre60.JRE60-PNV2-H version is less than 1.6.0.23.00 AND Jre60.JRE60-PWV2 version is less than 1.6.0.23.00 AND Jre60.JRE60-PWV2-H version is less than 1.6.0.23.00 AND Jre60.JRE60-COM version is less than 1.6.0.23.00 AND Jre60.JRE60-COM-DOC version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20 version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20W version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20W-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF32 version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF32-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF64 version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF64-HS version is less than 1.6.0.23.00 AND Jdk70.JDK70-COM version is less than 1.7.0.10.00 AND Jdk70.JDK70-DEMO version is less than 1.7.0.10.00 AND Jdk70.JDK70-IPF32 version is less than 1.7.0.10.00 AND Jdk70.JDK70-IPF64 version is less than 1.7.0.10.00 AND Jre70.JRE70-COM version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF32 version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF32-HS version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF64 version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF64-HS version is less than 1.7.0.10.00

Definition Id: oval:org.mitre.oval:def:26129

Oval ID:	oval:org.mitre.oval:def:26129
Title:	HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description:	Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-0455 and CVE-2014-2402.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-0432	Version:	8
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
platforms HP-UX B.11.11 AND HP-UX B.11.23 AND HP-UX B.11.31 AND filesets test Jdk60.JDK60 version is less than 1.6.0.23.00 AND Jdk60.JDK60-COM version is less than 1.6.0.23.00 AND Jdk60.JDK60-IPF32 version is less than 1.6.0.23.00 AND Jdk60.JDK60-IPF64 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PNV2 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PWV2 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PA20 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PA20W version is less than 1.6.0.23.00 AND Jre60.JRE60-PNV2 version is less than 1.6.0.23.00 AND Jre60.JRE60-PNV2-H version is less than 1.6.0.23.00 AND Jre60.JRE60-PWV2 version is less than 1.6.0.23.00 AND Jre60.JRE60-PWV2-H version is less than 1.6.0.23.00 AND Jre60.JRE60-COM version is less than 1.6.0.23.00 AND Jre60.JRE60-COM-DOC version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20 version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20W version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20W-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF32 version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF32-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF64 version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF64-HS version is less than 1.6.0.23.00

Definition Id: oval:org.mitre.oval:def:26179

Oval ID:	oval:org.mitre.oval:def:26179
Title:	ELSA-2014-1634 -- java-1.6.0-openjdk security and bug fix update
Description:	[1:1.6.0.33-1.13.5.0] - Update to IcedTea 1.13.5 - Remove upstreamed patches. - Regenerate add-final-location-rpaths patch against new release. - Change versioning to match java-1.7.0-openjdk so revisions work. - Use xz for tarballs to reduce file size. - No need to explicitly disable system LCMS any more (bug fixed upstream). - Add icedteasnapshot to setup lines so they work with pre-release tarballs. - Resolves: rhbz#1148901
Family:	unix	Class:	patch
Reference(s):	ELSA-2014-1634 CVE-2014-6457 CVE-2014-6502 CVE-2014-6504 CVE-2014-6506 CVE-2014-6511 CVE-2014-6512 CVE-2014-6517 CVE-2014-6519 CVE-2014-6531 CVE-2014-6558	Version:	6
Platform(s):	Oracle Linux 5 Oracle Linux 6 Oracle Linux 7	Product(s):	java-1.6.0-openjdk
Definition Synopsis:
Oracle Linux 5 release section Oracle Linux 5.x Packages match section java-1.6.0-openjdk is earlier than 1:1.6.0.33-1.13.5.0.0.1.el5_11 AND java-1.6.0-openjdk-demo is earlier than 1:1.6.0.33-1.13.5.0.0.1.el5_11 AND java-1.6.0-openjdk-devel is earlier than 1:1.6.0.33-1.13.5.0.0.1.el5_11 AND java-1.6.0-openjdk-javadoc is earlier than 1:1.6.0.33-1.13.5.0.0.1.el5_11 AND java-1.6.0-openjdk-src is earlier than 1:1.6.0.33-1.13.5.0.0.1.el5_11 AND Oracle Linux 6 release section Oracle Linux 6.x Packages match section java-1.6.0-openjdk is earlier than 1:1.6.0.33-1.13.5.0.el6_6 AND java-1.6.0-openjdk-demo is earlier than 1:1.6.0.33-1.13.5.0.el6_6 AND java-1.6.0-openjdk-devel is earlier than 1:1.6.0.33-1.13.5.0.el6_6 AND java-1.6.0-openjdk-javadoc is earlier than 1:1.6.0.33-1.13.5.0.el6_6 AND java-1.6.0-openjdk-src is earlier than 1:1.6.0.33-1.13.5.0.el6_6 AND Oracle Linux 7 release section Oracle Linux 7.x Packages match section java-1.6.0-openjdk is earlier than 1:1.6.0.33-1.13.5.0.el7_0 AND java-1.6.0-openjdk-demo is earlier than 1:1.6.0.33-1.13.5.0.el7_0 AND java-1.6.0-openjdk-devel is earlier than 1:1.6.0.33-1.13.5.0.el7_0 AND java-1.6.0-openjdk-javadoc is earlier than 1:1.6.0.33-1.13.5.0.el7_0 AND java-1.6.0-openjdk-src is earlier than 1:1.6.0.33-1.13.5.0.el7_0

Definition Id: oval:org.mitre.oval:def:26182

Oval ID:	oval:org.mitre.oval:def:26182
Title:	SUSE-SU-2014:0961-1 -- Security update for openjdk
Description:	This Critical Patch Update contains 20 new security fixes for Oracle Java SE.
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2014:0961-1 CVE-2014-4227 CVE-2014-4219 CVE-2014-2490 CVE-2014-4216 CVE-2014-4247 CVE-2014-2483 CVE-2014-4223 CVE-2014-4262 CVE-2014-4209 CVE-2014-4265 CVE-2014-4220 CVE-2014-4218 CVE-2014-4252 CVE-2014-4266 CVE-2014-4268 CVE-2014-4264 CVE-2014-4221 CVE-2014-4244 CVE-2014-4263 CVE-2014-4208	Version:	3
Platform(s):	SUSE Linux Enterprise Desktop 11	Product(s):	openjdk
Definition Synopsis:
SUSE Linux Enterprise Desktop 11.x is installed Packages match section java-1_7_0-openjdk RPM is earlier than 0:1.7.0.65-0.7.4 AND java-1_7_0-openjdk-demo RPM is earlier than 0:1.7.0.65-0.7.4 AND java-1_7_0-openjdk-devel RPM is earlier than 0:1.7.0.65-0.7.4

Definition Id: oval:org.mitre.oval:def:26196

Oval ID:	oval:org.mitre.oval:def:26196
Title:	HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description:	Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0452 and CVE-2014-0458.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-2423	Version:	8
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
platforms HP-UX B.11.11 AND HP-UX B.11.23 AND HP-UX B.11.31 AND filesets test Jdk60.JDK60 version is less than 1.6.0.23.00 AND Jdk60.JDK60-COM version is less than 1.6.0.23.00 AND Jdk60.JDK60-IPF32 version is less than 1.6.0.23.00 AND Jdk60.JDK60-IPF64 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PNV2 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PWV2 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PA20 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PA20W version is less than 1.6.0.23.00 AND Jre60.JRE60-PNV2 version is less than 1.6.0.23.00 AND Jre60.JRE60-PNV2-H version is less than 1.6.0.23.00 AND Jre60.JRE60-PWV2 version is less than 1.6.0.23.00 AND Jre60.JRE60-PWV2-H version is less than 1.6.0.23.00 AND Jre60.JRE60-COM version is less than 1.6.0.23.00 AND Jre60.JRE60-COM-DOC version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20 version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20W version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20W-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF32 version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF32-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF64 version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF64-HS version is less than 1.6.0.23.00 AND Jdk70.JDK70-COM version is less than 1.7.0.10.00 AND Jdk70.JDK70-DEMO version is less than 1.7.0.10.00 AND Jdk70.JDK70-IPF32 version is less than 1.7.0.10.00 AND Jdk70.JDK70-IPF64 version is less than 1.7.0.10.00 AND Jre70.JRE70-COM version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF32 version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF32-HS version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF64 version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF64-HS version is less than 1.7.0.10.00

Definition Id: oval:org.mitre.oval:def:26198

Oval ID:	oval:org.mitre.oval:def:26198
Title:	USN-2319-2 -- openjdk-7 regression
Description:	USN-2319-1 introduced a regression in OpenJDK 7.
Family:	unix	Class:	patch
Reference(s):	USN-2319-2 CVE-2014-2483 CVE-2014-2490 CVE-2014-4216 CVE-2014-4219 CVE-2014-4223 CVE-2014-4262 CVE-2014-4209 CVE-2014-4244 CVE-2014-4263 CVE-2014-4218 CVE-2014-4266 CVE-2014-4264 CVE-2014-4221 CVE-2014-4252 CVE-2014-4268	Version:	3
Platform(s):	Ubuntu 14.04	Product(s):	openjdk-7
Definition Synopsis:
Ubuntu 14.04 is installed Packages match section icedtea-7-jre-jamvm DPKG is earlier than 0:7u65-2.5.1-4ubuntu1~0.14.04.2 AND openjdk-7-jre DPKG is earlier than 0:7u65-2.5.1-4ubuntu1~0.14.04.2 AND openjdk-7-jre-headless DPKG is earlier than 0:7u65-2.5.1-4ubuntu1~0.14.04.2 AND openjdk-7-jre-lib DPKG is earlier than 0:7u65-2.5.1-4ubuntu1~0.14.04.2 AND openjdk-7-jre-zero DPKG is earlier than 0:7u65-2.5.1-4ubuntu1~0.14.04.2

Definition Id: oval:org.mitre.oval:def:26213

Oval ID:	oval:org.mitre.oval:def:26213
Title:	HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description:	Unspecified vulnerability in the Java SE component in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4220.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-4208	Version:	8
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
platforms HP-UX B.11.11 AND HP-UX B.11.23 AND HP-UX B.11.31 AND filesets test Jdk60.JDK60 version is less than 1.6.0.23.00 AND Jdk60.JDK60-COM version is less than 1.6.0.23.00 AND Jdk60.JDK60-IPF32 version is less than 1.6.0.23.00 AND Jdk60.JDK60-IPF64 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PNV2 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PWV2 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PA20 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PA20W version is less than 1.6.0.23.00 AND Jre60.JRE60-PNV2 version is less than 1.6.0.23.00 AND Jre60.JRE60-PNV2-H version is less than 1.6.0.23.00 AND Jre60.JRE60-PWV2 version is less than 1.6.0.23.00 AND Jre60.JRE60-PWV2-H version is less than 1.6.0.23.00 AND Jre60.JRE60-COM version is less than 1.6.0.23.00 AND Jre60.JRE60-COM-DOC version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20 version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20W version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20W-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF32 version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF32-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF64 version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF64-HS version is less than 1.6.0.23.00

Definition Id: oval:org.mitre.oval:def:26257

Oval ID:	oval:org.mitre.oval:def:26257
Title:	HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description:	Unspecified vulnerability in Oracle Java SE 5.0u61, SE 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-0457	Version:	8
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
platforms HP-UX B.11.11 AND HP-UX B.11.23 AND HP-UX B.11.31 AND filesets test Jdk70.JDK70-COM version is less than 1.7.0.10.00 AND Jdk70.JDK70-DEMO version is less than 1.7.0.10.00 AND Jdk70.JDK70-IPF32 version is less than 1.7.0.10.00 AND Jdk70.JDK70-IPF64 version is less than 1.7.0.10.00 AND Jre70.JRE70-COM version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF32 version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF32-HS version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF64 version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF64-HS version is less than 1.7.0.10.00

Definition Id: oval:org.mitre.oval:def:26326

Oval ID:	oval:org.mitre.oval:def:26326
Title:	HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description:	Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-0461	Version:	8
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
platforms HP-UX B.11.11 AND HP-UX B.11.23 AND HP-UX B.11.31 AND filesets test Jdk60.JDK60 version is less than 1.6.0.23.00 AND Jdk60.JDK60-COM version is less than 1.6.0.23.00 AND Jdk60.JDK60-IPF32 version is less than 1.6.0.23.00 AND Jdk60.JDK60-IPF64 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PNV2 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PWV2 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PA20 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PA20W version is less than 1.6.0.23.00 AND Jre60.JRE60-PNV2 version is less than 1.6.0.23.00 AND Jre60.JRE60-PNV2-H version is less than 1.6.0.23.00 AND Jre60.JRE60-PWV2 version is less than 1.6.0.23.00 AND Jre60.JRE60-PWV2-H version is less than 1.6.0.23.00 AND Jre60.JRE60-COM version is less than 1.6.0.23.00 AND Jre60.JRE60-COM-DOC version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20 version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20W version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20W-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF32 version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF32-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF64 version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF64-HS version is less than 1.6.0.23.00 AND Jdk70.JDK70-COM version is less than 1.7.0.10.00 AND Jdk70.JDK70-DEMO version is less than 1.7.0.10.00 AND Jdk70.JDK70-IPF32 version is less than 1.7.0.10.00 AND Jdk70.JDK70-IPF64 version is less than 1.7.0.10.00 AND Jre70.JRE70-COM version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF32 version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF32-HS version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF64 version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF64-HS version is less than 1.7.0.10.00

Definition Id: oval:org.mitre.oval:def:26336

Oval ID:	oval:org.mitre.oval:def:26336
Title:	HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description:	Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-0454	Version:	8
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
platforms HP-UX B.11.11 AND HP-UX B.11.23 AND HP-UX B.11.31 AND filesets test Jdk60.JDK60 version is less than 1.6.0.23.00 AND Jdk60.JDK60-COM version is less than 1.6.0.23.00 AND Jdk60.JDK60-IPF32 version is less than 1.6.0.23.00 AND Jdk60.JDK60-IPF64 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PNV2 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PWV2 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PA20 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PA20W version is less than 1.6.0.23.00 AND Jre60.JRE60-PNV2 version is less than 1.6.0.23.00 AND Jre60.JRE60-PNV2-H version is less than 1.6.0.23.00 AND Jre60.JRE60-PWV2 version is less than 1.6.0.23.00 AND Jre60.JRE60-PWV2-H version is less than 1.6.0.23.00 AND Jre60.JRE60-COM version is less than 1.6.0.23.00 AND Jre60.JRE60-COM-DOC version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20 version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20W version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20W-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF32 version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF32-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF64 version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF64-HS version is less than 1.6.0.23.00

Definition Id: oval:org.mitre.oval:def:26352

Oval ID:	oval:org.mitre.oval:def:26352
Title:	HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description:	Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0452 and CVE-2014-2423.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-0458	Version:	8
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
platforms HP-UX B.11.11 AND HP-UX B.11.23 AND HP-UX B.11.31 AND filesets test Jdk60.JDK60 version is less than 1.6.0.23.00 AND Jdk60.JDK60-COM version is less than 1.6.0.23.00 AND Jdk60.JDK60-IPF32 version is less than 1.6.0.23.00 AND Jdk60.JDK60-IPF64 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PNV2 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PWV2 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PA20 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PA20W version is less than 1.6.0.23.00 AND Jre60.JRE60-PNV2 version is less than 1.6.0.23.00 AND Jre60.JRE60-PNV2-H version is less than 1.6.0.23.00 AND Jre60.JRE60-PWV2 version is less than 1.6.0.23.00 AND Jre60.JRE60-PWV2-H version is less than 1.6.0.23.00 AND Jre60.JRE60-COM version is less than 1.6.0.23.00 AND Jre60.JRE60-COM-DOC version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20 version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20W version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20W-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF32 version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF32-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF64 version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF64-HS version is less than 1.6.0.23.00 AND Jdk70.JDK70-COM version is less than 1.7.0.10.00 AND Jdk70.JDK70-DEMO version is less than 1.7.0.10.00 AND Jdk70.JDK70-IPF32 version is less than 1.7.0.10.00 AND Jdk70.JDK70-IPF64 version is less than 1.7.0.10.00 AND Jre70.JRE70-COM version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF32 version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF32-HS version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF64 version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF64-HS version is less than 1.7.0.10.00

Definition Id: oval:org.mitre.oval:def:26360

Oval ID:	oval:org.mitre.oval:def:26360
Title:	HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description:	Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Deployment.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-2409	Version:	8
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
platforms HP-UX B.11.11 AND HP-UX B.11.23 AND HP-UX B.11.31 AND filesets test Jdk60.JDK60 version is less than 1.6.0.23.00 AND Jdk60.JDK60-COM version is less than 1.6.0.23.00 AND Jdk60.JDK60-IPF32 version is less than 1.6.0.23.00 AND Jdk60.JDK60-IPF64 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PNV2 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PWV2 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PA20 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PA20W version is less than 1.6.0.23.00 AND Jre60.JRE60-PNV2 version is less than 1.6.0.23.00 AND Jre60.JRE60-PNV2-H version is less than 1.6.0.23.00 AND Jre60.JRE60-PWV2 version is less than 1.6.0.23.00 AND Jre60.JRE60-PWV2-H version is less than 1.6.0.23.00 AND Jre60.JRE60-COM version is less than 1.6.0.23.00 AND Jre60.JRE60-COM-DOC version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20 version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20W version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20W-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF32 version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF32-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF64 version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF64-HS version is less than 1.6.0.23.00 AND Jdk70.JDK70-COM version is less than 1.7.0.10.00 AND Jdk70.JDK70-DEMO version is less than 1.7.0.10.00 AND Jdk70.JDK70-IPF32 version is less than 1.7.0.10.00 AND Jdk70.JDK70-IPF64 version is less than 1.7.0.10.00 AND Jre70.JRE70-COM version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF32 version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF32-HS version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF64 version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF64-HS version is less than 1.7.0.10.00

Definition Id: oval:org.mitre.oval:def:26368

Oval ID:	oval:org.mitre.oval:def:26368
Title:	HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description:	Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-0453	Version:	8
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
platforms HP-UX B.11.11 AND HP-UX B.11.23 AND HP-UX B.11.31 AND filesets test Jdk60.JDK60 version is less than 1.6.0.23.00 AND Jdk60.JDK60-COM version is less than 1.6.0.23.00 AND Jdk60.JDK60-IPF32 version is less than 1.6.0.23.00 AND Jdk60.JDK60-IPF64 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PNV2 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PWV2 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PA20 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PA20W version is less than 1.6.0.23.00 AND Jre60.JRE60-PNV2 version is less than 1.6.0.23.00 AND Jre60.JRE60-PNV2-H version is less than 1.6.0.23.00 AND Jre60.JRE60-PWV2 version is less than 1.6.0.23.00 AND Jre60.JRE60-PWV2-H version is less than 1.6.0.23.00 AND Jre60.JRE60-COM version is less than 1.6.0.23.00 AND Jre60.JRE60-COM-DOC version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20 version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20W version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20W-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF32 version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF32-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF64 version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF64-HS version is less than 1.6.0.23.00 AND Jdk70.JDK70-COM version is less than 1.7.0.10.00 AND Jdk70.JDK70-DEMO version is less than 1.7.0.10.00 AND Jdk70.JDK70-IPF32 version is less than 1.7.0.10.00 AND Jdk70.JDK70-IPF64 version is less than 1.7.0.10.00 AND Jre70.JRE70-COM version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF32 version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF32-HS version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF64 version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF64-HS version is less than 1.7.0.10.00

Definition Id: oval:org.mitre.oval:def:26370

Oval ID:	oval:org.mitre.oval:def:26370
Title:	RHSA-2014:1036: java-1.5.0-ibm security update (Important)
Description:	IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2014-4209, CVE-2014-4218, CVE-2014-4219, CVE-2014-4244, CVE-2014-4252, CVE-2014-4262, CVE-2014-4263) The CVE-2014-4262 issue was discovered by Florian Weimer of Red Hat Product Security. All users of java-1.5.0-ibm are advised to upgrade to these updated packages, containing the IBM J2SE 5.0 SR16-FP7 release. All running instances of IBM Java must be restarted for this update to take effect.
Family:	unix	Class:	patch
Reference(s):	RHSA-2014:1036-00 CVE-2014-4209 CVE-2014-4218 CVE-2014-4219 CVE-2014-4244 CVE-2014-4252 CVE-2014-4262 CVE-2014-4263	Version:	3
Platform(s):	Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6	Product(s):	java-1.5.0-ibm
Definition Synopsis:
Operation system section The operating system installed on the system is Red Hat Enterprise Linux 5 Packages section java-1.5.0-ibm is earlier than 1:1.5.0.16.7-1jpp.1.el5_10 AND java-1.5.0-ibm-accessibility is earlier than 1:1.5.0.16.7-1jpp.1.el5_10 AND java-1.5.0-ibm-demo is earlier than 1:1.5.0.16.7-1jpp.1.el5_10 AND java-1.5.0-ibm-devel is earlier than 1:1.5.0.16.7-1jpp.1.el5_10 AND java-1.5.0-ibm-javacomm is earlier than 1:1.5.0.16.7-1jpp.1.el5_10 AND java-1.5.0-ibm-jdbc is earlier than 1:1.5.0.16.7-1jpp.1.el5_10 AND java-1.5.0-ibm-plugin is earlier than 1:1.5.0.16.7-1jpp.1.el5_10 AND java-1.5.0-ibm-src is earlier than 1:1.5.0.16.7-1jpp.1.el5_10 AND Operation system section The operating system installed on the system is Red Hat Enterprise Linux 6 Packages section java-1.5.0-ibm is earlier than 1:1.5.0.16.7-1jpp.1.el6_5 AND java-1.5.0-ibm-demo is earlier than 1:1.5.0.16.7-1jpp.1.el6_5 AND java-1.5.0-ibm-devel is earlier than 1:1.5.0.16.7-1jpp.1.el6_5 AND java-1.5.0-ibm-javacomm is earlier than 1:1.5.0.16.7-1jpp.1.el6_5 AND java-1.5.0-ibm-jdbc is earlier than 1:1.5.0.16.7-1jpp.1.el6_5 AND java-1.5.0-ibm-plugin is earlier than 1:1.5.0.16.7-1jpp.1.el6_5 AND java-1.5.0-ibm-src is earlier than 1:1.5.0.16.7-1jpp.1.el6_5

Definition Id: oval:org.mitre.oval:def:26379

Oval ID:	oval:org.mitre.oval:def:26379
Title:	HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description:	Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-4262	Version:	8
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
platforms HP-UX B.11.11 AND HP-UX B.11.23 AND HP-UX B.11.31 AND filesets test Jdk60.JDK60 version is less than 1.6.0.23.00 AND Jdk60.JDK60-COM version is less than 1.6.0.23.00 AND Jdk60.JDK60-IPF32 version is less than 1.6.0.23.00 AND Jdk60.JDK60-IPF64 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PNV2 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PWV2 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PA20 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PA20W version is less than 1.6.0.23.00 AND Jre60.JRE60-PNV2 version is less than 1.6.0.23.00 AND Jre60.JRE60-PNV2-H version is less than 1.6.0.23.00 AND Jre60.JRE60-PWV2 version is less than 1.6.0.23.00 AND Jre60.JRE60-PWV2-H version is less than 1.6.0.23.00 AND Jre60.JRE60-COM version is less than 1.6.0.23.00 AND Jre60.JRE60-COM-DOC version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20 version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20W version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20W-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF32 version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF32-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF64 version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF64-HS version is less than 1.6.0.23.00 AND Jdk70.JDK70-COM version is less than 1.7.0.10.00 AND Jdk70.JDK70-DEMO version is less than 1.7.0.10.00 AND Jdk70.JDK70-IPF32 version is less than 1.7.0.10.00 AND Jdk70.JDK70-IPF64 version is less than 1.7.0.10.00 AND Jre70.JRE70-COM version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF32 version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF32-HS version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF64 version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF64-HS version is less than 1.7.0.10.00

Definition Id: oval:org.mitre.oval:def:26407

Oval ID:	oval:org.mitre.oval:def:26407
Title:	RHSA-2014:1033: java-1.6.0-ibm security update (Critical)
Description:	IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2014-4209, CVE-2014-4218, CVE-2014-4219, CVE-2014-4227, CVE-2014-4244, CVE-2014-4252, CVE-2014-4262, CVE-2014-4263, CVE-2014-4265) The CVE-2014-4262 issue was discovered by Florian Weimer of Red Hat Product Security. All users of java-1.6.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 6 SR16-FP1 release. All running instances of IBM Java must be restarted for the update to take effect.
Family:	unix	Class:	patch
Reference(s):	RHSA-2014:1033-00 CVE-2014-4209 CVE-2014-4218 CVE-2014-4219 CVE-2014-4227 CVE-2014-4244 CVE-2014-4252 CVE-2014-4262 CVE-2014-4263 CVE-2014-4265	Version:	3
Platform(s):	Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6	Product(s):	java-1.6.0-ibm
Definition Synopsis:
Operation system section The operating system installed on the system is Red Hat Enterprise Linux 5 Packages section java-1.6.0-ibm is earlier than 1:1.6.0.16.1-1jpp.1.el5_10 AND java-1.6.0-ibm-accessibility is earlier than 1:1.6.0.16.1-1jpp.1.el5_10 AND java-1.6.0-ibm-demo is earlier than 1:1.6.0.16.1-1jpp.1.el5_10 AND java-1.6.0-ibm-devel is earlier than 1:1.6.0.16.1-1jpp.1.el5_10 AND java-1.6.0-ibm-javacomm is earlier than 1:1.6.0.16.1-1jpp.1.el5_10 AND java-1.6.0-ibm-jdbc is earlier than 1:1.6.0.16.1-1jpp.1.el5_10 AND java-1.6.0-ibm-plugin is earlier than 1:1.6.0.16.1-1jpp.1.el5_10 AND java-1.6.0-ibm-src is earlier than 1:1.6.0.16.1-1jpp.1.el5_10 AND Operation system section The operating system installed on the system is Red Hat Enterprise Linux 6 Packages section java-1.6.0-ibm is earlier than 1:1.6.0.16.1-1jpp.1.el6_5 AND java-1.6.0-ibm-demo is earlier than 1:1.6.0.16.1-1jpp.1.el6_5 AND java-1.6.0-ibm-devel is earlier than 1:1.6.0.16.1-1jpp.1.el6_5 AND java-1.6.0-ibm-javacomm is earlier than 1:1.6.0.16.1-1jpp.1.el6_5 AND java-1.6.0-ibm-jdbc is earlier than 1:1.6.0.16.1-1jpp.1.el6_5 AND java-1.6.0-ibm-plugin is earlier than 1:1.6.0.16.1-1jpp.1.el6_5 AND java-1.6.0-ibm-src is earlier than 1:1.6.0.16.1-1jpp.1.el6_5

Definition Id: oval:org.mitre.oval:def:26411

Oval ID:	oval:org.mitre.oval:def:26411
Title:	HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description:	Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-0432 and CVE-2014-2402.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-0455	Version:	8
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
platforms HP-UX B.11.11 AND HP-UX B.11.23 AND HP-UX B.11.31 AND filesets test Jdk60.JDK60 version is less than 1.6.0.23.00 AND Jdk60.JDK60-COM version is less than 1.6.0.23.00 AND Jdk60.JDK60-IPF32 version is less than 1.6.0.23.00 AND Jdk60.JDK60-IPF64 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PNV2 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PWV2 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PA20 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PA20W version is less than 1.6.0.23.00 AND Jre60.JRE60-PNV2 version is less than 1.6.0.23.00 AND Jre60.JRE60-PNV2-H version is less than 1.6.0.23.00 AND Jre60.JRE60-PWV2 version is less than 1.6.0.23.00 AND Jre60.JRE60-PWV2-H version is less than 1.6.0.23.00 AND Jre60.JRE60-COM version is less than 1.6.0.23.00 AND Jre60.JRE60-COM-DOC version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20 version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20W version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20W-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF32 version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF32-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF64 version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF64-HS version is less than 1.6.0.23.00

Definition Id: oval:org.mitre.oval:def:26415

Oval ID:	oval:org.mitre.oval:def:26415
Title:	HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description:	Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-0446	Version:	8
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
platforms HP-UX B.11.11 AND HP-UX B.11.23 AND HP-UX B.11.31 AND filesets test Jdk60.JDK60 version is less than 1.6.0.23.00 AND Jdk60.JDK60-COM version is less than 1.6.0.23.00 AND Jdk60.JDK60-IPF32 version is less than 1.6.0.23.00 AND Jdk60.JDK60-IPF64 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PNV2 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PWV2 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PA20 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PA20W version is less than 1.6.0.23.00 AND Jre60.JRE60-PNV2 version is less than 1.6.0.23.00 AND Jre60.JRE60-PNV2-H version is less than 1.6.0.23.00 AND Jre60.JRE60-PWV2 version is less than 1.6.0.23.00 AND Jre60.JRE60-PWV2-H version is less than 1.6.0.23.00 AND Jre60.JRE60-COM version is less than 1.6.0.23.00 AND Jre60.JRE60-COM-DOC version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20 version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20W version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20W-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF32 version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF32-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF64 version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF64-HS version is less than 1.6.0.23.00 AND Jdk70.JDK70-COM version is less than 1.7.0.10.00 AND Jdk70.JDK70-DEMO version is less than 1.7.0.10.00 AND Jdk70.JDK70-IPF32 version is less than 1.7.0.10.00 AND Jdk70.JDK70-IPF64 version is less than 1.7.0.10.00 AND Jre70.JRE70-COM version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF32 version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF32-HS version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF64 version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF64-HS version is less than 1.7.0.10.00

Definition Id: oval:org.mitre.oval:def:26429

Oval ID:	oval:org.mitre.oval:def:26429
Title:	HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description:	Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect integrity via unknown vectors related to Deployment.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-2420	Version:	8
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
platforms HP-UX B.11.11 AND HP-UX B.11.23 AND HP-UX B.11.31 AND filesets test Jdk60.JDK60 version is less than 1.6.0.23.00 AND Jdk60.JDK60-COM version is less than 1.6.0.23.00 AND Jdk60.JDK60-IPF32 version is less than 1.6.0.23.00 AND Jdk60.JDK60-IPF64 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PNV2 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PWV2 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PA20 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PA20W version is less than 1.6.0.23.00 AND Jre60.JRE60-PNV2 version is less than 1.6.0.23.00 AND Jre60.JRE60-PNV2-H version is less than 1.6.0.23.00 AND Jre60.JRE60-PWV2 version is less than 1.6.0.23.00 AND Jre60.JRE60-PWV2-H version is less than 1.6.0.23.00 AND Jre60.JRE60-COM version is less than 1.6.0.23.00 AND Jre60.JRE60-COM-DOC version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20 version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20W version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20W-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF32 version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF32-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF64 version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF64-HS version is less than 1.6.0.23.00 AND Jdk70.JDK70-COM version is less than 1.7.0.10.00 AND Jdk70.JDK70-DEMO version is less than 1.7.0.10.00 AND Jdk70.JDK70-IPF32 version is less than 1.7.0.10.00 AND Jdk70.JDK70-IPF64 version is less than 1.7.0.10.00 AND Jre70.JRE70-COM version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF32 version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF32-HS version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF64 version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF64-HS version is less than 1.7.0.10.00

Definition Id: oval:org.mitre.oval:def:26431

Oval ID:	oval:org.mitre.oval:def:26431
Title:	HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description:	Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-2428	Version:	8
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
platforms HP-UX B.11.11 AND HP-UX B.11.23 AND HP-UX B.11.31 AND filesets test Jdk60.JDK60 version is less than 1.6.0.23.00 AND Jdk60.JDK60-COM version is less than 1.6.0.23.00 AND Jdk60.JDK60-IPF32 version is less than 1.6.0.23.00 AND Jdk60.JDK60-IPF64 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PNV2 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PWV2 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PA20 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PA20W version is less than 1.6.0.23.00 AND Jre60.JRE60-PNV2 version is less than 1.6.0.23.00 AND Jre60.JRE60-PNV2-H version is less than 1.6.0.23.00 AND Jre60.JRE60-PWV2 version is less than 1.6.0.23.00 AND Jre60.JRE60-PWV2-H version is less than 1.6.0.23.00 AND Jre60.JRE60-COM version is less than 1.6.0.23.00 AND Jre60.JRE60-COM-DOC version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20 version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20W version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20W-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF32 version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF32-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF64 version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF64-HS version is less than 1.6.0.23.00 AND Jdk70.JDK70-COM version is less than 1.7.0.10.00 AND Jdk70.JDK70-DEMO version is less than 1.7.0.10.00 AND Jdk70.JDK70-IPF32 version is less than 1.7.0.10.00 AND Jdk70.JDK70-IPF64 version is less than 1.7.0.10.00 AND Jre70.JRE70-COM version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF32 version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF32-HS version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF64 version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF64-HS version is less than 1.7.0.10.00

Definition Id: oval:org.mitre.oval:def:26466

Oval ID:	oval:org.mitre.oval:def:26466
Title:	HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description:	Unspecified vulnerability in Oracle Java SE 7u51 and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-0448	Version:	8
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
platforms HP-UX B.11.11 AND HP-UX B.11.23 AND HP-UX B.11.31 AND filesets test Jdk60.JDK60 version is less than 1.6.0.23.00 AND Jdk60.JDK60-COM version is less than 1.6.0.23.00 AND Jdk60.JDK60-IPF32 version is less than 1.6.0.23.00 AND Jdk60.JDK60-IPF64 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PNV2 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PWV2 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PA20 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PA20W version is less than 1.6.0.23.00 AND Jre60.JRE60-PNV2 version is less than 1.6.0.23.00 AND Jre60.JRE60-PNV2-H version is less than 1.6.0.23.00 AND Jre60.JRE60-PWV2 version is less than 1.6.0.23.00 AND Jre60.JRE60-PWV2-H version is less than 1.6.0.23.00 AND Jre60.JRE60-COM version is less than 1.6.0.23.00 AND Jre60.JRE60-COM-DOC version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20 version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20W version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20W-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF32 version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF32-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF64 version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF64-HS version is less than 1.6.0.23.00

Definition Id: oval:org.mitre.oval:def:26480

Oval ID:	oval:org.mitre.oval:def:26480
Title:	HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description:	Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect integrity via unknown vectors related to Deployment.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-4265	Version:	8
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
platforms HP-UX B.11.11 AND HP-UX B.11.23 AND HP-UX B.11.31 AND filesets test Jdk60.JDK60 version is less than 1.6.0.23.00 AND Jdk60.JDK60-COM version is less than 1.6.0.23.00 AND Jdk60.JDK60-IPF32 version is less than 1.6.0.23.00 AND Jdk60.JDK60-IPF64 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PNV2 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PWV2 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PA20 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PA20W version is less than 1.6.0.23.00 AND Jre60.JRE60-PNV2 version is less than 1.6.0.23.00 AND Jre60.JRE60-PNV2-H version is less than 1.6.0.23.00 AND Jre60.JRE60-PWV2 version is less than 1.6.0.23.00 AND Jre60.JRE60-PWV2-H version is less than 1.6.0.23.00 AND Jre60.JRE60-COM version is less than 1.6.0.23.00 AND Jre60.JRE60-COM-DOC version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20 version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20W version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20W-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF32 version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF32-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF64 version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF64-HS version is less than 1.6.0.23.00 AND Jdk70.JDK70-COM version is less than 1.7.0.10.00 AND Jdk70.JDK70-DEMO version is less than 1.7.0.10.00 AND Jdk70.JDK70-IPF32 version is less than 1.7.0.10.00 AND Jdk70.JDK70-IPF64 version is less than 1.7.0.10.00 AND Jre70.JRE70-COM version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF32 version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF32-HS version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF64 version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF64-HS version is less than 1.7.0.10.00

Definition Id: oval:org.mitre.oval:def:26484

Oval ID:	oval:org.mitre.oval:def:26484
Title:	HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description:	Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-2427	Version:	8
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
platforms HP-UX B.11.11 AND HP-UX B.11.23 AND HP-UX B.11.31 AND filesets test Jdk60.JDK60 version is less than 1.6.0.23.00 AND Jdk60.JDK60-COM version is less than 1.6.0.23.00 AND Jdk60.JDK60-IPF32 version is less than 1.6.0.23.00 AND Jdk60.JDK60-IPF64 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PNV2 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PWV2 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PA20 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PA20W version is less than 1.6.0.23.00 AND Jre60.JRE60-PNV2 version is less than 1.6.0.23.00 AND Jre60.JRE60-PNV2-H version is less than 1.6.0.23.00 AND Jre60.JRE60-PWV2 version is less than 1.6.0.23.00 AND Jre60.JRE60-PWV2-H version is less than 1.6.0.23.00 AND Jre60.JRE60-COM version is less than 1.6.0.23.00 AND Jre60.JRE60-COM-DOC version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20 version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20W version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20W-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF32 version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF32-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF64 version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF64-HS version is less than 1.6.0.23.00 AND Jdk70.JDK70-COM version is less than 1.7.0.10.00 AND Jdk70.JDK70-DEMO version is less than 1.7.0.10.00 AND Jdk70.JDK70-IPF32 version is less than 1.7.0.10.00 AND Jdk70.JDK70-IPF64 version is less than 1.7.0.10.00 AND Jre70.JRE70-COM version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF32 version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF32-HS version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF64 version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF64-HS version is less than 1.7.0.10.00

Definition Id: oval:org.mitre.oval:def:26494

Oval ID:	oval:org.mitre.oval:def:26494
Title:	HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description:	Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via vectors related to JNDI.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-0460	Version:	8
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
platforms HP-UX B.11.11 AND HP-UX B.11.23 AND HP-UX B.11.31 AND filesets test Jdk60.JDK60 version is less than 1.6.0.23.00 AND Jdk60.JDK60-COM version is less than 1.6.0.23.00 AND Jdk60.JDK60-IPF32 version is less than 1.6.0.23.00 AND Jdk60.JDK60-IPF64 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PNV2 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PWV2 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PA20 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PA20W version is less than 1.6.0.23.00 AND Jre60.JRE60-PNV2 version is less than 1.6.0.23.00 AND Jre60.JRE60-PNV2-H version is less than 1.6.0.23.00 AND Jre60.JRE60-PWV2 version is less than 1.6.0.23.00 AND Jre60.JRE60-PWV2-H version is less than 1.6.0.23.00 AND Jre60.JRE60-COM version is less than 1.6.0.23.00 AND Jre60.JRE60-COM-DOC version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20 version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20W version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20W-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF32 version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF32-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF64 version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF64-HS version is less than 1.6.0.23.00 AND Jdk70.JDK70-COM version is less than 1.7.0.10.00 AND Jdk70.JDK70-DEMO version is less than 1.7.0.10.00 AND Jdk70.JDK70-IPF32 version is less than 1.7.0.10.00 AND Jdk70.JDK70-IPF64 version is less than 1.7.0.10.00 AND Jre70.JRE70-COM version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF32 version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF32-HS version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF64 version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF64-HS version is less than 1.7.0.10.00

Definition Id: oval:org.mitre.oval:def:26495

Oval ID:	oval:org.mitre.oval:def:26495
Title:	HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description:	Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality via unknown vectors related to 2D.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-2401	Version:	8
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
platforms HP-UX B.11.11 AND HP-UX B.11.23 AND HP-UX B.11.31 AND filesets test Jdk60.JDK60 version is less than 1.6.0.23.00 AND Jdk60.JDK60-COM version is less than 1.6.0.23.00 AND Jdk60.JDK60-IPF32 version is less than 1.6.0.23.00 AND Jdk60.JDK60-IPF64 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PNV2 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PWV2 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PA20 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PA20W version is less than 1.6.0.23.00 AND Jre60.JRE60-PNV2 version is less than 1.6.0.23.00 AND Jre60.JRE60-PNV2-H version is less than 1.6.0.23.00 AND Jre60.JRE60-PWV2 version is less than 1.6.0.23.00 AND Jre60.JRE60-PWV2-H version is less than 1.6.0.23.00 AND Jre60.JRE60-COM version is less than 1.6.0.23.00 AND Jre60.JRE60-COM-DOC version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20 version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20W version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20W-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF32 version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF32-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF64 version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF64-HS version is less than 1.6.0.23.00 AND Jdk70.JDK70-COM version is less than 1.7.0.10.00 AND Jdk70.JDK70-DEMO version is less than 1.7.0.10.00 AND Jdk70.JDK70-IPF32 version is less than 1.7.0.10.00 AND Jdk70.JDK70-IPF64 version is less than 1.7.0.10.00 AND Jre70.JRE70-COM version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF32 version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF32-HS version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF64 version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF64-HS version is less than 1.7.0.10.00

Definition Id: oval:org.mitre.oval:def:26497

Oval ID:	oval:org.mitre.oval:def:26497
Title:	HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description:	Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-4216	Version:	8
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
platforms HP-UX B.11.11 AND HP-UX B.11.23 AND HP-UX B.11.31 AND filesets test Jdk60.JDK60 version is less than 1.6.0.23.00 AND Jdk60.JDK60-COM version is less than 1.6.0.23.00 AND Jdk60.JDK60-IPF32 version is less than 1.6.0.23.00 AND Jdk60.JDK60-IPF64 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PNV2 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PWV2 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PA20 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PA20W version is less than 1.6.0.23.00 AND Jre60.JRE60-PNV2 version is less than 1.6.0.23.00 AND Jre60.JRE60-PNV2-H version is less than 1.6.0.23.00 AND Jre60.JRE60-PWV2 version is less than 1.6.0.23.00 AND Jre60.JRE60-PWV2-H version is less than 1.6.0.23.00 AND Jre60.JRE60-COM version is less than 1.6.0.23.00 AND Jre60.JRE60-COM-DOC version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20 version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20W version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20W-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF32 version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF32-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF64 version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF64-HS version is less than 1.6.0.23.00 AND Jdk70.JDK70-COM version is less than 1.7.0.10.00 AND Jdk70.JDK70-DEMO version is less than 1.7.0.10.00 AND Jdk70.JDK70-IPF32 version is less than 1.7.0.10.00 AND Jdk70.JDK70-IPF64 version is less than 1.7.0.10.00 AND Jre70.JRE70-COM version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF32 version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF32-HS version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF64 version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF64-HS version is less than 1.7.0.10.00

Definition Id: oval:org.mitre.oval:def:26513

Oval ID:	oval:org.mitre.oval:def:26513
Title:	USN-2319-1 -- openjdk-7 vulnerabilities
Description:	Several security issues were fixed in OpenJDK 7.
Family:	unix	Class:	patch
Reference(s):	USN-2319-1 CVE-2014-2483 CVE-2014-2490 CVE-2014-4216 CVE-2014-4219 CVE-2014-4223 CVE-2014-4262 CVE-2014-4209 CVE-2014-4244 CVE-2014-4263 CVE-2014-4218 CVE-2014-4266 CVE-2014-4264 CVE-2014-4221 CVE-2014-4252 CVE-2014-4268	Version:	3
Platform(s):	Ubuntu 14.04	Product(s):	openjdk-7
Definition Synopsis:
Ubuntu 14.04 is installed Packages match section icedtea-7-jre-jamvm DPKG is earlier than 0:7u65-2.5.1-4ubuntu1~0.14.04.1 AND openjdk-7-jre DPKG is earlier than 0:7u65-2.5.1-4ubuntu1~0.14.04.1 AND openjdk-7-jre-headless DPKG is earlier than 0:7u65-2.5.1-4ubuntu1~0.14.04.1 AND openjdk-7-jre-lib DPKG is earlier than 0:7u65-2.5.1-4ubuntu1~0.14.04.1 AND openjdk-7-jre-zero DPKG is earlier than 0:7u65-2.5.1-4ubuntu1~0.14.04.1

Definition Id: oval:org.mitre.oval:def:26524

Oval ID:	oval:org.mitre.oval:def:26524
Title:	HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description:	Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-0456	Version:	8
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
platforms HP-UX B.11.11 AND HP-UX B.11.23 AND HP-UX B.11.31 AND filesets test Jdk60.JDK60 version is less than 1.6.0.23.00 AND Jdk60.JDK60-COM version is less than 1.6.0.23.00 AND Jdk60.JDK60-IPF32 version is less than 1.6.0.23.00 AND Jdk60.JDK60-IPF64 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PNV2 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PWV2 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PA20 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PA20W version is less than 1.6.0.23.00 AND Jre60.JRE60-PNV2 version is less than 1.6.0.23.00 AND Jre60.JRE60-PNV2-H version is less than 1.6.0.23.00 AND Jre60.JRE60-PWV2 version is less than 1.6.0.23.00 AND Jre60.JRE60-PWV2-H version is less than 1.6.0.23.00 AND Jre60.JRE60-COM version is less than 1.6.0.23.00 AND Jre60.JRE60-COM-DOC version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20 version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20W version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20W-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF32 version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF32-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF64 version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF64-HS version is less than 1.6.0.23.00 AND Jdk70.JDK70-COM version is less than 1.7.0.10.00 AND Jdk70.JDK70-DEMO version is less than 1.7.0.10.00 AND Jdk70.JDK70-IPF32 version is less than 1.7.0.10.00 AND Jdk70.JDK70-IPF64 version is less than 1.7.0.10.00 AND Jre70.JRE70-COM version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF32 version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF32-HS version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF64 version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF64-HS version is less than 1.7.0.10.00

Definition Id: oval:org.mitre.oval:def:26534

Oval ID:	oval:org.mitre.oval:def:26534
Title:	HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description:	Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-4227	Version:	8
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
platforms HP-UX B.11.11 AND HP-UX B.11.23 AND HP-UX B.11.31 AND filesets test Jdk70.JDK70-COM version is less than 1.7.0.10.00 AND Jdk70.JDK70-DEMO version is less than 1.7.0.10.00 AND Jdk70.JDK70-IPF32 version is less than 1.7.0.10.00 AND Jdk70.JDK70-IPF64 version is less than 1.7.0.10.00 AND Jre70.JRE70-COM version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF32 version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF32-HS version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF64 version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF64-HS version is less than 1.7.0.10.00

Definition Id: oval:org.mitre.oval:def:26545

Oval ID:	oval:org.mitre.oval:def:26545
Title:	HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description:	Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Libraries.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-4221	Version:	8
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
platforms HP-UX B.11.11 AND HP-UX B.11.23 AND HP-UX B.11.31 AND filesets test Jdk60.JDK60 version is less than 1.6.0.23.00 AND Jdk60.JDK60-COM version is less than 1.6.0.23.00 AND Jdk60.JDK60-IPF32 version is less than 1.6.0.23.00 AND Jdk60.JDK60-IPF64 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PNV2 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PWV2 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PA20 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PA20W version is less than 1.6.0.23.00 AND Jre60.JRE60-PNV2 version is less than 1.6.0.23.00 AND Jre60.JRE60-PNV2-H version is less than 1.6.0.23.00 AND Jre60.JRE60-PWV2 version is less than 1.6.0.23.00 AND Jre60.JRE60-PWV2-H version is less than 1.6.0.23.00 AND Jre60.JRE60-COM version is less than 1.6.0.23.00 AND Jre60.JRE60-COM-DOC version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20 version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20W version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20W-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF32 version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF32-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF64 version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF64-HS version is less than 1.6.0.23.00

Definition Id: oval:org.mitre.oval:def:26557

Oval ID:	oval:org.mitre.oval:def:26557
Title:	SUSE-SU-2014:1055-1 -- Security update for IBM Java
Description:	java-1_6_0-ibm has been updated to fix several security issues.
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2014:1055-1 CVE-2014-4227 CVE-2014-4262 CVE-2014-4219 CVE-2014-4209 CVE-2014-4268 CVE-2014-4218 CVE-2014-4252 CVE-2014-4265 CVE-2014-4263 CVE-2014-4244	Version:	3
Platform(s):	SUSE Linux Enterprise Server 11	Product(s):	IBM Java
Definition Synopsis:
SUSE Linux Enterprise Server 11.x is installed Packages match section java-1_6_0-ibm RPM is earlier than 0:1.6.0_sr16.1-0.3.1 AND java-1_6_0-ibm-fonts RPM is earlier than 0:1.6.0_sr16.1-0.3.1 AND java-1_6_0-ibm-jdbc RPM is earlier than 0:1.6.0_sr16.1-0.3.1 AND java-1_6_0-ibm-plugin RPM is earlier than 0:1.6.0_sr16.1-0.3.1 AND java-1_6_0-ibm-alsa RPM is earlier than 0:1.6.0_sr16.1-0.3.1

Definition Id: oval:org.mitre.oval:def:26558

Oval ID:	oval:org.mitre.oval:def:26558
Title:	HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description:	Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality via unknown vectors related to Deployment.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-0449	Version:	8
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
platforms HP-UX B.11.11 AND HP-UX B.11.23 AND HP-UX B.11.31 AND filesets test Jdk60.JDK60 version is less than 1.6.0.23.00 AND Jdk60.JDK60-COM version is less than 1.6.0.23.00 AND Jdk60.JDK60-IPF32 version is less than 1.6.0.23.00 AND Jdk60.JDK60-IPF64 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PNV2 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PWV2 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PA20 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PA20W version is less than 1.6.0.23.00 AND Jre60.JRE60-PNV2 version is less than 1.6.0.23.00 AND Jre60.JRE60-PNV2-H version is less than 1.6.0.23.00 AND Jre60.JRE60-PWV2 version is less than 1.6.0.23.00 AND Jre60.JRE60-PWV2-H version is less than 1.6.0.23.00 AND Jre60.JRE60-COM version is less than 1.6.0.23.00 AND Jre60.JRE60-COM-DOC version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20 version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20W version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20W-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF32 version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF32-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF64 version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF64-HS version is less than 1.6.0.23.00 AND Jdk70.JDK70-COM version is less than 1.7.0.10.00 AND Jdk70.JDK70-DEMO version is less than 1.7.0.10.00 AND Jdk70.JDK70-IPF32 version is less than 1.7.0.10.00 AND Jdk70.JDK70-IPF64 version is less than 1.7.0.10.00 AND Jre70.JRE70-COM version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF32 version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF32-HS version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF64 version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF64-HS version is less than 1.7.0.10.00

Definition Id: oval:org.mitre.oval:def:26567

Oval ID:	oval:org.mitre.oval:def:26567
Title:	HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description:	Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXB.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-2414	Version:	8
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
platforms HP-UX B.11.11 AND HP-UX B.11.23 AND HP-UX B.11.31 AND filesets test Jdk60.JDK60 version is less than 1.6.0.23.00 AND Jdk60.JDK60-COM version is less than 1.6.0.23.00 AND Jdk60.JDK60-IPF32 version is less than 1.6.0.23.00 AND Jdk60.JDK60-IPF64 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PNV2 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PWV2 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PA20 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PA20W version is less than 1.6.0.23.00 AND Jre60.JRE60-PNV2 version is less than 1.6.0.23.00 AND Jre60.JRE60-PNV2-H version is less than 1.6.0.23.00 AND Jre60.JRE60-PWV2 version is less than 1.6.0.23.00 AND Jre60.JRE60-PWV2-H version is less than 1.6.0.23.00 AND Jre60.JRE60-COM version is less than 1.6.0.23.00 AND Jre60.JRE60-COM-DOC version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20 version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20W version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20W-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF32 version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF32-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF64 version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF64-HS version is less than 1.6.0.23.00 AND Jdk70.JDK70-COM version is less than 1.7.0.10.00 AND Jdk70.JDK70-DEMO version is less than 1.7.0.10.00 AND Jdk70.JDK70-IPF32 version is less than 1.7.0.10.00 AND Jdk70.JDK70-IPF64 version is less than 1.7.0.10.00 AND Jre70.JRE70-COM version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF32 version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF32-HS version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF64 version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF64-HS version is less than 1.7.0.10.00

Definition Id: oval:org.mitre.oval:def:26569

Oval ID:	oval:org.mitre.oval:def:26569
Title:	HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description:	Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0458 and CVE-2014-2423.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-0452	Version:	8
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
platforms HP-UX B.11.11 AND HP-UX B.11.23 AND HP-UX B.11.31 AND filesets test Jdk60.JDK60 version is less than 1.6.0.23.00 AND Jdk60.JDK60-COM version is less than 1.6.0.23.00 AND Jdk60.JDK60-IPF32 version is less than 1.6.0.23.00 AND Jdk60.JDK60-IPF64 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PNV2 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PWV2 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PA20 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PA20W version is less than 1.6.0.23.00 AND Jre60.JRE60-PNV2 version is less than 1.6.0.23.00 AND Jre60.JRE60-PNV2-H version is less than 1.6.0.23.00 AND Jre60.JRE60-PWV2 version is less than 1.6.0.23.00 AND Jre60.JRE60-PWV2-H version is less than 1.6.0.23.00 AND Jre60.JRE60-COM version is less than 1.6.0.23.00 AND Jre60.JRE60-COM-DOC version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20 version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20W version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20W-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF32 version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF32-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF64 version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF64-HS version is less than 1.6.0.23.00 AND Jdk70.JDK70-COM version is less than 1.7.0.10.00 AND Jdk70.JDK70-DEMO version is less than 1.7.0.10.00 AND Jdk70.JDK70-IPF32 version is less than 1.7.0.10.00 AND Jdk70.JDK70-IPF64 version is less than 1.7.0.10.00 AND Jre70.JRE70-COM version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF32 version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF32-HS version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF64 version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF64-HS version is less than 1.7.0.10.00

Definition Id: oval:org.mitre.oval:def:26587

Oval ID:	oval:org.mitre.oval:def:26587
Title:	HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description:	Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, SE 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT, a different vulnerability than CVE-2014-0451.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-2412	Version:	8
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
platforms HP-UX B.11.11 AND HP-UX B.11.23 AND HP-UX B.11.31 AND filesets test Jdk60.JDK60 version is less than 1.6.0.23.00 AND Jdk60.JDK60-COM version is less than 1.6.0.23.00 AND Jdk60.JDK60-IPF32 version is less than 1.6.0.23.00 AND Jdk60.JDK60-IPF64 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PNV2 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PWV2 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PA20 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PA20W version is less than 1.6.0.23.00 AND Jre60.JRE60-PNV2 version is less than 1.6.0.23.00 AND Jre60.JRE60-PNV2-H version is less than 1.6.0.23.00 AND Jre60.JRE60-PWV2 version is less than 1.6.0.23.00 AND Jre60.JRE60-PWV2-H version is less than 1.6.0.23.00 AND Jre60.JRE60-COM version is less than 1.6.0.23.00 AND Jre60.JRE60-COM-DOC version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20 version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20W version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20W-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF32 version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF32-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF64 version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF64-HS version is less than 1.6.0.23.00 AND Jdk70.JDK70-COM version is less than 1.7.0.10.00 AND Jdk70.JDK70-DEMO version is less than 1.7.0.10.00 AND Jdk70.JDK70-IPF32 version is less than 1.7.0.10.00 AND Jdk70.JDK70-IPF64 version is less than 1.7.0.10.00 AND Jre70.JRE70-COM version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF32 version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF32-HS version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF64 version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF64-HS version is less than 1.7.0.10.00

Definition Id: oval:org.mitre.oval:def:26588

Oval ID:	oval:org.mitre.oval:def:26588
Title:	HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description:	Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Swing.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-4268	Version:	8
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
platforms HP-UX B.11.11 AND HP-UX B.11.23 AND HP-UX B.11.31 AND filesets test Jdk60.JDK60 version is less than 1.6.0.23.00 AND Jdk60.JDK60-COM version is less than 1.6.0.23.00 AND Jdk60.JDK60-IPF32 version is less than 1.6.0.23.00 AND Jdk60.JDK60-IPF64 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PNV2 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PWV2 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PA20 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PA20W version is less than 1.6.0.23.00 AND Jre60.JRE60-PNV2 version is less than 1.6.0.23.00 AND Jre60.JRE60-PNV2-H version is less than 1.6.0.23.00 AND Jre60.JRE60-PWV2 version is less than 1.6.0.23.00 AND Jre60.JRE60-PWV2-H version is less than 1.6.0.23.00 AND Jre60.JRE60-COM version is less than 1.6.0.23.00 AND Jre60.JRE60-COM-DOC version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20 version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20W version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20W-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF32 version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF32-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF64 version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF64-HS version is less than 1.6.0.23.00 AND Jdk70.JDK70-COM version is less than 1.7.0.10.00 AND Jdk70.JDK70-DEMO version is less than 1.7.0.10.00 AND Jdk70.JDK70-IPF32 version is less than 1.7.0.10.00 AND Jdk70.JDK70-IPF64 version is less than 1.7.0.10.00 AND Jre70.JRE70-COM version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF32 version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF32-HS version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF64 version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF64-HS version is less than 1.7.0.10.00

Definition Id: oval:org.mitre.oval:def:26592

Oval ID:	oval:org.mitre.oval:def:26592
Title:	HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description:	Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Security.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-4252	Version:	8
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
platforms HP-UX B.11.11 AND HP-UX B.11.23 AND HP-UX B.11.31 AND filesets test Jdk60.JDK60 version is less than 1.6.0.23.00 AND Jdk60.JDK60-COM version is less than 1.6.0.23.00 AND Jdk60.JDK60-IPF32 version is less than 1.6.0.23.00 AND Jdk60.JDK60-IPF64 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PNV2 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PWV2 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PA20 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PA20W version is less than 1.6.0.23.00 AND Jre60.JRE60-PNV2 version is less than 1.6.0.23.00 AND Jre60.JRE60-PNV2-H version is less than 1.6.0.23.00 AND Jre60.JRE60-PWV2 version is less than 1.6.0.23.00 AND Jre60.JRE60-PWV2-H version is less than 1.6.0.23.00 AND Jre60.JRE60-COM version is less than 1.6.0.23.00 AND Jre60.JRE60-COM-DOC version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20 version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20W version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20W-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF32 version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF32-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF64 version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF64-HS version is less than 1.6.0.23.00 AND Jdk70.JDK70-COM version is less than 1.7.0.10.00 AND Jdk70.JDK70-DEMO version is less than 1.7.0.10.00 AND Jdk70.JDK70-IPF32 version is less than 1.7.0.10.00 AND Jdk70.JDK70-IPF64 version is less than 1.7.0.10.00 AND Jre70.JRE70-COM version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF32 version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF32-HS version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF64 version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF64-HS version is less than 1.7.0.10.00

Definition Id: oval:org.mitre.oval:def:26604

Oval ID:	oval:org.mitre.oval:def:26604
Title:	HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description:	Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4208.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-4220	Version:	8
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
platforms HP-UX B.11.11 AND HP-UX B.11.23 AND HP-UX B.11.31 AND filesets test Jdk60.JDK60 version is less than 1.6.0.23.00 AND Jdk60.JDK60-COM version is less than 1.6.0.23.00 AND Jdk60.JDK60-IPF32 version is less than 1.6.0.23.00 AND Jdk60.JDK60-IPF64 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PNV2 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PWV2 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PA20 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PA20W version is less than 1.6.0.23.00 AND Jre60.JRE60-PNV2 version is less than 1.6.0.23.00 AND Jre60.JRE60-PNV2-H version is less than 1.6.0.23.00 AND Jre60.JRE60-PWV2 version is less than 1.6.0.23.00 AND Jre60.JRE60-PWV2-H version is less than 1.6.0.23.00 AND Jre60.JRE60-COM version is less than 1.6.0.23.00 AND Jre60.JRE60-COM-DOC version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20 version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20W version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20W-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF32 version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF32-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF64 version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF64-HS version is less than 1.6.0.23.00

Definition Id: oval:org.mitre.oval:def:26625

Oval ID:	oval:org.mitre.oval:def:26625
Title:	HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description:	Unspecified vulnerability in Oracle Java SE 7u51 and 8, and JavaFX 2.2.51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-2422	Version:	8
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
platforms HP-UX B.11.11 AND HP-UX B.11.23 AND HP-UX B.11.31 AND filesets test Jdk60.JDK60 version is less than 1.6.0.23.00 AND Jdk60.JDK60-COM version is less than 1.6.0.23.00 AND Jdk60.JDK60-IPF32 version is less than 1.6.0.23.00 AND Jdk60.JDK60-IPF64 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PNV2 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PWV2 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PA20 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PA20W version is less than 1.6.0.23.00 AND Jre60.JRE60-PNV2 version is less than 1.6.0.23.00 AND Jre60.JRE60-PNV2-H version is less than 1.6.0.23.00 AND Jre60.JRE60-PWV2 version is less than 1.6.0.23.00 AND Jre60.JRE60-PWV2-H version is less than 1.6.0.23.00 AND Jre60.JRE60-COM version is less than 1.6.0.23.00 AND Jre60.JRE60-COM-DOC version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20 version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20W version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20W-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF32 version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF32-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF64 version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF64-HS version is less than 1.6.0.23.00

Definition Id: oval:org.mitre.oval:def:26648

Oval ID:	oval:org.mitre.oval:def:26648
Title:	HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description:	Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect integrity via unknown vectors related to Libraries.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-2413	Version:	8
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
platforms HP-UX B.11.11 AND HP-UX B.11.23 AND HP-UX B.11.31 AND filesets test Jdk60.JDK60 version is less than 1.6.0.23.00 AND Jdk60.JDK60-COM version is less than 1.6.0.23.00 AND Jdk60.JDK60-IPF32 version is less than 1.6.0.23.00 AND Jdk60.JDK60-IPF64 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PNV2 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PWV2 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PA20 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PA20W version is less than 1.6.0.23.00 AND Jre60.JRE60-PNV2 version is less than 1.6.0.23.00 AND Jre60.JRE60-PNV2-H version is less than 1.6.0.23.00 AND Jre60.JRE60-PWV2 version is less than 1.6.0.23.00 AND Jre60.JRE60-PWV2-H version is less than 1.6.0.23.00 AND Jre60.JRE60-COM version is less than 1.6.0.23.00 AND Jre60.JRE60-COM-DOC version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20 version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20W version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20W-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF32 version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF32-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF64 version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF64-HS version is less than 1.6.0.23.00

Definition Id: oval:org.mitre.oval:def:26653

Oval ID:	oval:org.mitre.oval:def:26653
Title:	HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description:	Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-0429	Version:	8
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
platforms HP-UX B.11.11 AND HP-UX B.11.23 AND HP-UX B.11.31 AND filesets test Jdk70.JDK70-COM version is less than 1.7.0.10.00 AND Jdk70.JDK70-DEMO version is less than 1.7.0.10.00 AND Jdk70.JDK70-IPF32 version is less than 1.7.0.10.00 AND Jdk70.JDK70-IPF64 version is less than 1.7.0.10.00 AND Jre70.JRE70-COM version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF32 version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF32-HS version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF64 version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF64-HS version is less than 1.7.0.10.00

Definition Id: oval:org.mitre.oval:def:26655

Oval ID:	oval:org.mitre.oval:def:26655
Title:	HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description:	Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and R28.3.2, allows remote attackers to affect confidentiality and integrity via unknown vectors related to "Diffie-Hellman key agreement."
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-4263	Version:	8
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
platforms HP-UX B.11.11 AND HP-UX B.11.23 AND HP-UX B.11.31 AND filesets test Jdk60.JDK60 version is less than 1.6.0.23.00 AND Jdk60.JDK60-COM version is less than 1.6.0.23.00 AND Jdk60.JDK60-IPF32 version is less than 1.6.0.23.00 AND Jdk60.JDK60-IPF64 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PNV2 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PWV2 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PA20 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PA20W version is less than 1.6.0.23.00 AND Jre60.JRE60-PNV2 version is less than 1.6.0.23.00 AND Jre60.JRE60-PNV2-H version is less than 1.6.0.23.00 AND Jre60.JRE60-PWV2 version is less than 1.6.0.23.00 AND Jre60.JRE60-PWV2-H version is less than 1.6.0.23.00 AND Jre60.JRE60-COM version is less than 1.6.0.23.00 AND Jre60.JRE60-COM-DOC version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20 version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20W version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20W-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF32 version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF32-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF64 version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF64-HS version is less than 1.6.0.23.00 AND Jdk70.JDK70-COM version is less than 1.7.0.10.00 AND Jdk70.JDK70-DEMO version is less than 1.7.0.10.00 AND Jdk70.JDK70-IPF32 version is less than 1.7.0.10.00 AND Jdk70.JDK70-IPF64 version is less than 1.7.0.10.00 AND Jre70.JRE70-COM version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF32 version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF32-HS version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF64 version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF64-HS version is less than 1.7.0.10.00

Definition Id: oval:org.mitre.oval:def:26670

Oval ID:	oval:org.mitre.oval:def:26670
Title:	HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description:	Unspecified vulnerability in the Java SE component in Oracle Java SE Java SE 7u60 and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-4223. NOTE: the previous information is from the July 2014 CPU. Oracle has not commented on another vendor's claim that the issue is related to improper restriction of the "use of privileged annotations."
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-2483	Version:	8
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
platforms HP-UX B.11.11 AND HP-UX B.11.23 AND HP-UX B.11.31 AND filesets test Jdk60.JDK60 version is less than 1.6.0.23.00 AND Jdk60.JDK60-COM version is less than 1.6.0.23.00 AND Jdk60.JDK60-IPF32 version is less than 1.6.0.23.00 AND Jdk60.JDK60-IPF64 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PNV2 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PWV2 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PA20 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PA20W version is less than 1.6.0.23.00 AND Jre60.JRE60-PNV2 version is less than 1.6.0.23.00 AND Jre60.JRE60-PNV2-H version is less than 1.6.0.23.00 AND Jre60.JRE60-PWV2 version is less than 1.6.0.23.00 AND Jre60.JRE60-PWV2-H version is less than 1.6.0.23.00 AND Jre60.JRE60-COM version is less than 1.6.0.23.00 AND Jre60.JRE60-COM-DOC version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20 version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20W version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20W-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF32 version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF32-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF64 version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF64-HS version is less than 1.6.0.23.00

Definition Id: oval:org.mitre.oval:def:26676

Oval ID:	oval:org.mitre.oval:def:26676
Title:	HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description:	Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and JRockit R28.3.2, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-4244	Version:	8
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
platforms HP-UX B.11.11 AND HP-UX B.11.23 AND HP-UX B.11.31 AND filesets test Jdk60.JDK60 version is less than 1.6.0.23.00 AND Jdk60.JDK60-COM version is less than 1.6.0.23.00 AND Jdk60.JDK60-IPF32 version is less than 1.6.0.23.00 AND Jdk60.JDK60-IPF64 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PNV2 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PWV2 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PA20 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PA20W version is less than 1.6.0.23.00 AND Jre60.JRE60-PNV2 version is less than 1.6.0.23.00 AND Jre60.JRE60-PNV2-H version is less than 1.6.0.23.00 AND Jre60.JRE60-PWV2 version is less than 1.6.0.23.00 AND Jre60.JRE60-PWV2-H version is less than 1.6.0.23.00 AND Jre60.JRE60-COM version is less than 1.6.0.23.00 AND Jre60.JRE60-COM-DOC version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20 version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20W version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20W-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF32 version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF32-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF64 version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF64-HS version is less than 1.6.0.23.00 AND Jdk70.JDK70-COM version is less than 1.7.0.10.00 AND Jdk70.JDK70-DEMO version is less than 1.7.0.10.00 AND Jdk70.JDK70-IPF32 version is less than 1.7.0.10.00 AND Jdk70.JDK70-IPF64 version is less than 1.7.0.10.00 AND Jre70.JRE70-COM version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF32 version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF32-HS version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF64 version is less than 1.7.0.10.00 AND Jre70.JRE70-IPF64-HS version is less than 1.7.0.10.00

Definition Id: oval:org.mitre.oval:def:26705

Oval ID:	oval:org.mitre.oval:def:26705
Title:	SUSE-SU-2014:1037-1 -- Security update for IBM Java 1.7.0
Description:	IBM Java 1.7.0 has been updated to fix 14 security issues.
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2014:1037-1 CVE-2014-4227 CVE-2014-4262 CVE-2014-4219 CVE-2014-4209 CVE-2014-4220 CVE-2014-4268 CVE-2014-4218 CVE-2014-4252 CVE-2014-4266 CVE-2014-4265 CVE-2014-4221 CVE-2014-4263 CVE-2014-4244 CVE-2014-4208	Version:	3
Platform(s):	SUSE Linux Enterprise Server 11	Product(s):	IBM Java 1.7.0
Definition Synopsis:
SUSE Linux Enterprise Server 11.x is installed Packages match section java-1_7_0-ibm RPM is earlier than 0:1.7.0_sr7.1-0.5.1 AND java-1_7_0-ibm-jdbc RPM is earlier than 0:1.7.0_sr7.1-0.5.1 AND java-1_7_0-ibm-alsa RPM is earlier than 0:1.7.0_sr7.1-0.5.1 AND java-1_7_0-ibm-plugin RPM is earlier than 0:1.7.0_sr7.1-0.5.1

Definition Id: oval:org.mitre.oval:def:26716

Oval ID:	oval:org.mitre.oval:def:26716
Title:	ELSA-2014-1620 -- java-1.7.0-openjdk security and bug fix update
Description:	[1:1.7.0.65-2.5.3.1.0.1.el7_0] - Update DISTRO_NAME in specfile [1:1.7.0.65-2.5.3.1] - Bump to 2.5.3 for latest security fixes. - Remove obsolete patches. - Add hsbootstrap option to pre-build HotSpot when required. - Resolves: rhbz#1148893
Family:	unix	Class:	patch
Reference(s):	ELSA-2014-1620 CVE-2014-6457 CVE-2014-6502 CVE-2014-6504 CVE-2014-6506 CVE-2014-6511 CVE-2014-6512 CVE-2014-6517 CVE-2014-6519 CVE-2014-6531 CVE-2014-6558	Version:	6
Platform(s):	Oracle Linux 6 Oracle Linux 7	Product(s):	java-1.7.0-openjdk
Definition Synopsis:
Oracle Linux 6 release section Oracle Linux 6.x Packages match section java-1.7.0-openjdk is earlier than 1:1.7.0.71-2.5.3.1.0.1.el6 AND java-1.7.0-openjdk-demo is earlier than 1:1.7.0.71-2.5.3.1.0.1.el6 AND java-1.7.0-openjdk-devel is earlier than 1:1.7.0.71-2.5.3.1.0.1.el6 AND java-1.7.0-openjdk-javadoc is earlier than 1:1.7.0.71-2.5.3.1.0.1.el6 AND java-1.7.0-openjdk-src is earlier than 1:1.7.0.71-2.5.3.1.0.1.el6 AND Oracle Linux 7 release section Oracle Linux 7.x Packages match section java-1.7.0-openjdk is earlier than 1:1.7.0.71-2.5.3.1.0.1.el7_0 AND java-1.7.0-openjdk-accessibility is earlier than 1:1.7.0.71-2.5.3.1.0.1.el7_0 AND java-1.7.0-openjdk-demo is earlier than 1:1.7.0.71-2.5.3.1.0.1.el7_0 AND java-1.7.0-openjdk-devel is earlier than 1:1.7.0.71-2.5.3.1.0.1.el7_0 AND java-1.7.0-openjdk-headless is earlier than 1:1.7.0.71-2.5.3.1.0.1.el7_0 AND java-1.7.0-openjdk-javadoc is earlier than 1:1.7.0.71-2.5.3.1.0.1.el7_0 AND java-1.7.0-openjdk-src is earlier than 1:1.7.0.71-2.5.3.1.0.1.el7_0

Definition Id: oval:org.mitre.oval:def:26717

Oval ID:	oval:org.mitre.oval:def:26717
Title:	HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description:	Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect integrity via unknown vectors related to Serviceability.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-4266	Version:	8
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
platforms HP-UX B.11.11 AND HP-UX B.11.23 AND HP-UX B.11.31 AND filesets test Jdk60.JDK60 version is less than 1.6.0.23.00 AND Jdk60.JDK60-COM version is less than 1.6.0.23.00 AND Jdk60.JDK60-IPF32 version is less than 1.6.0.23.00 AND Jdk60.JDK60-IPF64 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PNV2 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PWV2 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PA20 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PA20W version is less than 1.6.0.23.00 AND Jre60.JRE60-PNV2 version is less than 1.6.0.23.00 AND Jre60.JRE60-PNV2-H version is less than 1.6.0.23.00 AND Jre60.JRE60-PWV2 version is less than 1.6.0.23.00 AND Jre60.JRE60-PWV2-H version is less than 1.6.0.23.00 AND Jre60.JRE60-COM version is less than 1.6.0.23.00 AND Jre60.JRE60-COM-DOC version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20 version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20W version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20W-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF32 version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF32-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF64 version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF64-HS version is less than 1.6.0.23.00

Definition Id: oval:org.mitre.oval:def:26720

Oval ID:	oval:org.mitre.oval:def:26720
Title:	HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description:	Unspecified vulnerability in Oracle Java SE 7u60 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-2483.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-4223	Version:	8
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
platforms HP-UX B.11.11 AND HP-UX B.11.23 AND HP-UX B.11.31 AND filesets test Jdk60.JDK60 version is less than 1.6.0.23.00 AND Jdk60.JDK60-COM version is less than 1.6.0.23.00 AND Jdk60.JDK60-IPF32 version is less than 1.6.0.23.00 AND Jdk60.JDK60-IPF64 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PNV2 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PWV2 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PA20 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PA20W version is less than 1.6.0.23.00 AND Jre60.JRE60-PNV2 version is less than 1.6.0.23.00 AND Jre60.JRE60-PNV2-H version is less than 1.6.0.23.00 AND Jre60.JRE60-PWV2 version is less than 1.6.0.23.00 AND Jre60.JRE60-PWV2-H version is less than 1.6.0.23.00 AND Jre60.JRE60-COM version is less than 1.6.0.23.00 AND Jre60.JRE60-COM-DOC version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20 version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20W version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20W-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF32 version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF32-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF64 version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF64-HS version is less than 1.6.0.23.00

Definition Id: oval:org.mitre.oval:def:26723

Oval ID:	oval:org.mitre.oval:def:26723
Title:	HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description:	Unspecified vulnerability in the Java SE component in Oracle Java SE 7u60 and SE 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-2490	Version:	8
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
platforms HP-UX B.11.11 AND HP-UX B.11.23 AND HP-UX B.11.31 AND filesets test Jdk60.JDK60 version is less than 1.6.0.23.00 AND Jdk60.JDK60-COM version is less than 1.6.0.23.00 AND Jdk60.JDK60-IPF32 version is less than 1.6.0.23.00 AND Jdk60.JDK60-IPF64 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PNV2 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PWV2 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PA20 version is less than 1.6.0.23.00 AND Jdk60.JDK60-PA20W version is less than 1.6.0.23.00 AND Jre60.JRE60-PNV2 version is less than 1.6.0.23.00 AND Jre60.JRE60-PNV2-H version is less than 1.6.0.23.00 AND Jre60.JRE60-PWV2 version is less than 1.6.0.23.00 AND Jre60.JRE60-PWV2-H version is less than 1.6.0.23.00 AND Jre60.JRE60-COM version is less than 1.6.0.23.00 AND Jre60.JRE60-COM-DOC version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20 version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20W version is less than 1.6.0.23.00 AND Jre60.JRE60-PA20W-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF32 version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF32-HS version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF64 version is less than 1.6.0.23.00 AND Jre60.JRE60-IPF64-HS version is less than 1.6.0.23.00

Definition Id: oval:org.mitre.oval:def:26796

Oval ID:	oval:org.mitre.oval:def:26796
Title:	ELSA-2014-1633 -- java-1.7.0-openjdk security and bug fix update
Description:	[1:1.7.0.71-2.5.3.1.0.1.el5_11] - Add oracle-enterprise.patch - Fix DISTRO_NAME to 'Enterprise Linux' [1:1.7.0.71-2.5.3.1] - Bump to 2.5.3 with security updates. - Remove obsolete patches which are now included upstream. - Disable LCMS via environment variables rather than maintaining a patch. - Resolves: rhbz#1148890
Family:	unix	Class:	patch
Reference(s):	ELSA-2014-1633 CVE-2014-6457 CVE-2014-6502 CVE-2014-6504 CVE-2014-6506 CVE-2014-6511 CVE-2014-6512 CVE-2014-6517 CVE-2014-6519 CVE-2014-6531 CVE-2014-6558	Version:	6
Platform(s):	Oracle Linux 5	Product(s):	java-1.7.0-openjdk
Definition Synopsis:
Oracle Linux 5.x Packages match section java-1.7.0-openjdk is earlier than 1:1.7.0.71-2.5.3.1.0.1.el5_11 AND java-1.7.0-openjdk-demo is earlier than 1:1.7.0.71-2.5.3.1.0.1.el5_11 AND java-1.7.0-openjdk-devel is earlier than 1:1.7.0.71-2.5.3.1.0.1.el5_11 AND java-1.7.0-openjdk-javadoc is earlier than 1:1.7.0.71-2.5.3.1.0.1.el5_11 AND java-1.7.0-openjdk-src is earlier than 1:1.7.0.71-2.5.3.1.0.1.el5_11

Definition Id: oval:org.mitre.oval:def:26866

Oval ID:	oval:org.mitre.oval:def:26866
Title:	DEPRECATED: SUSE-SU-2014:1037-1 -- Security update for IBM Java 1.7.0
Description:	IBM Java 1.7.0 has been updated to fix 14 security issues.
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2014:1037-1 CVE-2014-4227 CVE-2014-4262 CVE-2014-4219 CVE-2014-4209 CVE-2014-4220 CVE-2014-4268 CVE-2014-4218 CVE-2014-4252 CVE-2014-4266 CVE-2014-4265 CVE-2014-4221 CVE-2014-4263 CVE-2014-4244 CVE-2014-4208	Version:	4
Platform(s):	SUSE Linux Enterprise Server 11	Product(s):	IBM Java 1.7.0
Definition Synopsis:
SUSE Linux Enterprise Server 11.x is installed Packages match section java-1_7_0-ibm RPM is earlier than 0:1.7.0_sr7.1-0.5.1 AND java-1_7_0-ibm-jdbc RPM is earlier than 0:1.7.0_sr7.1-0.5.1 AND java-1_7_0-ibm-alsa RPM is earlier than 0:1.7.0_sr7.1-0.5.1 AND java-1_7_0-ibm-plugin RPM is earlier than 0:1.7.0_sr7.1-0.5.1

Definition Id: oval:org.mitre.oval:def:26915

Oval ID:	oval:org.mitre.oval:def:26915
Title:	RHSA-2014:1657: java-1.7.0-oracle security update (Critical)
Description:	Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2014-4288, CVE-2014-6456, CVE-2014-6457, CVE-2014-6458, CVE-2014-6476, CVE-2014-6492, CVE-2014-6493, CVE-2014-6502, CVE-2014-6503, CVE-2014-6504, CVE-2014-6506, CVE-2014-6511, CVE-2014-6512, CVE-2014-6515, CVE-2014-6517, CVE-2014-6519, CVE-2014-6527, CVE-2014-6531, CVE-2014-6532, CVE-2014-6558) The CVE-2014-6512 issue was discovered by Florian Weimer of Red Hat Product Security. All users of java-1.7.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 7 Update 72 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect.
Family:	unix	Class:	patch
Reference(s):	RHSA-2014:1657-00 CVE-2014-4288 CVE-2014-6456 CVE-2014-6457 CVE-2014-6458 CVE-2014-6476 CVE-2014-6492 CVE-2014-6493 CVE-2014-6502 CVE-2014-6503 CVE-2014-6504 CVE-2014-6506 CVE-2014-6511 CVE-2014-6512 CVE-2014-6515 CVE-2014-6517 CVE-2014-6519 CVE-2014-6527 CVE-2014-6531 CVE-2014-6532 CVE-2014-6558	Version:	5
Platform(s):	Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 7	Product(s):	java-1.7.0-oracle
Definition Synopsis:
Red Hat Enterprise Linux 5 release section The operating system installed on the system is Red Hat Enterprise Linux 5 Packages match section java-1.7.0-oracle is earlier than 1:1.7.0.72-1jpp.4.el5_11 AND java-1.7.0-oracle-devel is earlier than 1:1.7.0.72-1jpp.4.el5_11 AND java-1.7.0-oracle-javafx is earlier than 1:1.7.0.72-1jpp.4.el5_11 AND java-1.7.0-oracle-jdbc is earlier than 1:1.7.0.72-1jpp.4.el5_11 AND java-1.7.0-oracle-plugin is earlier than 1:1.7.0.72-1jpp.4.el5_11 AND java-1.7.0-oracle-src is earlier than 1:1.7.0.72-1jpp.4.el5_11 AND Red Hat Enterprise Linux 6 release section The operating system installed on the system is Red Hat Enterprise Linux 6 Packages match section java-1.7.0-oracle is earlier than 1:1.7.0.72-1jpp.2.el6 AND java-1.7.0-oracle-devel is earlier than 1:1.7.0.72-1jpp.2.el6 AND java-1.7.0-oracle-javafx is earlier than 1:1.7.0.72-1jpp.2.el6 AND java-1.7.0-oracle-jdbc is earlier than 1:1.7.0.72-1jpp.2.el6 AND java-1.7.0-oracle-plugin is earlier than 1:1.7.0.72-1jpp.2.el6 AND java-1.7.0-oracle-src is earlier than 1:1.7.0.72-1jpp.2.el6 AND Red Hat Enterprise Linux 7 release section The operating system installed on the system is Red Hat Enterprise Linux 7 Packages match section java-1.7.0-oracle is earlier than 1:1.7.0.72-1jpp.2.el7 AND java-1.7.0-oracle-devel is earlier than 1:1.7.0.72-1jpp.2.el7 AND java-1.7.0-oracle-javafx is earlier than 1:1.7.0.72-1jpp.2.el7 AND java-1.7.0-oracle-jdbc is earlier than 1:1.7.0.72-1jpp.2.el7 AND java-1.7.0-oracle-plugin is earlier than 1:1.7.0.72-1jpp.2.el7 AND java-1.7.0-oracle-src is earlier than 1:1.7.0.72-1jpp.2.el7

Definition Id: oval:org.mitre.oval:def:26947

Oval ID:	oval:org.mitre.oval:def:26947
Title:	RHSA-2014:1636: java-1.8.0-openjdk security update (Important)
Description:	The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. It was discovered that the Libraries component in OpenJDK failed to properly handle ZIP archives that contain entries with a NUL byte used in the file names. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2014-6562) Multiple flaws were discovered in the Libraries, 2D, and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-6506, CVE-2014-6531, CVE-2014-6502, CVE-2014-6511, CVE-2014-6504, CVE-2014-6519) It was discovered that the StAX XML parser in the JAXP component in OpenJDK performed expansion of external parameter entities even when external entity substitution was disabled. A remote attacker could use this flaw to perform XML eXternal Entity (XXE) attack against applications using the StAX parser to parse untrusted XML documents. (CVE-2014-6517) It was discovered that the Hotspot component in OpenJDK failed to properly handle malformed Shared Archive files. A local attacker able to modify a Shared Archive file used by a virtual machine of a different user could possibly use this flaw to escalate their privileges. (CVE-2014-6468) It was discovered that the DatagramSocket implementation in OpenJDK failed to perform source address checks for packets received on a connected socket. A remote attacker could use this flaw to have their packets processed as if they were received from the expected source. (CVE-2014-6512) It was discovered that the TLS/SSL implementation in the JSSE component in OpenJDK failed to properly verify the server identity during the renegotiation following session resumption, making it possible for malicious TLS/SSL servers to perform a Triple Handshake attack against clients using JSSE and client certificate authentication. (CVE-2014-6457) It was discovered that the CipherInputStream class implementation in OpenJDK did not properly handle certain exceptions. This could possibly allow an attacker to affect the integrity of an encrypted stream handled by this class. (CVE-2014-6558) The CVE-2014-6512 was discovered by Florian Weimer of Red Hat Product Security. All users of java-1.8.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
Family:	unix	Class:	patch
Reference(s):	RHSA-2014:1636-00 CVE-2014-6457 CVE-2014-6468 CVE-2014-6502 CVE-2014-6504 CVE-2014-6506 CVE-2014-6511 CVE-2014-6512 CVE-2014-6517 CVE-2014-6519 CVE-2014-6531 CVE-2014-6558 CVE-2014-6562 CESA-2014:1636	Version:	5
Platform(s):	Red Hat Enterprise Linux 6 CentOS Linux 6	Product(s):	java-1.8.0-openjdk
Definition Synopsis:
Red Hat Enterprise Linux 6 and CentOS Linux 6 release section Operation system section The operating system installed on the system is Red Hat Enterprise Linux 6 AND The operating system installed on the system is CentOS Linux 6.x Packages match section java-1.8.0-openjdk is earlier than 0:1.8.0.25-1.b17.el6 AND java-1.8.0-openjdk-demo is earlier than 0:1.8.0.25-1.b17.el6 AND java-1.8.0-openjdk-devel is earlier than 0:1.8.0.25-1.b17.el6 AND java-1.8.0-openjdk-headless is earlier than 0:1.8.0.25-1.b17.el6 AND java-1.8.0-openjdk-javadoc is earlier than 0:1.8.0.25-1.b17.el6 AND java-1.8.0-openjdk-src is earlier than 0:1.8.0.25-1.b17.el6 AND Red Hat Enterprise Linux 6 release section The operating system installed on the system is Red Hat Enterprise Linux 6 AND java-1.8.0-openjdk-debuginfo is earlier than 0:1.8.0.25-1.b17.el6

Definition Id: oval:org.mitre.oval:def:26967

Oval ID:	oval:org.mitre.oval:def:26967
Title:	DEPRECATED: SUSE-SU-2014:1055-1 -- Security update for IBM Java
Description:	java-1_6_0-ibm has been updated to fix several security issues.
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2014:1055-1 CVE-2014-4227 CVE-2014-4262 CVE-2014-4219 CVE-2014-4209 CVE-2014-4268 CVE-2014-4218 CVE-2014-4252 CVE-2014-4265 CVE-2014-4263 CVE-2014-4244	Version:	4
Platform(s):	SUSE Linux Enterprise Server 11	Product(s):	IBM Java
Definition Synopsis:
SUSE Linux Enterprise Server 11.x is installed Packages match section java-1_6_0-ibm RPM is earlier than 0:1.6.0_sr16.1-0.3.1 AND java-1_6_0-ibm-fonts RPM is earlier than 0:1.6.0_sr16.1-0.3.1 AND java-1_6_0-ibm-jdbc RPM is earlier than 0:1.6.0_sr16.1-0.3.1 AND java-1_6_0-ibm-plugin RPM is earlier than 0:1.6.0_sr16.1-0.3.1 AND java-1_6_0-ibm-alsa RPM is earlier than 0:1.6.0_sr16.1-0.3.1

Definition Id: oval:org.mitre.oval:def:26995

Oval ID:	oval:org.mitre.oval:def:26995
Title:	ELSA-2014-0890 -- java-1.7.0-openjdk security update (important)
Description:	[1.7.0.65-2.5.1.2.0.1.el5_10] - Add oracle-enterprise.patch - Fix DISTRO_NAME to 'Enterprise Linux' [1.7.0.65-2.5.1.2] - added and applied fix for samrtcard io patch405, pr1864_smartcardIO.patch - Resolves: rhbz#1115872 [1.7.0.65-2.5.1.1.el5] - updated to security patched icedtea7-forest 2.5.1 - Resolves: rhbz#1115872 [1.7.0.60-2.5.0.1.el5] - update to icedtea7-forest 2.5.0 (rh1114937) - Resolves: rhbz#1115872
Family:	unix	Class:	patch
Reference(s):	ELSA-2014-0890 CVE-2014-2483 CVE-2014-2490 CVE-2014-4209 CVE-2014-4216 CVE-2014-4218 CVE-2014-4219 CVE-2014-4221 CVE-2014-4223 CVE-2014-4244 CVE-2014-4252 CVE-2014-4262 CVE-2014-4263 CVE-2014-4266	Version:	5
Platform(s):	Oracle Linux 5	Product(s):	java-1.7.0-openjdk
Definition Synopsis:
Oracle Linux 5.x Packages match section java-1.7.0-openjdk is earlier than 1:1.7.0.65-2.5.1.2.0.1.el5_10 AND java-1.7.0-openjdk-demo is earlier than 1:1.7.0.65-2.5.1.2.0.1.el5_10 AND java-1.7.0-openjdk-devel is earlier than 1:1.7.0.65-2.5.1.2.0.1.el5_10 AND java-1.7.0-openjdk-javadoc is earlier than 1:1.7.0.65-2.5.1.2.0.1.el5_10 AND java-1.7.0-openjdk-src is earlier than 1:1.7.0.65-2.5.1.2.0.1.el5_10

Definition Id: oval:org.mitre.oval:def:27028

Oval ID:	oval:org.mitre.oval:def:27028
Title:	USN-2388-2 -- OpenJDK 7 vulnerabilities
Description:	USN-2388-1 fixed vulnerabilities in OpenJDK 7 for Ubuntu 14.04 LTS. This update provides the corresponding updates for Ubuntu 14.10. Original advisory details: A vulnerability was discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit this to expose sensitive data over the network. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-6457">CVE-2014-6457</a>) Several vulnerabilities were discovered in the OpenJDK JRE related to data integrity. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-6502">CVE-2014-6502</a>, <a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-6512">CVE-2014-6512</a>, <a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-6519">CVE-2014-6519</a>, <a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-6527">CVE-2014-6527</a>, <a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-6558">CVE-2014-6558</a>) Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure. An attacker could exploit these to expose sensitive data over the network. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-6504">CVE-2014-6504</a>, <a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-6511">CVE-2014-6511</a>, <a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-6517">CVE-2014-6517</a>, <a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-6531">CVE-2014-6531</a>) Two vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-6506">CVE-2014-6506</a>, <a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-6513">CVE-2014-6513</a>)
Family:	unix	Class:	patch
Reference(s):	USN-2388-2 CVE-2014-6457 CVE-2014-6502 CVE-2014-6512 CVE-2014-6519 CVE-2014-6527 CVE-2014-6558 CVE-2014-6504 CVE-2014-6511 CVE-2014-6517 CVE-2014-6531 CVE-2014-6506 CVE-2014-6513	Version:	3
Platform(s):	Ubuntu 14.10	Product(s):	openjdk-7
Definition Synopsis:
Ubuntu 14.10 is installed Packages match section openjdk-7-jre-lib is earlier than 0:7u71-2.5.3-0ubuntu1 AND openjdk-7-jre-zero is earlier than 0:7u71-2.5.3-0ubuntu1 AND icedtea-7-jre-jamvm is earlier than 0:7u71-2.5.3-0ubuntu1 AND openjdk-7-jre-headless is earlier than 0:7u71-2.5.3-0ubuntu1 AND openjdk-7-jre is earlier than 0:7u71-2.5.3-0ubuntu1

Definition Id: oval:org.mitre.oval:def:27029

Oval ID:	oval:org.mitre.oval:def:27029
Title:	ELSA-2014-0685 -- java-1.6.0-openjdk security update (important)
Description:	[1:1.6.0.1-6.1.13.3] - updated to icedtea 1.13.3 - updated to openjdk-6-src-b31-15_apr_2014 - renmoved upstreamed patch7, 1.13_fixes.patch - renmoved upstreamed patch9, 1051245.patch - Resolves: rhbz#1099563
Family:	unix	Class:	patch
Reference(s):	ELSA-2014-0685 CVE-2014-0456 CVE-2014-0457 CVE-2014-0458 CVE-2014-0460 CVE-2014-0461 CVE-2014-1876 CVE-2014-2397 CVE-2014-2398 CVE-2014-2403 CVE-2014-2412 CVE-2014-2414 CVE-2014-2421 CVE-2014-2423 CVE-2014-2427 CVE-2014-0429 CVE-2014-0446 CVE-2014-0451 CVE-2014-0452 CVE-2014-0453	Version:	5
Platform(s):	Oracle Linux 7	Product(s):	java-1.6.0-openjdk
Definition Synopsis:
Oracle Linux 7.x Packages match section java-1.6.0-openjdk is earlier than 1:1.6.0.0-6.1.13.3.el7_0 AND java-1.6.0-openjdk-demo is earlier than 1:1.6.0.0-6.1.13.3.el7_0 AND java-1.6.0-openjdk-devel is earlier than 1:1.6.0.0-6.1.13.3.el7_0 AND java-1.6.0-openjdk-javadoc is earlier than 1:1.6.0.0-6.1.13.3.el7_0 AND java-1.6.0-openjdk-src is earlier than 1:1.6.0.0-6.1.13.3.el7_0

Definition Id: oval:org.mitre.oval:def:27068

Oval ID:	oval:org.mitre.oval:def:27068
Title:	RHSA-2014:1658: java-1.6.0-sun security update (Important)
Description:	Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2014-4288, CVE-2014-6457, CVE-2014-6458, CVE-2014-6492, CVE-2014-6493, CVE-2014-6502, CVE-2014-6503, CVE-2014-6504, CVE-2014-6506, CVE-2014-6511, CVE-2014-6512, CVE-2014-6515, CVE-2014-6517, CVE-2014-6531, CVE-2014-6532, CVE-2014-6558) The CVE-2014-6512 issue was discovered by Florian Weimer of Red Hat Product Security. All users of java-1.6.0-sun are advised to upgrade to these updated packages, which provide Oracle Java 6 Update 85 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect.
Family:	unix	Class:	patch
Reference(s):	RHSA-2014:1658-00 CVE-2014-4288 CVE-2014-6457 CVE-2014-6458 CVE-2014-6492 CVE-2014-6493 CVE-2014-6502 CVE-2014-6503 CVE-2014-6504 CVE-2014-6506 CVE-2014-6511 CVE-2014-6512 CVE-2014-6515 CVE-2014-6517 CVE-2014-6531 CVE-2014-6532 CVE-2014-6558	Version:	5
Platform(s):	Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 7	Product(s):	java-1.6.0-sun
Definition Synopsis:
Red Hat Enterprise Linux 5 release section The operating system installed on the system is Red Hat Enterprise Linux 5 Packages match section java-1.6.0-sun is earlier than 1:1.6.0.85-1jpp.3.el5_11 AND java-1.6.0-sun-demo is earlier than 1:1.6.0.85-1jpp.3.el5_11 AND java-1.6.0-sun-devel is earlier than 1:1.6.0.85-1jpp.3.el5_11 AND java-1.6.0-sun-jdbc is earlier than 1:1.6.0.85-1jpp.3.el5_11 AND java-1.6.0-sun-plugin is earlier than 1:1.6.0.85-1jpp.3.el5_11 AND java-1.6.0-sun-src is earlier than 1:1.6.0.85-1jpp.3.el5_11 AND Red Hat Enterprise Linux 6 release section The operating system installed on the system is Red Hat Enterprise Linux 6 Packages match section java-1.6.0-sun is earlier than 1:1.6.0.85-1jpp.2.el6 AND java-1.6.0-sun-demo is earlier than 1:1.6.0.85-1jpp.2.el6 AND java-1.6.0-sun-devel is earlier than 1:1.6.0.85-1jpp.2.el6 AND java-1.6.0-sun-jdbc is earlier than 1:1.6.0.85-1jpp.2.el6 AND java-1.6.0-sun-plugin is earlier than 1:1.6.0.85-1jpp.2.el6 AND java-1.6.0-sun-src is earlier than 1:1.6.0.85-1jpp.2.el6 AND Red Hat Enterprise Linux 7 release section The operating system installed on the system is Red Hat Enterprise Linux 7 Packages match section java-1.6.0-sun is earlier than 1:1.6.0.85-1jpp.2.el7 AND java-1.6.0-sun-demo is earlier than 1:1.6.0.85-1jpp.2.el7 AND java-1.6.0-sun-devel is earlier than 1:1.6.0.85-1jpp.2.el7 AND java-1.6.0-sun-jdbc is earlier than 1:1.6.0.85-1jpp.2.el7 AND java-1.6.0-sun-plugin is earlier than 1:1.6.0.85-1jpp.2.el7 AND java-1.6.0-sun-src is earlier than 1:1.6.0.85-1jpp.2.el7

Definition Id: oval:org.mitre.oval:def:27128

Oval ID:	oval:org.mitre.oval:def:27128
Title:	USN-2386-1 -- OpenJDK 6 vulnerabilities
Description:	A vulnerability was discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit this to expose sensitive data over the network. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-6457">CVE-2014-6457</a>) Several vulnerabilities were discovered in the OpenJDK JRE related to data integrity. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-6502">CVE-2014-6502</a>, <a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-6512">CVE-2014-6512</a>, <a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-6519">CVE-2014-6519</a>, <a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-6558">CVE-2014-6558</a>) Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure. An attacker could exploit these to expose sensitive data over the network. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-6504">CVE-2014-6504</a>, <a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-6511">CVE-2014-6511</a>, <a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-6517">CVE-2014-6517</a>, <a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-6531">CVE-2014-6531</a>) Two vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-6506">CVE-2014-6506</a>, <a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-6513">CVE-2014-6513</a>)
Family:	unix	Class:	patch
Reference(s):	USN-2386-1 CVE-2014-6457 CVE-2014-6502 CVE-2014-6512 CVE-2014-6519 CVE-2014-6558 CVE-2014-6504 CVE-2014-6511 CVE-2014-6517 CVE-2014-6531 CVE-2014-6506 CVE-2014-6513	Version:	3
Platform(s):	Ubuntu 12.04 Ubuntu 10.04	Product(s):	openjdk-6
Definition Synopsis:
Ubuntu 12.04 release section Ubuntu 12.04 is installed Packages match section icedtea-6-jre-cacao is earlier than 0:6b33-1.13.5-1ubuntu0.12.04 AND icedtea-6-jre-jamvm is earlier than 0:6b33-1.13.5-1ubuntu0.12.04 AND openjdk-6-jre is earlier than 0:6b33-1.13.5-1ubuntu0.12.04 AND openjdk-6-jre-headless is earlier than 0:6b33-1.13.5-1ubuntu0.12.04 AND openjdk-6-jre-zero is earlier than 0:6b33-1.13.5-1ubuntu0.12.04 AND openjdk-6-jre-lib is earlier than 0:6b33-1.13.5-1ubuntu0.12.04 AND Ubuntu 10.04 release section Ubuntu 10.04 is installed Packages match section openjdk-6-jre-headless is earlier than 0:6b33-1.13.5-1ubuntu0.10.04 AND openjdk-6-jre-lib is earlier than 0:6b33-1.13.5-1ubuntu0.10.04 AND icedtea-6-jre-cacao is earlier than 0:6b33-1.13.5-1ubuntu0.10.04 AND openjdk-6-jre is earlier than 0:6b33-1.13.5-1ubuntu0.10.04 AND openjdk-6-jre-zero is earlier than 0:6b33-1.13.5-1ubuntu0.10.04

Definition Id: oval:org.mitre.oval:def:27141

Oval ID:	oval:org.mitre.oval:def:27141
Title:	ELSA-2014-0889 -- java-1.7.0-openjdk security update (critical)
Description:	[1.7.0.65-2.5.1.2.0.1.el6_5] - Update DISTRO_NAME in specfile [1.7.0.65-2.5.1.2] - added and applied fix for samrtcard io patch405, pr1864_smartcardIO.patch - Resolves: rhbz#1115874 [1.7.0.65-2.5.1.1.el6] - updated to security patched icedtea7-forest 2.5.1 - Resolves: rhbz#1115874 [1.7.0.60-2.5.0.1.el6] - update to icedtea7-forest 2.5.0 - Resolves: rhbz#1115874
Family:	unix	Class:	patch
Reference(s):	ELSA-2014-0889 CVE-2014-2483 CVE-2014-2490 CVE-2014-4209 CVE-2014-4216 CVE-2014-4218 CVE-2014-4219 CVE-2014-4221 CVE-2014-4223 CVE-2014-4244 CVE-2014-4252 CVE-2014-4262 CVE-2014-4263 CVE-2014-4266	Version:	5
Platform(s):	Oracle Linux 6 Oracle Linux 7	Product(s):	java-1.7.0-openjdk
Definition Synopsis:
Oracle Linux 6 release section Oracle Linux 6.x Packages match section java-1.7.0-openjdk is earlier than 1:1.7.0.65-2.5.1.2.0.1.el6_5 AND java-1.7.0-openjdk-demo is earlier than 1:1.7.0.65-2.5.1.2.0.1.el6_5 AND java-1.7.0-openjdk-devel is earlier than 1:1.7.0.65-2.5.1.2.0.1.el6_5 AND java-1.7.0-openjdk-javadoc is earlier than 1:1.7.0.65-2.5.1.2.0.1.el6_5 AND java-1.7.0-openjdk-src is earlier than 1:1.7.0.65-2.5.1.2.0.1.el6_5 AND Oracle Linux 7 release section Oracle Linux 7.x Packages match section java-1.7.0-openjdk is earlier than 1:1.7.0.65-2.5.1.2.0.1.el7_0 AND java-1.7.0-openjdk-accessibility is earlier than 1:1.7.0.65-2.5.1.2.0.1.el7_0 AND java-1.7.0-openjdk-demo is earlier than 1:1.7.0.65-2.5.1.2.0.1.el7_0 AND java-1.7.0-openjdk-devel is earlier than 1:1.7.0.65-2.5.1.2.0.1.el7_0 AND java-1.7.0-openjdk-headless is earlier than 1:1.7.0.65-2.5.1.2.0.1.el7_0 AND java-1.7.0-openjdk-javadoc is earlier than 1:1.7.0.65-2.5.1.2.0.1.el7_0 AND java-1.7.0-openjdk-src is earlier than 1:1.7.0.65-2.5.1.2.0.1.el7_0

Definition Id: oval:org.mitre.oval:def:27144

Oval ID:	oval:org.mitre.oval:def:27144
Title:	RHSA-2014:1633: java-1.7.0-openjdk security and bug fix update (Important)
Description:	The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Multiple flaws were discovered in the Libraries, 2D, and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-6506, CVE-2014-6531, CVE-2014-6502, CVE-2014-6511, CVE-2014-6504, CVE-2014-6519) It was discovered that the StAX XML parser in the JAXP component in OpenJDK performed expansion of external parameter entities even when external entity substitution was disabled. A remote attacker could use this flaw to perform XML eXternal Entity (XXE) attack against applications using the StAX parser to parse untrusted XML documents. (CVE-2014-6517) It was discovered that the DatagramSocket implementation in OpenJDK failed to perform source address checks for packets received on a connected socket. A remote attacker could use this flaw to have their packets processed as if they were received from the expected source. (CVE-2014-6512) It was discovered that the TLS/SSL implementation in the JSSE component in OpenJDK failed to properly verify the server identity during the renegotiation following session resumption, making it possible for malicious TLS/SSL servers to perform a Triple Handshake attack against clients using JSSE and client certificate authentication. (CVE-2014-6457) It was discovered that the CipherInputStream class implementation in OpenJDK did not properly handle certain exceptions. This could possibly allow an attacker to affect the integrity of an encrypted stream handled by this class. (CVE-2014-6558) The CVE-2014-6512 was discovered by Florian Weimer of Red Hat Product Security. This update also fixes the following bug: * The TLS/SSL implementation in OpenJDK previously failed to handle Diffie-Hellman (DH) keys with more than 1024 bits. This caused client applications using JSSE to fail to establish TLS/SSL connections to servers using larger DH keys during the connection handshake. This update adds support for DH keys with size up to 2048 bits. (BZ#1148309) All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
Family:	unix	Class:	patch
Reference(s):	RHSA-2014:1633-00 CESA-2014:1633 CVE-2014-6457 CVE-2014-6502 CVE-2014-6504 CVE-2014-6506 CVE-2014-6511 CVE-2014-6512 CVE-2014-6517 CVE-2014-6519 CVE-2014-6531 CVE-2014-6558	Version:	3
Platform(s):	Red Hat Enterprise Linux 5 CentOS Linux 5	Product(s):	java-1.7.0-openjdk
Definition Synopsis:
Redhat 5 or Centos 5 release The operating system installed on the system is Red Hat Enterprise Linux 5 AND The operating system installed on the system is CentOS Linux 5.x Packages section java-1.7.0-openjdk is earlier than 1:1.7.0.71-2.5.3.1.el5_11 AND java-1.7.0-openjdk-demo is earlier than 1:1.7.0.71-2.5.3.1.el5_11 AND java-1.7.0-openjdk-devel is earlier than 1:1.7.0.71-2.5.3.1.el5_11 AND java-1.7.0-openjdk-javadoc is earlier than 1:1.7.0.71-2.5.3.1.el5_11 AND java-1.7.0-openjdk-src is earlier than 1:1.7.0.71-2.5.3.1.el5_11

Definition Id: oval:org.mitre.oval:def:27150

Oval ID:	oval:org.mitre.oval:def:27150
Title:	RHSA-2014:1620: java-1.7.0-openjdk security and bug fix update (Important)
Description:	The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Multiple flaws were discovered in the Libraries, 2D, and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-6506, CVE-2014-6531, CVE-2014-6502, CVE-2014-6511, CVE-2014-6504, CVE-2014-6519) It was discovered that the StAX XML parser in the JAXP component in OpenJDK performed expansion of external parameter entities even when external entity substitution was disabled. A remote attacker could use this flaw to perform XML eXternal Entity (XXE) attack against applications using the StAX parser to parse untrusted XML documents. (CVE-2014-6517) It was discovered that the DatagramSocket implementation in OpenJDK failed to perform source address checks for packets received on a connected socket. A remote attacker could use this flaw to have their packets processed as if they were received from the expected source. (CVE-2014-6512) It was discovered that the TLS/SSL implementation in the JSSE component in OpenJDK failed to properly verify the server identity during the renegotiation following session resumption, making it possible for malicious TLS/SSL servers to perform a Triple Handshake attack against clients using JSSE and client certificate authentication. (CVE-2014-6457) It was discovered that the CipherInputStream class implementation in OpenJDK did not properly handle certain exceptions. This could possibly allow an attacker to affect the integrity of an encrypted stream handled by this class. (CVE-2014-6558) The CVE-2014-6512 was discovered by Florian Weimer of Red Hat Product Security. Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. This update also fixes the following bug: * The TLS/SSL implementation in OpenJDK previously failed to handle Diffie-Hellman (DH) keys with more than 1024 bits. This caused client applications using JSSE to fail to establish TLS/SSL connections to servers using larger DH keys during the connection handshake. This update adds support for DH keys with size up to 2048 bits. (BZ#1148309) All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
Family:	unix	Class:	patch
Reference(s):	RHSA-2014:1620-00 CESA-2014:1620 CVE-2014-6457 CVE-2014-6502 CVE-2014-6504 CVE-2014-6506 CVE-2014-6511 CVE-2014-6512 CVE-2014-6517 CVE-2014-6519 CVE-2014-6531 CVE-2014-6558	Version:	3
Platform(s):	Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 CentOS Linux 6 CentOS Linux 7	Product(s):	java-1.7.0-openjdk
Definition Synopsis:
Operation system section Redhat 7 or Centos 7 release The operating system installed on the system is Red Hat Enterprise Linux 7 AND The operating system installed on the system is CentOS Linux 7.x Packages section java-1.7.0-openjdk is earlier than 1:1.7.0.71-2.5.3.1.el7_0 AND java-1.7.0-openjdk-accessibility is earlier than 1:1.7.0.71-2.5.3.1.el7_0 AND java-1.7.0-openjdk-demo is earlier than 1:1.7.0.71-2.5.3.1.el7_0 AND java-1.7.0-openjdk-devel is earlier than 1:1.7.0.71-2.5.3.1.el7_0 AND java-1.7.0-openjdk-headless is earlier than 1:1.7.0.71-2.5.3.1.el7_0 AND java-1.7.0-openjdk-javadoc is earlier than 1:1.7.0.71-2.5.3.1.el7_0 AND java-1.7.0-openjdk-src is earlier than 1:1.7.0.71-2.5.3.1.el7_0 AND Operation system section The operating system installed on the system is Red Hat Enterprise Linux 6 Packages section java-1.7.0-openjdk is earlier than 1:1.7.0.71-2.5.3.1.el6 AND java-1.7.0-openjdk-demo is earlier than 1:1.7.0.71-2.5.3.1.el6 AND java-1.7.0-openjdk-devel is earlier than 1:1.7.0.71-2.5.3.1.el6 AND java-1.7.0-openjdk-javadoc is earlier than 1:1.7.0.71-2.5.3.1.el6 AND java-1.7.0-openjdk-src is earlier than 1:1.7.0.71-2.5.3.1.el6

Definition Id: oval:org.mitre.oval:def:27157

Oval ID:	oval:org.mitre.oval:def:27157
Title:	RHSA-2014:1634: java-1.6.0-openjdk security and bug fix update (Important)
Description:	The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. Multiple flaws were discovered in the Libraries, 2D, and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-6506, CVE-2014-6531, CVE-2014-6502, CVE-2014-6511, CVE-2014-6504, CVE-2014-6519) It was discovered that the StAX XML parser in the JAXP component in OpenJDK performed expansion of external parameter entities even when external entity substitution was disabled. A remote attacker could use this flaw to perform XML eXternal Entity (XXE) attack against applications using the StAX parser to parse untrusted XML documents. (CVE-2014-6517) It was discovered that the DatagramSocket implementation in OpenJDK failed to perform source address checks for packets received on a connected socket. A remote attacker could use this flaw to have their packets processed as if they were received from the expected source. (CVE-2014-6512) It was discovered that the TLS/SSL implementation in the JSSE component in OpenJDK failed to properly verify the server identity during the renegotiation following session resumption, making it possible for malicious TLS/SSL servers to perform a Triple Handshake attack against clients using JSSE and client certificate authentication. (CVE-2014-6457) It was discovered that the CipherInputStream class implementation in OpenJDK did not properly handle certain exceptions. This could possibly allow an attacker to affect the integrity of an encrypted stream handled by this class. (CVE-2014-6558) The CVE-2014-6512 was discovered by Florian Weimer of Red Hat Product Security. This update also fixes the following bug: * The TLS/SSL implementation in OpenJDK previously failed to handle Diffie-Hellman (DH) keys with more than 1024 bits. This caused client applications using JSSE to fail to establish TLS/SSL connections to servers using larger DH keys during the connection handshake. This update adds support for DH keys with size up to 2048 bits. (BZ#1148309) All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
Family:	unix	Class:	patch
Reference(s):	RHSA-2014:1634-00 CESA-2014:1634 CVE-2014-6457 CVE-2014-6502 CVE-2014-6504 CVE-2014-6506 CVE-2014-6511 CVE-2014-6512 CVE-2014-6517 CVE-2014-6519 CVE-2014-6531 CVE-2014-6558	Version:	3
Platform(s):	Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 5 CentOS Linux 5 CentOS Linux 6 CentOS Linux 7	Product(s):	java-1.6.0-openjdk
Definition Synopsis:
Operation system section Redhat 5 or Centos 5 release The operating system installed on the system is Red Hat Enterprise Linux 5 AND The operating system installed on the system is CentOS Linux 5.x Packages section java-1.6.0-openjdk is earlier than 1:1.6.0.33-1.13.5.0.el5_11 AND java-1.6.0-openjdk-demo is earlier than 1:1.6.0.33-1.13.5.0.el5_11 AND java-1.6.0-openjdk-devel is earlier than 1:1.6.0.33-1.13.5.0.el5_11 AND java-1.6.0-openjdk-javadoc is earlier than 1:1.6.0.33-1.13.5.0.el5_11 AND java-1.6.0-openjdk-src is earlier than 1:1.6.0.33-1.13.5.0.el5_11 AND Operation system section Redhat 7 or Centos 7 release The operating system installed on the system is Red Hat Enterprise Linux 7 AND The operating system installed on the system is CentOS Linux 7.x Packages section java-1.6.0-openjdk is earlier than 1:1.6.0.33-1.13.5.0.el7_0 AND java-1.6.0-openjdk-demo is earlier than 1:1.6.0.33-1.13.5.0.el7_0 AND java-1.6.0-openjdk-devel is earlier than 1:1.6.0.33-1.13.5.0.el7_0 AND java-1.6.0-openjdk-javadoc is earlier than 1:1.6.0.33-1.13.5.0.el7_0 AND java-1.6.0-openjdk-src is earlier than 1:1.6.0.33-1.13.5.0.el7_0 AND Operation system section The operating system installed on the system is Red Hat Enterprise Linux 6 Packages section java-1.6.0-openjdk is earlier than 1:1.6.0.33-1.13.5.0.el6_6 AND java-1.6.0-openjdk-demo is earlier than 1:1.6.0.33-1.13.5.0.el6_6 AND java-1.6.0-openjdk-devel is earlier than 1:1.6.0.33-1.13.5.0.el6_6 AND java-1.6.0-openjdk-javadoc is earlier than 1:1.6.0.33-1.13.5.0.el6_6 AND java-1.6.0-openjdk-src is earlier than 1:1.6.0.33-1.13.5.0.el6_6

Definition Id: oval:org.mitre.oval:def:27170

Oval ID:	oval:org.mitre.oval:def:27170
Title:	USN-2388-1 -- OpenJDK 7 vulnerabilities
Description:	A vulnerability was discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit this to expose sensitive data over the network. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-6457">CVE-2014-6457</a>) Several vulnerabilities were discovered in the OpenJDK JRE related to data integrity. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-6502">CVE-2014-6502</a>, <a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-6512">CVE-2014-6512</a>, <a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-6519">CVE-2014-6519</a>, <a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-6527">CVE-2014-6527</a>, <a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-6558">CVE-2014-6558</a>) Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure. An attacker could exploit these to expose sensitive data over the network. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-6504">CVE-2014-6504</a>, <a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-6511">CVE-2014-6511</a>, <a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-6517">CVE-2014-6517</a>, <a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-6531">CVE-2014-6531</a>) Two vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-6506">CVE-2014-6506</a>, <a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-6513">CVE-2014-6513</a>)
Family:	unix	Class:	patch
Reference(s):	USN-2388-1 CVE-2014-6457 CVE-2014-6502 CVE-2014-6512 CVE-2014-6519 CVE-2014-6527 CVE-2014-6558 CVE-2014-6504 CVE-2014-6511 CVE-2014-6517 CVE-2014-6531 CVE-2014-6506 CVE-2014-6513	Version:	3
Platform(s):	Ubuntu 14.04	Product(s):	openjdk-7
Definition Synopsis:
Ubuntu 14.04 is installed Packages match section openjdk-7-jre-lib is earlier than 0:7u71-2.5.3-0ubuntu0.14.04.1 AND openjdk-7-jre-zero is earlier than 0:7u71-2.5.3-0ubuntu0.14.04.1 AND icedtea-7-jre-jamvm is earlier than 0:7u71-2.5.3-0ubuntu0.14.04.1 AND openjdk-7-jre-headless is earlier than 0:7u71-2.5.3-0ubuntu0.14.04.1 AND openjdk-7-jre is earlier than 0:7u71-2.5.3-0ubuntu0.14.04.1

Definition Id: oval:org.mitre.oval:def:27224

Oval ID:	oval:org.mitre.oval:def:27224
Title:	ELSA-2014-1636 -- java-1.8.0-openjdk security update (important)
Description:	[1:1.8.0.25-1.b17] - Update to October CPU patch update. - Resolves: RHBZ#1148896
Family:	unix	Class:	patch
Reference(s):	ELSA-2014-1636 CVE-2014-6457 CVE-2014-6502 CVE-2014-6504 CVE-2014-6506 CVE-2014-6511 CVE-2014-6512 CVE-2014-6517 CVE-2014-6519 CVE-2014-6531 CVE-2014-6558 CVE-2014-6468 CVE-2014-6562	Version:	3
Platform(s):	Oracle Linux 6	Product(s):	java-1.8.0-openjdk
Definition Synopsis:
Oracle Linux 6.x Packages match section java-1.8.0-openjdk is earlier than 0:1.8.0.25-1.b17.el6 AND java-1.8.0-openjdk-demo is earlier than 0:1.8.0.25-1.b17.el6 AND java-1.8.0-openjdk-devel is earlier than 0:1.8.0.25-1.b17.el6 AND java-1.8.0-openjdk-headless is earlier than 0:1.8.0.25-1.b17.el6 AND java-1.8.0-openjdk-javadoc is earlier than 0:1.8.0.25-1.b17.el6 AND java-1.8.0-openjdk-src is earlier than 0:1.8.0.25-1.b17.el6

Definition Id: oval:org.mitre.oval:def:27331

Oval ID:	oval:org.mitre.oval:def:27331
Title:	ELSA-2014-0675 -- java-1.7.0-openjdk security update (critical)
Description:	[1.7.0.55-2.4.7.2.0.1.el7_0] - Update DISTRO_NAME in specfile [1.7.0.55-2.4.7.2] - Remove NSS patches. Issues with PKCS11 provider mean it shouldn't be enabled. - Always setup nss.cfg and depend on nss-devel at build-time to do so. - This allows users who wish to use PKCS11+NSS to just add it to java.security. - Patches to PKCS11 provider will be included upstream in 2.4.8 (ETA July 2014) - Resolves: rhbz#1099565 [1.7.0.55-2.4.7.0.el7] - bumped to future icedtea-forest 2.4.7 - updatever set to 55, buildver se to 13, release reset to 0 - removed upstreamed patch402 gstackbounds.patch - removed Requires: rhino, BuildRequires is enough - ppc64 repalced by power64 macro - patch111 applied as dry-run (6.6 forward port) - nss enabled, but notused as default (6.6 forward port) - Resolves: rhbz#1099565
Family:	unix	Class:	patch
Reference(s):	ELSA-2014-0675 CVE-2014-0454 CVE-2014-0455 CVE-2014-0456 CVE-2014-0457 CVE-2014-0458 CVE-2014-0459 CVE-2014-0460 CVE-2014-0461 CVE-2014-1876 CVE-2014-2397 CVE-2014-2398 CVE-2014-2402 CVE-2014-2403 CVE-2014-2412 CVE-2014-2413 CVE-2014-2414 CVE-2014-2421 CVE-2014-2423 CVE-2014-2427 CVE-2014-0429 CVE-2014-0446 CVE-2014-0451 CVE-2014-0452 CVE-2014-0453	Version:	5
Platform(s):	Oracle Linux 7	Product(s):	java-1.7.0-openjdk
Definition Synopsis:
Oracle Linux 7.x Packages match section java-1.7.0-openjdk is earlier than 1:1.7.0.55-2.4.7.2.0.1.el7_0 AND java-1.7.0-openjdk-accessibility is earlier than 1:1.7.0.55-2.4.7.2.0.1.el7_0 AND java-1.7.0-openjdk-demo is earlier than 1:1.7.0.55-2.4.7.2.0.1.el7_0 AND java-1.7.0-openjdk-devel is earlier than 1:1.7.0.55-2.4.7.2.0.1.el7_0 AND java-1.7.0-openjdk-headless is earlier than 1:1.7.0.55-2.4.7.2.0.1.el7_0 AND java-1.7.0-openjdk-javadoc is earlier than 1:1.7.0.55-2.4.7.2.0.1.el7_0 AND java-1.7.0-openjdk-src is earlier than 1:1.7.0.55-2.4.7.2.0.1.el7_0

Definition Id: oval:org.mitre.oval:def:27342

Oval ID:	oval:org.mitre.oval:def:27342
Title:	ELSA-2014-0907 -- java-1.6.0-openjdk security and bug fix update (important)
Description:	[1:1.6.0.1-6.1.13.4] - moved to icedteaver 1.13.4 - moved to openjdkver b32 and openjdkdate 15_jul_2014 - added upstreamed patch patch9 rh1115580-unsyncHashMap.patch - Resolves: rhbz#1115580 - Resolves: rhbz#1115867
Family:	unix	Class:	patch
Reference(s):	ELSA-2014-0907 CVE-2014-2490 CVE-2014-4209 CVE-2014-4216 CVE-2014-4218 CVE-2014-4219 CVE-2014-4244 CVE-2014-4252 CVE-2014-4262 CVE-2014-4263 CVE-2014-4266	Version:	5
Platform(s):	Oracle Linux 5 Oracle Linux 6 Oracle Linux 7	Product(s):	java-1.6.0-openjdk
Definition Synopsis:
Oracle Linux 5 release section Oracle Linux 5.x Packages match section java-1.6.0-openjdk is earlier than 1:1.6.0.0-6.1.13.4.0.1.el5_10 AND java-1.6.0-openjdk-demo is earlier than 1:1.6.0.0-6.1.13.4.0.1.el5_10 AND java-1.6.0-openjdk-devel is earlier than 1:1.6.0.0-6.1.13.4.0.1.el5_10 AND java-1.6.0-openjdk-javadoc is earlier than 1:1.6.0.0-6.1.13.4.0.1.el5_10 AND java-1.6.0-openjdk-src is earlier than 1:1.6.0.0-6.1.13.4.0.1.el5_10 AND Oracle Linux 6 release section Oracle Linux 6.x Packages match section java-1.6.0-openjdk is earlier than 1:1.6.0.0-6.1.13.4.el6_5 AND java-1.6.0-openjdk-demo is earlier than 1:1.6.0.0-6.1.13.4.el6_5 AND java-1.6.0-openjdk-devel is earlier than 1:1.6.0.0-6.1.13.4.el6_5 AND java-1.6.0-openjdk-javadoc is earlier than 1:1.6.0.0-6.1.13.4.el6_5 AND java-1.6.0-openjdk-src is earlier than 1:1.6.0.0-6.1.13.4.el6_5 AND Oracle Linux 7 release section Oracle Linux 7.x Packages match section java-1.6.0-openjdk is earlier than 1:1.6.0.0-6.1.13.4.el7_0 AND java-1.6.0-openjdk-demo is earlier than 1:1.6.0.0-6.1.13.4.el7_0 AND java-1.6.0-openjdk-devel is earlier than 1:1.6.0.0-6.1.13.4.el7_0 AND java-1.6.0-openjdk-javadoc is earlier than 1:1.6.0.0-6.1.13.4.el7_0 AND java-1.6.0-openjdk-src is earlier than 1:1.6.0.0-6.1.13.4.el7_0

Definition Id: oval:org.mitre.oval:def:27728

Oval ID:	oval:org.mitre.oval:def:27728
Title:	IBM SDK Java Technology Edition vulnerability
Description:	Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6476.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-6527	Version:	4
Platform(s):	IBM AIX 6.1 IBM AIX 7.1	Product(s):
Definition Synopsis:
platforms IBM AIX 6.1 is installed AND IBM AIX 7.1 is installed AND File Version Exists Java5.sdk less than 5.0.0.580 AND Java5_64.sdk less than 5.0.0.580 AND Java6.sdk less than 6.0.0.460 AND Java6_64.sdk less than 6.0.0.460 AND Java7.sdk less than 7.0.0.135 AND Java7_64.sdk less than 7.0.0.135 AND Java71.sdk less than 7.1.0.15 AND Java71_64.sdk less than 7.1.0.15

Definition Id: oval:org.mitre.oval:def:27749

Oval ID:	oval:org.mitre.oval:def:27749
Title:	IBM SDK Java Technology Edition vulnerability
Description:	Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Internet Explorer, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-6466	Version:	4
Platform(s):	IBM AIX 6.1 IBM AIX 7.1	Product(s):
Definition Synopsis:
platforms IBM AIX 6.1 is installed AND IBM AIX 7.1 is installed AND File Version Exists Java5.sdk less than 5.0.0.580 AND Java5_64.sdk less than 5.0.0.580 AND Java6.sdk less than 6.0.0.460 AND Java6_64.sdk less than 6.0.0.460 AND Java7.sdk less than 7.0.0.135 AND Java7_64.sdk less than 7.0.0.135 AND Java71.sdk less than 7.1.0.15 AND Java71_64.sdk less than 7.1.0.15

Definition Id: oval:org.mitre.oval:def:27911

Oval ID:	oval:org.mitre.oval:def:27911
Title:	IBM SDK Java Technology Edition vulnerability
Description:	Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-6458	Version:	4
Platform(s):	IBM AIX 6.1 IBM AIX 7.1	Product(s):
Definition Synopsis:
platforms IBM AIX 6.1 is installed AND IBM AIX 7.1 is installed AND File Version Exists Java5.sdk less than 5.0.0.580 AND Java5_64.sdk less than 5.0.0.580 AND Java6.sdk less than 6.0.0.460 AND Java6_64.sdk less than 6.0.0.460 AND Java7.sdk less than 7.0.0.135 AND Java7_64.sdk less than 7.0.0.135 AND Java71.sdk less than 7.1.0.15 AND Java71_64.sdk less than 7.1.0.15

Definition Id: oval:org.mitre.oval:def:27929

Oval ID:	oval:org.mitre.oval:def:27929
Title:	IBM SDK Java Technology Edition vulnerability
Description:	Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-6513	Version:	4
Platform(s):	IBM AIX 6.1 IBM AIX 7.1	Product(s):
Definition Synopsis:
platforms IBM AIX 6.1 is installed AND IBM AIX 7.1 is installed AND File Version Exists Java5.sdk less than 5.0.0.580 AND Java5_64.sdk less than 5.0.0.580 AND Java6.sdk less than 6.0.0.460 AND Java6_64.sdk less than 6.0.0.460 AND Java7.sdk less than 7.0.0.135 AND Java7_64.sdk less than 7.0.0.135 AND Java71.sdk less than 7.1.0.15 AND Java71_64.sdk less than 7.1.0.15

Definition Id: oval:org.mitre.oval:def:27938

Oval ID:	oval:org.mitre.oval:def:27938
Title:	IBM SDK Java Technology Edition vulnerability
Description:	Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Firefox, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-6492	Version:	4
Platform(s):	IBM AIX 6.1 IBM AIX 7.1	Product(s):
Definition Synopsis:
platforms IBM AIX 6.1 is installed AND IBM AIX 7.1 is installed AND File Version Exists Java5.sdk less than 5.0.0.580 AND Java5_64.sdk less than 5.0.0.580 AND Java6.sdk less than 6.0.0.460 AND Java6_64.sdk less than 6.0.0.460 AND Java7.sdk less than 7.0.0.135 AND Java7_64.sdk less than 7.0.0.135 AND Java71.sdk less than 7.1.0.15 AND Java71_64.sdk less than 7.1.0.15

Definition Id: oval:org.mitre.oval:def:27945

Oval ID:	oval:org.mitre.oval:def:27945
Title:	HP-UX running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description:	Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6493, CVE-2014-6503, and CVE-2014-6532.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-4288	Version:	8
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
platforms HP-UX B.11.23 AND HP-UX B.11.31 AND filesets test Jdk70.JDK70 version is less than 1.7.0.11.00 AND Jdk70.JDK70-COM version is less than 1.7.0.11.00 AND Jdk70.JDK70-IPF32 version is less than 1.7.0.11.00 AND Jdk70.JDK70-IPF64 version is less than 1.7.0.11.00 AND Jdk70.JDK70-DEMO version is less than 1.7.0.11.00 AND Jre70.JRE70 version is less than 1.7.0.11.00 AND Jre70.JRE70-COM version is less than 1.7.0.11.00 AND Jre70.JRE70-COM-DOC version is less than 1.7.0.11.00 AND Jre70.JRE70-IPF32 version is less than 1.7.0.11.00 AND Jre70.JRE70-IPF32-HS version is less than 1.7.0.11.00 AND Jre70.JRE70-IPF64 version is less than 1.7.0.11.00 AND Jre70.JRE70-IPF64-HS version is less than 1.7.0.11.00

Definition Id: oval:org.mitre.oval:def:27962

Oval ID:	oval:org.mitre.oval:def:27962
Title:	JRE and JDK Vulnerability on HPUX
Description:	Unspecified vulnerability in Oracle Java SE 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-6562	Version:	4
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
Criteria meets HP Security Bulletin HPSBUX03219 HP-UX B.11.31 AND filesets tests Jdk80.JDK80-COM version is less than 1.8.0.01.00 AND Jdk80.JDK80-IPF32 version is less than 1.8.0.01.00 AND Jdk80.JDK80-IPF64 version is less than 1.8.0.01.00 AND Jdk80.JDK80-DEMO version is less than 1.8.0.01.00 AND Jre80.JRE80-COM version is less than 1.8.0.01.00 AND Jre80.JRE80-COM-DOC version is less than 1.8.0.01.00 AND Jre80.JRE800-IPF32 version is less than 1.8.0.01.00 AND Jre80.JRE800-IPF32-HS version is less than 1.8.0.01.00 AND Jre80.JRE80-IPF64 version is less than 1.8.0.01.00 AND Jre80.JRE80-IPF64-HS version is less than 1.8.0.01.00

Definition Id: oval:org.mitre.oval:def:27963

Oval ID:	oval:org.mitre.oval:def:27963
Title:	JRE and JDK Vulnerability on HPUX
Description:	Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality via unknown vectors related to Libraries.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-6531	Version:	4
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
Criteria meets HP Security Bulletin HPSBUX03219 HP-UX B.11.31 AND filesets tests Jdk80.JDK80-COM version is less than 1.8.0.01.00 AND Jdk80.JDK80-IPF32 version is less than 1.8.0.01.00 AND Jdk80.JDK80-IPF64 version is less than 1.8.0.01.00 AND Jdk80.JDK80-DEMO version is less than 1.8.0.01.00 AND Jre80.JRE80-COM version is less than 1.8.0.01.00 AND Jre80.JRE80-COM-DOC version is less than 1.8.0.01.00 AND Jre80.JRE800-IPF32 version is less than 1.8.0.01.00 AND Jre80.JRE800-IPF32-HS version is less than 1.8.0.01.00 AND Jre80.JRE80-IPF64 version is less than 1.8.0.01.00 AND Jre80.JRE80-IPF64-HS version is less than 1.8.0.01.00

Definition Id: oval:org.mitre.oval:def:28001

Oval ID:	oval:org.mitre.oval:def:28001
Title:	IBM SDK Java Technology Edition vulnerability
Description:	Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Libraries.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-6512	Version:	4
Platform(s):	IBM AIX 6.1 IBM AIX 7.1	Product(s):
Definition Synopsis:
platforms IBM AIX 6.1 is installed AND IBM AIX 7.1 is installed AND File Version Exists Java5.sdk less than 5.0.0.580 AND Java5_64.sdk less than 5.0.0.580 AND Java6.sdk less than 6.0.0.460 AND Java6_64.sdk less than 6.0.0.460 AND Java7.sdk less than 7.0.0.135 AND Java7_64.sdk less than 7.0.0.135 AND Java71.sdk less than 7.1.0.15 AND Java71_64.sdk less than 7.1.0.15

Definition Id: oval:org.mitre.oval:def:28025

Oval ID:	oval:org.mitre.oval:def:28025
Title:	IBM SDK Java Technology Edition vulnerability
Description:	Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6527.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-6476	Version:	4
Platform(s):	IBM AIX 6.1 IBM AIX 7.1	Product(s):
Definition Synopsis:
platforms IBM AIX 6.1 is installed AND IBM AIX 7.1 is installed AND File Version Exists Java5.sdk less than 5.0.0.580 AND Java5_64.sdk less than 5.0.0.580 AND Java6.sdk less than 6.0.0.460 AND Java6_64.sdk less than 6.0.0.460 AND Java7.sdk less than 7.0.0.135 AND Java7_64.sdk less than 7.0.0.135 AND Java71.sdk less than 7.1.0.15 AND Java71_64.sdk less than 7.1.0.15

Definition Id: oval:org.mitre.oval:def:28097

Oval ID:	oval:org.mitre.oval:def:28097
Title:	SUSE-SU-2014:1549-1 -- Security update for java-1_7_1-ibm (important)
Description:	java-1_7_1-ibm was updated to version 1.7.1_sr1.2 to fix 21 security issues. These security issues were fixed: - Unspecified vulnerability in Oracle Java (CVE-2014-3065). - The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue (CVE-2014-3566). - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT (CVE-2014-6513). - Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors (CVE-2014-6456). - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6532 (CVE-2014-6503). - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6503 (CVE-2014-6532). - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6493, CVE-2014-6503, and CVE-2014-6532 (CVE-2014-4288). - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6503, and CVE-2014-6532 (CVE-2014-6493). - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Firefox, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment (CVE-2014-6492). - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment (CVE-2014-6458). - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Internet Explorer, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment (CVE-2014-6466). - Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries (CVE-2014-6506). - Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6527 (CVE-2014-6476). - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment (CVE-2014-6515). - Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality via unknown vectors related to 2D (CVE-2014-6511). - Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality via unknown vectors related to Libraries (CVE-2014-6531). - Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Libraries (CVE-2014-6512). - Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3, and R28.3.3 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE (CVE-2014-6457). - Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6476 (CVE-2014-6527). - Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Libraries (CVE-2014-6502). - Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and JRockit R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Security (CVE-2014-6558).
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2014:1549-1 CVE-2014-3065 CVE-2014-3566 CVE-2014-6513 CVE-2014-6456 CVE-2014-4288 CVE-2014-6493 CVE-2014-6532 CVE-2014-6503 CVE-2014-6492 CVE-2014-6458 CVE-2014-6466 CVE-2014-6506 CVE-2014-6527 CVE-2014-6476 CVE-2014-6515 CVE-2014-6511 CVE-2014-6531 CVE-2014-6512 CVE-2014-6457 CVE-2014-6502 CVE-2014-6558	Version:	3
Platform(s):	SUSE Linux Enterprise Server 12	Product(s):	java-1_7_1-ibm
Definition Synopsis:
SUSE Linux Enterprise Server 12 is installed Packages match section java-1_7_1-ibm-alsa is earlier than 0:1.7.1_sr2.0-4.1 AND java-1_7_1-ibm-plugin is earlier than 0:1.7.1_sr2.0-4.1

Definition Id: oval:org.mitre.oval:def:28155

Oval ID:	oval:org.mitre.oval:def:28155
Title:	IBM SDK Java Technology Edition vulnerability
Description:	Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6532.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-6503	Version:	4
Platform(s):	IBM AIX 6.1 IBM AIX 7.1	Product(s):
Definition Synopsis:
platforms IBM AIX 6.1 is installed AND IBM AIX 7.1 is installed AND File Version Exists Java5.sdk less than 5.0.0.580 AND Java5_64.sdk less than 5.0.0.580 AND Java6.sdk less than 6.0.0.460 AND Java6_64.sdk less than 6.0.0.460 AND Java7.sdk less than 7.0.0.135 AND Java7_64.sdk less than 7.0.0.135 AND Java71.sdk less than 7.1.0.15 AND Java71_64.sdk less than 7.1.0.15

Definition Id: oval:org.mitre.oval:def:28214

Oval ID:	oval:org.mitre.oval:def:28214
Title:	IBM SDK Java Technology Edition vulnerability
Description:	Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and JRockit R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Security.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-6558	Version:	4
Platform(s):	IBM AIX 6.1 IBM AIX 7.1	Product(s):
Definition Synopsis:
platforms IBM AIX 6.1 is installed AND IBM AIX 7.1 is installed AND File Version Exists Java5.sdk less than 5.0.0.580 AND Java5_64.sdk less than 5.0.0.580 AND Java6.sdk less than 6.0.0.460 AND Java6_64.sdk less than 6.0.0.460 AND Java7.sdk less than 7.0.0.135 AND Java7_64.sdk less than 7.0.0.135 AND Java71.sdk less than 7.1.0.15 AND Java71_64.sdk less than 7.1.0.15

Definition Id: oval:org.mitre.oval:def:28228

Oval ID:	oval:org.mitre.oval:def:28228
Title:	IBM SDK Java Technology Edition vulnerability
Description:	Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Libraries.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-6502	Version:	4
Platform(s):	IBM AIX 6.1 IBM AIX 7.1	Product(s):
Definition Synopsis:
platforms IBM AIX 6.1 is installed AND IBM AIX 7.1 is installed AND File Version Exists Java5.sdk less than 5.0.0.580 AND Java5_64.sdk less than 5.0.0.580 AND Java6.sdk less than 6.0.0.460 AND Java6_64.sdk less than 6.0.0.460 AND Java7.sdk less than 7.0.0.135 AND Java7_64.sdk less than 7.0.0.135 AND Java71.sdk less than 7.1.0.15 AND Java71_64.sdk less than 7.1.0.15

Definition Id: oval:org.mitre.oval:def:28236

Oval ID:	oval:org.mitre.oval:def:28236
Title:	DSA-3077-1 -- openjdk-6 security update
Description:	Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, information disclosure or denial of service.
Family:	unix	Class:	patch
Reference(s):	DSA-3077-1 CVE-2014-6457 CVE-2014-6502 CVE-2014-6504 CVE-2014-6506 CVE-2014-6511 CVE-2014-6512 CVE-2014-6517 CVE-2014-6519 CVE-2014-6531 CVE-2014-6558	Version:	3
Platform(s):	Debian GNU/Linux 7.0 Debian GNU/kFreeBSD 7.0	Product(s):	openjdk-6
Definition Synopsis:
Debian 7 is installed GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND openjdk-6 is earlier than 0:6b33-1.13.5-2~deb7u1

Definition Id: oval:org.mitre.oval:def:28277

Oval ID:	oval:org.mitre.oval:def:28277
Title:	SUSE-SU-2014:1392-1 -- Security update for Java OpenJDK (moderate)
Description:	Oracle Critical Patch Update Advisory - October 2014 Description: A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Find more information here: http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html <http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html>
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2014:1392-1 CVE-2014-4288 CVE-2014-6456 CVE-2014-6457 CVE-2014-6458 CVE-2014-6466 CVE-2014-6468 CVE-2014-6476 CVE-2014-6485 CVE-2014-6492 CVE-2014-6493 CVE-2014-6502 CVE-2014-6503 CVE-2014-6504 CVE-2014-6506 CVE-2014-6511 CVE-2014-6512 CVE-2014-6513 CVE-2014-6515 CVE-2014-6517 CVE-2014-6519 CVE-2014-6527 CVE-2014-6531 CVE-2014-6532 CVE-2014-6558 CVE-2014-6562	Version:	3
Platform(s):	SUSE Linux Enterprise Desktop 11	Product(s):	Java OpenJDK
Definition Synopsis:
SUSE Linux Enterprise Desktop 11.x is installed Packages match section java-1_7_0-openjdk is earlier than 0:1.7.0.71-0.7.1 AND java-1_7_0-openjdk-demo is earlier than 0:1.7.0.71-0.7.1 AND java-1_7_0-openjdk-devel is earlier than 0:1.7.0.71-0.7.1

Definition Id: oval:org.mitre.oval:def:28284

Oval ID:	oval:org.mitre.oval:def:28284
Title:	IBM SDK Java Technology Edition vulnerability
Description:	Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality via unknown vectors related to 2D.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-6511	Version:	4
Platform(s):	IBM AIX 6.1 IBM AIX 7.1	Product(s):
Definition Synopsis:
platforms IBM AIX 6.1 is installed AND IBM AIX 7.1 is installed AND File Version Exists Java5.sdk less than 5.0.0.580 AND Java5_64.sdk less than 5.0.0.580 AND Java6.sdk less than 6.0.0.460 AND Java6_64.sdk less than 6.0.0.460 AND Java7.sdk less than 7.0.0.135 AND Java7_64.sdk less than 7.0.0.135 AND Java71.sdk less than 7.1.0.15 AND Java71_64.sdk less than 7.1.0.15

Definition Id: oval:org.mitre.oval:def:28322

Oval ID:	oval:org.mitre.oval:def:28322
Title:	SUSE-SU-2014:1526-1 -- Security update for IBM Java (important)
Description:	java-1_7_0-ibm has been updated to version 1.7.0_sr7.2 to fix 21 security issues.
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2014:1526-1 CVE-2014-3065 CVE-2014-3566 CVE-2014-6506 CVE-2014-6511 CVE-2014-6531 CVE-2014-6512 CVE-2014-6457 CVE-2014-6502 CVE-2014-6558 CVE-2014-6513 CVE-2014-6503 CVE-2014-4288 CVE-2014-6493 CVE-2014-6532 CVE-2014-6492 CVE-2014-6458 CVE-2014-6466 CVE-2014-6515 CVE-2014-6456 CVE-2014-6476 CVE-2014-6527	Version:	3
Platform(s):	SUSE Linux Enterprise Server 11	Product(s):	IBM Java
Definition Synopsis:
SUSE Linux Enterprise Server 11.x is installed Packages match section java-1_6_0-ibm is earlier than 0:1.6.0_sr16.2-0.3.1 AND java-1_6_0-ibm-fonts is earlier than 0:1.6.0_sr16.2-0.3.1 AND java-1_6_0-ibm-jdbc is earlier than 0:1.6.0_sr16.2-0.3.1 AND java-1_7_0-ibm is earlier than 0:1.7.0_sr8.0-0.5.1 AND java-1_7_0-ibm-jdbc is earlier than 0:1.7.0_sr8.0-0.5.1 AND java-1_6_0-ibm-plugin is earlier than 0:1.6.0_sr16.2-0.3.1 AND java-1_7_0-ibm-alsa is earlier than 0:1.7.0_sr8.0-0.5.1 AND java-1_7_0-ibm-plugin is earlier than 0:1.7.0_sr8.0-0.5.1 AND java-1_6_0-ibm-alsa is earlier than 0:1.6.0_sr16.2-0.3.1

Definition Id: oval:org.mitre.oval:def:28325

Oval ID:	oval:org.mitre.oval:def:28325
Title:	SUSE-SU-2014:1422-1 -- Security update for java-1_7_0-openjdk (important)
Description:	OpenJDK was updated to icedtea 2.5.3 (OpenJDK 7u71) fixing security issues and bugs. * Security: - S8015256: Better class accessibility - S8022783, CVE-2014-6504: Optimize C2 optimizations - S8035162: Service printing service - S8035781: Improve equality for annotations - S8036805: Correct linker method lookup. - S8036810: Correct linker field lookup - S8036936: Use local locales - S8037066, CVE-2014-6457: Secure transport layer - S8037846, CVE-2014-6558: Ensure streaming of input cipher streams - S8038364: Use certificate exceptions correctly - S8038899: Safer safepoints - S8038903: More native monitor monitoring - S8038908: Make Signature more robust - S8038913: Bolster XML support - S8039509, CVE-2014-6512: Wrap sockets more thoroughly - S8039533, CVE-2014-6517: Higher resolution resolvers - S8041540, CVE-2014-6511: Better use of pages in font processing - S8041529: Better parameterization of parameter lists - S8041545: Better validation of generated rasters - S8041564, CVE-2014-6506: Improved management of logger resources - S8041717, CVE-2014-6519: Issue with class file parser - S8042609, CVE-2014-6513: Limit splashiness of splash images - S8042797, CVE-2014-6502: Avoid strawberries in LogRecord - S8044274, CVE-2014-6531: Proper property processing
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2014:1422-1 CVE-2014-6504 CVE-2014-6457 CVE-2014-6558 CVE-2014-6512 CVE-2014-6517 CVE-2014-6511 CVE-2014-6506 CVE-2014-6519 CVE-2014-6513 CVE-2014-6502 CVE-2014-6531	Version:	3
Platform(s):	SUSE Linux Enterprise Desktop 12	Product(s):	java-1_7_0-openjdk
Definition Synopsis:
SUSE Linux Enterprise Desktop 12 is installed Packages match section java-1_7_0-openjdk is earlier than 0:1.7.0.71-6.2 AND java-1_7_0-openjdk-debuginfo is earlier than 0:1.7.0.71-6.2 AND java-1_7_0-openjdk-debugsource is earlier than 0:1.7.0.71-6.2 AND java-1_7_0-openjdk-headless is earlier than 0:1.7.0.71-6.2 AND java-1_7_0-openjdk-headless-debuginfo is earlier than 0:1.7.0.71-6.2

Definition Id: oval:org.mitre.oval:def:28342

Oval ID:	oval:org.mitre.oval:def:28342
Title:	DSA-3080-1 -- openjdk-7 security update
Description:	Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, information disclosure or denial of service.
Family:	unix	Class:	patch
Reference(s):	DSA-3080-1 CVE-2014-6457 CVE-2014-6502 CVE-2014-6504 CVE-2014-6506 CVE-2014-6511 CVE-2014-6512 CVE-2014-6517 CVE-2014-6519 CVE-2014-6531 CVE-2014-6558	Version:	3
Platform(s):	Debian GNU/Linux 7.0 Debian GNU/kFreeBSD 7.0	Product(s):	openjdk-7
Definition Synopsis:
Debian 7 is installed GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND openjdk-7 is earlier than 0:7u71-2.5.3-2~deb7u1

Definition Id: oval:org.mitre.oval:def:28346

Oval ID:	oval:org.mitre.oval:def:28346
Title:	IBM SDK Java Technology Edition vulnerability
Description:	Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-6515	Version:	4
Platform(s):	IBM AIX 6.1 IBM AIX 7.1	Product(s):
Definition Synopsis:
platforms IBM AIX 6.1 is installed AND IBM AIX 7.1 is installed AND File Version Exists Java5.sdk less than 5.0.0.580 AND Java5_64.sdk less than 5.0.0.580 AND Java6.sdk less than 6.0.0.460 AND Java6_64.sdk less than 6.0.0.460 AND Java7.sdk less than 7.0.0.135 AND Java7_64.sdk less than 7.0.0.135 AND Java71.sdk less than 7.1.0.15 AND Java71_64.sdk less than 7.1.0.15

Definition Id: oval:org.mitre.oval:def:28350

Oval ID:	oval:org.mitre.oval:def:28350
Title:	IBM SDK Java Technology Edition vulnerability
Description:	Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality via unknown vectors related to Libraries.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-6531	Version:	4
Platform(s):	IBM AIX 6.1 IBM AIX 7.1	Product(s):
Definition Synopsis:
platforms IBM AIX 6.1 is installed AND IBM AIX 7.1 is installed AND File Version Exists Java5.sdk less than 5.0.0.580 AND Java5_64.sdk less than 5.0.0.580 AND Java6.sdk less than 6.0.0.460 AND Java6_64.sdk less than 6.0.0.460 AND Java7.sdk less than 7.0.0.135 AND Java7_64.sdk less than 7.0.0.135 AND Java71.sdk less than 7.1.0.15 AND Java71_64.sdk less than 7.1.0.15

Definition Id: oval:org.mitre.oval:def:28355

Oval ID:	oval:org.mitre.oval:def:28355
Title:	IBM SDK Java Technology Edition vulnerability
Description:	Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-6506	Version:	4
Platform(s):	IBM AIX 6.1 IBM AIX 7.1	Product(s):
Definition Synopsis:
platforms IBM AIX 6.1 is installed AND IBM AIX 7.1 is installed AND File Version Exists Java5.sdk less than 5.0.0.580 AND Java5_64.sdk less than 5.0.0.580 AND Java6.sdk less than 6.0.0.460 AND Java6_64.sdk less than 6.0.0.460 AND Java7.sdk less than 7.0.0.135 AND Java7_64.sdk less than 7.0.0.135 AND Java71.sdk less than 7.1.0.15 AND Java71_64.sdk less than 7.1.0.15

Definition Id: oval:org.mitre.oval:def:28367

Oval ID:	oval:org.mitre.oval:def:28367
Title:	IBM SDK Java Technology Edition vulnerability
Description:	Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6503, and CVE-2014-6532.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-6493	Version:	4
Platform(s):	IBM AIX 6.1 IBM AIX 7.1	Product(s):
Definition Synopsis:
platforms IBM AIX 6.1 is installed AND IBM AIX 7.1 is installed AND File Version Exists Java5.sdk less than 5.0.0.580 AND Java5_64.sdk less than 5.0.0.580 AND Java6.sdk less than 6.0.0.460 AND Java6_64.sdk less than 6.0.0.460 AND Java7.sdk less than 7.0.0.135 AND Java7_64.sdk less than 7.0.0.135 AND Java71.sdk less than 7.1.0.15 AND Java71_64.sdk less than 7.1.0.15

Definition Id: oval:org.mitre.oval:def:28400

Oval ID:	oval:org.mitre.oval:def:28400
Title:	IBM SDK Java Technology Edition vulnerability
Description:	Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3, and R28.3.3 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-6457	Version:	4
Platform(s):	IBM AIX 6.1 IBM AIX 7.1	Product(s):
Definition Synopsis:
platforms IBM AIX 6.1 is installed AND IBM AIX 7.1 is installed AND File Version Exists Java5.sdk less than 5.0.0.580 AND Java5_64.sdk less than 5.0.0.580 AND Java6.sdk less than 6.0.0.460 AND Java6_64.sdk less than 6.0.0.460 AND Java7.sdk less than 7.0.0.135 AND Java7_64.sdk less than 7.0.0.135 AND Java71.sdk less than 7.1.0.15 AND Java71_64.sdk less than 7.1.0.15

Definition Id: oval:org.mitre.oval:def:28409

Oval ID:	oval:org.mitre.oval:def:28409
Title:	DSA-2987-2 -- openjdk-7 regression update
Description:	Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service.
Family:	unix	Class:	patch
Reference(s):	DSA-2987-2 CVE-2014-2483 CVE-2014-2490 CVE-2014-4209 CVE-2014-4216 CVE-2014-4218 CVE-2014-4219 CVE-2014-4221 CVE-2014-4223 CVE-2014-4244 CVE-2014-4252 CVE-2014-4262 CVE-2014-4263 CVE-2014-4264 CVE-2014-4266 CVE-2014-4268	Version:	3
Platform(s):	Debian GNU/Linux 7.0 Debian GNU/kFreeBSD 7.0	Product(s):	openjdk-7
Definition Synopsis:
Debian 7 is installed GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND openjdk-7 is earlier than 0:7u65-2.5.1-2~deb7u1

Definition Id: oval:org.mitre.oval:def:28424

Oval ID:	oval:org.mitre.oval:def:28424
Title:	IBM SDK Java Technology Edition vulnerability
Description:	Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6503.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-6532	Version:	4
Platform(s):	IBM AIX 6.1 IBM AIX 7.1	Product(s):
Definition Synopsis:
platforms IBM AIX 6.1 is installed AND IBM AIX 7.1 is installed AND File Version Exists Java5.sdk less than 5.0.0.580 AND Java5_64.sdk less than 5.0.0.580 AND Java6.sdk less than 6.0.0.460 AND Java6_64.sdk less than 6.0.0.460 AND Java7.sdk less than 7.0.0.135 AND Java7_64.sdk less than 7.0.0.135 AND Java71.sdk less than 7.1.0.15 AND Java71_64.sdk less than 7.1.0.15

Definition Id: oval:org.mitre.oval:def:28431

Oval ID:	oval:org.mitre.oval:def:28431
Title:	IBM SDK Java Technology Edition vulnerability
Description:	Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6493, CVE-2014-6503, and CVE-2014-6532.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-4288	Version:	4
Platform(s):	IBM AIX 6.1 IBM AIX 7.1	Product(s):
Definition Synopsis:
platforms IBM AIX 6.1 is installed AND IBM AIX 7.1 is installed AND File Version Exists Java5.sdk less than 5.0.0.580 AND Java5_64.sdk less than 5.0.0.580 AND Java6.sdk less than 6.0.0.460 AND Java6_64.sdk less than 6.0.0.460 AND Java7.sdk less than 7.0.0.135 AND Java7_64.sdk less than 7.0.0.135 AND Java71.sdk less than 7.1.0.15 AND Java71_64.sdk less than 7.1.0.15

Definition Id: oval:org.mitre.oval:def:28526

Oval ID:	oval:org.mitre.oval:def:28526
Title:	JRE and JDK Vulnerability on HPUX
Description:	Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-6458	Version:	4
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
Criteria meets HP Security Bulletin HPSBUX03219 HP-UX B.11.31 AND filesets tests Jdk80.JDK80-COM version is less than 1.8.0.01.00 AND Jdk80.JDK80-IPF32 version is less than 1.8.0.01.00 AND Jdk80.JDK80-IPF64 version is less than 1.8.0.01.00 AND Jdk80.JDK80-DEMO version is less than 1.8.0.01.00 AND Jre80.JRE80-COM version is less than 1.8.0.01.00 AND Jre80.JRE80-COM-DOC version is less than 1.8.0.01.00 AND Jre80.JRE800-IPF32 version is less than 1.8.0.01.00 AND Jre80.JRE800-IPF32-HS version is less than 1.8.0.01.00 AND Jre80.JRE80-IPF64 version is less than 1.8.0.01.00 AND Jre80.JRE80-IPF64-HS version is less than 1.8.0.01.00

Definition Id: oval:org.mitre.oval:def:28550

Oval ID:	oval:org.mitre.oval:def:28550
Title:	JRE and JDK Vulnerability on HPUX
Description:	Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Libraries.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-6512	Version:	4
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
Criteria meets HP Security Bulletin HPSBUX03219 HP-UX B.11.31 AND filesets tests Jdk80.JDK80-COM version is less than 1.8.0.01.00 AND Jdk80.JDK80-IPF32 version is less than 1.8.0.01.00 AND Jdk80.JDK80-IPF64 version is less than 1.8.0.01.00 AND Jdk80.JDK80-DEMO version is less than 1.8.0.01.00 AND Jre80.JRE80-COM version is less than 1.8.0.01.00 AND Jre80.JRE80-COM-DOC version is less than 1.8.0.01.00 AND Jre80.JRE800-IPF32 version is less than 1.8.0.01.00 AND Jre80.JRE800-IPF32-HS version is less than 1.8.0.01.00 AND Jre80.JRE80-IPF64 version is less than 1.8.0.01.00 AND Jre80.JRE80-IPF64-HS version is less than 1.8.0.01.00

Definition Id: oval:org.mitre.oval:def:28559

Oval ID:	oval:org.mitre.oval:def:28559
Title:	JRE and JDK Vulnerability on HPUX
Description:	Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Libraries.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-6502	Version:	4
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
Criteria meets HP Security Bulletin HPSBUX03219 HP-UX B.11.31 AND filesets tests Jdk80.JDK80-COM version is less than 1.8.0.01.00 AND Jdk80.JDK80-IPF32 version is less than 1.8.0.01.00 AND Jdk80.JDK80-IPF64 version is less than 1.8.0.01.00 AND Jdk80.JDK80-DEMO version is less than 1.8.0.01.00 AND Jre80.JRE80-COM version is less than 1.8.0.01.00 AND Jre80.JRE80-COM-DOC version is less than 1.8.0.01.00 AND Jre80.JRE800-IPF32 version is less than 1.8.0.01.00 AND Jre80.JRE800-IPF32-HS version is less than 1.8.0.01.00 AND Jre80.JRE80-IPF64 version is less than 1.8.0.01.00 AND Jre80.JRE80-IPF64-HS version is less than 1.8.0.01.00

Definition Id: oval:org.mitre.oval:def:28566

Oval ID:	oval:org.mitre.oval:def:28566
Title:	JRE and JDK Vulnerability on HPUX
Description:	Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6527.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-6476	Version:	4
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
Criteria meets HP Security Bulletin HPSBUX03219 HP-UX B.11.31 AND filesets tests Jdk80.JDK80-COM version is less than 1.8.0.01.00 AND Jdk80.JDK80-IPF32 version is less than 1.8.0.01.00 AND Jdk80.JDK80-IPF64 version is less than 1.8.0.01.00 AND Jdk80.JDK80-DEMO version is less than 1.8.0.01.00 AND Jre80.JRE80-COM version is less than 1.8.0.01.00 AND Jre80.JRE80-COM-DOC version is less than 1.8.0.01.00 AND Jre80.JRE800-IPF32 version is less than 1.8.0.01.00 AND Jre80.JRE800-IPF32-HS version is less than 1.8.0.01.00 AND Jre80.JRE80-IPF64 version is less than 1.8.0.01.00 AND Jre80.JRE80-IPF64-HS version is less than 1.8.0.01.00

Definition Id: oval:org.mitre.oval:def:28619

Oval ID:	oval:org.mitre.oval:def:28619
Title:	JRE and JDK Vulnerability on HPUX
Description:	Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and JRockit R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Security.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-6558	Version:	4
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
Criteria meets HP Security Bulletin HPSBUX03219 HP-UX B.11.31 AND filesets tests Jdk80.JDK80-COM version is less than 1.8.0.01.00 AND Jdk80.JDK80-IPF32 version is less than 1.8.0.01.00 AND Jdk80.JDK80-IPF64 version is less than 1.8.0.01.00 AND Jdk80.JDK80-DEMO version is less than 1.8.0.01.00 AND Jre80.JRE80-COM version is less than 1.8.0.01.00 AND Jre80.JRE80-COM-DOC version is less than 1.8.0.01.00 AND Jre80.JRE800-IPF32 version is less than 1.8.0.01.00 AND Jre80.JRE800-IPF32-HS version is less than 1.8.0.01.00 AND Jre80.JRE80-IPF64 version is less than 1.8.0.01.00 AND Jre80.JRE80-IPF64-HS version is less than 1.8.0.01.00

Definition Id: oval:org.mitre.oval:def:28662

Oval ID:	oval:org.mitre.oval:def:28662
Title:	JRE and JDK Vulnerability on HPUX
Description:	Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality via unknown vectors related to 2D.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-6511	Version:	4
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
Criteria meets HP Security Bulletin HPSBUX03219 HP-UX B.11.31 AND filesets tests Jdk80.JDK80-COM version is less than 1.8.0.01.00 AND Jdk80.JDK80-IPF32 version is less than 1.8.0.01.00 AND Jdk80.JDK80-IPF64 version is less than 1.8.0.01.00 AND Jdk80.JDK80-DEMO version is less than 1.8.0.01.00 AND Jre80.JRE80-COM version is less than 1.8.0.01.00 AND Jre80.JRE80-COM-DOC version is less than 1.8.0.01.00 AND Jre80.JRE800-IPF32 version is less than 1.8.0.01.00 AND Jre80.JRE800-IPF32-HS version is less than 1.8.0.01.00 AND Jre80.JRE80-IPF64 version is less than 1.8.0.01.00 AND Jre80.JRE80-IPF64-HS version is less than 1.8.0.01.00

Definition Id: oval:org.mitre.oval:def:28697

Oval ID:	oval:org.mitre.oval:def:28697
Title:	JRE and JDK Vulnerability on HPUX
Description:	Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-6456	Version:	4
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
Criteria meets HP Security Bulletin HPSBUX03219 HP-UX B.11.31 AND filesets tests Jdk80.JDK80-COM version is less than 1.8.0.01.00 AND Jdk80.JDK80-IPF32 version is less than 1.8.0.01.00 AND Jdk80.JDK80-IPF64 version is less than 1.8.0.01.00 AND Jdk80.JDK80-DEMO version is less than 1.8.0.01.00 AND Jre80.JRE80-COM version is less than 1.8.0.01.00 AND Jre80.JRE80-COM-DOC version is less than 1.8.0.01.00 AND Jre80.JRE800-IPF32 version is less than 1.8.0.01.00 AND Jre80.JRE800-IPF32-HS version is less than 1.8.0.01.00 AND Jre80.JRE80-IPF64 version is less than 1.8.0.01.00 AND Jre80.JRE80-IPF64-HS version is less than 1.8.0.01.00

Definition Id: oval:org.mitre.oval:def:28729

Oval ID:	oval:org.mitre.oval:def:28729
Title:	JRE and JDK Vulnerability on HPUX
Description:	Unspecified vulnerability in Oracle Java SE 8u20 and JavaFX 2.2.65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-6485	Version:	4
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
Criteria meets HP Security Bulletin HPSBUX03219 HP-UX B.11.31 AND filesets tests Jdk80.JDK80-COM version is less than 1.8.0.01.00 AND Jdk80.JDK80-IPF32 version is less than 1.8.0.01.00 AND Jdk80.JDK80-IPF64 version is less than 1.8.0.01.00 AND Jdk80.JDK80-DEMO version is less than 1.8.0.01.00 AND Jre80.JRE80-COM version is less than 1.8.0.01.00 AND Jre80.JRE80-COM-DOC version is less than 1.8.0.01.00 AND Jre80.JRE800-IPF32 version is less than 1.8.0.01.00 AND Jre80.JRE800-IPF32-HS version is less than 1.8.0.01.00 AND Jre80.JRE80-IPF64 version is less than 1.8.0.01.00 AND Jre80.JRE80-IPF64-HS version is less than 1.8.0.01.00

Definition Id: oval:org.mitre.oval:def:28740

Oval ID:	oval:org.mitre.oval:def:28740
Title:	JRE and JDK Vulnerability on HPUX
Description:	Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6503, and CVE-2014-6532.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-6493	Version:	4
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
Criteria meets HP Security Bulletin HPSBUX03219 HP-UX B.11.31 AND filesets tests Jdk80.JDK80-COM version is less than 1.8.0.01.00 AND Jdk80.JDK80-IPF32 version is less than 1.8.0.01.00 AND Jdk80.JDK80-IPF64 version is less than 1.8.0.01.00 AND Jdk80.JDK80-DEMO version is less than 1.8.0.01.00 AND Jre80.JRE80-COM version is less than 1.8.0.01.00 AND Jre80.JRE80-COM-DOC version is less than 1.8.0.01.00 AND Jre80.JRE800-IPF32 version is less than 1.8.0.01.00 AND Jre80.JRE800-IPF32-HS version is less than 1.8.0.01.00 AND Jre80.JRE80-IPF64 version is less than 1.8.0.01.00 AND Jre80.JRE80-IPF64-HS version is less than 1.8.0.01.00

Definition Id: oval:org.mitre.oval:def:28746

Oval ID:	oval:org.mitre.oval:def:28746
Title:	JRE and JDK Vulnerability on HPUX
Description:	Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, and 7u67, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality via unknown vectors related to Hotspot.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-6504	Version:	4
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
Criteria meets HP Security Bulletin HPSBUX03219 HP-UX B.11.31 AND filesets tests Jdk80.JDK80-COM version is less than 1.8.0.01.00 AND Jdk80.JDK80-IPF32 version is less than 1.8.0.01.00 AND Jdk80.JDK80-IPF64 version is less than 1.8.0.01.00 AND Jdk80.JDK80-DEMO version is less than 1.8.0.01.00 AND Jre80.JRE80-COM version is less than 1.8.0.01.00 AND Jre80.JRE80-COM-DOC version is less than 1.8.0.01.00 AND Jre80.JRE800-IPF32 version is less than 1.8.0.01.00 AND Jre80.JRE800-IPF32-HS version is less than 1.8.0.01.00 AND Jre80.JRE80-IPF64 version is less than 1.8.0.01.00 AND Jre80.JRE80-IPF64-HS version is less than 1.8.0.01.00

Definition Id: oval:org.mitre.oval:def:28763

Oval ID:	oval:org.mitre.oval:def:28763
Title:	JRE and JDK Vulnerability on HPUX
Description:	Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-6515	Version:	4
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
Criteria meets HP Security Bulletin HPSBUX03219 HP-UX B.11.31 AND filesets tests Jdk80.JDK80-COM version is less than 1.8.0.01.00 AND Jdk80.JDK80-IPF32 version is less than 1.8.0.01.00 AND Jdk80.JDK80-IPF64 version is less than 1.8.0.01.00 AND Jdk80.JDK80-DEMO version is less than 1.8.0.01.00 AND Jre80.JRE80-COM version is less than 1.8.0.01.00 AND Jre80.JRE80-COM-DOC version is less than 1.8.0.01.00 AND Jre80.JRE800-IPF32 version is less than 1.8.0.01.00 AND Jre80.JRE800-IPF32-HS version is less than 1.8.0.01.00 AND Jre80.JRE80-IPF64 version is less than 1.8.0.01.00 AND Jre80.JRE80-IPF64-HS version is less than 1.8.0.01.00

Definition Id: oval:org.mitre.oval:def:28784

Oval ID:	oval:org.mitre.oval:def:28784
Title:	JRE and JDK Vulnerability on HPUX
Description:	Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6476.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-6527	Version:	4
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
Criteria meets HP Security Bulletin HPSBUX03219 HP-UX B.11.31 AND filesets tests Jdk80.JDK80-COM version is less than 1.8.0.01.00 AND Jdk80.JDK80-IPF32 version is less than 1.8.0.01.00 AND Jdk80.JDK80-IPF64 version is less than 1.8.0.01.00 AND Jdk80.JDK80-DEMO version is less than 1.8.0.01.00 AND Jre80.JRE80-COM version is less than 1.8.0.01.00 AND Jre80.JRE80-COM-DOC version is less than 1.8.0.01.00 AND Jre80.JRE800-IPF32 version is less than 1.8.0.01.00 AND Jre80.JRE800-IPF32-HS version is less than 1.8.0.01.00 AND Jre80.JRE80-IPF64 version is less than 1.8.0.01.00 AND Jre80.JRE80-IPF64-HS version is less than 1.8.0.01.00

Definition Id: oval:org.mitre.oval:def:28827

Oval ID:	oval:org.mitre.oval:def:28827
Title:	JRE and JDK Vulnerability on HPUX
Description:	Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6532.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-6503	Version:	4
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
Criteria meets HP Security Bulletin HPSBUX03219 HP-UX B.11.31 AND filesets tests Jdk80.JDK80-COM version is less than 1.8.0.01.00 AND Jdk80.JDK80-IPF32 version is less than 1.8.0.01.00 AND Jdk80.JDK80-IPF64 version is less than 1.8.0.01.00 AND Jdk80.JDK80-DEMO version is less than 1.8.0.01.00 AND Jre80.JRE80-COM version is less than 1.8.0.01.00 AND Jre80.JRE80-COM-DOC version is less than 1.8.0.01.00 AND Jre80.JRE800-IPF32 version is less than 1.8.0.01.00 AND Jre80.JRE800-IPF32-HS version is less than 1.8.0.01.00 AND Jre80.JRE80-IPF64 version is less than 1.8.0.01.00 AND Jre80.JRE80-IPF64-HS version is less than 1.8.0.01.00

Definition Id: oval:org.mitre.oval:def:28841

Oval ID:	oval:org.mitre.oval:def:28841
Title:	JRE and JDK Vulnerability on HPUX
Description:	Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3, and R28.3.3 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-6457	Version:	4
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
Criteria meets HP Security Bulletin HPSBUX03219 HP-UX B.11.31 AND filesets tests Jdk80.JDK80-COM version is less than 1.8.0.01.00 AND Jdk80.JDK80-IPF32 version is less than 1.8.0.01.00 AND Jdk80.JDK80-IPF64 version is less than 1.8.0.01.00 AND Jdk80.JDK80-DEMO version is less than 1.8.0.01.00 AND Jre80.JRE80-COM version is less than 1.8.0.01.00 AND Jre80.JRE80-COM-DOC version is less than 1.8.0.01.00 AND Jre80.JRE800-IPF32 version is less than 1.8.0.01.00 AND Jre80.JRE800-IPF32-HS version is less than 1.8.0.01.00 AND Jre80.JRE80-IPF64 version is less than 1.8.0.01.00 AND Jre80.JRE80-IPF64-HS version is less than 1.8.0.01.00

Definition Id: oval:org.mitre.oval:def:28845

Oval ID:	oval:org.mitre.oval:def:28845
Title:	JRE and JDK Vulnerability on HPUX
Description:	Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-6513	Version:	4
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
Criteria meets HP Security Bulletin HPSBUX03219 HP-UX B.11.31 AND filesets tests Jdk80.JDK80-COM version is less than 1.8.0.01.00 AND Jdk80.JDK80-IPF32 version is less than 1.8.0.01.00 AND Jdk80.JDK80-IPF64 version is less than 1.8.0.01.00 AND Jdk80.JDK80-DEMO version is less than 1.8.0.01.00 AND Jre80.JRE80-COM version is less than 1.8.0.01.00 AND Jre80.JRE80-COM-DOC version is less than 1.8.0.01.00 AND Jre80.JRE800-IPF32 version is less than 1.8.0.01.00 AND Jre80.JRE800-IPF32-HS version is less than 1.8.0.01.00 AND Jre80.JRE80-IPF64 version is less than 1.8.0.01.00 AND Jre80.JRE80-IPF64-HS version is less than 1.8.0.01.00

Definition Id: oval:org.mitre.oval:def:28864

Oval ID:	oval:org.mitre.oval:def:28864
Title:	JRE and JDK Vulnerability on HPUX
Description:	Unspecified vulnerability in Oracle Java SE 8u20 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-6468	Version:	4
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
Criteria meets HP Security Bulletin HPSBUX03219 HP-UX B.11.31 AND filesets tests Jdk80.JDK80-COM version is less than 1.8.0.01.00 AND Jdk80.JDK80-IPF32 version is less than 1.8.0.01.00 AND Jdk80.JDK80-IPF64 version is less than 1.8.0.01.00 AND Jdk80.JDK80-DEMO version is less than 1.8.0.01.00 AND Jre80.JRE80-COM version is less than 1.8.0.01.00 AND Jre80.JRE80-COM-DOC version is less than 1.8.0.01.00 AND Jre80.JRE800-IPF32 version is less than 1.8.0.01.00 AND Jre80.JRE800-IPF32-HS version is less than 1.8.0.01.00 AND Jre80.JRE80-IPF64 version is less than 1.8.0.01.00 AND Jre80.JRE80-IPF64-HS version is less than 1.8.0.01.00

Definition Id: oval:org.mitre.oval:def:28899

Oval ID:	oval:org.mitre.oval:def:28899
Title:	JRE and JDK Vulnerability on HPUX
Description:	Unspecified vulnerability in Oracle Java SE 7u67 and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Hotspot.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-6519	Version:	4
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
Criteria meets HP Security Bulletin HPSBUX03219 HP-UX B.11.31 AND filesets tests Jdk80.JDK80-COM version is less than 1.8.0.01.00 AND Jdk80.JDK80-IPF32 version is less than 1.8.0.01.00 AND Jdk80.JDK80-IPF64 version is less than 1.8.0.01.00 AND Jdk80.JDK80-DEMO version is less than 1.8.0.01.00 AND Jre80.JRE80-COM version is less than 1.8.0.01.00 AND Jre80.JRE80-COM-DOC version is less than 1.8.0.01.00 AND Jre80.JRE800-IPF32 version is less than 1.8.0.01.00 AND Jre80.JRE800-IPF32-HS version is less than 1.8.0.01.00 AND Jre80.JRE80-IPF64 version is less than 1.8.0.01.00 AND Jre80.JRE80-IPF64-HS version is less than 1.8.0.01.00

Definition Id: oval:org.mitre.oval:def:28903

Oval ID:	oval:org.mitre.oval:def:28903
Title:	JRE and JDK Vulnerability on HPUX
Description:	Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Internet Explorer, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-6466	Version:	4
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
Criteria meets HP Security Bulletin HPSBUX03219 HP-UX B.11.31 AND filesets tests Jdk80.JDK80-COM version is less than 1.8.0.01.00 AND Jdk80.JDK80-IPF32 version is less than 1.8.0.01.00 AND Jdk80.JDK80-IPF64 version is less than 1.8.0.01.00 AND Jdk80.JDK80-DEMO version is less than 1.8.0.01.00 AND Jre80.JRE80-COM version is less than 1.8.0.01.00 AND Jre80.JRE80-COM-DOC version is less than 1.8.0.01.00 AND Jre80.JRE800-IPF32 version is less than 1.8.0.01.00 AND Jre80.JRE800-IPF32-HS version is less than 1.8.0.01.00 AND Jre80.JRE80-IPF64 version is less than 1.8.0.01.00 AND Jre80.JRE80-IPF64-HS version is less than 1.8.0.01.00

Definition Id: oval:org.mitre.oval:def:28914

Oval ID:	oval:org.mitre.oval:def:28914
Title:	JRE and JDK Vulnerability on HPUX
Description:	Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6493, CVE-2014-6503, and CVE-2014-6532.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-4288	Version:	4
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
Criteria meets HP Security Bulletin HPSBUX03219 HP-UX B.11.31 AND filesets tests Jdk80.JDK80-COM version is less than 1.8.0.01.00 AND Jdk80.JDK80-IPF32 version is less than 1.8.0.01.00 AND Jdk80.JDK80-IPF64 version is less than 1.8.0.01.00 AND Jdk80.JDK80-DEMO version is less than 1.8.0.01.00 AND Jre80.JRE80-COM version is less than 1.8.0.01.00 AND Jre80.JRE80-COM-DOC version is less than 1.8.0.01.00 AND Jre80.JRE800-IPF32 version is less than 1.8.0.01.00 AND Jre80.JRE800-IPF32-HS version is less than 1.8.0.01.00 AND Jre80.JRE80-IPF64 version is less than 1.8.0.01.00 AND Jre80.JRE80-IPF64-HS version is less than 1.8.0.01.00

Definition Id: oval:org.mitre.oval:def:28940

Oval ID:	oval:org.mitre.oval:def:28940
Title:	JRE and JDK Vulnerability on HPUX
Description:	Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6503.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-6532	Version:	4
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
Criteria meets HP Security Bulletin HPSBUX03219 HP-UX B.11.31 AND filesets tests Jdk80.JDK80-COM version is less than 1.8.0.01.00 AND Jdk80.JDK80-IPF32 version is less than 1.8.0.01.00 AND Jdk80.JDK80-IPF64 version is less than 1.8.0.01.00 AND Jdk80.JDK80-DEMO version is less than 1.8.0.01.00 AND Jre80.JRE80-COM version is less than 1.8.0.01.00 AND Jre80.JRE80-COM-DOC version is less than 1.8.0.01.00 AND Jre80.JRE800-IPF32 version is less than 1.8.0.01.00 AND Jre80.JRE800-IPF32-HS version is less than 1.8.0.01.00 AND Jre80.JRE80-IPF64 version is less than 1.8.0.01.00 AND Jre80.JRE80-IPF64-HS version is less than 1.8.0.01.00

Definition Id: oval:org.mitre.oval:def:28961

Oval ID:	oval:org.mitre.oval:def:28961
Title:	JRE and JDK Vulnerability on HPUX
Description:	Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-6506	Version:	4
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
Criteria meets HP Security Bulletin HPSBUX03219 HP-UX B.11.31 AND filesets tests Jdk80.JDK80-COM version is less than 1.8.0.01.00 AND Jdk80.JDK80-IPF32 version is less than 1.8.0.01.00 AND Jdk80.JDK80-IPF64 version is less than 1.8.0.01.00 AND Jdk80.JDK80-DEMO version is less than 1.8.0.01.00 AND Jre80.JRE80-COM version is less than 1.8.0.01.00 AND Jre80.JRE80-COM-DOC version is less than 1.8.0.01.00 AND Jre80.JRE800-IPF32 version is less than 1.8.0.01.00 AND Jre80.JRE800-IPF32-HS version is less than 1.8.0.01.00 AND Jre80.JRE80-IPF64 version is less than 1.8.0.01.00 AND Jre80.JRE80-IPF64-HS version is less than 1.8.0.01.00

Definition Id: oval:org.mitre.oval:def:28970

Oval ID:	oval:org.mitre.oval:def:28970
Title:	JRE and JDK Vulnerability on HPUX
Description:	Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and Jrockit R27.8.3 and R28.3.3 allows remote attackers to affect confidentiality via vectors related to JAXP.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-6517	Version:	4
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
Criteria meets HP Security Bulletin HPSBUX03219 HP-UX B.11.31 AND filesets tests Jdk80.JDK80-COM version is less than 1.8.0.01.00 AND Jdk80.JDK80-IPF32 version is less than 1.8.0.01.00 AND Jdk80.JDK80-IPF64 version is less than 1.8.0.01.00 AND Jdk80.JDK80-DEMO version is less than 1.8.0.01.00 AND Jre80.JRE80-COM version is less than 1.8.0.01.00 AND Jre80.JRE80-COM-DOC version is less than 1.8.0.01.00 AND Jre80.JRE800-IPF32 version is less than 1.8.0.01.00 AND Jre80.JRE800-IPF32-HS version is less than 1.8.0.01.00 AND Jre80.JRE80-IPF64 version is less than 1.8.0.01.00 AND Jre80.JRE80-IPF64-HS version is less than 1.8.0.01.00

Definition Id: oval:org.mitre.oval:def:29011

Oval ID:	oval:org.mitre.oval:def:29011
Title:	JRE and JDK Vulnerability on HPUX
Description:	Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Firefox, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-6492	Version:	4
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
Criteria meets HP Security Bulletin HPSBUX03219 HP-UX B.11.31 AND filesets tests Jdk80.JDK80-COM version is less than 1.8.0.01.00 AND Jdk80.JDK80-IPF32 version is less than 1.8.0.01.00 AND Jdk80.JDK80-IPF64 version is less than 1.8.0.01.00 AND Jdk80.JDK80-DEMO version is less than 1.8.0.01.00 AND Jre80.JRE80-COM version is less than 1.8.0.01.00 AND Jre80.JRE80-COM-DOC version is less than 1.8.0.01.00 AND Jre80.JRE800-IPF32 version is less than 1.8.0.01.00 AND Jre80.JRE800-IPF32-HS version is less than 1.8.0.01.00 AND Jre80.JRE80-IPF64 version is less than 1.8.0.01.00 AND Jre80.JRE80-IPF64-HS version is less than 1.8.0.01.00

CPE : Common Platform Enumeration

Type	Description	Count
Application	Juniper Junos Space cpe:2.3:a:juniper:junos_space:14.1:r1:::::: cpe:2.3:a:juniper:junos_space:14.1:r2:::::: cpe:2.3:a:juniper:junos_space:14.1:r3:::::: cpe:2.3:a:juniper:junos_space:14.1:-:::::: cpe:2.3:a:juniper:junos_space:13.3:r2:::::: cpe:2.3:a:juniper:junos_space:13.3:r1.3:::::: cpe:2.3:a:juniper:junos_space:13.3:r1.5:::::: cpe:2.3:a:juniper:junos_space:13.3:r1.7:::::: cpe:2.3:a:juniper:junos_space:13.3:r1.1:::::: cpe:2.3:a:juniper:junos_space:13.3:r1.2:::::: cpe:2.3:a:juniper:junos_space:13.3:r1.4:::::: cpe:2.3:a:juniper:junos_space:13.3:r1.6:::::: cpe:2.3:a:juniper:junos_space:13.3:r4:::::: cpe:2.3:a:juniper:junos_space:13.3:r1:::::: cpe:2.3:a:juniper:junos_space:13.3:r3:::::: cpe:2.3:a:juniper:junos_space:13.1:r1.8:::::: cpe:2.3:a:juniper:junos_space:13.1:-:::::: cpe:2.3:a:juniper:junos_space:12.3:::::::* cpe:2.3:a:juniper:junos_space:12.2:::::::* cpe:2.3:a:juniper:junos_space:12.1:::::::* cpe:2.3:a:juniper:junos_space:11.4:::::::* cpe:2.3:a:juniper:junos_space:11.3:::::::* cpe:2.3:a:juniper:junos_space:11.2:::::::* cpe:2.3:a:juniper:junos_space:11.1:::::::* cpe:2.3:a:juniper:junos_space:2.0:::::::* cpe:2.3:a:juniper:junos_space:1.4:::::::* cpe:2.3:a:juniper:junos_space:1.3:::::::* cpe:2.3:a:juniper:junos_space:1.2:::::::* cpe:2.3:a:juniper:junos_space:1.1:::::::* cpe:2.3:a:juniper:junos_space:1.0:::::::* cpe:2.3:a:juniper:junos_space::::::::	31
Application	Mozilla Firefox cpe:2.3:a:mozilla:firefox:-:::::::*	1
Application	Oracle Javafx cpe:2.3:a:oracle:javafx:2.2.51:::::::*	1
Application	Oracle Jdk cpe:2.3:a:oracle:jdk:1.8.0:-:::::: cpe:2.3:a:oracle:jdk:1.8.0:update20:::::: cpe:2.3:a:oracle:jdk:1.8.0:update5:::::: cpe:2.3:a:oracle:jdk:1.7.0:update67:::::: cpe:2.3:a:oracle:jdk:1.7.0:update60:::::: cpe:2.3:a:oracle:jdk:1.7.0:update51:::::: cpe:2.3:a:oracle:jdk:1.6.0:update81:::::: cpe:2.3:a:oracle:jdk:1.6.0:update75:::::: cpe:2.3:a:oracle:jdk:1.6.0:update71:::::: cpe:2.3:a:oracle:jdk:1.5.0:update_71:::::: cpe:2.3:a:oracle:jdk:1.5.0:update61:::::: cpe:2.3:a:oracle:jdk:1.5.0:update65::::::	12
Application	Oracle Jre cpe:2.3:a:oracle:jre:1.8.0:update_20:::::: cpe:2.3:a:oracle:jre:1.8.0:-:::::: cpe:2.3:a:oracle:jre:1.8.0:update5:::::: cpe:2.3:a:oracle:jre:1.7.0:update_67:::::: cpe:2.3:a:oracle:jre:1.7.0:update60:::::: cpe:2.3:a:oracle:jre:1.7.0:update51:::::: cpe:2.3:a:oracle:jre:1.6.0:update_81:::::: cpe:2.3:a:oracle:jre:1.6.0:update71:::::: cpe:2.3:a:oracle:jre:1.6.0:update75:::::: cpe:2.3:a:oracle:jre:1.5.0:update_71:::::: cpe:2.3:a:oracle:jre:1.5.0:update61:::::: cpe:2.3:a:oracle:jre:1.5.0:update65::::::	12
Application	Oracle Jrockit cpe:2.3:a:oracle:jrockit:r28.3.3:::::::* cpe:2.3:a:oracle:jrockit:r28.3.2:::::::* cpe:2.3:a:oracle:jrockit:r28.3.1:::::::* cpe:2.3:a:oracle:jrockit:r27.8.3:::::::* cpe:2.3:a:oracle:jrockit:r27.8.2:::::::* cpe:2.3:a:oracle:jrockit:r27.8.1:::::::*	6
Application	Oracle Openjdk cpe:2.3:a:oracle:openjdk:1.7.0:::::::*	1
Os	Canonical Ubuntu Linux cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm::: cpe:2.3:o:canonical:ubuntu_linux:13.10:::::::* cpe:2.3:o:canonical:ubuntu_linux:12.10:::::::* cpe:2.3:o:canonical:ubuntu_linux:12.04::::-::: cpe:2.3:o:canonical:ubuntu_linux:10.04::::-:::	5
Os	Debian Debian Linux cpe:2.3:o:debian:debian_linux:8.0:::::::* cpe:2.3:o:debian:debian_linux:7.0:::::::* cpe:2.3:o:debian:debian_linux:6.0:::::::*	3
Os	Hp Hp-Ux cpe:2.3:o:hp:hp-ux:b.11.31:::::::* cpe:2.3:o:hp:hp-ux:b.11.23:::::::*	2
Os	Juniper Junos Space cpe:2.3:o:juniper:junos_space:14.1:r2:::::: cpe:2.3:o:juniper:junos_space:14.1:r1:::::: cpe:2.3:o:juniper:junos_space:14.1:r3:::::: cpe:2.3:o:juniper:junos_space:13.3:r1:::::: cpe:2.3:o:juniper:junos_space:13.3:r2:::::: cpe:2.3:o:juniper:junos_space:-:::::::*	6
Os	Redhat Enterprise Linux cpe:2.3:o:redhat:enterprise_linux:7.0:::::::* cpe:2.3:o:redhat:enterprise_linux:6.0:::::::* cpe:2.3:o:redhat:enterprise_linux:5:::::::*	3

Information Assurance Vulnerability Management (IAVM)

Date	Description
2015-01-22	IAVM : 2015-B-0007 - Multiple Vulnerabilities in Juniper Secure Analytics (JSA) and Security Threa... Severity : Category I - VMSKEY : V0058213
2014-07-17	IAVM : 2014-A-0105 - Multiple Vulnerabilities in Oracle Java Severity : Category I - VMSKEY : V0053191
2014-04-17	IAVM : 2014-A-0056 - Multiple Vulnerabilities in Oracle Java SE Severity : Category I - VMSKEY : V0049583

Snort® IPS/IDS

Date	Description
2019-07-23	Oracle Java AtomicReferenceFieldUpdater remote code execution attempt RuleID : 50460 - Revision : 1 - Type : FILE-JAVA
2019-07-23	Oracle Java AtomicReferenceFieldUpdater remote code execution attempt RuleID : 50459 - Revision : 1 - Type : FILE-JAVA
2016-03-22	Oracle Java IntegerInterleavedRaster integer overflow attempt RuleID : 37805 - Revision : 3 - Type : FILE-JAVA
2016-03-22	Oracle Java IntegerInterleavedRaster integer overflow attempt RuleID : 37804 - Revision : 4 - Type : FILE-JAVA
2016-03-15	Oracle Java ServiceLoader exception handling exploit attempt RuleID : 37665 - Revision : 3 - Type : FILE-JAVA
2016-03-15	Oracle Java ServiceLoader exception handling exploit attempt RuleID : 37664 - Revision : 4 - Type : FILE-JAVA
2016-03-14	Oracle Java System.arraycopy race condition attempt RuleID : 36240 - Revision : 2 - Type : FILE-JAVA
2016-03-14	Oracle Java System.arraycopy race condition attempt RuleID : 36239 - Revision : 2 - Type : FILE-JAVA
2014-11-19	Oracle Java ServiceLoader exception handling exploit attempt RuleID : 32235 - Revision : 6 - Type : FILE-JAVA
2014-11-19	Oracle Java ServiceLoader exception handling exploit attempt RuleID : 32234 - Revision : 7 - Type : FILE-JAVA
2014-11-19	Oracle Java ServiceLoader exception handling exploit attempt RuleID : 32233 - Revision : 6 - Type : FILE-JAVA
2014-11-19	Oracle Java ServiceLoader exception handling exploit attempt RuleID : 32232 - Revision : 7 - Type : FILE-JAVA

Nessus® Vulnerability Scanner

Date	Description
2016-06-23	Name : The remote device is affected by multiple vulnerabilities. File : juniper_space_jsa10698.nasl - Type : ACT_GATHER_INFO
2015-05-20	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2014-0732-1.nasl - Type : ACT_GATHER_INFO
2015-05-20	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2014-1422-1.nasl - Type : ACT_GATHER_INFO
2015-03-30	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2015-107.nasl - Type : ACT_GATHER_INFO
2015-03-26	Name : The remote Debian host is missing a security update. File : debian_DLA-96.nasl - Type : ACT_GATHER_INFO
2015-03-17	Name : The remote application server is affected by multiple vulnerabilities. File : websphere_7_0_0_37.nasl - Type : ACT_GATHER_INFO
2015-03-12	Name : The remote host has software installed that is affected by multiple vulnerabi... File : ibm_rational_clearquest_8_0_1_6.nasl - Type : ACT_GATHER_INFO
2015-02-25	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-0264.nasl - Type : ACT_GATHER_INFO
2015-02-16	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201502-12.nasl - Type : ACT_GATHER_INFO
2014-12-29	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201412-46.nasl - Type : ACT_GATHER_INFO
2014-12-22	Name : The remote device is affected by multiple vulnerabilities. File : juniper_space_jsa10659.nasl - Type : ACT_GATHER_INFO
2014-12-16	Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-772.nasl - Type : ACT_GATHER_INFO
2014-12-16	Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-773.nasl - Type : ACT_GATHER_INFO
2014-12-12	Name : The remote host has an update manager installed that is affected by multiple ... File : vmware_vcenter_update_mgr_vmsa-2014-0012.nasl - Type : ACT_GATHER_INFO
2014-12-12	Name : The remote host has a virtualization management application installed that is... File : vmware_vcenter_vmsa-2014-0012.nasl - Type : ACT_GATHER_INFO
2014-12-01	Name : The remote Debian host is missing a security-related update. File : debian_DSA-3080.nasl - Type : ACT_GATHER_INFO
2014-12-01	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-ibm-141119.nasl - Type : ACT_GATHER_INFO
2014-12-01	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_7_0-ibm-141121.nasl - Type : ACT_GATHER_INFO
2014-11-28	Name : The remote AIX host has a version of Java SDK installed that is affected by m... File : aix_java_oct2014_advisory.nasl - Type : ACT_GATHER_INFO
2014-11-27	Name : The remote Debian host is missing a security-related update. File : debian_DSA-3077.nasl - Type : ACT_GATHER_INFO
2014-11-21	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1880.nasl - Type : ACT_GATHER_INFO
2014-11-21	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1881.nasl - Type : ACT_GATHER_INFO
2014-11-21	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1882.nasl - Type : ACT_GATHER_INFO
2014-11-20	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1876.nasl - Type : ACT_GATHER_INFO
2014-11-20	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1877.nasl - Type : ACT_GATHER_INFO
2014-11-12	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-1636.nasl - Type : ACT_GATHER_INFO
2014-11-12	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_7_0-openjdk-141024.nasl - Type : ACT_GATHER_INFO
2014-11-11	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0908.nasl - Type : ACT_GATHER_INFO
2014-11-08	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0413.nasl - Type : ACT_GATHER_INFO
2014-11-08	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0414.nasl - Type : ACT_GATHER_INFO
2014-11-08	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0902.nasl - Type : ACT_GATHER_INFO
2014-11-08	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0982.nasl - Type : ACT_GATHER_INFO
2014-11-08	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1657.nasl - Type : ACT_GATHER_INFO
2014-11-08	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1658.nasl - Type : ACT_GATHER_INFO
2014-11-04	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20141015_java_1_8_0_openjdk_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2014-10-27	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2014-209.nasl - Type : ACT_GATHER_INFO
2014-10-24	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2388-2.nasl - Type : ACT_GATHER_INFO
2014-10-23	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-1636.nasl - Type : ACT_GATHER_INFO
2014-10-23	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20141015_java_1_6_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2014-10-23	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20141015_java_1_7_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2014-10-23	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20141015_java_1_7_0_openjdk_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2014-10-23	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2388-1.nasl - Type : ACT_GATHER_INFO
2014-10-20	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2014-430.nasl - Type : ACT_GATHER_INFO
2014-10-20	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2014-431.nasl - Type : ACT_GATHER_INFO
2014-10-20	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2014-432.nasl - Type : ACT_GATHER_INFO
2014-10-17	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2386-1.nasl - Type : ACT_GATHER_INFO
2014-10-16	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-1620.nasl - Type : ACT_GATHER_INFO
2014-10-16	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-1633.nasl - Type : ACT_GATHER_INFO
2014-10-16	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-1634.nasl - Type : ACT_GATHER_INFO
2014-10-16	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-1620.nasl - Type : ACT_GATHER_INFO
2014-10-16	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-1633.nasl - Type : ACT_GATHER_INFO
2014-10-15	Name : The remote Windows host contains a programming platform that is affected by m... File : oracle_java_cpu_oct_2014.nasl - Type : ACT_GATHER_INFO
2014-10-15	Name : The remote Unix host contains a programming platform that is affected by mult... File : oracle_java_cpu_oct_2014_unix.nasl - Type : ACT_GATHER_INFO
2014-10-15	Name : The remote Windows host contains a programming platform that is affected by m... File : oracle_jrockit_cpu_oct_2014.nasl - Type : ACT_GATHER_INFO
2014-10-15	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-1634.nasl - Type : ACT_GATHER_INFO
2014-10-15	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1620.nasl - Type : ACT_GATHER_INFO
2014-10-15	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1633.nasl - Type : ACT_GATHER_INFO
2014-10-15	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1634.nasl - Type : ACT_GATHER_INFO
2014-10-15	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1636.nasl - Type : ACT_GATHER_INFO
2014-10-12	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2014-383.nasl - Type : ACT_GATHER_INFO
2014-10-12	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2014-387.nasl - Type : ACT_GATHER_INFO
2014-09-23	Name : The remote host has software installed that is affected by multiple vulnerabi... File : domino_9_0_1_fp2.nasl - Type : ACT_GATHER_INFO
2014-09-23	Name : The remote host has software installed that is affected by multiple vulnerabi... File : ibm_domino_9_0_1_fp2.nasl - Type : ACT_GATHER_INFO
2014-09-23	Name : The remote host has software installed that is affected by multiple vulnerabi... File : ibm_notes_9_0_1_fp2.nasl - Type : ACT_GATHER_INFO
2014-09-17	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2319-3.nasl - Type : ACT_GATHER_INFO
2014-09-17	Name : The remote host has an update manager installed that is affected by multiple ... File : vmware_vcenter_update_mgr_vmsa-2014-0008.nasl - Type : ACT_GATHER_INFO
2014-09-17	Name : The remote host has a virtualization management application installed that is... File : vmware_vcenter_vmsa-2014-0008.nasl - Type : ACT_GATHER_INFO
2014-08-29	Name : The remote application server may be affected by multiple vulnerabilities. File : websphere_8_5_5_3.nasl - Type : ACT_GATHER_INFO
2014-08-26	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2319-2.nasl - Type : ACT_GATHER_INFO
2014-08-22	Name : The remote AIX host has a version of Java SDK installed that is affected by m... File : aix_java_jul2014_advisory.nasl - Type : ACT_GATHER_INFO
2014-08-22	Name : The remote host is affected by multiple vulnerabilities. File : juniper_nsm_jsa10642.nasl - Type : ACT_GATHER_INFO
2014-08-22	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-ibm-140815.nasl - Type : ACT_GATHER_INFO
2014-08-20	Name : A web application on the remote host is affected by multiple vulnerabilities. File : puppet_enterprise_331.nasl - Type : ACT_GATHER_INFO
2014-08-20	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_7_0-ibm-140815.nasl - Type : ACT_GATHER_INFO
2014-08-20	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2319-1.nasl - Type : ACT_GATHER_INFO
2014-08-13	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2312-1.nasl - Type : ACT_GATHER_INFO
2014-08-12	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1041.nasl - Type : ACT_GATHER_INFO
2014-08-12	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1042.nasl - Type : ACT_GATHER_INFO
2014-08-08	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1033.nasl - Type : ACT_GATHER_INFO
2014-08-08	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1036.nasl - Type : ACT_GATHER_INFO
2014-08-05	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_7_0-openjdk-140721.nasl - Type : ACT_GATHER_INFO
2014-08-04	Name : The remote application server is affected by multiple vulnerabilities. File : websphere_8_0_0_9.nasl - Type : ACT_GATHER_INFO
2014-08-01	Name : The remote application server is affected by multiple vulnerabilities. File : websphere_7_0_0_33.nasl - Type : ACT_GATHER_INFO
2014-07-30	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2014-141.nasl - Type : ACT_GATHER_INFO
2014-07-30	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0675.nasl - Type : ACT_GATHER_INFO
2014-07-30	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0685.nasl - Type : ACT_GATHER_INFO
2014-07-30	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0705.nasl - Type : ACT_GATHER_INFO
2014-07-29	Name : The remote Windows host contains a programming platform that is affected by m... File : oracle_jrockit_cpu_jul_2014.nasl - Type : ACT_GATHER_INFO
2014-07-28	Name : The remote AIX host has a version of Java SDK installed that is potentially a... File : aix_java_apr2014_advisory.nasl - Type : ACT_GATHER_INFO
2014-07-26	Name : The remote Debian host is missing a security-related update. File : debian_DSA-2987.nasl - Type : ACT_GATHER_INFO
2014-07-24	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-0675.nasl - Type : ACT_GATHER_INFO
2014-07-24	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-0685.nasl - Type : ACT_GATHER_INFO
2014-07-23	Name : The remote Debian host is missing a security-related update. File : debian_DSA-2980.nasl - Type : ACT_GATHER_INFO
2014-07-22	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-0907.nasl - Type : ACT_GATHER_INFO
2014-07-22	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-0907.nasl - Type : ACT_GATHER_INFO
2014-07-22	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0907.nasl - Type : ACT_GATHER_INFO
2014-07-22	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20140721_java_1_6_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2014-07-17	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-0889.nasl - Type : ACT_GATHER_INFO
2014-07-17	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-0890.nasl - Type : ACT_GATHER_INFO
2014-07-17	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-0889.nasl - Type : ACT_GATHER_INFO
2014-07-17	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-0890.nasl - Type : ACT_GATHER_INFO
2014-07-17	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20140716_java_1_7_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2014-07-17	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20140716_java_1_7_0_openjdk_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2014-07-16	Name : The remote Windows host contains a programming platform that is affected by m... File : oracle_java_cpu_jul_2014.nasl - Type : ACT_GATHER_INFO
2014-07-16	Name : The remote Unix host contains a programming platform that is affected by mult... File : oracle_java_cpu_jul_2014_unix.nasl - Type : ACT_GATHER_INFO
2014-07-16	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0889.nasl - Type : ACT_GATHER_INFO
2014-07-16	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0890.nasl - Type : ACT_GATHER_INFO
2014-06-30	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201406-32.nasl - Type : ACT_GATHER_INFO
2014-06-03	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-ibm-140514.nasl - Type : ACT_GATHER_INFO
2014-06-01	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_7_0-ibm-140515.nasl - Type : ACT_GATHER_INFO
2014-05-19	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2014-100.nasl - Type : ACT_GATHER_INFO
2014-05-16	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0508.nasl - Type : ACT_GATHER_INFO
2014-05-16	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0509.nasl - Type : ACT_GATHER_INFO
2014-05-14	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0486.nasl - Type : ACT_GATHER_INFO
2014-05-14	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_7_0-openjdk-140508.nasl - Type : ACT_GATHER_INFO
2014-05-06	Name : The remote Debian host is missing a security-related update. File : debian_DSA-2923.nasl - Type : ACT_GATHER_INFO
2014-05-02	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2191-1.nasl - Type : ACT_GATHER_INFO
2014-05-01	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2187-1.nasl - Type : ACT_GATHER_INFO
2014-04-25	Name : The remote Debian host is missing a security-related update. File : debian_DSA-2912.nasl - Type : ACT_GATHER_INFO
2014-04-23	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2014-326.nasl - Type : ACT_GATHER_INFO
2014-04-23	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2014-327.nasl - Type : ACT_GATHER_INFO
2014-04-18	Name : The remote Windows host contains a programming platform that is potentially a... File : oracle_jrockit_cpu_apr_2014.nasl - Type : ACT_GATHER_INFO
2014-04-18	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-0407.nasl - Type : ACT_GATHER_INFO
2014-04-18	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0412.nasl - Type : ACT_GATHER_INFO
2014-04-17	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-0406.nasl - Type : ACT_GATHER_INFO
2014-04-17	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-0407.nasl - Type : ACT_GATHER_INFO
2014-04-17	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-0408.nasl - Type : ACT_GATHER_INFO
2014-04-17	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-0406.nasl - Type : ACT_GATHER_INFO
2014-04-17	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-0408.nasl - Type : ACT_GATHER_INFO
2014-04-17	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0406.nasl - Type : ACT_GATHER_INFO
2014-04-17	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0407.nasl - Type : ACT_GATHER_INFO
2014-04-17	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0408.nasl - Type : ACT_GATHER_INFO
2014-04-17	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20140416_java_1_6_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2014-04-17	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20140416_java_1_7_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2014-04-17	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20140416_java_1_7_0_openjdk_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2014-04-16	Name : The remote Windows host contains a programming platform that is potentially a... File : oracle_java_cpu_apr_2014.nasl - Type : ACT_GATHER_INFO
2014-04-16	Name : The remote Unix host contains a programming platform that is potentially affe... File : oracle_java_cpu_apr_2014_unix.nasl - Type : ACT_GATHER_INFO
2007-10-12	Name : The remote host is missing Sun Security Patch number 125136-97 File : solaris10_125136.nasl - Type : ACT_GATHER_INFO
2007-10-12	Name : The remote host is missing Sun Security Patch number 125137-97 File : solaris10_125137.nasl - Type : ACT_GATHER_INFO
2007-10-12	Name : The remote host is missing Sun Security Patch number 125138-97 File : solaris10_x86_125138.nasl - Type : ACT_GATHER_INFO
2007-10-12	Name : The remote host is missing Sun Security Patch number 125139-97 File : solaris10_x86_125139.nasl - Type : ACT_GATHER_INFO
2007-10-12	Name : The remote host is missing Sun Security Patch number 125136-97 File : solaris8_125136.nasl - Type : ACT_GATHER_INFO
2007-10-12	Name : The remote host is missing Sun Security Patch number 125137-97 File : solaris8_125137.nasl - Type : ACT_GATHER_INFO
2007-10-12	Name : The remote host is missing Sun Security Patch number 125138-97 File : solaris8_x86_125138.nasl - Type : ACT_GATHER_INFO
2007-10-12	Name : The remote host is missing Sun Security Patch number 125139-97 File : solaris8_x86_125139.nasl - Type : ACT_GATHER_INFO
2007-10-12	Name : The remote host is missing Sun Security Patch number 125136-97 File : solaris9_125136.nasl - Type : ACT_GATHER_INFO
2007-10-12	Name : The remote host is missing Sun Security Patch number 125137-97 File : solaris9_125137.nasl - Type : ACT_GATHER_INFO
2007-10-12	Name : The remote host is missing Sun Security Patch number 125138-97 File : solaris9_x86_125138.nasl - Type : ACT_GATHER_INFO
2007-10-12	Name : The remote host is missing Sun Security Patch number 125139-97 File : solaris9_x86_125139.nasl - Type : ACT_GATHER_INFO
2005-09-06	Name : The remote host is missing Sun Security Patch number 118669-86 File : solaris10_x86_118669.nasl - Type : ACT_GATHER_INFO
2005-09-06	Name : The remote host is missing Sun Security Patch number 118669-86 File : solaris8_x86_118669.nasl - Type : ACT_GATHER_INFO
2005-09-06	Name : The remote host is missing Sun Security Patch number 118669-86 File : solaris9_x86_118669.nasl - Type : ACT_GATHER_INFO
2005-08-18	Name : The remote host is missing Sun Security Patch number 118666-86 File : solaris10_118666.nasl - Type : ACT_GATHER_INFO
2005-08-18	Name : The remote host is missing Sun Security Patch number 118667-86 File : solaris10_118667.nasl - Type : ACT_GATHER_INFO
2005-08-18	Name : The remote host is missing Sun Security Patch number 118668-86 File : solaris10_x86_118668.nasl - Type : ACT_GATHER_INFO
2005-08-18	Name : The remote host is missing Sun Security Patch number 118666-86 File : solaris8_118666.nasl - Type : ACT_GATHER_INFO
2005-08-18	Name : The remote host is missing Sun Security Patch number 118667-86 File : solaris8_118667.nasl - Type : ACT_GATHER_INFO
2005-08-18	Name : The remote host is missing Sun Security Patch number 118668-86 File : solaris8_x86_118668.nasl - Type : ACT_GATHER_INFO
2005-08-18	Name : The remote host is missing Sun Security Patch number 118666-86 File : solaris9_118666.nasl - Type : ACT_GATHER_INFO
2005-08-18	Name : The remote host is missing Sun Security Patch number 118667-86 File : solaris9_118667.nasl - Type : ACT_GATHER_INFO
2005-08-18	Name : The remote host is missing Sun Security Patch number 118668-86 File : solaris9_x86_118668.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2015-02-17 13:25:09	Multiple Updates
2015-02-15 17:21:32	First insertion

Global Informations

Type	Count
Oval ID(s)	222
CPE ID(s)	83
IAVM(s)	3
Snort® Rule(s)	12
Nessus® Exploit(s)	161

	Related
10	CVE-2014-6513
10	CVE-2014-4227
10	CVE-2014-2421
10	CVE-2014-0457
10	CVE-2014-0456
10	CVE-2014-0429
9.3	CVE-2014-6562
9.3	CVE-2014-6532
9.3	CVE-2014-6503
9.3	CVE-2014-6485
9.3	CVE-2014-6456
9.3	CVE-2014-4262
9.3	CVE-2014-4247
9.3	CVE-2014-4223
9.3	CVE-2014-4219
9.3	CVE-2014-4216
9.3	CVE-2014-2490
9.3	CVE-2014-2483
9.3	CVE-2014-2410
9.3	CVE-2014-2397
9.3	CVE-2014-0461
9.3	CVE-2014-0455
9.3	CVE-2014-0432
7.6	CVE-2014-6493
7.6	CVE-2014-6492
7.6	CVE-2014-4288
7.6	CVE-2014-2428
7.6	CVE-2014-0448
7.5	CVE-2014-2427
7.5	CVE-2014-2423
7.5	CVE-2014-2414
7.5	CVE-2014-2412
7.5	CVE-2014-2402
7.5	CVE-2014-0458
7.5	CVE-2014-0454
7.5	CVE-2014-0452
7.5	CVE-2014-0451
7.5	CVE-2014-0446
6.9	CVE-2014-6466
6.9	CVE-2014-6458
6.8	CVE-2014-6506
6.8	CVE-2014-6468
6.8	CVE-2014-2422
6.4	CVE-2014-4209
6.4	CVE-2014-2409
5.8	CVE-2014-0460
5	CVE-2014-6519
5	CVE-2014-6517
5	CVE-2014-6515
5	CVE-2014-6511
5	CVE-2014-6504
5	CVE-2014-6476
5	CVE-2014-4268
5	CVE-2014-4266
5	CVE-2014-4265
5	CVE-2014-4264
5	CVE-2014-4252
5	CVE-2014-4220
5	CVE-2014-4218
5	CVE-2014-2403
5	CVE-2014-2401
5	CVE-2014-0449
4.3	CVE-2014-6531
4.3	CVE-2014-6512
4.3	CVE-2014-4221
4.3	CVE-2014-2413
4.3	CVE-2014-0464
4.3	CVE-2014-0463
4.3	CVE-2014-0459
4	CVE-2014-6457
4	CVE-2014-4263
4	CVE-2014-4244
4	CVE-2014-0453
3.5	CVE-2014-2398
2.6	CVE-2014-6558
2.6	CVE-2014-6527
2.6	CVE-2014-6502
2.6	CVE-2014-4208
2.6	CVE-2014-2420
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 79 more Alert(s)

10 - GLSA-201502-12

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

OVAL Definitions

CPE : Common Platform Enumeration

Information Assurance Vulnerability Management (IAVM)

Snort® IPS/IDS

Nessus® Vulnerability Scanner

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU