Executive Summary

Summary
Title java-1.7.0-oracle security update
Informations
Name RHSA-2014:0413 First vendor Publication 2014-04-17
Vendor RedHat Last vendor Modification 2014-04-17
Severity (Vendor) Critical Revision 02

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

Updated java-1.7.0-oracle packages that fix several security issues are now available for Oracle Java for Red Hat Enterprise Linux 5 and 6.

The Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

Oracle Java for Red Hat Enterprise Linux Desktop 5 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Desktop 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux HPC Node 6 - x86_64 Oracle Java for Red Hat Enterprise Linux Server 5 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Server 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Workstation 6 - i386, x86_64

3. Description:

Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.

This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2013-6629, CVE-2013-6954, CVE-2014-0429, CVE-2014-0432, CVE-2014-0446, CVE-2014-0448, CVE-2014-0449, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0454, CVE-2014-0455, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458, CVE-2014-0459, CVE-2014-0460, CVE-2014-0461, CVE-2014-1876, CVE-2014-2397, CVE-2014-2398, CVE-2014-2401, CVE-2014-2402, CVE-2014-2403, CVE-2014-2409, CVE-2014-2412, CVE-2014-2413, CVE-2014-2414, CVE-2014-2420, CVE-2014-2421, CVE-2014-2422, CVE-2014-2423, CVE-2014-2427, CVE-2014-2428)

All users of java-1.7.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 7 Update 55 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1031734 - CVE-2013-6629 libjpeg: information leak (read of uninitialized memory) 1045561 - CVE-2013-6954 libpng: unhandled zero-length PLTE chunk or NULL palette 1060907 - CVE-2014-1876 OpenJDK: insecure temporary file use in unpack200 (Libraries, 8033618) 1086632 - CVE-2014-2398 OpenJDK: insufficient escaping of window title string (Javadoc, 8026736) 1086645 - CVE-2014-0453 OpenJDK: RSA unpadding timing issues (Security, 8027766) 1087409 - CVE-2014-0429 OpenJDK: Incorrect mlib/raster image validation (2D, 8027841) 1087411 - CVE-2014-0457 OpenJDK: ServiceLoader Exception handling security bypass (Libraries, 8031394) 1087413 - CVE-2014-0456 OpenJDK: System.arraycopy() element race condition (Hotspot, 8029858) 1087417 - CVE-2014-2421 OpenJDK: JPEG decoder input stream handling (2D, 8029854) 1087423 - CVE-2014-2397 OpenJDK: classfile parser invalid BootstrapMethods attribute length (Hotspot, 8034926) 1087424 - CVE-2014-0455 OpenJDK: MethodHandle variable argument lists handling (Libraries, 8029844) 1087426 - CVE-2014-0461 OpenJDK: Better ScriptEngineManager ScriptEngine management (Libraries, 8036794) 1087427 - CVE-2014-2412 OpenJDK: AWT thread context handling (AWT, 8025010) 1087428 - CVE-2014-0451 OpenJDK: AWT incorrect FlavorMap seperation (AWT, 8026797) 1087430 - CVE-2014-0458 OpenJDK: Activation framework default command map caching (JAX-WS, 8025152) 1087431 - CVE-2014-2414 OpenJDK: incorrect caching of data initialized via TCCL (JAXB, 8025030) 1087434 - CVE-2014-2423 OpenJDK: incorrect caching of data initialized via TCCL (JAXWS, 8026188) 1087436 - CVE-2014-0452 OpenJDK: incorrect caching of data initialized via TCCL (JAXWS, 8026801) 1087438 - CVE-2014-2402 OpenJDK: Incorrect NIO channel separation (Libraries, 8026716) 1087439 - CVE-2014-0446 OpenJDK: Protect logger handlers (Libraries, 8029740) 1087440 - CVE-2014-0454 OpenJDK: Prevent SIGNATURE_PRIMITIVE_SET from being modified (Security, 8029745) 1087441 - CVE-2014-2427 OpenJDK: remove insecure Java Sound provider caching (Sound, 8026163) 1087442 - CVE-2014-0460 OpenJDK: missing randomization of JNDI DNS client query IDs (JNDI, 8030731) 1087443 - CVE-2014-2403 OpenJDK: JAXP CharInfo file access restriction (JAXP, 8029282) 1087444 - CVE-2014-0459 lcms: insufficient ICC profile version validation (OpenJDK 2D, 8031335) 1087446 - CVE-2014-2413 OpenJDK: method handle call hierachy bypass (Libraries, 8032686) 1088023 - CVE-2014-0432 Oracle JDK: unspecified vulnerability fixed in 7u55 and 8u5 (Libraries) 1088024 - CVE-2014-0448 Oracle JDK: unspecified vulnerability fixed in 7u55 and 8u5 (Deployment) 1088025 - CVE-2014-2428 Oracle JDK: unspecified vulnerability fixed in 6u75, 7u55 and 8u5 (Deployment) 1088026 - CVE-2014-2422 Oracle JDK: unspecified vulnerability fixed in 7u55 and 8u5 (JavaFX) 1088027 - CVE-2014-2409 Oracle JDK: unspecified vulnerability fixed in 6u75, 7u55 and 8u5 (Deployment) 1088028 - CVE-2014-0449 Oracle JDK: unspecified vulnerability fixed in 6u75, 7u55 and 8u5 (Deployment) 1088030 - CVE-2014-2401 Oracle JDK: unspecified vulnerability fixed in 5.0u75, 6u75, 7u55 and 8u5 (2D) 1088031 - CVE-2014-2420 Oracle JDK: unspecified vulnerability fixed in 6u75, 7u55 and 8u5 (Deployment)

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2014-0413.html

CWE : Common Weakness Enumeration

% Id Name
50 % CWE-200 Information Exposure
50 % CWE-59 Improper Link Resolution Before File Access ('Link Following')

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:21129
 
Oval ID: oval:org.mitre.oval:def:21129
Title: RHSA-2013:1804: libjpeg security update (Moderate)
Description: The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.
Family: unix Class: patch
Reference(s): RHSA-2013:1804-00
CESA-2013:1804
CVE-2013-6629
Version: 4
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): libjpeg
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21236
 
Oval ID: oval:org.mitre.oval:def:21236
Title: The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.
Description: The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.
Family: windows Class: vulnerability
Reference(s): CVE-2013-6629
Version: 15
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Google Chrome
Mozilla Firefox
Mozilla Thunderbird
Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23646
 
Oval ID: oval:org.mitre.oval:def:23646
Title: ELSA-2013:1804: libjpeg security update (Moderate)
Description: The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.
Family: unix Class: patch
Reference(s): ELSA-2013:1804-00
CVE-2013-6629
Version: 6
Platform(s): Oracle Linux 5
Product(s): libjpeg
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23723
 
Oval ID: oval:org.mitre.oval:def:23723
Title: The unpacker::redirect_stdio function in unpack.cpp in unpack200 in OpenJDK 6, 7, and 8; Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1 does not securely create temporary files when a log file cannot be opened, which allows local users to overwrite arbitrary files via a symlink attack on /tmp/unpack.log
Description: The unpacker::redirect_stdio function in unpack.cpp in unpack200 in OpenJDK 6, 7, and 8; Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 does not securely create temporary files when a log file cannot be opened, which allows local users to overwrite arbitrary files via a symlink attack on /tmp/unpack.log.
Family: windows Class: vulnerability
Reference(s): CVE-2014-1876
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
JRockit
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23781
 
Oval ID: oval:org.mitre.oval:def:23781
Title: DEPRECATED: ELSA-2014:0412: java-1.7.0-oracle security update (Critical)
Description: Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2013-6629, CVE-2013-6954, CVE-2014-0429, CVE-2014-0432, CVE-2014-0446, CVE-2014-0448, CVE-2014-0449, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0454, CVE-2014-0455, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458, CVE-2014-0459, CVE-2014-0460, CVE-2014-0461, CVE-2014-1876, CVE-2014-2397, CVE-2014-2398, CVE-2014-2401, CVE-2014-2402, CVE-2014-2403, CVE-2014-2409, CVE-2014-2412, CVE-2014-2413, CVE-2014-2414, CVE-2014-2420, CVE-2014-2421, CVE-2014-2422, CVE-2014-2423, CVE-2014-2427, CVE-2014-2428) All users of java-1.7.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 7 Update 55 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect.
Family: unix Class: patch
Reference(s): ELSA-2014:0412-00
CVE-2013-6629
CVE-2013-6954
CVE-2014-0429
CVE-2014-0432
CVE-2014-0446
CVE-2014-0448
CVE-2014-0449
CVE-2014-0451
CVE-2014-0452
CVE-2014-0453
CVE-2014-0454
CVE-2014-0455
CVE-2014-0456
CVE-2014-0457
CVE-2014-0458
CVE-2014-0459
CVE-2014-0460
CVE-2014-0461
CVE-2014-1876
CVE-2014-2397
CVE-2014-2398
CVE-2014-2401
CVE-2014-2402
CVE-2014-2403
CVE-2014-2409
CVE-2014-2412
CVE-2014-2413
CVE-2014-2414
CVE-2014-2420
CVE-2014-2421
CVE-2014-2422
CVE-2014-2423
CVE-2014-2427
CVE-2014-2428
Version: 5
Platform(s): Oracle Linux 6
Oracle Linux 5
Product(s): java-1.7.0-oracle
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23870
 
Oval ID: oval:org.mitre.oval:def:23870
Title: RHSA-2014:0486: java-1.7.0-ibm security update (Critical)
Description: IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2014-0457, CVE-2014-2421, CVE-2014-0429, CVE-2014-0461, CVE-2014-0455, CVE-2014-2428, CVE-2014-0448, CVE-2014-0454, CVE-2014-0446, CVE-2014-0452, CVE-2014-0451, CVE-2014-2402, CVE-2014-2423, CVE-2014-2427, CVE-2014-0458, CVE-2014-2414, CVE-2014-2412, CVE-2014-2409, CVE-2014-0460, CVE-2013-6954, CVE-2013-6629, CVE-2014-2401, CVE-2014-0449, CVE-2014-0459, CVE-2014-0453, CVE-2014-2398, CVE-2014-1876, CVE-2014-2420) All users of java-1.7.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 7 SR7 release. All running instances of IBM Java must be restarted for the update to take effect.
Family: unix Class: patch
Reference(s): RHSA-2014:0486-00
CVE-2013-6629
CVE-2013-6954
CVE-2014-0429
CVE-2014-0446
CVE-2014-0448
CVE-2014-0449
CVE-2014-0451
CVE-2014-0452
CVE-2014-0453
CVE-2014-0454
CVE-2014-0455
CVE-2014-0457
CVE-2014-0458
CVE-2014-0459
CVE-2014-0460
CVE-2014-0461
CVE-2014-1876
CVE-2014-2398
CVE-2014-2401
CVE-2014-2402
CVE-2014-2409
CVE-2014-2412
CVE-2014-2414
CVE-2014-2420
CVE-2014-2421
CVE-2014-2423
CVE-2014-2427
CVE-2014-2428
Version: 3
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
Product(s): java-1.7.0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23968
 
Oval ID: oval:org.mitre.oval:def:23968
Title: DEPRECATED: ELSA-2014:0408: java-1.6.0-openjdk security and bug fix update (Important)
Description: The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2014-0429) Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-0457, CVE-2014-0461) Multiple improper permission check issues were discovered in the AWT, JAX-WS, JAXB, Libraries, and Sound components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-0446, CVE-2014-2427) Multiple flaws were identified in the Java Naming and Directory Interface (JNDI) DNS client. These flaws could make it easier for a remote attacker to perform DNS spoofing attacks. (CVE-2014-0460) It was discovered that the JAXP component did not properly prevent access to arbitrary files when a SecurityManager was present. This flaw could cause a Java application using JAXP to leak sensitive information, or affect application availability. (CVE-2014-2403) It was discovered that the Security component in OpenJDK could leak some timing information when performing PKCS#1 unpadding. This could possibly lead to the disclosure of some information that was meant to be protected by encryption. (CVE-2014-0453) It was discovered that the fix for CVE-2013-5797 did not properly resolve input sanitization flaws in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting (XSS) attacks. (CVE-2014-2398) An insecure temporary file use flaw was found in the way the unpack200 utility created log files. A local attacker could possibly use this flaw to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running unpack200. (CVE-2014-1876) This update also fixes the following bug: * The OpenJDK update to IcedTea version 1.13 introduced a regression related to the handling of the jdk_version_info variable. This variable was not properly zeroed out before being passed to the Java Virtual Machine, resulting in a memory leak in the java.lang.ref.Finalizer class. This update fixes this issue, and memory leaks no longer occur. (BZ#1085373) All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
Family: unix Class: patch
Reference(s): ELSA-2014:0408-00
CVE-2014-0429
CVE-2014-0446
CVE-2014-0451
CVE-2014-0452
CVE-2014-0453
CVE-2014-0456
CVE-2014-0457
CVE-2014-0458
CVE-2014-0460
CVE-2014-0461
CVE-2014-1876
CVE-2014-2397
CVE-2014-2398
CVE-2014-2403
CVE-2014-2412
CVE-2014-2414
CVE-2014-2421
CVE-2014-2423
CVE-2014-2427
Version: 5
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): java-1.6.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23985
 
Oval ID: oval:org.mitre.oval:def:23985
Title: ELSA-2014:0408: java-1.6.0-openjdk security and bug fix update (Important)
Description: The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2014-0429) Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-0457, CVE-2014-0461) Multiple improper permission check issues were discovered in the AWT, JAX-WS, JAXB, Libraries, and Sound components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-0446, CVE-2014-2427) Multiple flaws were identified in the Java Naming and Directory Interface (JNDI) DNS client. These flaws could make it easier for a remote attacker to perform DNS spoofing attacks. (CVE-2014-0460) It was discovered that the JAXP component did not properly prevent access to arbitrary files when a SecurityManager was present. This flaw could cause a Java application using JAXP to leak sensitive information, or affect application availability. (CVE-2014-2403) It was discovered that the Security component in OpenJDK could leak some timing information when performing PKCS#1 unpadding. This could possibly lead to the disclosure of some information that was meant to be protected by encryption. (CVE-2014-0453) It was discovered that the fix for CVE-2013-5797 did not properly resolve input sanitization flaws in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting (XSS) attacks. (CVE-2014-2398) An insecure temporary file use flaw was found in the way the unpack200 utility created log files. A local attacker could possibly use this flaw to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running unpack200. (CVE-2014-1876) This update also fixes the following bug: * The OpenJDK update to IcedTea version 1.13 introduced a regression related to the handling of the jdk_version_info variable. This variable was not properly zeroed out before being passed to the Java Virtual Machine, resulting in a memory leak in the java.lang.ref.Finalizer class. This update fixes this issue, and memory leaks no longer occur. (BZ#1085373) All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
Family: unix Class: patch
Reference(s): ELSA-2014:0408-00
CVE-2014-0429
CVE-2014-0446
CVE-2014-0451
CVE-2014-0452
CVE-2014-0453
CVE-2014-0456
CVE-2014-0457
CVE-2014-0458
CVE-2014-0460
CVE-2014-0461
CVE-2014-1876
CVE-2014-2397
CVE-2014-2398
CVE-2014-2403
CVE-2014-2412
CVE-2014-2414
CVE-2014-2421
CVE-2014-2423
CVE-2014-2427
Version: 5
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): java-1.6.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24013
 
Oval ID: oval:org.mitre.oval:def:24013
Title: Unspecified vulnerability in Oracle Java SE 7u51 and 8 allows remote attackers to affect availability via unknown vectors related to 2D
Description: Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect availability via unknown vectors related to 2D.
Family: windows Class: vulnerability
Reference(s): CVE-2014-0459
Version: 4
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24169
 
Oval ID: oval:org.mitre.oval:def:24169
Title: Unspecified vulnerability in Oracle Java SE 7u51 and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment
Description: Unspecified vulnerability in Oracle Java SE 7u51 and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
Family: windows Class: vulnerability
Reference(s): CVE-2014-0448
Version: 3
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24201
 
Oval ID: oval:org.mitre.oval:def:24201
Title: Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and JRockit R27.8.1 and R28.3.1 allows remote authenticated users to affect integrity via unknown vectors related to Javadoc
Description: Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and JRockit R27.8.1 and R28.3.1 allows remote authenticated users to affect integrity via unknown vectors related to Javadoc.
Family: windows Class: vulnerability
Reference(s): CVE-2014-2398
Version: 5
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
JRockit
JavaFX
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24226
 
Oval ID: oval:org.mitre.oval:def:24226
Title: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8 allows remote attackers to affect integrity via unknown vectors related to Deployment
Description: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect integrity via unknown vectors related to Deployment.
Family: windows Class: vulnerability
Reference(s): CVE-2014-2420
Version: 4
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24228
 
Oval ID: oval:org.mitre.oval:def:24228
Title: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS
Description: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0452 and CVE-2014-2423.
Family: windows Class: vulnerability
Reference(s): CVE-2014-0458
Version: 4
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24276
 
Oval ID: oval:org.mitre.oval:def:24276
Title: ELSA-2014:0406: java-1.7.0-openjdk security update (Critical)
Description: The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2014-0429) Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-0457, CVE-2014-0455, CVE-2014-0461) Multiple improper permission check issues were discovered in the AWT, JAX-WS, JAXB, Libraries, Security, Sound, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-2402, CVE-2014-0446, CVE-2014-2413, CVE-2014-0454, CVE-2014-2427, CVE-2014-0459) Multiple flaws were identified in the Java Naming and Directory Interface (JNDI) DNS client. These flaws could make it easier for a remote attacker to perform DNS spoofing attacks. (CVE-2014-0460) It was discovered that the JAXP component did not properly prevent access to arbitrary files when a SecurityManager was present. This flaw could cause a Java application using JAXP to leak sensitive information, or affect application availability. (CVE-2014-2403) It was discovered that the Security component in OpenJDK could leak some timing information when performing PKCS#1 unpadding. This could possibly lead to the disclosure of some information that was meant to be protected by encryption. (CVE-2014-0453) It was discovered that the fix for CVE-2013-5797 did not properly resolve input sanitization flaws in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting (XSS) attacks. (CVE-2014-2398) An insecure temporary file use flaw was found in the way the unpack200 utility created log files. A local attacker could possibly use this flaw to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running unpack200. (CVE-2014-1876) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
Family: unix Class: patch
Reference(s): ELSA-2014:0406-00
CVE-2014-0429
CVE-2014-0446
CVE-2014-0451
CVE-2014-0452
CVE-2014-0453
CVE-2014-0454
CVE-2014-0455
CVE-2014-0456
CVE-2014-0457
CVE-2014-0458
CVE-2014-0459
CVE-2014-0460
CVE-2014-0461
CVE-2014-1876
CVE-2014-2397
CVE-2014-2398
CVE-2014-2402
CVE-2014-2403
CVE-2014-2412
CVE-2014-2413
CVE-2014-2414
CVE-2014-2421
CVE-2014-2423
CVE-2014-2427
Version: 5
Platform(s): Oracle Linux 6
Product(s): java-1.7.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24366
 
Oval ID: oval:org.mitre.oval:def:24366
Title: Unspecified vulnerability in Oracle Java SE 7u51 and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries
Description: Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-0432 and CVE-2014-0455.
Family: windows Class: vulnerability
Reference(s): CVE-2014-2402
Version: 4
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24376
 
Oval ID: oval:org.mitre.oval:def:24376
Title: Unspecified vulnerability in Oracle Java SE 7u51 and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot
Description: Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
Family: windows Class: vulnerability
Reference(s): CVE-2014-2397
Version: 4
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24411
 
Oval ID: oval:org.mitre.oval:def:24411
Title: ELSA-2014:0412: java-1.7.0-oracle security update (Critical)
Description: Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2013-6629, CVE-2013-6954, CVE-2014-0429, CVE-2014-0432, CVE-2014-0446, CVE-2014-0448, CVE-2014-0449, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0454, CVE-2014-0455, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458, CVE-2014-0459, CVE-2014-0460, CVE-2014-0461, CVE-2014-1876, CVE-2014-2397, CVE-2014-2398, CVE-2014-2401, CVE-2014-2402, CVE-2014-2403, CVE-2014-2409, CVE-2014-2412, CVE-2014-2413, CVE-2014-2414, CVE-2014-2420, CVE-2014-2421, CVE-2014-2422, CVE-2014-2423, CVE-2014-2427, CVE-2014-2428) All users of java-1.7.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 7 Update 55 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect.
Family: unix Class: patch
Reference(s): ELSA-2014:0412-00
CVE-2013-6629
CVE-2013-6954
CVE-2014-0429
CVE-2014-0432
CVE-2014-0446
CVE-2014-0448
CVE-2014-0449
CVE-2014-0451
CVE-2014-0452
CVE-2014-0453
CVE-2014-0454
CVE-2014-0455
CVE-2014-0456
CVE-2014-0457
CVE-2014-0458
CVE-2014-0459
CVE-2014-0460
CVE-2014-0461
CVE-2014-1876
CVE-2014-2397
CVE-2014-2398
CVE-2014-2401
CVE-2014-2402
CVE-2014-2403
CVE-2014-2409
CVE-2014-2412
CVE-2014-2413
CVE-2014-2414
CVE-2014-2420
CVE-2014-2421
CVE-2014-2422
CVE-2014-2423
CVE-2014-2427
CVE-2014-2428
Version: 5
Platform(s): Oracle Linux 6
Oracle Linux 5
Product(s): java-1.7.0-oracle
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24441
 
Oval ID: oval:org.mitre.oval:def:24441
Title: Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security
Description: Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security.
Family: windows Class: vulnerability
Reference(s): CVE-2014-0453
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
JRockit
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24444
 
Oval ID: oval:org.mitre.oval:def:24444
Title: RHSA-2014:0408: java-1.6.0-openjdk security and bug fix update (Important)
Description: The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2014-0429) Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-0457, CVE-2014-0461) Multiple improper permission check issues were discovered in the AWT, JAX-WS, JAXB, Libraries, and Sound components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-0446, CVE-2014-2427) Multiple flaws were identified in the Java Naming and Directory Interface (JNDI) DNS client. These flaws could make it easier for a remote attacker to perform DNS spoofing attacks. (CVE-2014-0460) It was discovered that the JAXP component did not properly prevent access to arbitrary files when a SecurityManager was present. This flaw could cause a Java application using JAXP to leak sensitive information, or affect application availability. (CVE-2014-2403) It was discovered that the Security component in OpenJDK could leak some timing information when performing PKCS#1 unpadding. This could possibly lead to the disclosure of some information that was meant to be protected by encryption. (CVE-2014-0453) It was discovered that the fix for CVE-2013-5797 did not properly resolve input sanitization flaws in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting (XSS) attacks. (CVE-2014-2398) An insecure temporary file use flaw was found in the way the unpack200 utility created log files. A local attacker could possibly use this flaw to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running unpack200. (CVE-2014-1876) This update also fixes the following bug: * The OpenJDK update to IcedTea version 1.13 introduced a regression related to the handling of the jdk_version_info variable. This variable was not properly zeroed out before being passed to the Java Virtual Machine, resulting in a memory leak in the java.lang.ref.Finalizer class. This update fixes this issue, and memory leaks no longer occur. (BZ#1085373) All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
Family: unix Class: patch
Reference(s): RHSA-2014:0408-00
CESA-2014:0408
CVE-2014-0429
CVE-2014-0446
CVE-2014-0451
CVE-2014-0452
CVE-2014-0453
CVE-2014-0456
CVE-2014-0457
CVE-2014-0458
CVE-2014-0460
CVE-2014-0461
CVE-2014-1876
CVE-2014-2397
CVE-2014-2398
CVE-2014-2403
CVE-2014-2412
CVE-2014-2414
CVE-2014-2421
CVE-2014-2423
CVE-2014-2427
Version: 3
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
CentOS Linux 5
CentOS Linux 6
Product(s): java-1.6.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24446
 
Oval ID: oval:org.mitre.oval:def:24446
Title: RHSA-2014:0508: java-1.6.0-ibm security update (Critical)
Description: IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2014-0457, CVE-2014-2421, CVE-2014-0429, CVE-2014-0461, CVE-2014-2428, CVE-2014-0446, CVE-2014-0452, CVE-2014-0451, CVE-2014-2423, CVE-2014-2427, CVE-2014-0458, CVE-2014-2414, CVE-2014-2412, CVE-2014-2409, CVE-2014-0460, CVE-2013-6954, CVE-2013-6629, CVE-2014-2401, CVE-2014-0449, CVE-2014-0453, CVE-2014-2398, CVE-2014-1876, CVE-2014-2420) All users of java-1.6.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 6 SR16 release. All running instances of IBM Java must be restarted for the update to take effect.
Family: unix Class: patch
Reference(s): RHSA-2014:0508-00
CVE-2013-6629
CVE-2013-6954
CVE-2014-0429
CVE-2014-0446
CVE-2014-0449
CVE-2014-0451
CVE-2014-0452
CVE-2014-0453
CVE-2014-0457
CVE-2014-0458
CVE-2014-0460
CVE-2014-0461
CVE-2014-1876
CVE-2014-2398
CVE-2014-2401
CVE-2014-2409
CVE-2014-2412
CVE-2014-2414
CVE-2014-2420
CVE-2014-2421
CVE-2014-2423
CVE-2014-2427
CVE-2014-2428
Version: 3
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
Product(s): java-1.6.0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24471
 
Oval ID: oval:org.mitre.oval:def:24471
Title: Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51 allows remote attackers to affect confidentiality via unknown vectors related to 2D
Description: Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality via unknown vectors related to 2D.
Family: windows Class: vulnerability
Reference(s): CVE-2014-2401
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
JavaFX
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24482
 
Oval ID: oval:org.mitre.oval:def:24482
Title: Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D
Description: Unspecified vulnerability in Oracle Java SE 5.0u61, SE 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Family: windows Class: vulnerability
Reference(s): CVE-2014-0457
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
JavaFX
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24489
 
Oval ID: oval:org.mitre.oval:def:24489
Title: RHSA-2014:0412: java-1.7.0-oracle security update (Critical)
Description: Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2013-6629, CVE-2013-6954, CVE-2014-0429, CVE-2014-0432, CVE-2014-0446, CVE-2014-0448, CVE-2014-0449, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0454, CVE-2014-0455, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458, CVE-2014-0459, CVE-2014-0460, CVE-2014-0461, CVE-2014-1876, CVE-2014-2397, CVE-2014-2398, CVE-2014-2401, CVE-2014-2402, CVE-2014-2403, CVE-2014-2409, CVE-2014-2412, CVE-2014-2413, CVE-2014-2414, CVE-2014-2420, CVE-2014-2421, CVE-2014-2422, CVE-2014-2423, CVE-2014-2427, CVE-2014-2428) All users of java-1.7.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 7 Update 55 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect.
Family: unix Class: patch
Reference(s): RHSA-2014:0412-00
CVE-2013-6629
CVE-2013-6954
CVE-2014-0429
CVE-2014-0432
CVE-2014-0446
CVE-2014-0448
CVE-2014-0449
CVE-2014-0451
CVE-2014-0452
CVE-2014-0453
CVE-2014-0454
CVE-2014-0455
CVE-2014-0456
CVE-2014-0457
CVE-2014-0458
CVE-2014-0459
CVE-2014-0460
CVE-2014-0461
CVE-2014-1876
CVE-2014-2397
CVE-2014-2398
CVE-2014-2401
CVE-2014-2402
CVE-2014-2403
CVE-2014-2409
CVE-2014-2412
CVE-2014-2413
CVE-2014-2414
CVE-2014-2420
CVE-2014-2421
CVE-2014-2422
CVE-2014-2423
CVE-2014-2427
CVE-2014-2428
Version: 3
Platform(s): Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 5
Product(s): java-1.7.0-oracle
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24495
 
Oval ID: oval:org.mitre.oval:def:24495
Title: USN-2191-1 -- openjdk-6 vulnerabilities
Description: Several security issues were fixed in OpenJDK 6.
Family: unix Class: patch
Reference(s): USN-2191-1
CVE-2014-0429
CVE-2014-0446
CVE-2014-0451
CVE-2014-0452
CVE-2014-0456
CVE-2014-0457
CVE-2014-0458
CVE-2014-0461
CVE-2014-0462
CVE-2014-2397
CVE-2014-2405
CVE-2014-2412
CVE-2014-2414
CVE-2014-2421
CVE-2014-2423
CVE-2014-2427
CVE-2014-0453
CVE-2014-0460
CVE-2014-0459
CVE-2014-1876
CVE-2014-2398
CVE-2014-2403
Version: 5
Platform(s): Ubuntu 12.04
Ubuntu 10.04
Product(s): openjdk-6
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24502
 
Oval ID: oval:org.mitre.oval:def:24502
Title: Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries
Description: Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Family: windows Class: vulnerability
Reference(s): CVE-2014-0446
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24505
 
Oval ID: oval:org.mitre.oval:def:24505
Title: USN-2187-1 -- openjdk-7 vulnerabilities
Description: Several security issues were fixed in OpenJDK 7.
Family: unix Class: patch
Reference(s): USN-2187-1
CVE-2014-0429
CVE-2014-0446
CVE-2014-0451
CVE-2014-0452
CVE-2014-0454
CVE-2014-0455
CVE-2014-0456
CVE-2014-0457
CVE-2014-0458
CVE-2014-0461
CVE-2014-2397
CVE-2014-2402
CVE-2014-2412
CVE-2014-2414
CVE-2014-2421
CVE-2014-2423
CVE-2014-2427
CVE-2014-0453
CVE-2014-0460
CVE-2014-0459
CVE-2014-1876
CVE-2014-2398
CVE-2014-2413
CVE-2014-2403
Version: 5
Platform(s): Ubuntu 14.04
Ubuntu 13.10
Ubuntu 12.10
Product(s): openjdk-7
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24510
 
Oval ID: oval:org.mitre.oval:def:24510
Title: Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound
Description: Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound.
Family: windows Class: vulnerability
Reference(s): CVE-2014-2427
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24513
 
Oval ID: oval:org.mitre.oval:def:24513
Title: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8 allows remote attackers to affect confidentiality via unknown vectors related to Deployment
Description: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality via unknown vectors related to Deployment.
Family: windows Class: vulnerability
Reference(s): CVE-2014-0449
Version: 4
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24515
 
Oval ID: oval:org.mitre.oval:def:24515
Title: Vulnerability in Java SE 6u71, Java SE 7u51, Java SE 8, JRockit R28.3.1 allows successful unauthenticated network attacks via multiple protocols
Description: The png_do_expand_palette function in libpng before 1.6.8 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via (1) a PLTE chunk of zero bytes or (2) a NULL palette, related to pngrtran.c and pngset.c.
Family: windows Class: vulnerability
Reference(s): CVE-2013-6954
Version: 4
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
JRockit
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24518
 
Oval ID: oval:org.mitre.oval:def:24518
Title: Unspecified vulnerability in Oracle Java SE 7u51 and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries
Description: Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-0432 and CVE-2014-2402.
Family: windows Class: vulnerability
Reference(s): CVE-2014-0455
Version: 4
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24520
 
Oval ID: oval:org.mitre.oval:def:24520
Title: Unspecified vulnerability in Oracle Java SE 5.0u61, SE 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries
Description: Unspecified vulnerability in Oracle Java SE 5.0u61, SE 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Family: windows Class: vulnerability
Reference(s): CVE-2014-0457
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
JRockit
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24522
 
Oval ID: oval:org.mitre.oval:def:24522
Title: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries
Description: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Family: windows Class: vulnerability
Reference(s): CVE-2014-0461
Version: 4
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24523
 
Oval ID: oval:org.mitre.oval:def:24523
Title: Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, SE 7u51, and 8 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT
Description: Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, SE 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT, a different vulnerability than CVE-2014-0451.
Family: windows Class: vulnerability
Reference(s): CVE-2014-2412
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24535
 
Oval ID: oval:org.mitre.oval:def:24535
Title: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot
Description: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
Family: windows Class: vulnerability
Reference(s): CVE-2014-0456
Version: 4
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24544
 
Oval ID: oval:org.mitre.oval:def:24544
Title: Unspecified vulnerability in Oracle Java SE 7u51 and 8, and JavaFX 2.2.51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors
Description: Unspecified vulnerability in Oracle Java SE 7u51 and 8, and JavaFX 2.2.51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2014-2422
Version: 3
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
JavaFX
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24557
 
Oval ID: oval:org.mitre.oval:def:24557
Title: RHSA-2014:0414: java-1.6.0-sun security update (Important)
Description: Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory pages, listed in the References section. (CVE-2013-1500, CVE-2013-1571, CVE-2013-2407, CVE-2013-2412, CVE-2013-2437, CVE-2013-2442, CVE-2013-2443, CVE-2013-2444, CVE-2013-2445, CVE-2013-2446, CVE-2013-2447, CVE-2013-2448, CVE-2013-2450, CVE-2013-2451, CVE-2013-2452, CVE-2013-2453, CVE-2013-2454, CVE-2013-2455, CVE-2013-2456, CVE-2013-2457, CVE-2013-2459, CVE-2013-2461, CVE-2013-2463, CVE-2013-2464, CVE-2013-2465, CVE-2013-2466, CVE-2013-2468, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473, CVE-2013-3743, CVE-2013-3829, CVE-2013-4002, CVE-2013-5772, CVE-2013-5774, CVE-2013-5776, CVE-2013-5778, CVE-2013-5780, CVE-2013-5782, CVE-2013-5783, CVE-2013-5784, CVE-2013-5787, CVE-2013-5789, CVE-2013-5790, CVE-2013-5797, CVE-2013-5801, CVE-2013-5802, CVE-2013-5803, CVE-2013-5804, CVE-2013-5809, CVE-2013-5812, CVE-2013-5814, CVE-2013-5817, CVE-2013-5818, CVE-2013-5819, CVE-2013-5820, CVE-2013-5823, CVE-2013-5824, CVE-2013-5825, CVE-2013-5829, CVE-2013-5830, CVE-2013-5831, CVE-2013-5832, CVE-2013-5840, CVE-2013-5842, CVE-2013-5843, CVE-2013-5848, CVE-2013-5849, CVE-2013-5850, CVE-2013-5852, CVE-2013-5878, CVE-2013-5884, CVE-2013-5887, CVE-2013-5888, CVE-2013-5889, CVE-2013-5896, CVE-2013-5898, CVE-2013-5899, CVE-2013-5902, CVE-2013-5905, CVE-2013-5906, CVE-2013-5907, CVE-2013-5910, CVE-2013-6629, CVE-2013-6954, CVE-2014-0368, CVE-2014-0373, CVE-2014-0375, CVE-2014-0376, CVE-2014-0387, CVE-2014-0403, CVE-2014-0410, CVE-2014-0411, CVE-2014-0415, CVE-2014-0416, CVE-2014-0417, CVE-2014-0418, CVE-2014-0422, CVE-2014-0423, CVE-2014-0424, CVE-2014-0428, CVE-2014-0429, CVE-2014-0446, CVE-2014-0449, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458, CVE-2014-0460, CVE-2014-0461, CVE-2014-1876, CVE-2014-2398, CVE-2014-2401, CVE-2014-2403, CVE-2014-2409, CVE-2014-2412, CVE-2014-2414, CVE-2014-2420, CVE-2014-2421, CVE-2014-2423, CVE-2014-2427, CVE-2014-2428) All users of java-1.6.0-sun are advised to upgrade to these updated packages, which provide Oracle Java 6 Update 75 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect.
Family: unix Class: patch
Reference(s): RHSA-2014:0414-00
CVE-2013-1500
CVE-2013-1571
CVE-2013-2407
CVE-2013-2412
CVE-2013-2437
CVE-2013-2442
CVE-2013-2443
CVE-2013-2444
CVE-2013-2445
CVE-2013-2446
CVE-2013-2447
CVE-2013-2448
CVE-2013-2450
CVE-2013-2451
CVE-2013-2452
CVE-2013-2453
CVE-2013-2454
CVE-2013-2455
CVE-2013-2456
CVE-2013-2457
CVE-2013-2459
CVE-2013-2461
CVE-2013-2463
CVE-2013-2464
CVE-2013-2465
CVE-2013-2466
CVE-2013-2468
CVE-2013-2469
CVE-2013-2470
CVE-2013-2471
CVE-2013-2472
CVE-2013-2473
CVE-2013-3743
CVE-2013-3829
CVE-2013-4002
CVE-2013-5772
CVE-2013-5774
CVE-2013-5776
CVE-2013-5778
CVE-2013-5780
CVE-2013-5782
CVE-2013-5783
CVE-2013-5784
CVE-2013-5787
CVE-2013-5789
CVE-2013-5790
CVE-2013-5797
CVE-2013-5801
CVE-2013-5802
CVE-2013-5803
CVE-2013-5804
CVE-2013-5809
CVE-2013-5812
CVE-2013-5814
CVE-2013-5817
CVE-2013-5818
CVE-2013-5819
CVE-2013-5820
CVE-2013-5823
CVE-2013-5824
CVE-2013-5825
CVE-2013-5829
CVE-2013-5830
CVE-2013-5831
CVE-2013-5832
CVE-2013-5840
CVE-2013-5842
CVE-2013-5843
CVE-2013-5848
CVE-2013-5849
CVE-2013-5850
CVE-2013-5852
CVE-2013-5878
CVE-2013-5884
CVE-2013-5887
CVE-2013-5888
CVE-2013-5889
CVE-2013-5896
CVE-2013-5898
CVE-2013-5899
CVE-2013-5902
CVE-2013-5905
CVE-2013-5906
CVE-2013-5907
CVE-2013-5910
CVE-2013-6629
CVE-2013-6954
CVE-2014-0368
CVE-2014-0373
CVE-2014-0375
CVE-2014-0376
CVE-2014-0387
CVE-2014-0403
CVE-2014-0410
CVE-2014-0411
CVE-2014-0415
CVE-2014-0416
CVE-2014-0417
CVE-2014-0418
CVE-2014-0422
CVE-2014-0423
CVE-2014-0424
CVE-2014-0428
CVE-2014-0429
CVE-2014-0446
CVE-2014-0449
CVE-2014-0451
CVE-2014-0452
CVE-2014-0453
CVE-2014-0456
CVE-2014-0457
CVE-2014-0458
CVE-2014-0460
CVE-2014-0461
CVE-2014-1876
CVE-2014-2398
CVE-2014-2401
CVE-2014-2403
CVE-2014-2409
CVE-2014-2412
CVE-2014-2414
CVE-2014-2420
CVE-2014-2421
CVE-2014-2423
CVE-2014-2427
CVE-2014-2428
Version: 3
Platform(s): Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 5
Product(s): java-1.6.0-sun
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24586
 
Oval ID: oval:org.mitre.oval:def:24586
Title: DEPRECATED: ELSA-2014:0413: java-1.7.0-oracle security update (Critical)
Description: Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2013-6629, CVE-2013-6954, CVE-2014-0429, CVE-2014-0432, CVE-2014-0446, CVE-2014-0448, CVE-2014-0449, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0454, CVE-2014-0455, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458, CVE-2014-0459, CVE-2014-0460, CVE-2014-0461, CVE-2014-1876, CVE-2014-2397, CVE-2014-2398, CVE-2014-2401, CVE-2014-2402, CVE-2014-2403, CVE-2014-2409, CVE-2014-2412, CVE-2014-2413, CVE-2014-2414, CVE-2014-2420, CVE-2014-2421, CVE-2014-2422, CVE-2014-2423, CVE-2014-2427, CVE-2014-2428) All users of java-1.7.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 7 Update 55 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect.
Family: unix Class: patch
Reference(s): ELSA-2014:0413-00
CVE-2013-6629
CVE-2013-6954
CVE-2014-0429
CVE-2014-0432
CVE-2014-0446
CVE-2014-0448
CVE-2014-0449
CVE-2014-0451
CVE-2014-0452
CVE-2014-0453
CVE-2014-0454
CVE-2014-0455
CVE-2014-0456
CVE-2014-0457
CVE-2014-0458
CVE-2014-0459
CVE-2014-0460
CVE-2014-0461
CVE-2014-1876
CVE-2014-2397
CVE-2014-2398
CVE-2014-2401
CVE-2014-2402
CVE-2014-2403
CVE-2014-2409
CVE-2014-2412
CVE-2014-2413
CVE-2014-2414
CVE-2014-2420
CVE-2014-2421
CVE-2014-2422
CVE-2014-2423
CVE-2014-2427
CVE-2014-2428
Version: 5
Platform(s): Oracle Linux 6
Oracle Linux 5
Product(s): java-1.7.0-oracle
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24587
 
Oval ID: oval:org.mitre.oval:def:24587
Title: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXB
Description: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXB.
Family: windows Class: vulnerability
Reference(s): CVE-2014-2414
Version: 4
Platform(s): Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24610
 
Oval ID: oval:org.mitre.oval:def:24610
Title: DEPRECATED: ELSA-2014:0414: java-1.6.0-sun security update (Important)
Description: Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory pages, listed in the References section. (CVE-2013-1500, CVE-2013-1571, CVE-2013-2407, CVE-2013-2412, CVE-2013-2437, CVE-2013-2442, CVE-2013-2443, CVE-2013-2444, CVE-2013-2445, CVE-2013-2446, CVE-2013-2447, CVE-2013-2448, CVE-2013-2450, CVE-2013-2451, CVE-2013-2452, CVE-2013-2453, CVE-2013-2454, CVE-2013-2455, CVE-2013-2456, CVE-2013-2457, CVE-2013-2459, CVE-2013-2461, CVE-2013-2463, CVE-2013-2464, CVE-2013-2465, CVE-2013-2466, CVE-2013-2468, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473, CVE-2013-3743, CVE-2013-3829, CVE-2013-4002, CVE-2013-5772, CVE-2013-5774, CVE-2013-5776, CVE-2013-5778, CVE-2013-5780, CVE-2013-5782, CVE-2013-5783, CVE-2013-5784, CVE-2013-5787, CVE-2013-5789, CVE-2013-5790, CVE-2013-5797, CVE-2013-5801, CVE-2013-5802, CVE-2013-5803, CVE-2013-5804, CVE-2013-5809, CVE-2013-5812, CVE-2013-5814, CVE-2013-5817, CVE-2013-5818, CVE-2013-5819, CVE-2013-5820, CVE-2013-5823, CVE-2013-5824, CVE-2013-5825, CVE-2013-5829, CVE-2013-5830, CVE-2013-5831, CVE-2013-5832, CVE-2013-5840, CVE-2013-5842, CVE-2013-5843, CVE-2013-5848, CVE-2013-5849, CVE-2013-5850, CVE-2013-5852, CVE-2013-5878, CVE-2013-5884, CVE-2013-5887, CVE-2013-5888, CVE-2013-5889, CVE-2013-5896, CVE-2013-5898, CVE-2013-5899, CVE-2013-5902, CVE-2013-5905, CVE-2013-5906, CVE-2013-5907, CVE-2013-5910, CVE-2013-6629, CVE-2013-6954, CVE-2014-0368, CVE-2014-0373, CVE-2014-0375, CVE-2014-0376, CVE-2014-0387, CVE-2014-0403, CVE-2014-0410, CVE-2014-0411, CVE-2014-0415, CVE-2014-0416, CVE-2014-0417, CVE-2014-0418, CVE-2014-0422, CVE-2014-0423, CVE-2014-0424, CVE-2014-0428, CVE-2014-0429, CVE-2014-0446, CVE-2014-0449, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458, CVE-2014-0460, CVE-2014-0461, CVE-2014-1876, CVE-2014-2398, CVE-2014-2401, CVE-2014-2403, CVE-2014-2409, CVE-2014-2412, CVE-2014-2414, CVE-2014-2420, CVE-2014-2421, CVE-2014-2423, CVE-2014-2427, CVE-2014-2428) All users of java-1.6.0-sun are advised to upgrade to these updated packages, which provide Oracle Java 6 Update 75 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect.
Family: unix Class: patch
Reference(s): ELSA-2014:0414-00
CVE-2013-1500
CVE-2013-1571
CVE-2013-2407
CVE-2013-2412
CVE-2013-2437
CVE-2013-2442
CVE-2013-2443
CVE-2013-2444
CVE-2013-2445
CVE-2013-2446
CVE-2013-2447
CVE-2013-2448
CVE-2013-2450
CVE-2013-2451
CVE-2013-2452
CVE-2013-2453
CVE-2013-2454
CVE-2013-2455
CVE-2013-2456
CVE-2013-2457
CVE-2013-2459
CVE-2013-2461
CVE-2013-2463
CVE-2013-2464
CVE-2013-2465
CVE-2013-2466
CVE-2013-2468
CVE-2013-2469
CVE-2013-2470
CVE-2013-2471
CVE-2013-2472
CVE-2013-2473
CVE-2013-3743
CVE-2013-3829
CVE-2013-4002
CVE-2013-5772
CVE-2013-5774
CVE-2013-5776
CVE-2013-5778
CVE-2013-5780
CVE-2013-5782
CVE-2013-5783
CVE-2013-5784
CVE-2013-5787
CVE-2013-5789
CVE-2013-5790
CVE-2013-5797
CVE-2013-5801
CVE-2013-5802
CVE-2013-5803
CVE-2013-5804
CVE-2013-5809
CVE-2013-5812
CVE-2013-5814
CVE-2013-5817
CVE-2013-5818
CVE-2013-5819
CVE-2013-5820
CVE-2013-5823
CVE-2013-5824
CVE-2013-5825
CVE-2013-5829
CVE-2013-5830
CVE-2013-5831
CVE-2013-5832
CVE-2013-5840
CVE-2013-5842
CVE-2013-5843
CVE-2013-5848
CVE-2013-5849
CVE-2013-5850
CVE-2013-5852
CVE-2013-5878
CVE-2013-5884
CVE-2013-5887
CVE-2013-5888
CVE-2013-5889
CVE-2013-5896
CVE-2013-5898
CVE-2013-5899
CVE-2013-5902
CVE-2013-5905
CVE-2013-5906
CVE-2013-5907
CVE-2013-5910
CVE-2013-6629
CVE-2013-6954
CVE-2014-0368
CVE-2014-0373
CVE-2014-0375
CVE-2014-0376
CVE-2014-0387
CVE-2014-0403
CVE-2014-0410
CVE-2014-0411
CVE-2014-0415
CVE-2014-0416
CVE-2014-0417
CVE-2014-0418
CVE-2014-0422
CVE-2014-0423
CVE-2014-0424
CVE-2014-0428
CVE-2014-0429
CVE-2014-0446
CVE-2014-0449
CVE-2014-0451
CVE-2014-0452
CVE-2014-0453
CVE-2014-0456
CVE-2014-0457
CVE-2014-0458
CVE-2014-0460
CVE-2014-0461
CVE-2014-1876
CVE-2014-2398
CVE-2014-2401
CVE-2014-2403
CVE-2014-2409
CVE-2014-2412
CVE-2014-2414
CVE-2014-2420
CVE-2014-2421
CVE-2014-2423
CVE-2014-2427
CVE-2014-2428
Version: 5
Platform(s): Oracle Linux 6
Oracle Linux 5
Product(s): java-1.6.0-sun
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24619
 
Oval ID: oval:org.mitre.oval:def:24619
Title: Unspecified vulnerability in Oracle Java SE 7u51 and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security
Description: Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security.
Family: windows Class: vulnerability
Reference(s): CVE-2014-0454
Version: 4
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24623
 
Oval ID: oval:org.mitre.oval:def:24623
Title: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8 allows remote attackers to affect confidentiality via vectors related to JAXP
Description: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality via vectors related to JAXP.
Family: windows Class: vulnerability
Reference(s): CVE-2014-2403
Version: 4
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24636
 
Oval ID: oval:org.mitre.oval:def:24636
Title: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS
Description: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0452 and CVE-2014-0458.
Family: windows Class: vulnerability
Reference(s): CVE-2014-2423
Version: 4
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24641
 
Oval ID: oval:org.mitre.oval:def:24641
Title: RHSA-2014:0407: java-1.7.0-openjdk security update (Important)
Description: The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2014-0429) Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-0457, CVE-2014-0455, CVE-2014-0461) Multiple improper permission check issues were discovered in the AWT, JAX-WS, JAXB, Libraries, Security, Sound, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-2402, CVE-2014-0446, CVE-2014-2413, CVE-2014-0454, CVE-2014-2427, CVE-2014-0459) Multiple flaws were identified in the Java Naming and Directory Interface (JNDI) DNS client. These flaws could make it easier for a remote attacker to perform DNS spoofing attacks. (CVE-2014-0460) It was discovered that the JAXP component did not properly prevent access to arbitrary files when a SecurityManager was present. This flaw could cause a Java application using JAXP to leak sensitive information, or affect application availability. (CVE-2014-2403) It was discovered that the Security component in OpenJDK could leak some timing information when performing PKCS#1 unpadding. This could possibly lead to the disclosure of some information that was meant to be protected by encryption. (CVE-2014-0453) It was discovered that the fix for CVE-2013-5797 did not properly resolve input sanitization flaws in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting (XSS) attacks. (CVE-2014-2398) An insecure temporary file use flaw was found in the way the unpack200 utility created log files. A local attacker could possibly use this flaw to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running unpack200. (CVE-2014-1876) All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
Family: unix Class: patch
Reference(s): RHSA-2014:0407-00
CESA-2014:0407
CVE-2014-0429
CVE-2014-0446
CVE-2014-0451
CVE-2014-0452
CVE-2014-0453
CVE-2014-0454
CVE-2014-0455
CVE-2014-0456
CVE-2014-0457
CVE-2014-0458
CVE-2014-0459
CVE-2014-0460
CVE-2014-0461
CVE-2014-1876
CVE-2014-2397
CVE-2014-2398
CVE-2014-2402
CVE-2014-2403
CVE-2014-2412
CVE-2014-2413
CVE-2014-2414
CVE-2014-2421
CVE-2014-2423
CVE-2014-2427
Version: 3
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): java-1.7.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24646
 
Oval ID: oval:org.mitre.oval:def:24646
Title: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Deployment
Description: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Deployment.
Family: windows Class: vulnerability
Reference(s): CVE-2014-2409
Version: 4
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24649
 
Oval ID: oval:org.mitre.oval:def:24649
Title: Unspecified vulnerability in Oracle Java SE 7u51 and 8 allows remote attackers to affect integrity via unknown vectors related to Libraries
Description: Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect integrity via unknown vectors related to Libraries.
Family: windows Class: vulnerability
Reference(s): CVE-2014-2413
Version: 4
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24652
 
Oval ID: oval:org.mitre.oval:def:24652
Title: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment
Description: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
Family: windows Class: vulnerability
Reference(s): CVE-2014-2428
Version: 4
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24662
 
Oval ID: oval:org.mitre.oval:def:24662
Title: ELSA-2014:0407: java-1.7.0-openjdk security update (Important)
Description: The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2014-0429) Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-0457, CVE-2014-0455, CVE-2014-0461) Multiple improper permission check issues were discovered in the AWT, JAX-WS, JAXB, Libraries, Security, Sound, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-2402, CVE-2014-0446, CVE-2014-2413, CVE-2014-0454, CVE-2014-2427, CVE-2014-0459) Multiple flaws were identified in the Java Naming and Directory Interface (JNDI) DNS client. These flaws could make it easier for a remote attacker to perform DNS spoofing attacks. (CVE-2014-0460) It was discovered that the JAXP component did not properly prevent access to arbitrary files when a SecurityManager was present. This flaw could cause a Java application using JAXP to leak sensitive information, or affect application availability. (CVE-2014-2403) It was discovered that the Security component in OpenJDK could leak some timing information when performing PKCS#1 unpadding. This could possibly lead to the disclosure of some information that was meant to be protected by encryption. (CVE-2014-0453) It was discovered that the fix for CVE-2013-5797 did not properly resolve input sanitization flaws in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting (XSS) attacks. (CVE-2014-2398) An insecure temporary file use flaw was found in the way the unpack200 utility created log files. A local attacker could possibly use this flaw to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running unpack200. (CVE-2014-1876) All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
Family: unix Class: patch
Reference(s): ELSA-2014:0407-00
CVE-2014-0429
CVE-2014-0446
CVE-2014-0451
CVE-2014-0452
CVE-2014-0453
CVE-2014-0454
CVE-2014-0455
CVE-2014-0456
CVE-2014-0457
CVE-2014-0458
CVE-2014-0459
CVE-2014-0460
CVE-2014-0461
CVE-2014-1876
CVE-2014-2397
CVE-2014-2398
CVE-2014-2402
CVE-2014-2403
CVE-2014-2412
CVE-2014-2413
CVE-2014-2414
CVE-2014-2421
CVE-2014-2423
CVE-2014-2427
Version: 5
Platform(s): Oracle Linux 5
Product(s): java-1.7.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24666
 
Oval ID: oval:org.mitre.oval:def:24666
Title: RHSA-2014:0406: java-1.7.0-openjdk security update (Critical)
Description: The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2014-0429) Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-0457, CVE-2014-0455, CVE-2014-0461) Multiple improper permission check issues were discovered in the AWT, JAX-WS, JAXB, Libraries, Security, Sound, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-2402, CVE-2014-0446, CVE-2014-2413, CVE-2014-0454, CVE-2014-2427, CVE-2014-0459) Multiple flaws were identified in the Java Naming and Directory Interface (JNDI) DNS client. These flaws could make it easier for a remote attacker to perform DNS spoofing attacks. (CVE-2014-0460) It was discovered that the JAXP component did not properly prevent access to arbitrary files when a SecurityManager was present. This flaw could cause a Java application using JAXP to leak sensitive information, or affect application availability. (CVE-2014-2403) It was discovered that the Security component in OpenJDK could leak some timing information when performing PKCS#1 unpadding. This could possibly lead to the disclosure of some information that was meant to be protected by encryption. (CVE-2014-0453) It was discovered that the fix for CVE-2013-5797 did not properly resolve input sanitization flaws in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting (XSS) attacks. (CVE-2014-2398) An insecure temporary file use flaw was found in the way the unpack200 utility created log files. A local attacker could possibly use this flaw to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running unpack200. (CVE-2014-1876) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
Family: unix Class: patch
Reference(s): RHSA-2014:0406-00
CESA-2014:0406
CVE-2014-0429
CVE-2014-0446
CVE-2014-0451
CVE-2014-0452
CVE-2014-0453
CVE-2014-0454
CVE-2014-0455
CVE-2014-0456
CVE-2014-0457
CVE-2014-0458
CVE-2014-0459
CVE-2014-0460
CVE-2014-0461
CVE-2014-1876
CVE-2014-2397
CVE-2014-2398
CVE-2014-2402
CVE-2014-2403
CVE-2014-2412
CVE-2014-2413
CVE-2014-2414
CVE-2014-2421
CVE-2014-2423
CVE-2014-2427
Version: 3
Platform(s): Red Hat Enterprise Linux 6
CentOS Linux 6
Product(s): java-1.7.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24672
 
Oval ID: oval:org.mitre.oval:def:24672
Title: Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D
Description: Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
Family: windows Class: vulnerability
Reference(s): CVE-2014-0429
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
JRockit
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24676
 
Oval ID: oval:org.mitre.oval:def:24676
Title: Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT
Description: Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT, a different vulnerability than CVE-2014-2412.
Family: windows Class: vulnerability
Reference(s): CVE-2014-0451
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24686
 
Oval ID: oval:org.mitre.oval:def:24686
Title: Unspecified vulnerability in Oracle Java SE 7u51 and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries
Description: Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-0455 and CVE-2014-2402.
Family: windows Class: vulnerability
Reference(s): CVE-2014-0432
Version: 4
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24709
 
Oval ID: oval:org.mitre.oval:def:24709
Title: Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; allows remote attackers to affect confidentiality and integrity via vectors related to JNDI
Description: Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via vectors related to JNDI.
Family: windows Class: vulnerability
Reference(s): CVE-2014-0460
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
JRockit
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24712
 
Oval ID: oval:org.mitre.oval:def:24712
Title: Vulnerability in Java SE 5.0u61, Java SE 6u71, Java SE 7u51, Java SE 8 allows successful unauthenticated network attacks via multiple protocols
Description: The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.
Family: windows Class: vulnerability
Reference(s): CVE-2013-6629
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24719
 
Oval ID: oval:org.mitre.oval:def:24719
Title: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS
Description: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0458 and CVE-2014-2423.
Family: windows Class: vulnerability
Reference(s): CVE-2014-0452
Version: 4
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24723
 
Oval ID: oval:org.mitre.oval:def:24723
Title: RHSA-2014:0413: java-1.7.0-oracle security update (Critical)
Description: Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2013-6629, CVE-2013-6954, CVE-2014-0429, CVE-2014-0432, CVE-2014-0446, CVE-2014-0448, CVE-2014-0449, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0454, CVE-2014-0455, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458, CVE-2014-0459, CVE-2014-0460, CVE-2014-0461, CVE-2014-1876, CVE-2014-2397, CVE-2014-2398, CVE-2014-2401, CVE-2014-2402, CVE-2014-2403, CVE-2014-2409, CVE-2014-2412, CVE-2014-2413, CVE-2014-2414, CVE-2014-2420, CVE-2014-2421, CVE-2014-2422, CVE-2014-2423, CVE-2014-2427, CVE-2014-2428) All users of java-1.7.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 7 Update 55 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect.
Family: unix Class: patch
Reference(s): RHSA-2014:0413-00
CVE-2013-6629
CVE-2013-6954
CVE-2014-0429
CVE-2014-0432
CVE-2014-0446
CVE-2014-0448
CVE-2014-0449
CVE-2014-0451
CVE-2014-0452
CVE-2014-0453
CVE-2014-0454
CVE-2014-0455
CVE-2014-0456
CVE-2014-0457
CVE-2014-0458
CVE-2014-0459
CVE-2014-0460
CVE-2014-0461
CVE-2014-1876
CVE-2014-2397
CVE-2014-2398
CVE-2014-2401
CVE-2014-2402
CVE-2014-2403
CVE-2014-2409
CVE-2014-2412
CVE-2014-2413
CVE-2014-2414
CVE-2014-2420
CVE-2014-2421
CVE-2014-2422
CVE-2014-2423
CVE-2014-2427
CVE-2014-2428
Version: 3
Platform(s): Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 5
Product(s): java-1.7.0-oracle
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24739
 
Oval ID: oval:org.mitre.oval:def:24739
Title: ELSA-2014:0414: java-1.6.0-sun security update (Important)
Description: Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory pages, listed in the References section. (CVE-2013-1500, CVE-2013-1571, CVE-2013-2407, CVE-2013-2412, CVE-2013-2437, CVE-2013-2442, CVE-2013-2443, CVE-2013-2444, CVE-2013-2445, CVE-2013-2446, CVE-2013-2447, CVE-2013-2448, CVE-2013-2450, CVE-2013-2451, CVE-2013-2452, CVE-2013-2453, CVE-2013-2454, CVE-2013-2455, CVE-2013-2456, CVE-2013-2457, CVE-2013-2459, CVE-2013-2461, CVE-2013-2463, CVE-2013-2464, CVE-2013-2465, CVE-2013-2466, CVE-2013-2468, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473, CVE-2013-3743, CVE-2013-3829, CVE-2013-4002, CVE-2013-5772, CVE-2013-5774, CVE-2013-5776, CVE-2013-5778, CVE-2013-5780, CVE-2013-5782, CVE-2013-5783, CVE-2013-5784, CVE-2013-5787, CVE-2013-5789, CVE-2013-5790, CVE-2013-5797, CVE-2013-5801, CVE-2013-5802, CVE-2013-5803, CVE-2013-5804, CVE-2013-5809, CVE-2013-5812, CVE-2013-5814, CVE-2013-5817, CVE-2013-5818, CVE-2013-5819, CVE-2013-5820, CVE-2013-5823, CVE-2013-5824, CVE-2013-5825, CVE-2013-5829, CVE-2013-5830, CVE-2013-5831, CVE-2013-5832, CVE-2013-5840, CVE-2013-5842, CVE-2013-5843, CVE-2013-5848, CVE-2013-5849, CVE-2013-5850, CVE-2013-5852, CVE-2013-5878, CVE-2013-5884, CVE-2013-5887, CVE-2013-5888, CVE-2013-5889, CVE-2013-5896, CVE-2013-5898, CVE-2013-5899, CVE-2013-5902, CVE-2013-5905, CVE-2013-5906, CVE-2013-5907, CVE-2013-5910, CVE-2013-6629, CVE-2013-6954, CVE-2014-0368, CVE-2014-0373, CVE-2014-0375, CVE-2014-0376, CVE-2014-0387, CVE-2014-0403, CVE-2014-0410, CVE-2014-0411, CVE-2014-0415, CVE-2014-0416, CVE-2014-0417, CVE-2014-0418, CVE-2014-0422, CVE-2014-0423, CVE-2014-0424, CVE-2014-0428, CVE-2014-0429, CVE-2014-0446, CVE-2014-0449, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458, CVE-2014-0460, CVE-2014-0461, CVE-2014-1876, CVE-2014-2398, CVE-2014-2401, CVE-2014-2403, CVE-2014-2409, CVE-2014-2412, CVE-2014-2414, CVE-2014-2420, CVE-2014-2421, CVE-2014-2423, CVE-2014-2427, CVE-2014-2428) All users of java-1.6.0-sun are advised to upgrade to these updated packages, which provide Oracle Java 6 Update 75 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect.
Family: unix Class: patch
Reference(s): ELSA-2014:0414-00
CVE-2013-1500
CVE-2013-1571
CVE-2013-2407
CVE-2013-2412
CVE-2013-2437
CVE-2013-2442
CVE-2013-2443
CVE-2013-2444
CVE-2013-2445
CVE-2013-2446
CVE-2013-2447
CVE-2013-2448
CVE-2013-2450
CVE-2013-2451
CVE-2013-2452
CVE-2013-2453
CVE-2013-2454
CVE-2013-2455
CVE-2013-2456
CVE-2013-2457
CVE-2013-2459
CVE-2013-2461
CVE-2013-2463
CVE-2013-2464
CVE-2013-2465
CVE-2013-2466
CVE-2013-2468
CVE-2013-2469
CVE-2013-2470
CVE-2013-2471
CVE-2013-2472
CVE-2013-2473
CVE-2013-3743
CVE-2013-3829
CVE-2013-4002
CVE-2013-5772
CVE-2013-5774
CVE-2013-5776
CVE-2013-5778
CVE-2013-5780
CVE-2013-5782
CVE-2013-5783
CVE-2013-5784
CVE-2013-5787
CVE-2013-5789
CVE-2013-5790
CVE-2013-5797
CVE-2013-5801
CVE-2013-5802
CVE-2013-5803
CVE-2013-5804
CVE-2013-5809
CVE-2013-5812
CVE-2013-5814
CVE-2013-5817
CVE-2013-5818
CVE-2013-5819
CVE-2013-5820
CVE-2013-5823
CVE-2013-5824
CVE-2013-5825
CVE-2013-5829
CVE-2013-5830
CVE-2013-5831
CVE-2013-5832
CVE-2013-5840
CVE-2013-5842
CVE-2013-5843
CVE-2013-5848
CVE-2013-5849
CVE-2013-5850
CVE-2013-5852
CVE-2013-5878
CVE-2013-5884
CVE-2013-5887
CVE-2013-5888
CVE-2013-5889
CVE-2013-5896
CVE-2013-5898
CVE-2013-5899
CVE-2013-5902
CVE-2013-5905
CVE-2013-5906
CVE-2013-5907
CVE-2013-5910
CVE-2013-6629
CVE-2013-6954
CVE-2014-0368
CVE-2014-0373
CVE-2014-0375
CVE-2014-0376
CVE-2014-0387
CVE-2014-0403
CVE-2014-0410
CVE-2014-0411
CVE-2014-0415
CVE-2014-0416
CVE-2014-0417
CVE-2014-0418
CVE-2014-0422
CVE-2014-0423
CVE-2014-0424
CVE-2014-0428
CVE-2014-0429
CVE-2014-0446
CVE-2014-0449
CVE-2014-0451
CVE-2014-0452
CVE-2014-0453
CVE-2014-0456
CVE-2014-0457
CVE-2014-0458
CVE-2014-0460
CVE-2014-0461
CVE-2014-1876
CVE-2014-2398
CVE-2014-2401
CVE-2014-2403
CVE-2014-2409
CVE-2014-2412
CVE-2014-2414
CVE-2014-2420
CVE-2014-2421
CVE-2014-2423
CVE-2014-2427
CVE-2014-2428
Version: 5
Platform(s): Oracle Linux 6
Oracle Linux 5
Product(s): java-1.6.0-sun
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24751
 
Oval ID: oval:org.mitre.oval:def:24751
Title: DSA-2912-1 openjdk-6 - security update
Description: Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service.
Family: unix Class: patch
Reference(s): DSA-2912-1
CVE-2014-0429
CVE-2014-0446
CVE-2014-0451
CVE-2014-0452
CVE-2014-0453
CVE-2014-0456
CVE-2014-0457
CVE-2014-0458
CVE-2014-0459
CVE-2014-0460
CVE-2014-0461
CVE-2014-0462
CVE-2014-1876
CVE-2014-2397
CVE-2014-2398
CVE-2014-2403
CVE-2014-2405
CVE-2014-2412
CVE-2014-2414
CVE-2014-2421
CVE-2014-2423
CVE-2014-2427
Version: 5
Platform(s): Debian GNU/Linux 6.0
Debian GNU/Linux 7
Debian GNU/kFreeBSD 6.0
Debian GNU/kFreeBSD 7
Product(s): openjdk-6
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24759
 
Oval ID: oval:org.mitre.oval:def:24759
Title: ELSA-2014:0413: java-1.7.0-oracle security update (Critical)
Description: Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2013-6629, CVE-2013-6954, CVE-2014-0429, CVE-2014-0432, CVE-2014-0446, CVE-2014-0448, CVE-2014-0449, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0454, CVE-2014-0455, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458, CVE-2014-0459, CVE-2014-0460, CVE-2014-0461, CVE-2014-1876, CVE-2014-2397, CVE-2014-2398, CVE-2014-2401, CVE-2014-2402, CVE-2014-2403, CVE-2014-2409, CVE-2014-2412, CVE-2014-2413, CVE-2014-2414, CVE-2014-2420, CVE-2014-2421, CVE-2014-2422, CVE-2014-2423, CVE-2014-2427, CVE-2014-2428) All users of java-1.7.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 7 Update 55 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect.
Family: unix Class: patch
Reference(s): ELSA-2014:0413-00
CVE-2013-6629
CVE-2013-6954
CVE-2014-0429
CVE-2014-0432
CVE-2014-0446
CVE-2014-0448
CVE-2014-0449
CVE-2014-0451
CVE-2014-0452
CVE-2014-0453
CVE-2014-0454
CVE-2014-0455
CVE-2014-0456
CVE-2014-0457
CVE-2014-0458
CVE-2014-0459
CVE-2014-0460
CVE-2014-0461
CVE-2014-1876
CVE-2014-2397
CVE-2014-2398
CVE-2014-2401
CVE-2014-2402
CVE-2014-2403
CVE-2014-2409
CVE-2014-2412
CVE-2014-2413
CVE-2014-2414
CVE-2014-2420
CVE-2014-2421
CVE-2014-2422
CVE-2014-2423
CVE-2014-2427
CVE-2014-2428
Version: 5
Platform(s): Oracle Linux 6
Oracle Linux 5
Product(s): java-1.7.0-oracle
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24767
 
Oval ID: oval:org.mitre.oval:def:24767
Title: ELSA-2014:0486: java-1.7.0-ibm security update (Critical)
Description: IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2014-0457, CVE-2014-2421, CVE-2014-0429, CVE-2014-0461, CVE-2014-0455, CVE-2014-2428, CVE-2014-0448, CVE-2014-0454, CVE-2014-0446, CVE-2014-0452, CVE-2014-0451, CVE-2014-2402, CVE-2014-2423, CVE-2014-2427, CVE-2014-0458, CVE-2014-2414, CVE-2014-2412, CVE-2014-2409, CVE-2014-0460, CVE-2013-6954, CVE-2013-6629, CVE-2014-2401, CVE-2014-0449, CVE-2014-0459, CVE-2014-0453, CVE-2014-2398, CVE-2014-1876, CVE-2014-2420) All users of java-1.7.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 7 SR7 release. All running instances of IBM Java must be restarted for the update to take effect.
Family: unix Class: patch
Reference(s): ELSA-2014:0486-01
CVE-2013-6629
CVE-2013-6954
CVE-2014-0429
CVE-2014-0446
CVE-2014-0448
CVE-2014-0449
CVE-2014-0451
CVE-2014-0452
CVE-2014-0453
CVE-2014-0454
CVE-2014-0455
CVE-2014-0457
CVE-2014-0458
CVE-2014-0459
CVE-2014-0460
CVE-2014-0461
CVE-2014-0878
CVE-2014-1876
CVE-2014-2398
CVE-2014-2401
CVE-2014-2402
CVE-2014-2409
CVE-2014-2412
CVE-2014-2414
CVE-2014-2420
CVE-2014-2421
CVE-2014-2423
CVE-2014-2427
CVE-2014-2428
Version: 4
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): java-1.7.0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24794
 
Oval ID: oval:org.mitre.oval:def:24794
Title: RHSA-2014:0509: java-1.5.0-ibm security update (Important)
Description: IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2014-0457, CVE-2014-2421, CVE-2014-0429, CVE-2014-0446, CVE-2014-0451, CVE-2014-2427, CVE-2014-2412, CVE-2014-0460, CVE-2013-6629, CVE-2014-2401, CVE-2014-0453, CVE-2014-2398, CVE-2014-1876) All users of java-1.5.0-ibm are advised to upgrade to these updated packages, containing the IBM J2SE 5.0 SR16-FP6 release. All running instances of IBM Java must be restarted for this update to take effect.
Family: unix Class: patch
Reference(s): RHSA-2014:0509-00
CVE-2013-6629
CVE-2014-0429
CVE-2014-0446
CVE-2014-0451
CVE-2014-0453
CVE-2014-0457
CVE-2014-0460
CVE-2014-1876
CVE-2014-2398
CVE-2014-2401
CVE-2014-2412
CVE-2014-2421
CVE-2014-2427
Version: 3
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
Product(s): java-1.5.0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24880
 
Oval ID: oval:org.mitre.oval:def:24880
Title: RHSA-2014:0675: java-1.7.0-openjdk security update (Critical)
Description: The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2014-0429) Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-0457, CVE-2014-0455, CVE-2014-0461) Multiple improper permission check issues were discovered in the AWT, JAX-WS, JAXB, Libraries, Security, Sound, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-2402, CVE-2014-0446, CVE-2014-2413, CVE-2014-0454, CVE-2014-2427, CVE-2014-0459) Multiple flaws were identified in the Java Naming and Directory Interface (JNDI) DNS client. These flaws could make it easier for a remote attacker to perform DNS spoofing attacks. (CVE-2014-0460) It was discovered that the JAXP component did not properly prevent access to arbitrary files when a SecurityManager was present. This flaw could cause a Java application using JAXP to leak sensitive information, or affect application availability. (CVE-2014-2403) It was discovered that the Security component in OpenJDK could leak some timing information when performing PKCS#1 unpadding. This could possibly lead to the disclosure of some information that was meant to be protected by encryption. (CVE-2014-0453) It was discovered that the fix for CVE-2013-5797 did not properly resolve input sanitization flaws in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting (XSS) attacks. (CVE-2014-2398) An insecure temporary file use flaw was found in the way the unpack200 utility created log files. A local attacker could possibly use this flaw to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running unpack200. (CVE-2014-1876) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
Family: unix Class: patch
Reference(s): RHSA-2014:0675-00
CVE-2014-0429
CVE-2014-0446
CVE-2014-0451
CVE-2014-0452
CVE-2014-0453
CVE-2014-0454
CVE-2014-0455
CVE-2014-0456
CVE-2014-0457
CVE-2014-0458
CVE-2014-0459
CVE-2014-0460
CVE-2014-0461
CVE-2014-1876
CVE-2014-2397
CVE-2014-2398
CVE-2014-2402
CVE-2014-2403
CVE-2014-2412
CVE-2014-2413
CVE-2014-2414
CVE-2014-2421
CVE-2014-2423
CVE-2014-2427
Version: 4
Platform(s): Red Hat Enterprise Linux 7
CentOS Linux 7
Product(s): java-1.7.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24881
 
Oval ID: oval:org.mitre.oval:def:24881
Title: ELSA-2014:0509: java-1.5.0-ibm security update (Important)
Description: IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2014-0457, CVE-2014-2421, CVE-2014-0429, CVE-2014-0446, CVE-2014-0451, CVE-2014-2427, CVE-2014-2412, CVE-2014-0460, CVE-2013-6629, CVE-2014-2401, CVE-2014-0453, CVE-2014-2398, CVE-2014-1876) All users of java-1.5.0-ibm are advised to upgrade to these updated packages, containing the IBM J2SE 5.0 SR16-FP6 release. All running instances of IBM Java must be restarted for this update to take effect.
Family: unix Class: patch
Reference(s): ELSA-2014:0509-01
CVE-2013-6629
CVE-2014-0429
CVE-2014-0446
CVE-2014-0451
CVE-2014-0453
CVE-2014-0457
CVE-2014-0460
CVE-2014-0878
CVE-2014-1876
CVE-2014-2398
CVE-2014-2401
CVE-2014-2412
CVE-2014-2421
CVE-2014-2427
Version: 4
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): java-1.5.0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25185
 
Oval ID: oval:org.mitre.oval:def:25185
Title: ELSA-2014:0508: java-1.6.0-ibm security update (Critical)
Description: IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2014-0457, CVE-2014-2421, CVE-2014-0429, CVE-2014-0461, CVE-2014-2428, CVE-2014-0446, CVE-2014-0452, CVE-2014-0451, CVE-2014-2423, CVE-2014-2427, CVE-2014-0458, CVE-2014-2414, CVE-2014-2412, CVE-2014-2409, CVE-2014-0460, CVE-2013-6954, CVE-2013-6629, CVE-2014-2401, CVE-2014-0449, CVE-2014-0453, CVE-2014-2398, CVE-2014-1876, CVE-2014-2420) All users of java-1.6.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 6 SR16 release. All running instances of IBM Java must be restarted for the update to take effect.
Family: unix Class: patch
Reference(s): ELSA-2014:0508-01
CVE-2013-6629
CVE-2013-6954
CVE-2014-0429
CVE-2014-0446
CVE-2014-0449
CVE-2014-0451
CVE-2014-0452
CVE-2014-0453
CVE-2014-0457
CVE-2014-0458
CVE-2014-0460
CVE-2014-0461
CVE-2014-0878
CVE-2014-1876
CVE-2014-2398
CVE-2014-2401
CVE-2014-2409
CVE-2014-2412
CVE-2014-2414
CVE-2014-2420
CVE-2014-2421
CVE-2014-2423
CVE-2014-2427
CVE-2014-2428
Version: 4
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): java-1.6.0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25220
 
Oval ID: oval:org.mitre.oval:def:25220
Title: RHSA-2014:0685: java-1.6.0-openjdk security update (Important)
Description: The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2014-0429) Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-0457, CVE-2014-0461) Multiple improper permission check issues were discovered in the AWT, JAX-WS, JAXB, Libraries, and Sound components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-0446, CVE-2014-2427) Multiple flaws were identified in the Java Naming and Directory Interface (JNDI) DNS client. These flaws could make it easier for a remote attacker to perform DNS spoofing attacks. (CVE-2014-0460) It was discovered that the JAXP component did not properly prevent access to arbitrary files when a SecurityManager was present. This flaw could cause a Java application using JAXP to leak sensitive information, or affect application availability. (CVE-2014-2403) It was discovered that the Security component in OpenJDK could leak some timing information when performing PKCS#1 unpadding. This could possibly lead to the disclosure of some information that was meant to be protected by encryption. (CVE-2014-0453) It was discovered that the fix for CVE-2013-5797 did not properly resolve input sanitization flaws in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting (XSS) attacks. (CVE-2014-2398) An insecure temporary file use flaw was found in the way the unpack200 utility created log files. A local attacker could possibly use this flaw to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running unpack200. (CVE-2014-1876) All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
Family: unix Class: patch
Reference(s): RHSA-2014:0685-00
CVE-2014-0429
CVE-2014-0446
CVE-2014-0451
CVE-2014-0452
CVE-2014-0453
CVE-2014-0456
CVE-2014-0457
CVE-2014-0458
CVE-2014-0460
CVE-2014-0461
CVE-2014-1876
CVE-2014-2397
CVE-2014-2398
CVE-2014-2403
CVE-2014-2412
CVE-2014-2414
CVE-2014-2421
CVE-2014-2423
CVE-2014-2427
Version: 4
Platform(s): Red Hat Enterprise Linux 7
CentOS Linux 7
Product(s): java-1.6.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25315
 
Oval ID: oval:org.mitre.oval:def:25315
Title: SUSE-SU-2014:0639-1 -- Security update for OpenJDK
Description: This java-1_7_0-openjdk update to version 2.4.7 fixes the following security and non-security issues: * Security fixes o S8023046: Enhance splashscreen support o S8025005: Enhance CORBA initializations o S8025010, CVE-2014-2412: Enhance AWT contexts o S8025030, CVE-2014-2414: Enhance stream handling o S8025152, CVE-2014-0458: Enhance activation set up o S8026067: Enhance signed jar verification o S8026163, CVE-2014-2427: Enhance media provisioning o S8026188, CVE-2014-2423: Enhance envelope factory o S8026200: Enhance RowSet Factory o S8026716, CVE-2014-2402: (aio) Enhance asynchronous channel handling o S8026736, CVE-2014-2398: Enhance Javadoc pages o S8026797, CVE-2014-0451: Enhance data transfers o S8026801, CVE-2014-0452: Enhance endpoint addressing o S8027766, CVE-2014-0453: Enhance RSA processing o S8027775: Enhance ICU code. o S8027841, CVE-2014-0429: Enhance pixel manipulations o S8028385: Enhance RowSet Factory o S8029282, CVE-2014-2403: Enhance CharInfo set up o S8029286: Enhance subject delegation o S8029699: Update Poller demo o S8029730: Improve audio device additions o S8029735: Enhance service mgmt natives o S8029740, CVE-2014-0446: Enhance handling of loggers o S8029745, CVE-2014-0454: Enhance algorithm checking o S8029750: Enhance LCMS color processing (in-tree LCMS) o S8029760, CVE-2013-6629: Enhance AWT image libraries (in-tree libjpeg) o S8029844, CVE-2014-0455: Enhance argument validation o S8029854, CVE-2014-2421: Enhance JPEG decodings o S8029858, CVE-2014-0456: Enhance array copies o S8030731, CVE-2014-0460: Improve name service robustness o S8031330: Refactor ObjectFactory o S8031335, CVE-2014-0459: Better color profiling (in-tree LCMS) o S8031352, CVE-2013-6954: Enhance PNG handling (in-tree libpng) o S8031394, CVE-2014-0457: (sl) Fix exception handling in ServiceLoader o S8031395: Enhance LDAP processing o S8032686, CVE-2014-2413: Issues with method invoke o S8033618, CVE-2014-1876: Correct logging output o S8034926, CVE-2014-2397: Attribute classes properly o S8036794, CVE-2014-0461: Manage JavaScript instances * Backports o S8004145: New improved hgforest.sh, ctrl-c now properly terminates mercurial processes. o S8007625: race with nested repos in /common/bin/hgforest.sh o S8011178: improve common/bin/hgforest.sh python detection (MacOS) o S8011342: hgforest.sh : 'python --version' not supported on older python o S8011350: hgforest.sh uses non-POSIX sh features that may fail with some shells o S8024200: handle hg wrapper with space after #! o S8025796: hgforest.sh could trigger unbuffered output from hg without complicated machinations o S8028388: 9 jaxws tests failed in nightly build with java.lang.ClassCastException o S8031477: [macosx] Loading AWT native library fails o S8032370: No "Truncated file" warning from IIOReadWarningListener on JPEGImageReader o S8035834: InetAddress.getLocalHost() can hang after JDK-8030731 was fixed * Bug fixes o PR1393: JPEG support in build is broken on non-system-libjpeg builds o PR1726: configure fails looking for ecj.jar before even trying to find javac o Red Hat local: Fix for repo with path statting with / . o Remove unused hgforest script
Family: unix Class: patch
Reference(s): SUSE-SU-2014:0639-1
CVE-2014-2412
CVE-2014-2414
CVE-2014-0458
CVE-2014-2427
CVE-2014-2423
CVE-2014-2402
CVE-2014-2398
CVE-2014-0451
CVE-2014-0452
CVE-2014-0453
CVE-2014-0429
CVE-2014-2403
CVE-2014-0446
CVE-2014-0454
CVE-2013-6629
CVE-2014-0455
CVE-2014-2421
CVE-2014-0456
CVE-2014-0460
CVE-2014-0459
CVE-2013-6954
CVE-2014-0457
CVE-2014-2413
CVE-2014-1876
CVE-2014-2397
CVE-2014-0461
Version: 3
Platform(s): SUSE Linux Enterprise Desktop 11
Product(s): OpenJDK
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25605
 
Oval ID: oval:org.mitre.oval:def:25605
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and JRockit R27.8.1 and R28.3.1 allows remote authenticated users to affect integrity via unknown vectors related to Javadoc.
Family: unix Class: vulnerability
Reference(s): CVE-2014-2398
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25727
 
Oval ID: oval:org.mitre.oval:def:25727
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
Family: unix Class: vulnerability
Reference(s): CVE-2014-2397
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25797
 
Oval ID: oval:org.mitre.oval:def:25797
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
Family: unix Class: vulnerability
Reference(s): CVE-2014-2421
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25817
 
Oval ID: oval:org.mitre.oval:def:25817
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality via vectors related to JAXP.
Family: unix Class: vulnerability
Reference(s): CVE-2014-2403
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25939
 
Oval ID: oval:org.mitre.oval:def:25939
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-0432 and CVE-2014-0455.
Family: unix Class: vulnerability
Reference(s): CVE-2014-2402
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26097
 
Oval ID: oval:org.mitre.oval:def:26097
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect availability via unknown vectors related to 2D.
Family: unix Class: vulnerability
Reference(s): CVE-2014-0459
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26122
 
Oval ID: oval:org.mitre.oval:def:26122
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT, a different vulnerability than CVE-2014-2412.
Family: unix Class: vulnerability
Reference(s): CVE-2014-0451
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26129
 
Oval ID: oval:org.mitre.oval:def:26129
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-0455 and CVE-2014-2402.
Family: unix Class: vulnerability
Reference(s): CVE-2014-0432
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26181
 
Oval ID: oval:org.mitre.oval:def:26181
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.
Family: unix Class: vulnerability
Reference(s): CVE-2013-6629
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26196
 
Oval ID: oval:org.mitre.oval:def:26196
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0452 and CVE-2014-0458.
Family: unix Class: vulnerability
Reference(s): CVE-2014-2423
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26220
 
Oval ID: oval:org.mitre.oval:def:26220
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: The unpacker::redirect_stdio function in unpack.cpp in unpack200 in OpenJDK 6, 7, and 8; Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 does not securely create temporary files when a log file cannot be opened, which allows local users to overwrite arbitrary files via a symlink attack on /tmp/unpack.log.
Family: unix Class: vulnerability
Reference(s): CVE-2014-1876
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26257
 
Oval ID: oval:org.mitre.oval:def:26257
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 5.0u61, SE 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Family: unix Class: vulnerability
Reference(s): CVE-2014-0457
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26326
 
Oval ID: oval:org.mitre.oval:def:26326
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Family: unix Class: vulnerability
Reference(s): CVE-2014-0461
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26336
 
Oval ID: oval:org.mitre.oval:def:26336
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security.
Family: unix Class: vulnerability
Reference(s): CVE-2014-0454
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26352
 
Oval ID: oval:org.mitre.oval:def:26352
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0452 and CVE-2014-2423.
Family: unix Class: vulnerability
Reference(s): CVE-2014-0458
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26360
 
Oval ID: oval:org.mitre.oval:def:26360
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Deployment.
Family: unix Class: vulnerability
Reference(s): CVE-2014-2409
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26368
 
Oval ID: oval:org.mitre.oval:def:26368
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security.
Family: unix Class: vulnerability
Reference(s): CVE-2014-0453
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26411
 
Oval ID: oval:org.mitre.oval:def:26411
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-0432 and CVE-2014-2402.
Family: unix Class: vulnerability
Reference(s): CVE-2014-0455
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26415
 
Oval ID: oval:org.mitre.oval:def:26415
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Family: unix Class: vulnerability
Reference(s): CVE-2014-0446
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26420
 
Oval ID: oval:org.mitre.oval:def:26420
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: The png_do_expand_palette function in libpng before 1.6.8 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via (1) a PLTE chunk of zero bytes or (2) a NULL palette, related to pngrtran.c and pngset.c.
Family: unix Class: vulnerability
Reference(s): CVE-2013-6954
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26429
 
Oval ID: oval:org.mitre.oval:def:26429
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect integrity via unknown vectors related to Deployment.
Family: unix Class: vulnerability
Reference(s): CVE-2014-2420
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26431
 
Oval ID: oval:org.mitre.oval:def:26431
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
Family: unix Class: vulnerability
Reference(s): CVE-2014-2428
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26466
 
Oval ID: oval:org.mitre.oval:def:26466
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 7u51 and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
Family: unix Class: vulnerability
Reference(s): CVE-2014-0448
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26484
 
Oval ID: oval:org.mitre.oval:def:26484
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound.
Family: unix Class: vulnerability
Reference(s): CVE-2014-2427
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26494
 
Oval ID: oval:org.mitre.oval:def:26494
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via vectors related to JNDI.
Family: unix Class: vulnerability
Reference(s): CVE-2014-0460
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26495
 
Oval ID: oval:org.mitre.oval:def:26495
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality via unknown vectors related to 2D.
Family: unix Class: vulnerability
Reference(s): CVE-2014-2401
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26524
 
Oval ID: oval:org.mitre.oval:def:26524
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
Family: unix Class: vulnerability
Reference(s): CVE-2014-0456
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26558
 
Oval ID: oval:org.mitre.oval:def:26558
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality via unknown vectors related to Deployment.
Family: unix Class: vulnerability
Reference(s): CVE-2014-0449
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26567
 
Oval ID: oval:org.mitre.oval:def:26567
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXB.
Family: unix Class: vulnerability
Reference(s): CVE-2014-2414
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26569
 
Oval ID: oval:org.mitre.oval:def:26569
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0458 and CVE-2014-2423.
Family: unix Class: vulnerability
Reference(s): CVE-2014-0452
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26587
 
Oval ID: oval:org.mitre.oval:def:26587
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, SE 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT, a different vulnerability than CVE-2014-0451.
Family: unix Class: vulnerability
Reference(s): CVE-2014-2412
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26625
 
Oval ID: oval:org.mitre.oval:def:26625
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 7u51 and 8, and JavaFX 2.2.51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
Family: unix Class: vulnerability
Reference(s): CVE-2014-2422
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26648
 
Oval ID: oval:org.mitre.oval:def:26648
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect integrity via unknown vectors related to Libraries.
Family: unix Class: vulnerability
Reference(s): CVE-2014-2413
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26653
 
Oval ID: oval:org.mitre.oval:def:26653
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
Family: unix Class: vulnerability
Reference(s): CVE-2014-0429
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26976
 
Oval ID: oval:org.mitre.oval:def:26976
Title: DEPRECATED: ELSA-2013-1804 -- libjpeg security update (moderate)
Description: [6b-38] - Add patch for CVE-2013-6629 - Resolves: #1031952
Family: unix Class: patch
Reference(s): ELSA-2013-1804
CVE-2013-6629
Version: 4
Platform(s): Oracle Linux 5
Product(s): libjpeg
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27029
 
Oval ID: oval:org.mitre.oval:def:27029
Title: ELSA-2014-0685 -- java-1.6.0-openjdk security update (important)
Description: [1:1.6.0.1-6.1.13.3] - updated to icedtea 1.13.3 - updated to openjdk-6-src-b31-15_apr_2014 - renmoved upstreamed patch7, 1.13_fixes.patch - renmoved upstreamed patch9, 1051245.patch - Resolves: rhbz#1099563
Family: unix Class: patch
Reference(s): ELSA-2014-0685
CVE-2014-0456
CVE-2014-0457
CVE-2014-0458
CVE-2014-0460
CVE-2014-0461
CVE-2014-1876
CVE-2014-2397
CVE-2014-2398
CVE-2014-2403
CVE-2014-2412
CVE-2014-2414
CVE-2014-2421
CVE-2014-2423
CVE-2014-2427
CVE-2014-0429
CVE-2014-0446
CVE-2014-0451
CVE-2014-0452
CVE-2014-0453
Version: 5
Platform(s): Oracle Linux 7
Product(s): java-1.6.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27331
 
Oval ID: oval:org.mitre.oval:def:27331
Title: ELSA-2014-0675 -- java-1.7.0-openjdk security update (critical)
Description: [1.7.0.55-2.4.7.2.0.1.el7_0] - Update DISTRO_NAME in specfile [1.7.0.55-2.4.7.2] - Remove NSS patches. Issues with PKCS11 provider mean it shouldn't be enabled. - Always setup nss.cfg and depend on nss-devel at build-time to do so. - This allows users who wish to use PKCS11+NSS to just add it to java.security. - Patches to PKCS11 provider will be included upstream in 2.4.8 (ETA July 2014) - Resolves: rhbz#1099565 [1.7.0.55-2.4.7.0.el7] - bumped to future icedtea-forest 2.4.7 - updatever set to 55, buildver se to 13, release reset to 0 - removed upstreamed patch402 gstackbounds.patch - removed Requires: rhino, BuildRequires is enough - ppc64 repalced by power64 macro - patch111 applied as dry-run (6.6 forward port) - nss enabled, but notused as default (6.6 forward port) - Resolves: rhbz#1099565
Family: unix Class: patch
Reference(s): ELSA-2014-0675
CVE-2014-0454
CVE-2014-0455
CVE-2014-0456
CVE-2014-0457
CVE-2014-0458
CVE-2014-0459
CVE-2014-0460
CVE-2014-0461
CVE-2014-1876
CVE-2014-2397
CVE-2014-2398
CVE-2014-2402
CVE-2014-2403
CVE-2014-2412
CVE-2014-2413
CVE-2014-2414
CVE-2014-2421
CVE-2014-2423
CVE-2014-2427
CVE-2014-0429
CVE-2014-0446
CVE-2014-0451
CVE-2014-0452
CVE-2014-0453
Version: 5
Platform(s): Oracle Linux 7
Product(s): java-1.7.0-openjdk
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Application