Executive Summary

Summary
Title Oracle JRE/JDK: Multiple vulnerabilities
Informations
Name GLSA-201502-12 First vendor Publication 2015-02-15
Vendor Gentoo Last vendor Modification 2015-02-15
Severity (Vendor) Normal Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Synopsis

Multiple vulnerabilities have been found in Oracle's Java SE Development Kit and Runtime Environment, the worst of which could lead to execution of arbitrary code.

Background

Oracle's Java SE Development Kit and Runtime Environment

Description

Multiple vulnerabilities have been discovered in Oracle's Java SE Development Kit and Runtime Environment. Please review the CVE identifiers referenced below for details.

Impact

A context-dependent attacker may be able to execute arbitrary code, disclose, update, insert, or delete certain data.

Workaround

There is no known workaround at this time.

Resolution

All Oracle JRE 1.7 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=dev-java/oracle-jre-bin-1.7.0.71"

All Oracle JDK 1.7 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=dev-java/oracle-jdk-bin-1.7.0.71"

All users of the precompiled 32-bit Oracle JRE should upgrade to the latest version:
# emerge --sync
# emerge -a -1 -v ">=app-emulation/emul-linux-x86-java-1.7.0.71"

References

[ 1 ] CVE-2014-0429 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0429
[ 2 ] CVE-2014-0432 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0432
[ 3 ] CVE-2014-0446 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0446
[ 4 ] CVE-2014-0448 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0448
[ 5 ] CVE-2014-0449 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0449
[ 6 ] CVE-2014-0451 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0451
[ 7 ] CVE-2014-0452 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0452
[ 8 ] CVE-2014-0453 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0453
[ 9 ] CVE-2014-0454 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0454
[ 10 ] CVE-2014-0455 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0455
[ 11 ] CVE-2014-0456 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0456
[ 12 ] CVE-2014-0457 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0457
[ 13 ] CVE-2014-0458 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0458
[ 14 ] CVE-2014-0459 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0459
[ 15 ] CVE-2014-0460 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0460
[ 16 ] CVE-2014-0461 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0461
[ 17 ] CVE-2014-0463 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0463
[ 18 ] CVE-2014-0464 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0464
[ 19 ] CVE-2014-2397 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2397
[ 20 ] CVE-2014-2398 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2398
[ 21 ] CVE-2014-2401 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2401
[ 22 ] CVE-2014-2402 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2402
[ 23 ] CVE-2014-2403 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2403
[ 24 ] CVE-2014-2409 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2409
[ 25 ] CVE-2014-2410 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2410
[ 26 ] CVE-2014-2412 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2412
[ 27 ] CVE-2014-2413 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2413
[ 28 ] CVE-2014-2414 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2414
[ 29 ] CVE-2014-2420 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2420
[ 30 ] CVE-2014-2421 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2421
[ 31 ] CVE-2014-2422 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2422
[ 32 ] CVE-2014-2423 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2423
[ 33 ] CVE-2014-2427 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2427
[ 34 ] CVE-2014-2428 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2428
[ 35 ] CVE-2014-2483 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2483
[ 36 ] CVE-2014-2490 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2490
[ 37 ] CVE-2014-4208 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4208
[ 38 ] CVE-2014-4209 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4209
[ 39 ] CVE-2014-4216 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4216
[ 40 ] CVE-2014-4218 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4218
[ 41 ] CVE-2014-4219 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4219
[ 42 ] CVE-2014-4220 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4220
[ 43 ] CVE-2014-4221 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4221
[ 44 ] CVE-2014-4223 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4223
[ 45 ] CVE-2014-4227 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4227
[ 46 ] CVE-2014-4244 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4244
[ 47 ] CVE-2014-4247 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4247
[ 48 ] CVE-2014-4252 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4252
[ 49 ] CVE-2014-4262 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4262
[ 50 ] CVE-2014-4263 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4263
[ 51 ] CVE-2014-4264 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4264
[ 52 ] CVE-2014-4265 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4265
[ 53 ] CVE-2014-4266 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4266
[ 54 ] CVE-2014-4268 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4268
[ 55 ] CVE-2014-4288 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4288
[ 56 ] CVE-2014-6456 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6456
[ 57 ] CVE-2014-6457 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6457
[ 58 ] CVE-2014-6458 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6458
[ 59 ] CVE-2014-6466 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6466
[ 60 ] CVE-2014-6468 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6468
[ 61 ] CVE-2014-6476 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6476
[ 62 ] CVE-2014-6485 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6485
[ 63 ] CVE-2014-6492 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6492
[ 64 ] CVE-2014-6493 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6493
[ 65 ] CVE-2014-6502 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6502
[ 66 ] CVE-2014-6503 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6503
[ 67 ] CVE-2014-6504 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6504
[ 68 ] CVE-2014-6506 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6506
[ 69 ] CVE-2014-6511 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6511
[ 70 ] CVE-2014-6512 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6512
[ 71 ] CVE-2014-6513 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6513
[ 72 ] CVE-2014-6515 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6515
[ 73 ] CVE-2014-6517 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6517
[ 74 ] CVE-2014-6519 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6519
[ 75 ] CVE-2014-6527 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6527
[ 76 ] CVE-2014-6531 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6531
[ 77 ] CVE-2014-6532 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6532
[ 78 ] CVE-2014-6558 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6558
[ 79 ] CVE-2014-6562 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6562

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201502-12.xml

Original Source

Url : http://security.gentoo.org/glsa/glsa-201502-12.xml

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:23781
 
Oval ID: oval:org.mitre.oval:def:23781
Title: DEPRECATED: ELSA-2014:0412: java-1.7.0-oracle security update (Critical)
Description: Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2013-6629, CVE-2013-6954, CVE-2014-0429, CVE-2014-0432, CVE-2014-0446, CVE-2014-0448, CVE-2014-0449, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0454, CVE-2014-0455, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458, CVE-2014-0459, CVE-2014-0460, CVE-2014-0461, CVE-2014-1876, CVE-2014-2397, CVE-2014-2398, CVE-2014-2401, CVE-2014-2402, CVE-2014-2403, CVE-2014-2409, CVE-2014-2412, CVE-2014-2413, CVE-2014-2414, CVE-2014-2420, CVE-2014-2421, CVE-2014-2422, CVE-2014-2423, CVE-2014-2427, CVE-2014-2428) All users of java-1.7.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 7 Update 55 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect.
Family: unix Class: patch
Reference(s): ELSA-2014:0412-00
CVE-2013-6629
CVE-2013-6954
CVE-2014-0429
CVE-2014-0432
CVE-2014-0446
CVE-2014-0448
CVE-2014-0449
CVE-2014-0451
CVE-2014-0452
CVE-2014-0453
CVE-2014-0454
CVE-2014-0455
CVE-2014-0456
CVE-2014-0457
CVE-2014-0458
CVE-2014-0459
CVE-2014-0460
CVE-2014-0461
CVE-2014-1876
CVE-2014-2397
CVE-2014-2398
CVE-2014-2401
CVE-2014-2402
CVE-2014-2403
CVE-2014-2409
CVE-2014-2412
CVE-2014-2413
CVE-2014-2414
CVE-2014-2420
CVE-2014-2421
CVE-2014-2422
CVE-2014-2423
CVE-2014-2427
CVE-2014-2428
Version: 5
Platform(s): Oracle Linux 6
Oracle Linux 5
Product(s): java-1.7.0-oracle
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23870
 
Oval ID: oval:org.mitre.oval:def:23870
Title: RHSA-2014:0486: java-1.7.0-ibm security update (Critical)
Description: IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2014-0457, CVE-2014-2421, CVE-2014-0429, CVE-2014-0461, CVE-2014-0455, CVE-2014-2428, CVE-2014-0448, CVE-2014-0454, CVE-2014-0446, CVE-2014-0452, CVE-2014-0451, CVE-2014-2402, CVE-2014-2423, CVE-2014-2427, CVE-2014-0458, CVE-2014-2414, CVE-2014-2412, CVE-2014-2409, CVE-2014-0460, CVE-2013-6954, CVE-2013-6629, CVE-2014-2401, CVE-2014-0449, CVE-2014-0459, CVE-2014-0453, CVE-2014-2398, CVE-2014-1876, CVE-2014-2420) All users of java-1.7.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 7 SR7 release. All running instances of IBM Java must be restarted for the update to take effect.
Family: unix Class: patch
Reference(s): RHSA-2014:0486-00
CVE-2013-6629
CVE-2013-6954
CVE-2014-0429
CVE-2014-0446
CVE-2014-0448
CVE-2014-0449
CVE-2014-0451
CVE-2014-0452
CVE-2014-0453
CVE-2014-0454
CVE-2014-0455
CVE-2014-0457
CVE-2014-0458
CVE-2014-0459
CVE-2014-0460
CVE-2014-0461
CVE-2014-1876
CVE-2014-2398
CVE-2014-2401
CVE-2014-2402
CVE-2014-2409
CVE-2014-2412
CVE-2014-2414
CVE-2014-2420
CVE-2014-2421
CVE-2014-2423
CVE-2014-2427
CVE-2014-2428
Version: 3
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
Product(s): java-1.7.0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23968
 
Oval ID: oval:org.mitre.oval:def:23968
Title: DEPRECATED: ELSA-2014:0408: java-1.6.0-openjdk security and bug fix update (Important)
Description: The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2014-0429) Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-0457, CVE-2014-0461) Multiple improper permission check issues were discovered in the AWT, JAX-WS, JAXB, Libraries, and Sound components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-0446, CVE-2014-2427) Multiple flaws were identified in the Java Naming and Directory Interface (JNDI) DNS client. These flaws could make it easier for a remote attacker to perform DNS spoofing attacks. (CVE-2014-0460) It was discovered that the JAXP component did not properly prevent access to arbitrary files when a SecurityManager was present. This flaw could cause a Java application using JAXP to leak sensitive information, or affect application availability. (CVE-2014-2403) It was discovered that the Security component in OpenJDK could leak some timing information when performing PKCS#1 unpadding. This could possibly lead to the disclosure of some information that was meant to be protected by encryption. (CVE-2014-0453) It was discovered that the fix for CVE-2013-5797 did not properly resolve input sanitization flaws in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting (XSS) attacks. (CVE-2014-2398) An insecure temporary file use flaw was found in the way the unpack200 utility created log files. A local attacker could possibly use this flaw to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running unpack200. (CVE-2014-1876) This update also fixes the following bug: * The OpenJDK update to IcedTea version 1.13 introduced a regression related to the handling of the jdk_version_info variable. This variable was not properly zeroed out before being passed to the Java Virtual Machine, resulting in a memory leak in the java.lang.ref.Finalizer class. This update fixes this issue, and memory leaks no longer occur. (BZ#1085373) All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
Family: unix Class: patch
Reference(s): ELSA-2014:0408-00
CVE-2014-0429
CVE-2014-0446
CVE-2014-0451
CVE-2014-0452
CVE-2014-0453
CVE-2014-0456
CVE-2014-0457
CVE-2014-0458
CVE-2014-0460
CVE-2014-0461
CVE-2014-1876
CVE-2014-2397
CVE-2014-2398
CVE-2014-2403
CVE-2014-2412
CVE-2014-2414
CVE-2014-2421
CVE-2014-2423
CVE-2014-2427
Version: 5
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): java-1.6.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23985
 
Oval ID: oval:org.mitre.oval:def:23985
Title: ELSA-2014:0408: java-1.6.0-openjdk security and bug fix update (Important)
Description: The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2014-0429) Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-0457, CVE-2014-0461) Multiple improper permission check issues were discovered in the AWT, JAX-WS, JAXB, Libraries, and Sound components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-0446, CVE-2014-2427) Multiple flaws were identified in the Java Naming and Directory Interface (JNDI) DNS client. These flaws could make it easier for a remote attacker to perform DNS spoofing attacks. (CVE-2014-0460) It was discovered that the JAXP component did not properly prevent access to arbitrary files when a SecurityManager was present. This flaw could cause a Java application using JAXP to leak sensitive information, or affect application availability. (CVE-2014-2403) It was discovered that the Security component in OpenJDK could leak some timing information when performing PKCS#1 unpadding. This could possibly lead to the disclosure of some information that was meant to be protected by encryption. (CVE-2014-0453) It was discovered that the fix for CVE-2013-5797 did not properly resolve input sanitization flaws in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting (XSS) attacks. (CVE-2014-2398) An insecure temporary file use flaw was found in the way the unpack200 utility created log files. A local attacker could possibly use this flaw to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running unpack200. (CVE-2014-1876) This update also fixes the following bug: * The OpenJDK update to IcedTea version 1.13 introduced a regression related to the handling of the jdk_version_info variable. This variable was not properly zeroed out before being passed to the Java Virtual Machine, resulting in a memory leak in the java.lang.ref.Finalizer class. This update fixes this issue, and memory leaks no longer occur. (BZ#1085373) All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
Family: unix Class: patch
Reference(s): ELSA-2014:0408-00
CVE-2014-0429
CVE-2014-0446
CVE-2014-0451
CVE-2014-0452
CVE-2014-0453
CVE-2014-0456
CVE-2014-0457
CVE-2014-0458
CVE-2014-0460
CVE-2014-0461
CVE-2014-1876
CVE-2014-2397
CVE-2014-2398
CVE-2014-2403
CVE-2014-2412
CVE-2014-2414
CVE-2014-2421
CVE-2014-2423
CVE-2014-2427
Version: 5
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): java-1.6.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24013
 
Oval ID: oval:org.mitre.oval:def:24013
Title: Unspecified vulnerability in Oracle Java SE 7u51 and 8 allows remote attackers to affect availability via unknown vectors related to 2D
Description: Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect availability via unknown vectors related to 2D.
Family: windows Class: vulnerability
Reference(s): CVE-2014-0459
Version: 4
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24169
 
Oval ID: oval:org.mitre.oval:def:24169
Title: Unspecified vulnerability in Oracle Java SE 7u51 and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment
Description: Unspecified vulnerability in Oracle Java SE 7u51 and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
Family: windows Class: vulnerability
Reference(s): CVE-2014-0448
Version: 3
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24201
 
Oval ID: oval:org.mitre.oval:def:24201
Title: Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and JRockit R27.8.1 and R28.3.1 allows remote authenticated users to affect integrity via unknown vectors related to Javadoc
Description: Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and JRockit R27.8.1 and R28.3.1 allows remote authenticated users to affect integrity via unknown vectors related to Javadoc.
Family: windows Class: vulnerability
Reference(s): CVE-2014-2398
Version: 5
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
JRockit
JavaFX
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24226
 
Oval ID: oval:org.mitre.oval:def:24226
Title: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8 allows remote attackers to affect integrity via unknown vectors related to Deployment
Description: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect integrity via unknown vectors related to Deployment.
Family: windows Class: vulnerability
Reference(s): CVE-2014-2420
Version: 4
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24228
 
Oval ID: oval:org.mitre.oval:def:24228
Title: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS
Description: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0452 and CVE-2014-2423.
Family: windows Class: vulnerability
Reference(s): CVE-2014-0458
Version: 4
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24276
 
Oval ID: oval:org.mitre.oval:def:24276
Title: ELSA-2014:0406: java-1.7.0-openjdk security update (Critical)
Description: The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2014-0429) Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-0457, CVE-2014-0455, CVE-2014-0461) Multiple improper permission check issues were discovered in the AWT, JAX-WS, JAXB, Libraries, Security, Sound, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-2402, CVE-2014-0446, CVE-2014-2413, CVE-2014-0454, CVE-2014-2427, CVE-2014-0459) Multiple flaws were identified in the Java Naming and Directory Interface (JNDI) DNS client. These flaws could make it easier for a remote attacker to perform DNS spoofing attacks. (CVE-2014-0460) It was discovered that the JAXP component did not properly prevent access to arbitrary files when a SecurityManager was present. This flaw could cause a Java application using JAXP to leak sensitive information, or affect application availability. (CVE-2014-2403) It was discovered that the Security component in OpenJDK could leak some timing information when performing PKCS#1 unpadding. This could possibly lead to the disclosure of some information that was meant to be protected by encryption. (CVE-2014-0453) It was discovered that the fix for CVE-2013-5797 did not properly resolve input sanitization flaws in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting (XSS) attacks. (CVE-2014-2398) An insecure temporary file use flaw was found in the way the unpack200 utility created log files. A local attacker could possibly use this flaw to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running unpack200. (CVE-2014-1876) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
Family: unix Class: patch
Reference(s): ELSA-2014:0406-00
CVE-2014-0429
CVE-2014-0446
CVE-2014-0451
CVE-2014-0452
CVE-2014-0453
CVE-2014-0454
CVE-2014-0455
CVE-2014-0456
CVE-2014-0457
CVE-2014-0458
CVE-2014-0459
CVE-2014-0460
CVE-2014-0461
CVE-2014-1876
CVE-2014-2397
CVE-2014-2398
CVE-2014-2402
CVE-2014-2403
CVE-2014-2412
CVE-2014-2413
CVE-2014-2414
CVE-2014-2421
CVE-2014-2423
CVE-2014-2427
Version: 5
Platform(s): Oracle Linux 6
Product(s): java-1.7.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24307
 
Oval ID: oval:org.mitre.oval:def:24307
Title: Unspecified vulnerability in Oracle Java SE 8 allows remote attackers to affect confidentiality via unknown vectors related to Scripting
Description: Unspecified vulnerability in Oracle Java SE 8 allows remote attackers to affect confidentiality via unknown vectors related to Scripting, a different vulnerability than CVE-2014-0463.
Family: windows Class: vulnerability
Reference(s): CVE-2014-0464
Version: 3
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24366
 
Oval ID: oval:org.mitre.oval:def:24366
Title: Unspecified vulnerability in Oracle Java SE 7u51 and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries
Description: Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-0432 and CVE-2014-0455.
Family: windows Class: vulnerability
Reference(s): CVE-2014-2402
Version: 4
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24376
 
Oval ID: oval:org.mitre.oval:def:24376
Title: Unspecified vulnerability in Oracle Java SE 7u51 and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot
Description: Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
Family: windows Class: vulnerability
Reference(s): CVE-2014-2397
Version: 4
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24411
 
Oval ID: oval:org.mitre.oval:def:24411
Title: ELSA-2014:0412: java-1.7.0-oracle security update (Critical)
Description: Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2013-6629, CVE-2013-6954, CVE-2014-0429, CVE-2014-0432, CVE-2014-0446, CVE-2014-0448, CVE-2014-0449, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0454, CVE-2014-0455, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458, CVE-2014-0459, CVE-2014-0460, CVE-2014-0461, CVE-2014-1876, CVE-2014-2397, CVE-2014-2398, CVE-2014-2401, CVE-2014-2402, CVE-2014-2403, CVE-2014-2409, CVE-2014-2412, CVE-2014-2413, CVE-2014-2414, CVE-2014-2420, CVE-2014-2421, CVE-2014-2422, CVE-2014-2423, CVE-2014-2427, CVE-2014-2428) All users of java-1.7.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 7 Update 55 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect.
Family: unix Class: patch
Reference(s): ELSA-2014:0412-00
CVE-2013-6629
CVE-2013-6954
CVE-2014-0429
CVE-2014-0432
CVE-2014-0446
CVE-2014-0448
CVE-2014-0449
CVE-2014-0451
CVE-2014-0452
CVE-2014-0453
CVE-2014-0454
CVE-2014-0455
CVE-2014-0456
CVE-2014-0457
CVE-2014-0458
CVE-2014-0459
CVE-2014-0460
CVE-2014-0461
CVE-2014-1876
CVE-2014-2397
CVE-2014-2398
CVE-2014-2401
CVE-2014-2402
CVE-2014-2403
CVE-2014-2409
CVE-2014-2412
CVE-2014-2413
CVE-2014-2414
CVE-2014-2420
CVE-2014-2421
CVE-2014-2422
CVE-2014-2423
CVE-2014-2427
CVE-2014-2428
Version: 5
Platform(s): Oracle Linux 6
Oracle Linux 5
Product(s): java-1.7.0-oracle
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24440
 
Oval ID: oval:org.mitre.oval:def:24440
Title: RHSA-2014:0889: java-1.7.0-openjdk security update (Critical)
Description: The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. (CVE-2014-4216, CVE-2014-4219) A format string flaw was discovered in the Hotspot component event logger in OpenJDK. An untrusted Java application or applet could use this flaw to crash the Java Virtual Machine or, potentially, execute arbitrary code with the privileges of the Java Virtual Machine. (CVE-2014-2490) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-4223, CVE-2014-4262, CVE-2014-2483) Multiple flaws were discovered in the JMX, Libraries, Security, and Serviceability components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-4209, CVE-2014-4218, CVE-2014-4221, CVE-2014-4252, CVE-2014-4266) It was discovered that the RSA algorithm in the Security component in OpenJDK did not sufficiently perform blinding while performing operations that were using private keys. An attacker able to measure timing differences of those operations could possibly leak information about the used keys. (CVE-2014-4244) The Diffie-Hellman (DH) key exchange algorithm implementation in the Security component in OpenJDK failed to validate public DH parameters properly. This could cause OpenJDK to accept and use weak parameters, allowing an attacker to recover the negotiated key. (CVE-2014-4263) The CVE-2014-4262 issue was discovered by Florian Weimer of Red Hat Product Security. Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
Family: unix Class: patch
Reference(s): RHSA-2014:0889-00
CESA-2014:0889
CVE-2014-2483
CVE-2014-2490
CVE-2014-4209
CVE-2014-4216
CVE-2014-4218
CVE-2014-4219
CVE-2014-4221
CVE-2014-4223
CVE-2014-4244
CVE-2014-4252
CVE-2014-4262
CVE-2014-4263
CVE-2014-4266
Version: 3
Platform(s): Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
CentOS Linux 6
CentOS Linux 7
Product(s): java-1.7.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24441
 
Oval ID: oval:org.mitre.oval:def:24441
Title: Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security
Description: Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security.
Family: windows Class: vulnerability
Reference(s): CVE-2014-0453
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
JRockit
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24444
 
Oval ID: oval:org.mitre.oval:def:24444
Title: RHSA-2014:0408: java-1.6.0-openjdk security and bug fix update (Important)
Description: The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2014-0429) Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-0457, CVE-2014-0461) Multiple improper permission check issues were discovered in the AWT, JAX-WS, JAXB, Libraries, and Sound components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-0446, CVE-2014-2427) Multiple flaws were identified in the Java Naming and Directory Interface (JNDI) DNS client. These flaws could make it easier for a remote attacker to perform DNS spoofing attacks. (CVE-2014-0460) It was discovered that the JAXP component did not properly prevent access to arbitrary files when a SecurityManager was present. This flaw could cause a Java application using JAXP to leak sensitive information, or affect application availability. (CVE-2014-2403) It was discovered that the Security component in OpenJDK could leak some timing information when performing PKCS#1 unpadding. This could possibly lead to the disclosure of some information that was meant to be protected by encryption. (CVE-2014-0453) It was discovered that the fix for CVE-2013-5797 did not properly resolve input sanitization flaws in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting (XSS) attacks. (CVE-2014-2398) An insecure temporary file use flaw was found in the way the unpack200 utility created log files. A local attacker could possibly use this flaw to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running unpack200. (CVE-2014-1876) This update also fixes the following bug: * The OpenJDK update to IcedTea version 1.13 introduced a regression related to the handling of the jdk_version_info variable. This variable was not properly zeroed out before being passed to the Java Virtual Machine, resulting in a memory leak in the java.lang.ref.Finalizer class. This update fixes this issue, and memory leaks no longer occur. (BZ#1085373) All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
Family: unix Class: patch
Reference(s): RHSA-2014:0408-00
CESA-2014:0408
CVE-2014-0429
CVE-2014-0446
CVE-2014-0451
CVE-2014-0452
CVE-2014-0453
CVE-2014-0456
CVE-2014-0457
CVE-2014-0458
CVE-2014-0460
CVE-2014-0461
CVE-2014-1876
CVE-2014-2397
CVE-2014-2398
CVE-2014-2403
CVE-2014-2412
CVE-2014-2414
CVE-2014-2421
CVE-2014-2423
CVE-2014-2427
Version: 3
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
CentOS Linux 5
CentOS Linux 6
Product(s): java-1.6.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24446
 
Oval ID: oval:org.mitre.oval:def:24446
Title: RHSA-2014:0508: java-1.6.0-ibm security update (Critical)
Description: IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2014-0457, CVE-2014-2421, CVE-2014-0429, CVE-2014-0461, CVE-2014-2428, CVE-2014-0446, CVE-2014-0452, CVE-2014-0451, CVE-2014-2423, CVE-2014-2427, CVE-2014-0458, CVE-2014-2414, CVE-2014-2412, CVE-2014-2409, CVE-2014-0460, CVE-2013-6954, CVE-2013-6629, CVE-2014-2401, CVE-2014-0449, CVE-2014-0453, CVE-2014-2398, CVE-2014-1876, CVE-2014-2420) All users of java-1.6.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 6 SR16 release. All running instances of IBM Java must be restarted for the update to take effect.
Family: unix Class: patch
Reference(s): RHSA-2014:0508-00
CVE-2013-6629
CVE-2013-6954
CVE-2014-0429
CVE-2014-0446
CVE-2014-0449
CVE-2014-0451
CVE-2014-0452
CVE-2014-0453
CVE-2014-0457
CVE-2014-0458
CVE-2014-0460
CVE-2014-0461
CVE-2014-1876
CVE-2014-2398
CVE-2014-2401
CVE-2014-2409
CVE-2014-2412
CVE-2014-2414
CVE-2014-2420
CVE-2014-2421
CVE-2014-2423
CVE-2014-2427
CVE-2014-2428
Version: 3
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
Product(s): java-1.6.0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24471
 
Oval ID: oval:org.mitre.oval:def:24471
Title: Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51 allows remote attackers to affect confidentiality via unknown vectors related to 2D
Description: Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality via unknown vectors related to 2D.
Family: windows Class: vulnerability
Reference(s): CVE-2014-2401
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
JavaFX
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24482
 
Oval ID: oval:org.mitre.oval:def:24482
Title: Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D
Description: Unspecified vulnerability in Oracle Java SE 5.0u61, SE 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Family: windows Class: vulnerability
Reference(s): CVE-2014-0457
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
JavaFX
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24489
 
Oval ID: oval:org.mitre.oval:def:24489
Title: RHSA-2014:0412: java-1.7.0-oracle security update (Critical)
Description: Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2013-6629, CVE-2013-6954, CVE-2014-0429, CVE-2014-0432, CVE-2014-0446, CVE-2014-0448, CVE-2014-0449, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0454, CVE-2014-0455, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458, CVE-2014-0459, CVE-2014-0460, CVE-2014-0461, CVE-2014-1876, CVE-2014-2397, CVE-2014-2398, CVE-2014-2401, CVE-2014-2402, CVE-2014-2403, CVE-2014-2409, CVE-2014-2412, CVE-2014-2413, CVE-2014-2414, CVE-2014-2420, CVE-2014-2421, CVE-2014-2422, CVE-2014-2423, CVE-2014-2427, CVE-2014-2428) All users of java-1.7.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 7 Update 55 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect.
Family: unix Class: patch
Reference(s): RHSA-2014:0412-00
CVE-2013-6629
CVE-2013-6954
CVE-2014-0429
CVE-2014-0432
CVE-2014-0446
CVE-2014-0448
CVE-2014-0449
CVE-2014-0451
CVE-2014-0452
CVE-2014-0453
CVE-2014-0454
CVE-2014-0455
CVE-2014-0456
CVE-2014-0457
CVE-2014-0458
CVE-2014-0459
CVE-2014-0460
CVE-2014-0461
CVE-2014-1876
CVE-2014-2397
CVE-2014-2398
CVE-2014-2401
CVE-2014-2402
CVE-2014-2403
CVE-2014-2409
CVE-2014-2412
CVE-2014-2413
CVE-2014-2414
CVE-2014-2420
CVE-2014-2421
CVE-2014-2422
CVE-2014-2423
CVE-2014-2427
CVE-2014-2428
Version: 3
Platform(s): Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 5
Product(s): java-1.7.0-oracle
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24495
 
Oval ID: oval:org.mitre.oval:def:24495
Title: USN-2191-1 -- openjdk-6 vulnerabilities
Description: Several security issues were fixed in OpenJDK 6.
Family: unix Class: patch
Reference(s): USN-2191-1
CVE-2014-0429
CVE-2014-0446
CVE-2014-0451
CVE-2014-0452
CVE-2014-0456
CVE-2014-0457
CVE-2014-0458
CVE-2014-0461
CVE-2014-0462
CVE-2014-2397
CVE-2014-2405
CVE-2014-2412
CVE-2014-2414
CVE-2014-2421
CVE-2014-2423
CVE-2014-2427
CVE-2014-0453
CVE-2014-0460
CVE-2014-0459
CVE-2014-1876
CVE-2014-2398
CVE-2014-2403
Version: 5
Platform(s): Ubuntu 12.04
Ubuntu 10.04
Product(s): openjdk-6
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24502
 
Oval ID: oval:org.mitre.oval:def:24502
Title: Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries
Description: Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Family: windows Class: vulnerability
Reference(s): CVE-2014-0446
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24505
 
Oval ID: oval:org.mitre.oval:def:24505
Title: USN-2187-1 -- openjdk-7 vulnerabilities
Description: Several security issues were fixed in OpenJDK 7.
Family: unix Class: patch
Reference(s): USN-2187-1
CVE-2014-0429
CVE-2014-0446
CVE-2014-0451
CVE-2014-0452
CVE-2014-0454
CVE-2014-0455
CVE-2014-0456
CVE-2014-0457
CVE-2014-0458
CVE-2014-0461
CVE-2014-2397
CVE-2014-2402
CVE-2014-2412
CVE-2014-2414
CVE-2014-2421
CVE-2014-2423
CVE-2014-2427
CVE-2014-0453
CVE-2014-0460
CVE-2014-0459
CVE-2014-1876
CVE-2014-2398
CVE-2014-2413
CVE-2014-2403
Version: 5
Platform(s): Ubuntu 14.04
Ubuntu 13.10
Ubuntu 12.10
Product(s): openjdk-7
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24510
 
Oval ID: oval:org.mitre.oval:def:24510
Title: Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound
Description: Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound.
Family: windows Class: vulnerability
Reference(s): CVE-2014-2427
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24513
 
Oval ID: oval:org.mitre.oval:def:24513
Title: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8 allows remote attackers to affect confidentiality via unknown vectors related to Deployment
Description: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality via unknown vectors related to Deployment.
Family: windows Class: vulnerability
Reference(s): CVE-2014-0449
Version: 4
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24518
 
Oval ID: oval:org.mitre.oval:def:24518
Title: Unspecified vulnerability in Oracle Java SE 7u51 and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries
Description: Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-0432 and CVE-2014-2402.
Family: windows Class: vulnerability
Reference(s): CVE-2014-0455
Version: 4
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24520
 
Oval ID: oval:org.mitre.oval:def:24520
Title: Unspecified vulnerability in Oracle Java SE 5.0u61, SE 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries
Description: Unspecified vulnerability in Oracle Java SE 5.0u61, SE 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Family: windows Class: vulnerability
Reference(s): CVE-2014-0457
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
JRockit
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24522
 
Oval ID: oval:org.mitre.oval:def:24522
Title: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries
Description: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Family: windows Class: vulnerability
Reference(s): CVE-2014-0461
Version: 4
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24523
 
Oval ID: oval:org.mitre.oval:def:24523
Title: Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, SE 7u51, and 8 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT
Description: Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, SE 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT, a different vulnerability than CVE-2014-0451.
Family: windows Class: vulnerability
Reference(s): CVE-2014-2412
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24535
 
Oval ID: oval:org.mitre.oval:def:24535
Title: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot
Description: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
Family: windows Class: vulnerability
Reference(s): CVE-2014-0456
Version: 4
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24544
 
Oval ID: oval:org.mitre.oval:def:24544
Title: Unspecified vulnerability in Oracle Java SE 7u51 and 8, and JavaFX 2.2.51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors
Description: Unspecified vulnerability in Oracle Java SE 7u51 and 8, and JavaFX 2.2.51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2014-2422
Version: 3
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
JavaFX
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24557
 
Oval ID: oval:org.mitre.oval:def:24557
Title: RHSA-2014:0414: java-1.6.0-sun security update (Important)
Description: Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory pages, listed in the References section. (CVE-2013-1500, CVE-2013-1571, CVE-2013-2407, CVE-2013-2412, CVE-2013-2437, CVE-2013-2442, CVE-2013-2443, CVE-2013-2444, CVE-2013-2445, CVE-2013-2446, CVE-2013-2447, CVE-2013-2448, CVE-2013-2450, CVE-2013-2451, CVE-2013-2452, CVE-2013-2453, CVE-2013-2454, CVE-2013-2455, CVE-2013-2456, CVE-2013-2457, CVE-2013-2459, CVE-2013-2461, CVE-2013-2463, CVE-2013-2464, CVE-2013-2465, CVE-2013-2466, CVE-2013-2468, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473, CVE-2013-3743, CVE-2013-3829, CVE-2013-4002, CVE-2013-5772, CVE-2013-5774, CVE-2013-5776, CVE-2013-5778, CVE-2013-5780, CVE-2013-5782, CVE-2013-5783, CVE-2013-5784, CVE-2013-5787, CVE-2013-5789, CVE-2013-5790, CVE-2013-5797, CVE-2013-5801, CVE-2013-5802, CVE-2013-5803, CVE-2013-5804, CVE-2013-5809, CVE-2013-5812, CVE-2013-5814, CVE-2013-5817, CVE-2013-5818, CVE-2013-5819, CVE-2013-5820, CVE-2013-5823, CVE-2013-5824, CVE-2013-5825, CVE-2013-5829, CVE-2013-5830, CVE-2013-5831, CVE-2013-5832, CVE-2013-5840, CVE-2013-5842, CVE-2013-5843, CVE-2013-5848, CVE-2013-5849, CVE-2013-5850, CVE-2013-5852, CVE-2013-5878, CVE-2013-5884, CVE-2013-5887, CVE-2013-5888, CVE-2013-5889, CVE-2013-5896, CVE-2013-5898, CVE-2013-5899, CVE-2013-5902, CVE-2013-5905, CVE-2013-5906, CVE-2013-5907, CVE-2013-5910, CVE-2013-6629, CVE-2013-6954, CVE-2014-0368, CVE-2014-0373, CVE-2014-0375, CVE-2014-0376, CVE-2014-0387, CVE-2014-0403, CVE-2014-0410, CVE-2014-0411, CVE-2014-0415, CVE-2014-0416, CVE-2014-0417, CVE-2014-0418, CVE-2014-0422, CVE-2014-0423, CVE-2014-0424, CVE-2014-0428, CVE-2014-0429, CVE-2014-0446, CVE-2014-0449, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458, CVE-2014-0460, CVE-2014-0461, CVE-2014-1876, CVE-2014-2398, CVE-2014-2401, CVE-2014-2403, CVE-2014-2409, CVE-2014-2412, CVE-2014-2414, CVE-2014-2420, CVE-2014-2421, CVE-2014-2423, CVE-2014-2427, CVE-2014-2428) All users of java-1.6.0-sun are advised to upgrade to these updated packages, which provide Oracle Java 6 Update 75 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect.
Family: unix Class: patch
Reference(s): RHSA-2014:0414-00
CVE-2013-1500
CVE-2013-1571
CVE-2013-2407
CVE-2013-2412
CVE-2013-2437
CVE-2013-2442
CVE-2013-2443
CVE-2013-2444
CVE-2013-2445
CVE-2013-2446
CVE-2013-2447
CVE-2013-2448
CVE-2013-2450
CVE-2013-2451
CVE-2013-2452
CVE-2013-2453
CVE-2013-2454
CVE-2013-2455
CVE-2013-2456
CVE-2013-2457
CVE-2013-2459
CVE-2013-2461
CVE-2013-2463
CVE-2013-2464
CVE-2013-2465
CVE-2013-2466
CVE-2013-2468
CVE-2013-2469
CVE-2013-2470
CVE-2013-2471
CVE-2013-2472
CVE-2013-2473
CVE-2013-3743
CVE-2013-3829
CVE-2013-4002
CVE-2013-5772
CVE-2013-5774
CVE-2013-5776
CVE-2013-5778
CVE-2013-5780
CVE-2013-5782
CVE-2013-5783
CVE-2013-5784
CVE-2013-5787
CVE-2013-5789
CVE-2013-5790
CVE-2013-5797
CVE-2013-5801
CVE-2013-5802
CVE-2013-5803
CVE-2013-5804
CVE-2013-5809
CVE-2013-5812
CVE-2013-5814
CVE-2013-5817
CVE-2013-5818
CVE-2013-5819
CVE-2013-5820
CVE-2013-5823
CVE-2013-5824
CVE-2013-5825
CVE-2013-5829
CVE-2013-5830
CVE-2013-5831
CVE-2013-5832
CVE-2013-5840
CVE-2013-5842
CVE-2013-5843
CVE-2013-5848
CVE-2013-5849
CVE-2013-5850
CVE-2013-5852
CVE-2013-5878
CVE-2013-5884
CVE-2013-5887
CVE-2013-5888
CVE-2013-5889
CVE-2013-5896
CVE-2013-5898
CVE-2013-5899
CVE-2013-5902
CVE-2013-5905
CVE-2013-5906
CVE-2013-5907
CVE-2013-5910
CVE-2013-6629
CVE-2013-6954
CVE-2014-0368
CVE-2014-0373
CVE-2014-0375
CVE-2014-0376
CVE-2014-0387
CVE-2014-0403
CVE-2014-0410
CVE-2014-0411
CVE-2014-0415
CVE-2014-0416
CVE-2014-0417
CVE-2014-0418
CVE-2014-0422
CVE-2014-0423
CVE-2014-0424
CVE-2014-0428
CVE-2014-0429
CVE-2014-0446
CVE-2014-0449
CVE-2014-0451
CVE-2014-0452
CVE-2014-0453
CVE-2014-0456
CVE-2014-0457
CVE-2014-0458
CVE-2014-0460
CVE-2014-0461
CVE-2014-1876
CVE-2014-2398
CVE-2014-2401
CVE-2014-2403
CVE-2014-2409
CVE-2014-2412
CVE-2014-2414
CVE-2014-2420
CVE-2014-2421
CVE-2014-2423
CVE-2014-2427
CVE-2014-2428
Version: 3
Platform(s): Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 5
Product(s): java-1.6.0-sun
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24586
 
Oval ID: oval:org.mitre.oval:def:24586
Title: DEPRECATED: ELSA-2014:0413: java-1.7.0-oracle security update (Critical)
Description: Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2013-6629, CVE-2013-6954, CVE-2014-0429, CVE-2014-0432, CVE-2014-0446, CVE-2014-0448, CVE-2014-0449, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0454, CVE-2014-0455, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458, CVE-2014-0459, CVE-2014-0460, CVE-2014-0461, CVE-2014-1876, CVE-2014-2397, CVE-2014-2398, CVE-2014-2401, CVE-2014-2402, CVE-2014-2403, CVE-2014-2409, CVE-2014-2412, CVE-2014-2413, CVE-2014-2414, CVE-2014-2420, CVE-2014-2421, CVE-2014-2422, CVE-2014-2423, CVE-2014-2427, CVE-2014-2428) All users of java-1.7.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 7 Update 55 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect.
Family: unix Class: patch
Reference(s): ELSA-2014:0413-00
CVE-2013-6629
CVE-2013-6954
CVE-2014-0429
CVE-2014-0432
CVE-2014-0446
CVE-2014-0448
CVE-2014-0449
CVE-2014-0451
CVE-2014-0452
CVE-2014-0453
CVE-2014-0454
CVE-2014-0455
CVE-2014-0456
CVE-2014-0457
CVE-2014-0458
CVE-2014-0459
CVE-2014-0460
CVE-2014-0461
CVE-2014-1876
CVE-2014-2397
CVE-2014-2398
CVE-2014-2401
CVE-2014-2402
CVE-2014-2403
CVE-2014-2409
CVE-2014-2412
CVE-2014-2413
CVE-2014-2414
CVE-2014-2420
CVE-2014-2421
CVE-2014-2422
CVE-2014-2423
CVE-2014-2427
CVE-2014-2428
Version: 5
Platform(s): Oracle Linux 6
Oracle Linux 5
Product(s): java-1.7.0-oracle
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24587
 
Oval ID: oval:org.mitre.oval:def:24587
Title: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXB
Description: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXB.
Family: windows Class: vulnerability
Reference(s): CVE-2014-2414
Version: 4
Platform(s): Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24591
 
Oval ID: oval:org.mitre.oval:def:24591
Title: Unspecified vulnerability in Oracle Java SE 8 allows remote attackers to affect confidentiality via unknown vectors related to Scripting
Description: Unspecified vulnerability in Oracle Java SE 8 allows remote attackers to affect confidentiality via unknown vectors related to Scripting, a different vulnerability than CVE-2014-0464.
Family: windows Class: vulnerability
Reference(s): CVE-2014-0463
Version: 3
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24610
 
Oval ID: oval:org.mitre.oval:def:24610
Title: DEPRECATED: ELSA-2014:0414: java-1.6.0-sun security update (Important)
Description: Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory pages, listed in the References section. (CVE-2013-1500, CVE-2013-1571, CVE-2013-2407, CVE-2013-2412, CVE-2013-2437, CVE-2013-2442, CVE-2013-2443, CVE-2013-2444, CVE-2013-2445, CVE-2013-2446, CVE-2013-2447, CVE-2013-2448, CVE-2013-2450, CVE-2013-2451, CVE-2013-2452, CVE-2013-2453, CVE-2013-2454, CVE-2013-2455, CVE-2013-2456, CVE-2013-2457, CVE-2013-2459, CVE-2013-2461, CVE-2013-2463, CVE-2013-2464, CVE-2013-2465, CVE-2013-2466, CVE-2013-2468, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473, CVE-2013-3743, CVE-2013-3829, CVE-2013-4002, CVE-2013-5772, CVE-2013-5774, CVE-2013-5776, CVE-2013-5778, CVE-2013-5780, CVE-2013-5782, CVE-2013-5783, CVE-2013-5784, CVE-2013-5787, CVE-2013-5789, CVE-2013-5790, CVE-2013-5797, CVE-2013-5801, CVE-2013-5802, CVE-2013-5803, CVE-2013-5804, CVE-2013-5809, CVE-2013-5812, CVE-2013-5814, CVE-2013-5817, CVE-2013-5818, CVE-2013-5819, CVE-2013-5820, CVE-2013-5823, CVE-2013-5824, CVE-2013-5825, CVE-2013-5829, CVE-2013-5830, CVE-2013-5831, CVE-2013-5832, CVE-2013-5840, CVE-2013-5842, CVE-2013-5843, CVE-2013-5848, CVE-2013-5849, CVE-2013-5850, CVE-2013-5852, CVE-2013-5878, CVE-2013-5884, CVE-2013-5887, CVE-2013-5888, CVE-2013-5889, CVE-2013-5896, CVE-2013-5898, CVE-2013-5899, CVE-2013-5902, CVE-2013-5905, CVE-2013-5906, CVE-2013-5907, CVE-2013-5910, CVE-2013-6629, CVE-2013-6954, CVE-2014-0368, CVE-2014-0373, CVE-2014-0375, CVE-2014-0376, CVE-2014-0387, CVE-2014-0403, CVE-2014-0410, CVE-2014-0411, CVE-2014-0415, CVE-2014-0416, CVE-2014-0417, CVE-2014-0418, CVE-2014-0422, CVE-2014-0423, CVE-2014-0424, CVE-2014-0428, CVE-2014-0429, CVE-2014-0446, CVE-2014-0449, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458, CVE-2014-0460, CVE-2014-0461, CVE-2014-1876, CVE-2014-2398, CVE-2014-2401, CVE-2014-2403, CVE-2014-2409, CVE-2014-2412, CVE-2014-2414, CVE-2014-2420, CVE-2014-2421, CVE-2014-2423, CVE-2014-2427, CVE-2014-2428) All users of java-1.6.0-sun are advised to upgrade to these updated packages, which provide Oracle Java 6 Update 75 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect.
Family: unix Class: patch
Reference(s): ELSA-2014:0414-00
CVE-2013-1500
CVE-2013-1571
CVE-2013-2407
CVE-2013-2412
CVE-2013-2437
CVE-2013-2442
CVE-2013-2443
CVE-2013-2444
CVE-2013-2445
CVE-2013-2446
CVE-2013-2447
CVE-2013-2448
CVE-2013-2450
CVE-2013-2451
CVE-2013-2452
CVE-2013-2453
CVE-2013-2454
CVE-2013-2455
CVE-2013-2456
CVE-2013-2457
CVE-2013-2459
CVE-2013-2461
CVE-2013-2463
CVE-2013-2464
CVE-2013-2465
CVE-2013-2466
CVE-2013-2468
CVE-2013-2469
CVE-2013-2470
CVE-2013-2471
CVE-2013-2472
CVE-2013-2473
CVE-2013-3743
CVE-2013-3829
CVE-2013-4002
CVE-2013-5772
CVE-2013-5774
CVE-2013-5776
CVE-2013-5778
CVE-2013-5780
CVE-2013-5782
CVE-2013-5783
CVE-2013-5784
CVE-2013-5787
CVE-2013-5789
CVE-2013-5790
CVE-2013-5797
CVE-2013-5801
CVE-2013-5802
CVE-2013-5803
CVE-2013-5804
CVE-2013-5809
CVE-2013-5812
CVE-2013-5814
CVE-2013-5817
CVE-2013-5818
CVE-2013-5819
CVE-2013-5820
CVE-2013-5823
CVE-2013-5824
CVE-2013-5825
CVE-2013-5829
CVE-2013-5830
CVE-2013-5831
CVE-2013-5832
CVE-2013-5840
CVE-2013-5842
CVE-2013-5843
CVE-2013-5848
CVE-2013-5849
CVE-2013-5850
CVE-2013-5852
CVE-2013-5878
CVE-2013-5884
CVE-2013-5887
CVE-2013-5888
CVE-2013-5889
CVE-2013-5896
CVE-2013-5898
CVE-2013-5899
CVE-2013-5902
CVE-2013-5905
CVE-2013-5906
CVE-2013-5907
CVE-2013-5910
CVE-2013-6629
CVE-2013-6954
CVE-2014-0368
CVE-2014-0373
CVE-2014-0375
CVE-2014-0376
CVE-2014-0387
CVE-2014-0403
CVE-2014-0410
CVE-2014-0411
CVE-2014-0415
CVE-2014-0416
CVE-2014-0417
CVE-2014-0418
CVE-2014-0422
CVE-2014-0423
CVE-2014-0424
CVE-2014-0428
CVE-2014-0429
CVE-2014-0446
CVE-2014-0449
CVE-2014-0451
CVE-2014-0452
CVE-2014-0453
CVE-2014-0456
CVE-2014-0457
CVE-2014-0458
CVE-2014-0460
CVE-2014-0461
CVE-2014-1876
CVE-2014-2398
CVE-2014-2401
CVE-2014-2403
CVE-2014-2409
CVE-2014-2412
CVE-2014-2414
CVE-2014-2420
CVE-2014-2421
CVE-2014-2423
CVE-2014-2427
CVE-2014-2428
Version: 5
Platform(s): Oracle Linux 6
Oracle Linux 5
Product(s): java-1.6.0-sun
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24614
 
Oval ID: oval:org.mitre.oval:def:24614
Title: DEPRECATED: RHSA-2014:0889: java-1.7.0-openjdk security update (Critical)
Description: The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. (CVE-2014-4216, CVE-2014-4219) A format string flaw was discovered in the Hotspot component event logger in OpenJDK. An untrusted Java application or applet could use this flaw to crash the Java Virtual Machine or, potentially, execute arbitrary code with the privileges of the Java Virtual Machine. (CVE-2014-2490) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-4223, CVE-2014-4262, CVE-2014-2483) Multiple flaws were discovered in the JMX, Libraries, Security, and Serviceability components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-4209, CVE-2014-4218, CVE-2014-4221, CVE-2014-4252, CVE-2014-4266) It was discovered that the RSA algorithm in the Security component in OpenJDK did not sufficiently perform blinding while performing operations that were using private keys. An attacker able to measure timing differences of those operations could possibly leak information about the used keys. (CVE-2014-4244) The Diffie-Hellman (DH) key exchange algorithm implementation in the Security component in OpenJDK failed to validate public DH parameters properly. This could cause OpenJDK to accept and use weak parameters, allowing an attacker to recover the negotiated key. (CVE-2014-4263) The CVE-2014-4262 issue was discovered by Florian Weimer of Red Hat Product Security. Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
Family: unix Class: patch
Reference(s): RHSA-2014:0889-00
CESA-2014:0889
CVE-2014-2483
CVE-2014-2490
CVE-2014-4209
CVE-2014-4216
CVE-2014-4218
CVE-2014-4219
CVE-2014-4221
CVE-2014-4223
CVE-2014-4244
CVE-2014-4252
CVE-2014-4262
CVE-2014-4263
CVE-2014-4266
Version: 4
Platform(s): Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
CentOS Linux 6
CentOS Linux 7
Product(s): java-1.7.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24619
 
Oval ID: oval:org.mitre.oval:def:24619
Title: Unspecified vulnerability in Oracle Java SE 7u51 and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security
Description: Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security.
Family: windows Class: vulnerability
Reference(s): CVE-2014-0454
Version: 4
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24622
 
Oval ID: oval:org.mitre.oval:def:24622
Title: Unspecified vulnerability in Oracle Java SE 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX
Description: Unspecified vulnerability in Oracle Java SE 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX.
Family: windows Class: vulnerability
Reference(s): CVE-2014-2410
Version: 3
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24623
 
Oval ID: oval:org.mitre.oval:def:24623
Title: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8 allows remote attackers to affect confidentiality via vectors related to JAXP
Description: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality via vectors related to JAXP.
Family: windows Class: vulnerability
Reference(s): CVE-2014-2403
Version: 4
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24636
 
Oval ID: oval:org.mitre.oval:def:24636
Title: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS
Description: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0452 and CVE-2014-0458.
Family: windows Class: vulnerability
Reference(s): CVE-2014-2423
Version: 4
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24641
 
Oval ID: oval:org.mitre.oval:def:24641
Title: RHSA-2014:0407: java-1.7.0-openjdk security update (Important)
Description: The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2014-0429) Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-0457, CVE-2014-0455, CVE-2014-0461) Multiple improper permission check issues were discovered in the AWT, JAX-WS, JAXB, Libraries, Security, Sound, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-2402, CVE-2014-0446, CVE-2014-2413, CVE-2014-0454, CVE-2014-2427, CVE-2014-0459) Multiple flaws were identified in the Java Naming and Directory Interface (JNDI) DNS client. These flaws could make it easier for a remote attacker to perform DNS spoofing attacks. (CVE-2014-0460) It was discovered that the JAXP component did not properly prevent access to arbitrary files when a SecurityManager was present. This flaw could cause a Java application using JAXP to leak sensitive information, or affect application availability. (CVE-2014-2403) It was discovered that the Security component in OpenJDK could leak some timing information when performing PKCS#1 unpadding. This could possibly lead to the disclosure of some information that was meant to be protected by encryption. (CVE-2014-0453) It was discovered that the fix for CVE-2013-5797 did not properly resolve input sanitization flaws in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting (XSS) attacks. (CVE-2014-2398) An insecure temporary file use flaw was found in the way the unpack200 utility created log files. A local attacker could possibly use this flaw to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running unpack200. (CVE-2014-1876) All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
Family: unix Class: patch
Reference(s): RHSA-2014:0407-00
CESA-2014:0407
CVE-2014-0429
CVE-2014-0446
CVE-2014-0451
CVE-2014-0452
CVE-2014-0453
CVE-2014-0454
CVE-2014-0455
CVE-2014-0456
CVE-2014-0457
CVE-2014-0458
CVE-2014-0459
CVE-2014-0460
CVE-2014-0461
CVE-2014-1876
CVE-2014-2397
CVE-2014-2398
CVE-2014-2402
CVE-2014-2403
CVE-2014-2412
CVE-2014-2413
CVE-2014-2414
CVE-2014-2421
CVE-2014-2423
CVE-2014-2427
Version: 3
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): java-1.7.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24646
 
Oval ID: oval:org.mitre.oval:def:24646
Title: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Deployment
Description: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Deployment.
Family: windows Class: vulnerability
Reference(s): CVE-2014-2409
Version: 4
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24649
 
Oval ID: oval:org.mitre.oval:def:24649
Title: Unspecified vulnerability in Oracle Java SE 7u51 and 8 allows remote attackers to affect integrity via unknown vectors related to Libraries
Description: Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect integrity via unknown vectors related to Libraries.
Family: windows Class: vulnerability
Reference(s): CVE-2014-2413
Version: 4
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24652
 
Oval ID: oval:org.mitre.oval:def:24652
Title: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment
Description: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
Family: windows Class: vulnerability
Reference(s): CVE-2014-2428
Version: 4
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24662
 
Oval ID: oval:org.mitre.oval:def:24662
Title: ELSA-2014:0407: java-1.7.0-openjdk security update (Important)
Description: The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2014-0429) Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-0457, CVE-2014-0455, CVE-2014-0461) Multiple improper permission check issues were discovered in the AWT, JAX-WS, JAXB, Libraries, Security, Sound, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-2402, CVE-2014-0446, CVE-2014-2413, CVE-2014-0454, CVE-2014-2427, CVE-2014-0459) Multiple flaws were identified in the Java Naming and Directory Interface (JNDI) DNS client. These flaws could make it easier for a remote attacker to perform DNS spoofing attacks. (CVE-2014-0460) It was discovered that the JAXP component did not properly prevent access to arbitrary files when a SecurityManager was present. This flaw could cause a Java application using JAXP to leak sensitive information, or affect application availability. (CVE-2014-2403) It was discovered that the Security component in OpenJDK could leak some timing information when performing PKCS#1 unpadding. This could possibly lead to the disclosure of some information that was meant to be protected by encryption. (CVE-2014-0453) It was discovered that the fix for CVE-2013-5797 did not properly resolve input sanitization flaws in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting (XSS) attacks. (CVE-2014-2398) An insecure temporary file use flaw was found in the way the unpack200 utility created log files. A local attacker could possibly use this flaw to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running unpack200. (CVE-2014-1876) All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
Family: unix Class: patch
Reference(s): ELSA-2014:0407-00
CVE-2014-0429
CVE-2014-0446
CVE-2014-0451
CVE-2014-0452
CVE-2014-0453
CVE-2014-0454
CVE-2014-0455
CVE-2014-0456
CVE-2014-0457
CVE-2014-0458
CVE-2014-0459
CVE-2014-0460
CVE-2014-0461
CVE-2014-1876
CVE-2014-2397
CVE-2014-2398
CVE-2014-2402
CVE-2014-2403
CVE-2014-2412
CVE-2014-2413
CVE-2014-2414
CVE-2014-2421
CVE-2014-2423
CVE-2014-2427
Version: 5
Platform(s): Oracle Linux 5
Product(s): java-1.7.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24666
 
Oval ID: oval:org.mitre.oval:def:24666
Title: RHSA-2014:0406: java-1.7.0-openjdk security update (Critical)
Description: The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2014-0429) Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-0457, CVE-2014-0455, CVE-2014-0461) Multiple improper permission check issues were discovered in the AWT, JAX-WS, JAXB, Libraries, Security, Sound, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-2402, CVE-2014-0446, CVE-2014-2413, CVE-2014-0454, CVE-2014-2427, CVE-2014-0459) Multiple flaws were identified in the Java Naming and Directory Interface (JNDI) DNS client. These flaws could make it easier for a remote attacker to perform DNS spoofing attacks. (CVE-2014-0460) It was discovered that the JAXP component did not properly prevent access to arbitrary files when a SecurityManager was present. This flaw could cause a Java application using JAXP to leak sensitive information, or affect application availability. (CVE-2014-2403) It was discovered that the Security component in OpenJDK could leak some timing information when performing PKCS#1 unpadding. This could possibly lead to the disclosure of some information that was meant to be protected by encryption. (CVE-2014-0453) It was discovered that the fix for CVE-2013-5797 did not properly resolve input sanitization flaws in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting (XSS) attacks. (CVE-2014-2398) An insecure temporary file use flaw was found in the way the unpack200 utility created log files. A local attacker could possibly use this flaw to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running unpack200. (CVE-2014-1876) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
Family: unix Class: patch
Reference(s): RHSA-2014:0406-00
CESA-2014:0406
CVE-2014-0429
CVE-2014-0446
CVE-2014-0451
CVE-2014-0452
CVE-2014-0453
CVE-2014-0454
CVE-2014-0455
CVE-2014-0456
CVE-2014-0457
CVE-2014-0458
CVE-2014-0459
CVE-2014-0460
CVE-2014-0461
CVE-2014-1876
CVE-2014-2397
CVE-2014-2398
CVE-2014-2402
CVE-2014-2403
CVE-2014-2412
CVE-2014-2413
CVE-2014-2414
CVE-2014-2421
CVE-2014-2423
CVE-2014-2427
Version: 3
Platform(s): Red Hat Enterprise Linux 6
CentOS Linux 6
Product(s): java-1.7.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24672
 
Oval ID: oval:org.mitre.oval:def:24672
Title: Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D
Description: Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
Family: windows Class: vulnerability
Reference(s): CVE-2014-0429
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
JRockit
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24676
 
Oval ID: oval:org.mitre.oval:def:24676
Title: Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT
Description: Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT, a different vulnerability than CVE-2014-2412.
Family: windows Class: vulnerability
Reference(s): CVE-2014-0451
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24686
 
Oval ID: oval:org.mitre.oval:def:24686
Title: Unspecified vulnerability in Oracle Java SE 7u51 and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries
Description: Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-0455 and CVE-2014-2402.
Family: windows Class: vulnerability
Reference(s): CVE-2014-0432
Version: 4
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24694
 
Oval ID: oval:org.mitre.oval:def:24694
Title: DSA-2980-1 -- openjdk-6 - security update
Description: Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the executionof arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service.
Family: unix Class: patch
Reference(s): DSA-2980-1
CVE-2014-2490
CVE-2014-4209
CVE-2014-4216
CVE-2014-4218
CVE-2014-4219
CVE-2014-4244
CVE-2014-4252
CVE-2014-4262
CVE-2014-4263
CVE-2014-4266
CVE-2014-4268
Version: 5
Platform(s): Debian GNU/Linux 7
Debian GNU/kFreeBSD 7
Product(s): openjdk-6
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24709
 
Oval ID: oval:org.mitre.oval:def:24709
Title: Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; allows remote attackers to affect confidentiality and integrity via vectors related to JNDI
Description: Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via vectors related to JNDI.
Family: windows Class: vulnerability
Reference(s): CVE-2014-0460
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
JRockit
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24719
 
Oval ID: oval:org.mitre.oval:def:24719
Title: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS
Description: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0458 and CVE-2014-2423.
Family: windows Class: vulnerability
Reference(s): CVE-2014-0452
Version: 4
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24723
 
Oval ID: oval:org.mitre.oval:def:24723
Title: RHSA-2014:0413: java-1.7.0-oracle security update (Critical)
Description: Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2013-6629, CVE-2013-6954, CVE-2014-0429, CVE-2014-0432, CVE-2014-0446, CVE-2014-0448, CVE-2014-0449, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0454, CVE-2014-0455, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458, CVE-2014-0459, CVE-2014-0460, CVE-2014-0461, CVE-2014-1876, CVE-2014-2397, CVE-2014-2398, CVE-2014-2401, CVE-2014-2402, CVE-2014-2403, CVE-2014-2409, CVE-2014-2412, CVE-2014-2413, CVE-2014-2414, CVE-2014-2420, CVE-2014-2421, CVE-2014-2422, CVE-2014-2423, CVE-2014-2427, CVE-2014-2428) All users of java-1.7.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 7 Update 55 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect.
Family: unix Class: patch
Reference(s): RHSA-2014:0413-00
CVE-2013-6629
CVE-2013-6954
CVE-2014-0429
CVE-2014-0432
CVE-2014-0446
CVE-2014-0448
CVE-2014-0449
CVE-2014-0451
CVE-2014-0452
CVE-2014-0453
CVE-2014-0454
CVE-2014-0455
CVE-2014-0456
CVE-2014-0457
CVE-2014-0458
CVE-2014-0459
CVE-2014-0460
CVE-2014-0461
CVE-2014-1876
CVE-2014-2397
CVE-2014-2398
CVE-2014-2401
CVE-2014-2402
CVE-2014-2403
CVE-2014-2409
CVE-2014-2412
CVE-2014-2413
CVE-2014-2414
CVE-2014-2420
CVE-2014-2421
CVE-2014-2422
CVE-2014-2423
CVE-2014-2427
CVE-2014-2428
Version: 3
Platform(s): Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 5
Product(s): java-1.7.0-oracle
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24729
 
Oval ID: oval:org.mitre.oval:def:24729
Title: Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect integrity (CVE-2014-4208)
Description: Unspecified vulnerability in the Java SE component in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4220.
Family: windows Class: vulnerability
Reference(s): CVE-2014-4208
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Java Development Kit
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24739
 
Oval ID: oval:org.mitre.oval:def:24739
Title: ELSA-2014:0414: java-1.6.0-sun security update (Important)
Description: Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory pages, listed in the References section. (CVE-2013-1500, CVE-2013-1571, CVE-2013-2407, CVE-2013-2412, CVE-2013-2437, CVE-2013-2442, CVE-2013-2443, CVE-2013-2444, CVE-2013-2445, CVE-2013-2446, CVE-2013-2447, CVE-2013-2448, CVE-2013-2450, CVE-2013-2451, CVE-2013-2452, CVE-2013-2453, CVE-2013-2454, CVE-2013-2455, CVE-2013-2456, CVE-2013-2457, CVE-2013-2459, CVE-2013-2461, CVE-2013-2463, CVE-2013-2464, CVE-2013-2465, CVE-2013-2466, CVE-2013-2468, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473, CVE-2013-3743, CVE-2013-3829, CVE-2013-4002, CVE-2013-5772, CVE-2013-5774, CVE-2013-5776, CVE-2013-5778, CVE-2013-5780, CVE-2013-5782, CVE-2013-5783, CVE-2013-5784, CVE-2013-5787, CVE-2013-5789, CVE-2013-5790, CVE-2013-5797, CVE-2013-5801, CVE-2013-5802, CVE-2013-5803, CVE-2013-5804, CVE-2013-5809, CVE-2013-5812, CVE-2013-5814, CVE-2013-5817, CVE-2013-5818, CVE-2013-5819, CVE-2013-5820, CVE-2013-5823, CVE-2013-5824, CVE-2013-5825, CVE-2013-5829, CVE-2013-5830, CVE-2013-5831, CVE-2013-5832, CVE-2013-5840, CVE-2013-5842, CVE-2013-5843, CVE-2013-5848, CVE-2013-5849, CVE-2013-5850, CVE-2013-5852, CVE-2013-5878, CVE-2013-5884, CVE-2013-5887, CVE-2013-5888, CVE-2013-5889, CVE-2013-5896, CVE-2013-5898, CVE-2013-5899, CVE-2013-5902, CVE-2013-5905, CVE-2013-5906, CVE-2013-5907, CVE-2013-5910, CVE-2013-6629, CVE-2013-6954, CVE-2014-0368, CVE-2014-0373, CVE-2014-0375, CVE-2014-0376, CVE-2014-0387, CVE-2014-0403, CVE-2014-0410, CVE-2014-0411, CVE-2014-0415, CVE-2014-0416, CVE-2014-0417, CVE-2014-0418, CVE-2014-0422, CVE-2014-0423, CVE-2014-0424, CVE-2014-0428, CVE-2014-0429, CVE-2014-0446, CVE-2014-0449, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458, CVE-2014-0460, CVE-2014-0461, CVE-2014-1876, CVE-2014-2398, CVE-2014-2401, CVE-2014-2403, CVE-2014-2409, CVE-2014-2412, CVE-2014-2414, CVE-2014-2420, CVE-2014-2421, CVE-2014-2423, CVE-2014-2427, CVE-2014-2428) All users of java-1.6.0-sun are advised to upgrade to these updated packages, which provide Oracle Java 6 Update 75 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect.
Family: unix Class: patch
Reference(s): ELSA-2014:0414-00
CVE-2013-1500
CVE-2013-1571
CVE-2013-2407
CVE-2013-2412
CVE-2013-2437
CVE-2013-2442
CVE-2013-2443
CVE-2013-2444
CVE-2013-2445
CVE-2013-2446
CVE-2013-2447
CVE-2013-2448
CVE-2013-2450
CVE-2013-2451
CVE-2013-2452
CVE-2013-2453
CVE-2013-2454
CVE-2013-2455
CVE-2013-2456
CVE-2013-2457
CVE-2013-2459
CVE-2013-2461
CVE-2013-2463
CVE-2013-2464
CVE-2013-2465
CVE-2013-2466
CVE-2013-2468
CVE-2013-2469
CVE-2013-2470
CVE-2013-2471
CVE-2013-2472
CVE-2013-2473
CVE-2013-3743
CVE-2013-3829
CVE-2013-4002
CVE-2013-5772
CVE-2013-5774
CVE-2013-5776
CVE-2013-5778
CVE-2013-5780
CVE-2013-5782
CVE-2013-5783
CVE-2013-5784
CVE-2013-5787
CVE-2013-5789
CVE-2013-5790
CVE-2013-5797
CVE-2013-5801
CVE-2013-5802
CVE-2013-5803
CVE-2013-5804
CVE-2013-5809
CVE-2013-5812
CVE-2013-5814
CVE-2013-5817
CVE-2013-5818
CVE-2013-5819
CVE-2013-5820
CVE-2013-5823
CVE-2013-5824
CVE-2013-5825
CVE-2013-5829
CVE-2013-5830
CVE-2013-5831
CVE-2013-5832
CVE-2013-5840
CVE-2013-5842
CVE-2013-5843
CVE-2013-5848
CVE-2013-5849
CVE-2013-5850
CVE-2013-5852
CVE-2013-5878
CVE-2013-5884
CVE-2013-5887
CVE-2013-5888
CVE-2013-5889
CVE-2013-5896
CVE-2013-5898
CVE-2013-5899
CVE-2013-5902
CVE-2013-5905
CVE-2013-5906
CVE-2013-5907
CVE-2013-5910
CVE-2013-6629
CVE-2013-6954
CVE-2014-0368
CVE-2014-0373
CVE-2014-0375
CVE-2014-0376
CVE-2014-0387
CVE-2014-0403
CVE-2014-0410
CVE-2014-0411
CVE-2014-0415
CVE-2014-0416
CVE-2014-0417
CVE-2014-0418
CVE-2014-0422
CVE-2014-0423
CVE-2014-0424
CVE-2014-0428
CVE-2014-0429
CVE-2014-0446
CVE-2014-0449
CVE-2014-0451
CVE-2014-0452
CVE-2014-0453
CVE-2014-0456
CVE-2014-0457
CVE-2014-0458
CVE-2014-0460
CVE-2014-0461
CVE-2014-1876
CVE-2014-2398
CVE-2014-2401
CVE-2014-2403
CVE-2014-2409
CVE-2014-2412
CVE-2014-2414
CVE-2014-2420
CVE-2014-2421
CVE-2014-2423
CVE-2014-2427
CVE-2014-2428
Version: 5
Platform(s): Oracle Linux 6
Oracle Linux 5
Product(s): java-1.6.0-sun
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24751
 
Oval ID: oval:org.mitre.oval:def:24751
Title: DSA-2912-1 openjdk-6 - security update
Description: Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service.
Family: unix Class: patch
Reference(s): DSA-2912-1
CVE-2014-0429
CVE-2014-0446
CVE-2014-0451
CVE-2014-0452
CVE-2014-0453
CVE-2014-0456
CVE-2014-0457
CVE-2014-0458
CVE-2014-0459
CVE-2014-0460
CVE-2014-0461
CVE-2014-0462
CVE-2014-1876
CVE-2014-2397
CVE-2014-2398
CVE-2014-2403
CVE-2014-2405
CVE-2014-2412
CVE-2014-2414
CVE-2014-2421
CVE-2014-2423
CVE-2014-2427
Version: 5
Platform(s): Debian GNU/Linux 6.0
Debian GNU/Linux 7
Debian GNU/kFreeBSD 6.0
Debian GNU/kFreeBSD 7
Product(s): openjdk-6
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24759
 
Oval ID: oval:org.mitre.oval:def:24759
Title: ELSA-2014:0413: java-1.7.0-oracle security update (Critical)
Description: Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2013-6629, CVE-2013-6954, CVE-2014-0429, CVE-2014-0432, CVE-2014-0446, CVE-2014-0448, CVE-2014-0449, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0454, CVE-2014-0455, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458, CVE-2014-0459, CVE-2014-0460, CVE-2014-0461, CVE-2014-1876, CVE-2014-2397, CVE-2014-2398, CVE-2014-2401, CVE-2014-2402, CVE-2014-2403, CVE-2014-2409, CVE-2014-2412, CVE-2014-2413, CVE-2014-2414, CVE-2014-2420, CVE-2014-2421, CVE-2014-2422, CVE-2014-2423, CVE-2014-2427, CVE-2014-2428) All users of java-1.7.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 7 Update 55 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect.
Family: unix Class: patch
Reference(s): ELSA-2014:0413-00
CVE-2013-6629
CVE-2013-6954
CVE-2014-0429
CVE-2014-0432
CVE-2014-0446
CVE-2014-0448
CVE-2014-0449
CVE-2014-0451
CVE-2014-0452
CVE-2014-0453
CVE-2014-0454
CVE-2014-0455
CVE-2014-0456
CVE-2014-0457
CVE-2014-0458
CVE-2014-0459
CVE-2014-0460
CVE-2014-0461
CVE-2014-1876
CVE-2014-2397
CVE-2014-2398
CVE-2014-2401
CVE-2014-2402
CVE-2014-2403
CVE-2014-2409
CVE-2014-2412
CVE-2014-2413
CVE-2014-2414
CVE-2014-2420
CVE-2014-2421
CVE-2014-2422
CVE-2014-2423
CVE-2014-2427
CVE-2014-2428
Version: 5
Platform(s): Oracle Linux 6
Oracle Linux 5
Product(s): java-1.7.0-oracle
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24767
 
Oval ID: oval:org.mitre.oval:def:24767
Title: ELSA-2014:0486: java-1.7.0-ibm security update (Critical)
Description: IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2014-0457, CVE-2014-2421, CVE-2014-0429, CVE-2014-0461, CVE-2014-0455, CVE-2014-2428, CVE-2014-0448, CVE-2014-0454, CVE-2014-0446, CVE-2014-0452, CVE-2014-0451, CVE-2014-2402, CVE-2014-2423, CVE-2014-2427, CVE-2014-0458, CVE-2014-2414, CVE-2014-2412, CVE-2014-2409, CVE-2014-0460, CVE-2013-6954, CVE-2013-6629, CVE-2014-2401, CVE-2014-0449, CVE-2014-0459, CVE-2014-0453, CVE-2014-2398, CVE-2014-1876, CVE-2014-2420) All users of java-1.7.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 7 SR7 release. All running instances of IBM Java must be restarted for the update to take effect.
Family: unix Class: patch
Reference(s): ELSA-2014:0486-01
CVE-2013-6629
CVE-2013-6954
CVE-2014-0429
CVE-2014-0446
CVE-2014-0448
CVE-2014-0449
CVE-2014-0451
CVE-2014-0452
CVE-2014-0453
CVE-2014-0454
CVE-2014-0455
CVE-2014-0457
CVE-2014-0458
CVE-2014-0459
CVE-2014-0460
CVE-2014-0461
CVE-2014-0878
CVE-2014-1876
CVE-2014-2398
CVE-2014-2401
CVE-2014-2402
CVE-2014-2409
CVE-2014-2412
CVE-2014-2414
CVE-2014-2420
CVE-2014-2421
CVE-2014-2423
CVE-2014-2427
CVE-2014-2428
Version: 4
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): java-1.7.0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24794
 
Oval ID: oval:org.mitre.oval:def:24794
Title: RHSA-2014:0509: java-1.5.0-ibm security update (Important)
Description: IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2014-0457, CVE-2014-2421, CVE-2014-0429, CVE-2014-0446, CVE-2014-0451, CVE-2014-2427, CVE-2014-2412, CVE-2014-0460, CVE-2013-6629, CVE-2014-2401, CVE-2014-0453, CVE-2014-2398, CVE-2014-1876) All users of java-1.5.0-ibm are advised to upgrade to these updated packages, containing the IBM J2SE 5.0 SR16-FP6 release. All running instances of IBM Java must be restarted for this update to take effect.
Family: unix Class: patch
Reference(s): RHSA-2014:0509-00
CVE-2013-6629
CVE-2014-0429
CVE-2014-0446
CVE-2014-0451
CVE-2014-0453
CVE-2014-0457
CVE-2014-0460
CVE-2014-1876
CVE-2014-2398
CVE-2014-2401
CVE-2014-2412
CVE-2014-2421
CVE-2014-2427
Version: 3
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
Product(s): java-1.5.0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24806
 
Oval ID: oval:org.mitre.oval:def:24806
Title: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability (CVE-2014-4262)
Description: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Family: windows Class: vulnerability
Reference(s): CVE-2014-4262
Version: 8
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Java Development Kit
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24827
 
Oval ID: oval:org.mitre.oval:def:24827
Title: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality (CVE-2014-4268)
Description: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Swing.
Family: windows Class: vulnerability
Reference(s): CVE-2014-4268
Version: 8
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Java Development Kit
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24828
 
Oval ID: oval:org.mitre.oval:def:24828
Title: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect integrity (CVE-2014-4218)
Description: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect integrity via unknown vectors related to Libraries.
Family: windows Class: vulnerability
Reference(s): CVE-2014-4218
Version: 8
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Java Development Kit
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24873
 
Oval ID: oval:org.mitre.oval:def:24873
Title: Unspecified vulnerability in Oracle Java SE 7u60 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries (CVE-2014-4223)
Description: Unspecified vulnerability in Oracle Java SE 7u60 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-2483.
Family: windows Class: vulnerability
Reference(s): CVE-2014-4223
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Java Development Kit
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24880
 
Oval ID: oval:org.mitre.oval:def:24880
Title: RHSA-2014:0675: java-1.7.0-openjdk security update (Critical)
Description: The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2014-0429) Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-0457, CVE-2014-0455, CVE-2014-0461) Multiple improper permission check issues were discovered in the AWT, JAX-WS, JAXB, Libraries, Security, Sound, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-2402, CVE-2014-0446, CVE-2014-2413, CVE-2014-0454, CVE-2014-2427, CVE-2014-0459) Multiple flaws were identified in the Java Naming and Directory Interface (JNDI) DNS client. These flaws could make it easier for a remote attacker to perform DNS spoofing attacks. (CVE-2014-0460) It was discovered that the JAXP component did not properly prevent access to arbitrary files when a SecurityManager was present. This flaw could cause a Java application using JAXP to leak sensitive information, or affect application availability. (CVE-2014-2403) It was discovered that the Security component in OpenJDK could leak some timing information when performing PKCS#1 unpadding. This could possibly lead to the disclosure of some information that was meant to be protected by encryption. (CVE-2014-0453) It was discovered that the fix for CVE-2013-5797 did not properly resolve input sanitization flaws in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting (XSS) attacks. (CVE-2014-2398) An insecure temporary file use flaw was found in the way the unpack200 utility created log files. A local attacker could possibly use this flaw to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running unpack200. (CVE-2014-1876) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
Family: unix Class: patch
Reference(s): RHSA-2014:0675-00
CVE-2014-0429
CVE-2014-0446
CVE-2014-0451
CVE-2014-0452
CVE-2014-0453
CVE-2014-0454
CVE-2014-0455
CVE-2014-0456
CVE-2014-0457
CVE-2014-0458
CVE-2014-0459
CVE-2014-0460
CVE-2014-0461
CVE-2014-1876
CVE-2014-2397
CVE-2014-2398
CVE-2014-2402
CVE-2014-2403
CVE-2014-2412
CVE-2014-2413
CVE-2014-2414
CVE-2014-2421
CVE-2014-2423
CVE-2014-2427
Version: 4
Platform(s): Red Hat Enterprise Linux 7
CentOS Linux 7
Product(s): java-1.7.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24881
 
Oval ID: oval:org.mitre.oval:def:24881
Title: ELSA-2014:0509: java-1.5.0-ibm security update (Important)
Description: IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2014-0457, CVE-2014-2421, CVE-2014-0429, CVE-2014-0446, CVE-2014-0451, CVE-2014-2427, CVE-2014-2412, CVE-2014-0460, CVE-2013-6629, CVE-2014-2401, CVE-2014-0453, CVE-2014-2398, CVE-2014-1876) All users of java-1.5.0-ibm are advised to upgrade to these updated packages, containing the IBM J2SE 5.0 SR16-FP6 release. All running instances of IBM Java must be restarted for this update to take effect.
Family: unix Class: patch
Reference(s): ELSA-2014:0509-01
CVE-2013-6629
CVE-2014-0429
CVE-2014-0446
CVE-2014-0451
CVE-2014-0453
CVE-2014-0457
CVE-2014-0460
CVE-2014-0878
CVE-2014-1876
CVE-2014-2398
CVE-2014-2401
CVE-2014-2412
CVE-2014-2421
CVE-2014-2427
Version: 4
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): java-1.5.0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24964
 
Oval ID: oval:org.mitre.oval:def:24964
Title: DEPRECATED: RHSA-2014:0890: java-1.7.0-openjdk security update (Important)
Description: The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. (CVE-2014-4216, CVE-2014-4219) A format string flaw was discovered in the Hotspot component event logger in OpenJDK. An untrusted Java application or applet could use this flaw to crash the Java Virtual Machine or, potentially, execute arbitrary code with the privileges of the Java Virtual Machine. (CVE-2014-2490) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-4223, CVE-2014-4262, CVE-2014-2483) Multiple flaws were discovered in the JMX, Libraries, Security, and Serviceability components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-4209, CVE-2014-4218, CVE-2014-4221, CVE-2014-4252, CVE-2014-4266) It was discovered that the RSA algorithm in the Security component in OpenJDK did not sufficiently perform blinding while performing operations that were using private keys. An attacker able to measure timing differences of those operations could possibly leak information about the used keys. (CVE-2014-4244) The Diffie-Hellman (DH) key exchange algorithm implementation in the Security component in OpenJDK failed to validate public DH parameters properly. This could cause OpenJDK to accept and use weak parameters, allowing an attacker to recover the negotiated key. (CVE-2014-4263) The CVE-2014-4262 issue was discovered by Florian Weimer of Red Hat Product Security. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
Family: unix Class: patch
Reference(s): RHSA-2014:0890-00
CESA-2014:0890
CVE-2014-2483
CVE-2014-2490
CVE-2014-4209
CVE-2014-4216
CVE-2014-4218
CVE-2014-4219
CVE-2014-4221
CVE-2014-4223
CVE-2014-4244
CVE-2014-4252
CVE-2014-4262
CVE-2014-4263
CVE-2014-4266
Version: 4
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): java-1.7.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24985
 
Oval ID: oval:org.mitre.oval:def:24985
Title: Unspecified vulnerability in Oracle Java SE 7u60 and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries (CVE-2014-2483)
Description: Unspecified vulnerability in the Java SE component in Oracle Java SE Java SE 7u60 and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-4223. NOTE: the previous information is from the July 2014 CPU. Oracle has not commented on another vendor's claim that the issue is related to improper restriction of the "use of privileged annotations."
Family: windows Class: vulnerability
Reference(s): CVE-2014-2483
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Java Development Kit
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25066
 
Oval ID: oval:org.mitre.oval:def:25066
Title: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and R28.3.2, allows remote attackers to affect confidentiality and integrity (CVE-2014-4263)
Description: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and R28.3.2, allows remote attackers to affect confidentiality and integrity via unknown vectors related to "Diffie-Hellman key agreement."
Family: windows Class: vulnerability
Reference(s): CVE-2014-4263
Version: 8
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Java Development Kit
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25092
 
Oval ID: oval:org.mitre.oval:def:25092
Title: Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability (CVE-2014-4219)
Description: Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
Family: windows Class: vulnerability
Reference(s): CVE-2014-4219
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Java Development Kit
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25104
 
Oval ID: oval:org.mitre.oval:def:25104
Title: Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect integrity (CVE-2014-4220)
Description: Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4208.
Family: windows Class: vulnerability
Reference(s): CVE-2014-4220
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Java Development Kit
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25136
 
Oval ID: oval:org.mitre.oval:def:25136
Title: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality and integrity (CVE-2014-4209)
Description: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality and integrity via vectors related to JMX.
Family: windows Class: vulnerability
Reference(s): CVE-2014-4209
Version: 8
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Java Development Kit
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25149
 
Oval ID: oval:org.mitre.oval:def:25149
Title: Unspecified vulnerability in Oracle Java SE 8u5 allows remote attackers to affect confidentiality, integrity, and availability (CVE-2014-4247)
Description: Unspecified vulnerability in Oracle Java SE 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX.
Family: windows Class: vulnerability
Reference(s): CVE-2014-4247
Version: 5
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Java Development Kit
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25154
 
Oval ID: oval:org.mitre.oval:def:25154
Title: Unspecified vulnerability in Oracle Java SE 7u60 and SE 8u5 allows remote attackers to affect confidentiality, integrity, and availability
Description: Unspecified vulnerability in the Java SE component in Oracle Java SE 7u60 and SE 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
Family: windows Class: vulnerability
Reference(s): CVE-2014-2490
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Java Development Kit
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25160
 
Oval ID: oval:org.mitre.oval:def:25160
Title: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability (CVE-2014-4216)
Description: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
Family: windows Class: vulnerability
Reference(s): CVE-2014-4216
Version: 8
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Java Development Kit
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25185
 
Oval ID: oval:org.mitre.oval:def:25185
Title: ELSA-2014:0508: java-1.6.0-ibm security update (Critical)
Description: IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2014-0457, CVE-2014-2421, CVE-2014-0429, CVE-2014-0461, CVE-2014-2428, CVE-2014-0446, CVE-2014-0452, CVE-2014-0451, CVE-2014-2423, CVE-2014-2427, CVE-2014-0458, CVE-2014-2414, CVE-2014-2412, CVE-2014-2409, CVE-2014-0460, CVE-2013-6954, CVE-2013-6629, CVE-2014-2401, CVE-2014-0449, CVE-2014-0453, CVE-2014-2398, CVE-2014-1876, CVE-2014-2420) All users of java-1.6.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 6 SR16 release. All running instances of IBM Java must be restarted for the update to take effect.
Family: unix Class: patch
Reference(s): ELSA-2014:0508-01
CVE-2013-6629
CVE-2013-6954
CVE-2014-0429
CVE-2014-0446
CVE-2014-0449
CVE-2014-0451
CVE-2014-0452
CVE-2014-0453
CVE-2014-0457
CVE-2014-0458
CVE-2014-0460
CVE-2014-0461
CVE-2014-0878
CVE-2014-1876
CVE-2014-2398
CVE-2014-2401
CVE-2014-2409
CVE-2014-2412
CVE-2014-2414
CVE-2014-2420
CVE-2014-2421
CVE-2014-2423
CVE-2014-2427
CVE-2014-2428
Version: 4
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): java-1.6.0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25202
 
Oval ID: oval:org.mitre.oval:def:25202
Title: Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect integrity (CVE-2014-4266)
Description: Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect integrity via unknown vectors related to Serviceability.
Family: windows Class: vulnerability
Reference(s): CVE-2014-4266
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Java Development Kit
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25203
 
Oval ID: oval:org.mitre.oval:def:25203
Title: Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect integrity (CVE-2014-4265)
Description: Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect integrity via unknown vectors related to Deployment.
Family: windows Class: vulnerability
Reference(s): CVE-2014-4265
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Java Development Kit
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25216
 
Oval ID: oval:org.mitre.oval:def:25216
Title: Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect availability (CVE-2014-4264)
Description: Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect availability via unknown vectors related to Security.
Family: windows Class: vulnerability
Reference(s): CVE-2014-4264
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Java Development Kit
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25220
 
Oval ID: oval:org.mitre.oval:def:25220
Title: RHSA-2014:0685: java-1.6.0-openjdk security update (Important)
Description: The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2014-0429) Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-0457, CVE-2014-0461) Multiple improper permission check issues were discovered in the AWT, JAX-WS, JAXB, Libraries, and Sound components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-0446, CVE-2014-2427) Multiple flaws were identified in the Java Naming and Directory Interface (JNDI) DNS client. These flaws could make it easier for a remote attacker to perform DNS spoofing attacks. (CVE-2014-0460) It was discovered that the JAXP component did not properly prevent access to arbitrary files when a SecurityManager was present. This flaw could cause a Java application using JAXP to leak sensitive information, or affect application availability. (CVE-2014-2403) It was discovered that the Security component in OpenJDK could leak some timing information when performing PKCS#1 unpadding. This could possibly lead to the disclosure of some information that was meant to be protected by encryption. (CVE-2014-0453) It was discovered that the fix for CVE-2013-5797 did not properly resolve input sanitization flaws in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting (XSS) attacks. (CVE-2014-2398) An insecure temporary file use flaw was found in the way the unpack200 utility created log files. A local attacker could possibly use this flaw to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running unpack200. (CVE-2014-1876) All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
Family: unix Class: patch
Reference(s): RHSA-2014:0685-00
CVE-2014-0429
CVE-2014-0446
CVE-2014-0451
CVE-2014-0452
CVE-2014-0453
CVE-2014-0456
CVE-2014-0457
CVE-2014-0458
CVE-2014-0460
CVE-2014-0461
CVE-2014-1876
CVE-2014-2397
CVE-2014-2398
CVE-2014-2403
CVE-2014-2412
CVE-2014-2414
CVE-2014-2421
CVE-2014-2423
CVE-2014-2427
Version: 4
Platform(s): Red Hat Enterprise Linux 7
CentOS Linux 7
Product(s): java-1.6.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25224
 
Oval ID: oval:org.mitre.oval:def:25224
Title: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and JRockit R28.3.2, allows remote attackers to affect confidentiality and integrity (CVE-2014-4244)
Description: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and JRockit R28.3.2, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security.
Family: windows Class: vulnerability
Reference(s): CVE-2014-4244
Version: 8
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Java Development Kit
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25249
 
Oval ID: oval:org.mitre.oval:def:25249
Title: RHSA-2014:0890: java-1.7.0-openjdk security update (Important)
Description: The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. (CVE-2014-4216, CVE-2014-4219) A format string flaw was discovered in the Hotspot component event logger in OpenJDK. An untrusted Java application or applet could use this flaw to crash the Java Virtual Machine or, potentially, execute arbitrary code with the privileges of the Java Virtual Machine. (CVE-2014-2490) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-4223, CVE-2014-4262, CVE-2014-2483) Multiple flaws were discovered in the JMX, Libraries, Security, and Serviceability components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-4209, CVE-2014-4218, CVE-2014-4221, CVE-2014-4252, CVE-2014-4266) It was discovered that the RSA algorithm in the Security component in OpenJDK did not sufficiently perform blinding while performing operations that were using private keys. An attacker able to measure timing differences of those operations could possibly leak information about the used keys. (CVE-2014-4244) The Diffie-Hellman (DH) key exchange algorithm implementation in the Security component in OpenJDK failed to validate public DH parameters properly. This could cause OpenJDK to accept and use weak parameters, allowing an attacker to recover the negotiated key. (CVE-2014-4263) The CVE-2014-4262 issue was discovered by Florian Weimer of Red Hat Product Security. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
Family: unix Class: patch
Reference(s): RHSA-2014:0890-00
CESA-2014:0890
CVE-2014-2483
CVE-2014-2490
CVE-2014-4209
CVE-2014-4216
CVE-2014-4218
CVE-2014-4219
CVE-2014-4221
CVE-2014-4223
CVE-2014-4244
CVE-2014-4252
CVE-2014-4262
CVE-2014-4263
CVE-2014-4266
Version: 3
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): java-1.7.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25250
 
Oval ID: oval:org.mitre.oval:def:25250
Title: Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability (CVE-2014-4227)
Description: Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
Family: windows Class: vulnerability
Reference(s): CVE-2014-4227
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Java Development Kit
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25273
 
Oval ID: oval:org.mitre.oval:def:25273
Title: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality (CVE-2014-4252)
Description: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Security.
Family: windows Class: vulnerability
Reference(s): CVE-2014-4252
Version: 8
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Java Development Kit
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25281
 
Oval ID: oval:org.mitre.oval:def:25281
Title: Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect confidentiality (CVE-2014-4221)
Description: Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Libraries.
Family: windows Class: vulnerability
Reference(s): CVE-2014-4221
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Java Development Kit
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25312
 
Oval ID: oval:org.mitre.oval:def:25312
Title: RHSA-2014:0902: java-1.7.0-oracle security update (Critical)
Description: Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2014-4219, CVE-2014-2490, CVE-2014-4216, CVE-2014-4223, CVE-2014-4262, CVE-2014-2483, CVE-2014-4209, CVE-2014-4218, CVE-2014-4252, CVE-2014-4266, CVE-2014-4221, CVE-2014-4244, CVE-2014-4263, CVE-2014-4227, CVE-2014-4265, CVE-2014-4220, CVE-2014-4208, CVE-2014-4264) The CVE-2014-4262 issue was discovered by Florian Weimer of Red Hat Product Security. Note: The way in which the Oracle Java SE packages are delivered has changed. They now reside in a separate channel/repository that requires action from the user to perform prior to getting updated packages. For information on subscribing to the new channel/repository please refer to: https://access.redhat.com/solutions/732883 All users of java-1.7.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 7 Update 65 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect.
Family: unix Class: patch
Reference(s): RHSA-2014:0902-00
CVE-2014-2483
CVE-2014-2490
CVE-2014-4208
CVE-2014-4209
CVE-2014-4216
CVE-2014-4218
CVE-2014-4219
CVE-2014-4220
CVE-2014-4221
CVE-2014-4223
CVE-2014-4227
CVE-2014-4244
CVE-2014-4252
CVE-2014-4262
CVE-2014-4263
CVE-2014-4264
CVE-2014-4265
CVE-2014-4266
Version: 3
Platform(s): Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 5
Product(s): java-1.7.0-oracle
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25315
 
Oval ID: oval:org.mitre.oval:def:25315
Title: SUSE-SU-2014:0639-1 -- Security update for OpenJDK
Description: This java-1_7_0-openjdk update to version 2.4.7 fixes the following security and non-security issues: * Security fixes o S8023046: Enhance splashscreen support o S8025005: Enhance CORBA initializations o S8025010, CVE-2014-2412: Enhance AWT contexts o S8025030, CVE-2014-2414: Enhance stream handling o S8025152, CVE-2014-0458: Enhance activation set up o S8026067: Enhance signed jar verification o S8026163, CVE-2014-2427: Enhance media provisioning o S8026188, CVE-2014-2423: Enhance envelope factory o S8026200: Enhance RowSet Factory o S8026716, CVE-2014-2402: (aio) Enhance asynchronous channel handling o S8026736, CVE-2014-2398: Enhance Javadoc pages o S8026797, CVE-2014-0451: Enhance data transfers o S8026801, CVE-2014-0452: Enhance endpoint addressing o S8027766, CVE-2014-0453: Enhance RSA processing o S8027775: Enhance ICU code. o S8027841, CVE-2014-0429: Enhance pixel manipulations o S8028385: Enhance RowSet Factory o S8029282, CVE-2014-2403: Enhance CharInfo set up o S8029286: Enhance subject delegation o S8029699: Update Poller demo o S8029730: Improve audio device additions o S8029735: Enhance service mgmt natives o S8029740, CVE-2014-0446: Enhance handling of loggers o S8029745, CVE-2014-0454: Enhance algorithm checking o S8029750: Enhance LCMS color processing (in-tree LCMS) o S8029760, CVE-2013-6629: Enhance AWT image libraries (in-tree libjpeg) o S8029844, CVE-2014-0455: Enhance argument validation o S8029854, CVE-2014-2421: Enhance JPEG decodings o S8029858, CVE-2014-0456: Enhance array copies o S8030731, CVE-2014-0460: Improve name service robustness o S8031330: Refactor ObjectFactory o S8031335, CVE-2014-0459: Better color profiling (in-tree LCMS) o S8031352, CVE-2013-6954: Enhance PNG handling (in-tree libpng) o S8031394, CVE-2014-0457: (sl) Fix exception handling in ServiceLoader o S8031395: Enhance LDAP processing o S8032686, CVE-2014-2413: Issues with method invoke o S8033618, CVE-2014-1876: Correct logging output o S8034926, CVE-2014-2397: Attribute classes properly o S8036794, CVE-2014-0461: Manage JavaScript instances * Backports o S8004145: New improved hgforest.sh, ctrl-c now properly terminates mercurial processes. o S8007625: race with nested repos in /common/bin/hgforest.sh o S8011178: improve common/bin/hgforest.sh python detection (MacOS) o S8011342: hgforest.sh : 'python --version' not supported on older python o S8011350: hgforest.sh uses non-POSIX sh features that may fail with some shells o S8024200: handle hg wrapper with space after #! o S8025796: hgforest.sh could trigger unbuffered output from hg without complicated machinations o S8028388: 9 jaxws tests failed in nightly build with java.lang.ClassCastException o S8031477: [macosx] Loading AWT native library fails o S8032370: No "Truncated file" warning from IIOReadWarningListener on JPEGImageReader o S8035834: InetAddress.getLocalHost() can hang after JDK-8030731 was fixed * Bug fixes o PR1393: JPEG support in build is broken on non-system-libjpeg builds o PR1726: configure fails looking for ecj.jar before even trying to find javac o Red Hat local: Fix for repo with path statting with / . o Remove unused hgforest script
Family: unix Class: patch
Reference(s): SUSE-SU-2014:0639-1
CVE-2014-2412
CVE-2014-2414
CVE-2014-0458
CVE-2014-2427
CVE-2014-2423
CVE-2014-2402
CVE-2014-2398
CVE-2014-0451
CVE-2014-0452
CVE-2014-0453
CVE-2014-0429
CVE-2014-2403
CVE-2014-0446
CVE-2014-0454
CVE-2013-6629
CVE-2014-0455
CVE-2014-2421
CVE-2014-0456
CVE-2014-0460
CVE-2014-0459
CVE-2013-6954
CVE-2014-0457
CVE-2014-2413
CVE-2014-1876
CVE-2014-2397
CVE-2014-0461
Version: 3
Platform(s): SUSE Linux Enterprise Desktop 11
Product(s): OpenJDK
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25358
 
Oval ID: oval:org.mitre.oval:def:25358
Title: RHSA-2014:0907: java-1.6.0-openjdk security and bug fix update (Important)
Description: The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. (CVE-2014-4216, CVE-2014-4219) A format string flaw was discovered in the Hotspot component event logger in OpenJDK. An untrusted Java application or applet could use this flaw to crash the Java Virtual Machine or, potentially, execute arbitrary code with the privileges of the Java Virtual Machine. (CVE-2014-2490) An improper permission check issue was discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2014-4262) Multiple flaws were discovered in the JMX, Libraries, Security, and Serviceability components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-4209, CVE-2014-4218, CVE-2014-4252, CVE-2014-4266) It was discovered that the RSA algorithm in the Security component in OpenJDK did not sufficiently perform blinding while performing operations that were using private keys. An attacker able to measure timing differences of those operations could possibly leak information about the used keys. (CVE-2014-4244) The Diffie-Hellman (DH) key exchange algorithm implementation in the Security component in OpenJDK failed to validate public DH parameters properly. This could cause OpenJDK to accept and use weak parameters, allowing an attacker to recover the negotiated key. (CVE-2014-4263) The CVE-2014-4262 issue was discovered by Florian Weimer of Red Hat Product Security. This update also fixes the following bug: * Prior to this update, an application accessing an unsynchronized HashMap could potentially enter an infinite loop and consume an excessive amount of CPU resources. This update resolves this issue. (BZ#1115580) All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
Family: unix Class: patch
Reference(s): RHSA-2014:0907-00
CESA-2014:0907
CVE-2014-2490
CVE-2014-4209
CVE-2014-4216
CVE-2014-4218
CVE-2014-4219
CVE-2014-4244
CVE-2014-4252
CVE-2014-4262
CVE-2014-4263
CVE-2014-4266
Version: 3
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
CentOS Linux 5
CentOS Linux 6
CentOS Linux 7
Product(s): java-1.6.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25428
 
Oval ID: oval:org.mitre.oval:def:25428
Title: RHSA-2014:0908: java-1.6.0-sun security update (Important)
Description: Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch page, listed in the References section. (CVE-2014-4219, CVE-2014-4216, CVE-2014-4262, CVE-2014-4209, CVE-2014-4218, CVE-2014-4252, CVE-2014-4244, CVE-2014-4263, CVE-2014-4227, CVE-2014-4265) The CVE-2014-4262 issue was discovered by Florian Weimer of Red Hat Product Security. Note: The way in which the Oracle Java SE packages are delivered has changed. They now reside in a separate channel/repository that requires action from the user to perform prior to getting updated packages. For information on subscribing to the new channel/repository please refer to: https://access.redhat.com/solutions/732883 All users of java-1.6.0-sun are advised to upgrade to these updated packages, which provide Oracle Java 6 Update 81 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect.
Family: unix Class: patch
Reference(s): RHSA-2014:0908-00
CVE-2014-4209
CVE-2014-4216
CVE-2014-4218
CVE-2014-4219
CVE-2014-4227
CVE-2014-4244
CVE-2014-4252
CVE-2014-4262
CVE-2014-4263
CVE-2014-4265
Version: 3
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
Product(s): java-1.6.0-sun
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25605
 
Oval ID: oval:org.mitre.oval:def:25605
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and JRockit R27.8.1 and R28.3.1 allows remote authenticated users to affect integrity via unknown vectors related to Javadoc.
Family: unix Class: vulnerability
Reference(s): CVE-2014-2398
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25648
 
Oval ID: oval:org.mitre.oval:def:25648
Title: DSA-2987-1 -- openjdk-7 - security update
Description: Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service.
Family: unix Class: patch
Reference(s): DSA-2987-1
CVE-2014-2483
CVE-2014-2490
CVE-2014-4209
CVE-2014-4216
CVE-2014-4218
CVE-2014-4219
CVE-2014-4221
CVE-2014-4223
CVE-2014-4244
CVE-2014-4252
CVE-2014-4262
CVE-2014-4263
CVE-2014-4264
CVE-2014-4266
CVE-2014-4268
Version: 5
Platform(s): Debian GNU/Linux 7
Debian GNU/kFreeBSD 7
Product(s): openjdk-7
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25679
 
Oval ID: oval:org.mitre.oval:def:25679
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality and integrity via vectors related to JMX.
Family: unix Class: vulnerability
Reference(s): CVE-2014-4209
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25727
 
Oval ID: oval:org.mitre.oval:def:25727
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
Family: unix Class: vulnerability
Reference(s): CVE-2014-2397
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25797
 
Oval ID: oval:org.mitre.oval:def:25797
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
Family: unix Class: vulnerability
Reference(s): CVE-2014-2421
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25817
 
Oval ID: oval:org.mitre.oval:def:25817
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality via vectors related to JAXP.
Family: unix Class: vulnerability
Reference(s): CVE-2014-2403
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25891
 
Oval ID: oval:org.mitre.oval:def:25891
Title: USN-2312-1 -- openjdk-6 vulnerabilities
Description: Several security issues were fixed in OpenJDK 6.
Family: unix Class: patch
Reference(s): USN-2312-1
CVE-2014-2490
CVE-2014-4216
CVE-2014-4219
CVE-2014-4262
CVE-2014-4209
CVE-2014-4244
CVE-2014-4263
CVE-2014-4218
CVE-2014-4266
CVE-2014-4252
CVE-2014-4268
Version: 3
Platform(s): Ubuntu 12.04
Ubuntu 10.04
Product(s): openjdk-6
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25939
 
Oval ID: oval:org.mitre.oval:def:25939
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-0432 and CVE-2014-0455.
Family: unix Class: vulnerability
Reference(s): CVE-2014-2402
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25998
 
Oval ID: oval:org.mitre.oval:def:25998
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
Family: unix Class: vulnerability
Reference(s): CVE-2014-4219
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26042
 
Oval ID: oval:org.mitre.oval:def:26042
Title: RHSA-2014:1041: java-1.7.0-ibm security update (Critical)
Description: IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2014-4208, CVE-2014-4209, CVE-2014-4218, CVE-2014-4219, CVE-2014-4220, CVE-2014-4221, CVE-2014-4227, CVE-2014-4244, CVE-2014-4252, CVE-2014-4262, CVE-2014-4263, CVE-2014-4265, CVE-2014-4266) The CVE-2014-4262 issue was discovered by Florian Weimer of Red Hat Product Security. All users of java-1.7.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 7 SR7-FP1 release. All running instances of IBM Java must be restarted for the update to take effect.
Family: unix Class: patch
Reference(s): RHSA-2014:1041-00
CVE-2014-4208
CVE-2014-4209
CVE-2014-4218
CVE-2014-4219
CVE-2014-4220
CVE-2014-4221
CVE-2014-4227
CVE-2014-4244
CVE-2014-4252
CVE-2014-4262
CVE-2014-4263
CVE-2014-4265
CVE-2014-4266
Version: 3
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
Product(s): java-1.7.0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26067
 
Oval ID: oval:org.mitre.oval:def:26067
Title: USN-2319-3 -- openjdk-7 update
Description: This update provides stability updates for OpenJDK 7.
Family: unix Class: patch
Reference(s): USN-2319-3
CVE-2014-2483
CVE-2014-2490
CVE-2014-4216
CVE-2014-4219
CVE-2014-4223
CVE-2014-4262
CVE-2014-4209
CVE-2014-4244
CVE-2014-4263
CVE-2014-4218
CVE-2014-4266
CVE-2014-4264
CVE-2014-4221
CVE-2014-4252
CVE-2014-4268
Version: 3
Platform(s): Ubuntu 14.04
Product(s): openjdk-7
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26076
 
Oval ID: oval:org.mitre.oval:def:26076
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect availability via unknown vectors related to Security.
Family: unix Class: vulnerability
Reference(s): CVE-2014-4264
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26097
 
Oval ID: oval:org.mitre.oval:def:26097
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect availability via unknown vectors related to 2D.
Family: unix Class: vulnerability
Reference(s): CVE-2014-0459
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26101
 
Oval ID: oval:org.mitre.oval:def:26101
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect integrity via unknown vectors related to Libraries.
Family: unix Class: vulnerability
Reference(s): CVE-2014-4218
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26122
 
Oval ID: oval:org.mitre.oval:def:26122
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT, a different vulnerability than CVE-2014-2412.
Family: unix Class: vulnerability
Reference(s): CVE-2014-0451
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26129
 
Oval ID: oval:org.mitre.oval:def:26129
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-0455 and CVE-2014-2402.
Family: unix Class: vulnerability
Reference(s): CVE-2014-0432
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26179
 
Oval ID: oval:org.mitre.oval:def:26179
Title: ELSA-2014-1634 -- java-1.6.0-openjdk security and bug fix update
Description: [1:1.6.0.33-1.13.5.0] - Update to IcedTea 1.13.5 - Remove upstreamed patches. - Regenerate add-final-location-rpaths patch against new release. - Change versioning to match java-1.7.0-openjdk so revisions work. - Use xz for tarballs to reduce file size. - No need to explicitly disable system LCMS any more (bug fixed upstream). - Add icedteasnapshot to setup lines so they work with pre-release tarballs. - Resolves: rhbz#1148901
Family: unix Class: patch
Reference(s): ELSA-2014-1634
CVE-2014-6457
CVE-2014-6502
CVE-2014-6504
CVE-2014-6506
CVE-2014-6511
CVE-2014-6512
CVE-2014-6517
CVE-2014-6519
CVE-2014-6531
CVE-2014-6558
Version: 6
Platform(s): Oracle Linux 5
Oracle Linux 6
Oracle Linux 7
Product(s): java-1.6.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26182
 
Oval ID: oval:org.mitre.oval:def:26182
Title: SUSE-SU-2014:0961-1 -- Security update for openjdk
Description: This Critical Patch Update contains 20 new security fixes for Oracle Java SE.
Family: unix Class: patch
Reference(s): SUSE-SU-2014:0961-1
CVE-2014-4227
CVE-2014-4219
CVE-2014-2490
CVE-2014-4216
CVE-2014-4247
CVE-2014-2483
CVE-2014-4223
CVE-2014-4262
CVE-2014-4209
CVE-2014-4265
CVE-2014-4220
CVE-2014-4218
CVE-2014-4252
CVE-2014-4266
CVE-2014-4268
CVE-2014-4264
CVE-2014-4221
CVE-2014-4244
CVE-2014-4263
CVE-2014-4208
Version: 3
Platform(s): SUSE Linux Enterprise Desktop 11
Product(s): openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26196
 
Oval ID: oval:org.mitre.oval:def:26196
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0452 and CVE-2014-0458.
Family: unix Class: vulnerability
Reference(s): CVE-2014-2423
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26198
 
Oval ID: oval:org.mitre.oval:def:26198
Title: USN-2319-2 -- openjdk-7 regression
Description: USN-2319-1 introduced a regression in OpenJDK 7.
Family: unix Class: patch
Reference(s): USN-2319-2
CVE-2014-2483
CVE-2014-2490
CVE-2014-4216
CVE-2014-4219
CVE-2014-4223
CVE-2014-4262
CVE-2014-4209
CVE-2014-4244
CVE-2014-4263
CVE-2014-4218
CVE-2014-4266
CVE-2014-4264
CVE-2014-4221
CVE-2014-4252
CVE-2014-4268
Version: 3
Platform(s): Ubuntu 14.04
Product(s): openjdk-7
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26213
 
Oval ID: oval:org.mitre.oval:def:26213
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java SE component in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4220.
Family: unix Class: vulnerability
Reference(s): CVE-2014-4208
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26257
 
Oval ID: oval:org.mitre.oval:def:26257
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 5.0u61, SE 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Family: unix Class: vulnerability
Reference(s): CVE-2014-0457
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26326
 
Oval ID: oval:org.mitre.oval:def:26326
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Family: unix Class: vulnerability
Reference(s): CVE-2014-0461
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26336
 
Oval ID: oval:org.mitre.oval:def:26336
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security.
Family: unix Class: vulnerability
Reference(s): CVE-2014-0454
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26352
 
Oval ID: oval:org.mitre.oval:def:26352
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0452 and CVE-2014-2423.
Family: unix Class: vulnerability
Reference(s): CVE-2014-0458
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26360
 
Oval ID: oval:org.mitre.oval:def:26360
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Deployment.
Family: unix Class: vulnerability
Reference(s): CVE-2014-2409
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26368
 
Oval ID: oval:org.mitre.oval:def:26368
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security.
Family: unix Class: vulnerability
Reference(s): CVE-2014-0453
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26370
 
Oval ID: oval:org.mitre.oval:def:26370
Title: RHSA-2014:1036: java-1.5.0-ibm security update (Important)
Description: IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2014-4209, CVE-2014-4218, CVE-2014-4219, CVE-2014-4244, CVE-2014-4252, CVE-2014-4262, CVE-2014-4263) The CVE-2014-4262 issue was discovered by Florian Weimer of Red Hat Product Security. All users of java-1.5.0-ibm are advised to upgrade to these updated packages, containing the IBM J2SE 5.0 SR16-FP7 release. All running instances of IBM Java must be restarted for this update to take effect.
Family: unix Class: patch
Reference(s): RHSA-2014:1036-00
CVE-2014-4209
CVE-2014-4218
CVE-2014-4219
CVE-2014-4244
CVE-2014-4252
CVE-2014-4262
CVE-2014-4263
Version: 3
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
Product(s): java-1.5.0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26379
 
Oval ID: oval:org.mitre.oval:def:26379
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Family: unix Class: vulnerability
Reference(s): CVE-2014-4262
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26407
 
Oval ID: oval:org.mitre.oval:def:26407
Title: RHSA-2014:1033: java-1.6.0-ibm security update (Critical)
Description: IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2014-4209, CVE-2014-4218, CVE-2014-4219, CVE-2014-4227, CVE-2014-4244, CVE-2014-4252, CVE-2014-4262, CVE-2014-4263, CVE-2014-4265) The CVE-2014-4262 issue was discovered by Florian Weimer of Red Hat Product Security. All users of java-1.6.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 6 SR16-FP1 release. All running instances of IBM Java must be restarted for the update to take effect.
Family: unix Class: patch
Reference(s): RHSA-2014:1033-00
CVE-2014-4209
CVE-2014-4218
CVE-2014-4219
CVE-2014-4227
CVE-2014-4244
CVE-2014-4252
CVE-2014-4262
CVE-2014-4263
CVE-2014-4265
Version: 3
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
Product(s): java-1.6.0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26411
 
Oval ID: oval:org.mitre.oval:def:26411
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-0432 and CVE-2014-2402.
Family: unix Class: vulnerability
Reference(s): CVE-2014-0455
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26415
 
Oval ID: oval:org.mitre.oval:def:26415
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Family: unix Class: vulnerability
Reference(s): CVE-2014-0446
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26429
 
Oval ID: oval:org.mitre.oval:def:26429
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect integrity via unknown vectors related to Deployment.
Family: unix Class: vulnerability
Reference(s): CVE-2014-2420
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26431
 
Oval ID: oval:org.mitre.oval:def:26431
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
Family: unix Class: vulnerability
Reference(s): CVE-2014-2428
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26466
 
Oval ID: oval:org.mitre.oval:def:26466
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 7u51 and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
Family: unix Class: vulnerability
Reference(s): CVE-2014-0448
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26480
 
Oval ID: oval:org.mitre.oval:def:26480
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect integrity via unknown vectors related to Deployment.
Family: unix Class: vulnerability
Reference(s): CVE-2014-4265
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26484
 
Oval ID: oval:org.mitre.oval:def:26484
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound.
Family: unix Class: vulnerability
Reference(s): CVE-2014-2427
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26494
 
Oval ID: oval:org.mitre.oval:def:26494
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via vectors related to JNDI.
Family: unix Class: vulnerability
Reference(s): CVE-2014-0460
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26495
 
Oval ID: oval:org.mitre.oval:def:26495
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality via unknown vectors related to 2D.
Family: unix Class: vulnerability
Reference(s): CVE-2014-2401
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26497
 
Oval ID: oval:org.mitre.oval:def:26497
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
Family: unix Class: vulnerability
Reference(s): CVE-2014-4216
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26513
 
Oval ID: oval:org.mitre.oval:def:26513
Title: USN-2319-1 -- openjdk-7 vulnerabilities
Description: Several security issues were fixed in OpenJDK 7.
Family: unix Class: patch
Reference(s): USN-2319-1
CVE-2014-2483
CVE-2014-2490
CVE-2014-4216
CVE-2014-4219
CVE-2014-4223
CVE-2014-4262
CVE-2014-4209
CVE-2014-4244
CVE-2014-4263
CVE-2014-4218
CVE-2014-4266
CVE-2014-4264
CVE-2014-4221
CVE-2014-4252
CVE-2014-4268
Version: 3
Platform(s): Ubuntu 14.04
Product(s): openjdk-7
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26524
 
Oval ID: oval:org.mitre.oval:def:26524
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
Family: unix Class: vulnerability
Reference(s): CVE-2014-0456
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26534
 
Oval ID: oval:org.mitre.oval:def:26534
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
Family: unix Class: vulnerability
Reference(s): CVE-2014-4227
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26545
 
Oval ID: oval:org.mitre.oval:def:26545
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Libraries.
Family: unix Class: vulnerability
Reference(s): CVE-2014-4221
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26557
 
Oval ID: oval:org.mitre.oval:def:26557
Title: SUSE-SU-2014:1055-1 -- Security update for IBM Java
Description: java-1_6_0-ibm has been updated to fix several security issues.
Family: unix Class: patch
Reference(s): SUSE-SU-2014:1055-1
CVE-2014-4227
CVE-2014-4262
CVE-2014-4219
CVE-2014-4209
CVE-2014-4268
CVE-2014-4218
CVE-2014-4252
CVE-2014-4265
CVE-2014-4263
CVE-2014-4244
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
Product(s): IBM Java
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26558
 
Oval ID: oval:org.mitre.oval:def:26558
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality via unknown vectors related to Deployment.
Family: unix Class: vulnerability
Reference(s): CVE-2014-0449
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26567
 
Oval ID: oval:org.mitre.oval:def:26567
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXB.
Family: unix Class: vulnerability
Reference(s): CVE-2014-2414
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26569
 
Oval ID: oval:org.mitre.oval:def:26569
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0458 and CVE-2014-2423.
Family: unix Class: vulnerability
Reference(s): CVE-2014-0452
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26587
 
Oval ID: oval:org.mitre.oval:def:26587
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, SE 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT, a different vulnerability than CVE-2014-0451.
Family: unix Class: vulnerability
Reference(s): CVE-2014-2412
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26588
 
Oval ID: oval:org.mitre.oval:def:26588
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Swing.
Family: unix Class: vulnerability
Reference(s): CVE-2014-4268
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26592
 
Oval ID: oval:org.mitre.oval:def:26592
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Security.
Family: unix Class: vulnerability
Reference(s): CVE-2014-4252
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26604
 
Oval ID: oval:org.mitre.oval:def:26604
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4208.
Family: unix Class: vulnerability
Reference(s): CVE-2014-4220
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26625
 
Oval ID: oval:org.mitre.oval:def:26625
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 7u51 and 8, and JavaFX 2.2.51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
Family: unix Class: vulnerability
Reference(s): CVE-2014-2422
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26648
 
Oval ID: oval:org.mitre.oval:def:26648
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect integrity via unknown vectors related to Libraries.
Family: unix Class: vulnerability
Reference(s): CVE-2014-2413
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26653
 
Oval ID: oval:org.mitre.oval:def:26653
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
Family: unix Class: vulnerability
Reference(s): CVE-2014-0429
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis: