Executive Summary

Summary
Titlejava-1.6.0-sun security update
Informations
NameRHSA-2014:0414First vendor Publication2014-04-17
VendorRedHatLast vendor Modification2014-04-17
Severity (Vendor) ImportantRevision01

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score10Attack RangeNetwork
Cvss Impact Score10Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

Updated java-1.6.0-sun packages that fix several security issues are now available for Oracle Java for Red Hat Enterprise Linux 5 and 6.

The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

Oracle Java for Red Hat Enterprise Linux Desktop 5 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Desktop 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux HPC Node 6 - x86_64 Oracle Java for Red Hat Enterprise Linux Server 5 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Server 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Workstation 6 - i386, x86_64

3. Description:

Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.

This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory pages, listed in the References section. (CVE-2013-1500, CVE-2013-1571, CVE-2013-2407, CVE-2013-2412, CVE-2013-2437, CVE-2013-2442, CVE-2013-2443, CVE-2013-2444, CVE-2013-2445, CVE-2013-2446, CVE-2013-2447, CVE-2013-2448, CVE-2013-2450, CVE-2013-2451, CVE-2013-2452, CVE-2013-2453, CVE-2013-2454, CVE-2013-2455, CVE-2013-2456, CVE-2013-2457, CVE-2013-2459, CVE-2013-2461, CVE-2013-2463, CVE-2013-2464, CVE-2013-2465, CVE-2013-2466, CVE-2013-2468, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473, CVE-2013-3743, CVE-2013-3829, CVE-2013-4002, CVE-2013-5772, CVE-2013-5774, CVE-2013-5776, CVE-2013-5778, CVE-2013-5780, CVE-2013-5782, CVE-2013-5783, CVE-2013-5784, CVE-2013-5787, CVE-2013-5789, CVE-2013-5790, CVE-2013-5797, CVE-2013-5801, CVE-2013-5802, CVE-2013-5803, CVE-2013-5804, CVE-2013-5809, CVE-2013-5812, CVE-2013-5814, CVE-2013-5817, CVE-2013-5818, CVE-2013-5819, CVE-2013-5820, CVE-2013-5823, CVE-2013-5824, CVE-2013-5825, CVE-2013-5829, CVE-2013-5830, CVE-2013-5831, CVE-2013-5832, CVE-2013-5840, CVE-2013-5842, CVE-2013-5843, CVE-2013-5848, CVE-2013-5849, CVE-2013-5850, CVE-2013-5852, CVE-2013-5878, CVE-2013-5884, CVE-2013-5887, CVE-2013-5888, CVE-2013-5889, CVE-2013-5896, CVE-2013-5898, CVE-2013-5899, CVE-2013-5902, CVE-2013-5905, CVE-2013-5906, CVE-2013-5907, CVE-2013-5910, CVE-2013-6629, CVE-2013-6954, CVE-2014-0368, CVE-2014-0373, CVE-2014-0375, CVE-2014-0376, CVE-2014-0387, CVE-2014-0403, CVE-2014-0410, CVE-2014-0411, CVE-2014-0415, CVE-2014-0416, CVE-2014-0417, CVE-2014-0418, CVE-2014-0422, CVE-2014-0423, CVE-2014-0424, CVE-2014-0428, CVE-2014-0429, CVE-2014-0446, CVE-2014-0449, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458, CVE-2014-0460, CVE-2014-0461, CVE-2014-1876, CVE-2014-2398, CVE-2014-2401, CVE-2014-2403, CVE-2014-2409, CVE-2014-2412, CVE-2014-2414, CVE-2014-2420, CVE-2014-2421, CVE-2014-2423, CVE-2014-2427, CVE-2014-2428)

All users of java-1.6.0-sun are advised to upgrade to these updated packages, which provide Oracle Java 6 Update 75 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

973474 - CVE-2013-1571 OpenJDK: Frame injection in generated HTML (Javadoc, 8012375) 975099 - CVE-2013-2470 OpenJDK: ImagingLib byte lookup processing (2D, 8011243) 975102 - CVE-2013-2471 OpenJDK: Incorrect IntegerComponentRaster size checks (2D, 8011248) 975107 - CVE-2013-2472 OpenJDK: Incorrect ShortBandedRaster size checks (2D, 8011253) 975110 - CVE-2013-2473 OpenJDK: Incorrect ByteBandedRaster size checks (2D, 8011257) 975115 - CVE-2013-2463 OpenJDK: Incorrect image attribute verification (2D, 8012438) 975118 - CVE-2013-2465 OpenJDK: Incorrect image channel verification (2D, 8012597) 975120 - CVE-2013-2469 OpenJDK: Incorrect image layout verification (2D, 8012601) 975121 - CVE-2013-2459 OpenJDK: Various AWT integer overflow checks (AWT, 8009071) 975124 - CVE-2013-2445 OpenJDK: Better handling of memory allocation errors (Hotspot, 7158805) 975125 - CVE-2013-2448 OpenJDK: Better access restrictions (Sound, 8006328) 975126 - CVE-2013-2461 OpenJDK: Missing check for valid DOMCanonicalizationMethod canonicalization algorithm (Libraries, 8014281) 975127 - CVE-2013-2407 OpenJDK: Integrate Apache Santuario, rework class loader (Libraries, 6741606, 8008744) 975129 - CVE-2013-2454 OpenJDK: SerialJavaObject package restriction (JDBC, 8009554) 975131 - CVE-2013-2444 OpenJDK: Resource denial of service (AWT, 8001038) 975132 - CVE-2013-2446 OpenJDK: output stream access restrictions (CORBA, 8000642) 975133 - CVE-2013-2457 OpenJDK: Proper class checking (JMX, 8008120) 975134 - CVE-2013-2453 OpenJDK: MBeanServer Introspector package access (JMX, 8008124) 975137 - CVE-2013-2443 OpenJDK: AccessControlContext check order issue (Libraries, 8001330) 975138 - CVE-2013-2452 OpenJDK: Unique VMIDs (Libraries, 8001033) 975139 - CVE-2013-2455 OpenJDK: getEnclosing* checks (Libraries, 8007812) 975140 - CVE-2013-2447 OpenJDK: Prevent revealing the local address (Networking, 8001318) 975141 - CVE-2013-2450 OpenJDK: ObjectStreamClass circular reference denial of service (Serialization, 8000638) 975142 - CVE-2013-2456 OpenJDK: ObjectOutputStream access checks (Serialization, 8008132) 975144 - CVE-2013-2412 OpenJDK: JConsole SSL support (Serviceability, 8003703) 975146 - CVE-2013-2451 OpenJDK: exclusive port binding (Networking, 7170730) 975148 - CVE-2013-1500 OpenJDK: Insecure shared memory permissions (2D, 8001034) 975757 - CVE-2013-2464 Oracle JDK: unspecified vulnerability fixed in 7u25 (2D) 975761 - CVE-2013-2468 Oracle JDK: unspecified vulnerability fixed in 7u25 (Deployment) 975764 - CVE-2013-2466 Oracle JDK: unspecified vulnerability fixed in 7u25 (Deployment) 975767 - CVE-2013-3743 Oracle JDK: unspecified vulnerability fixed in 6u51 and 5u51 (AWT) 975770 - CVE-2013-2442 Oracle JDK: unspecified vulnerability fixed in 7u25 (Deployment) 975773 - CVE-2013-2437 Oracle JDK: unspecified vulnerability fixed in 7u25 (Deployment) 1018713 - CVE-2013-5803 OpenJDK: insufficient checks of KDC replies (JGSS, 8014341) 1018717 - CVE-2013-5772 OpenJDK: insufficient html escaping in jhat (jhat, 8011081) 1018720 - CVE-2013-5797 OpenJDK: insufficient escaping of window title string (Javadoc, 8016675) 1018727 - CVE-2013-5784 OpenJDK: insufficient InterfaceImplementor security checks (Scripting, 8017299) 1018736 - CVE-2013-5790 OpenJDK: insufficient security checks (Beans, 8012071) 1018750 - CVE-2013-5849 OpenJDK: insufficient DataFlavor security checks (AWT, 8012277) 1018785 - CVE-2013-5780 OpenJDK: key data leak via toString() methods (Libraries, 8011071) 1018831 - CVE-2013-5840 OpenJDK: getDeclaringClass() information leak (Libraries, 8014349) 1018972 - CVE-2013-5820 OpenJDK: insufficient security checks (JAXWS, 8017505) 1018984 - CVE-2013-5778 OpenJDK: image conversion out of bounds read (2D, 8014102) 1019108 - CVE-2013-5782 OpenJDK: Incorrect awt_getPixelByte/awt_getPixelShort/awt_setPixelByte/awt_setPixelShort image raster checks (2D, 8014093) 1019110 - CVE-2013-5830 OpenJDK: checkPackageAccess missing security check (Libraries, 8017291) 1019113 - CVE-2013-5809 OpenJDK: JPEGImageReader and JPEGImageWriter missing band size checks (2D, 8013510) 1019115 - CVE-2013-5829 OpenJDK: Java2d Disposer security bypass (2D, 8017287) 1019117 - CVE-2013-5814 OpenJDK: RMIConnection stub missing permission check (CORBA, 8011157) 1019118 - CVE-2013-5817 OpenJDK: VersionHelper12 does not honor modifyThreadGroup restriction (JNDI, 8013739) 1019123 - CVE-2013-5842 OpenJDK: ObjectInputStream/ObjectOutputStream missing checks (Libraries, 8014987) 1019127 - CVE-2013-5850 OpenJDK: Missing CORBA security checks (Libraries, 8017196) 1019130 - CVE-2013-5802 OpenJDK: javax.xml.transform.TransformerFactory does not properly honor XMLConstants.FEATURE_SECURE_PROCESSING (JAXP, 8012425) 1019131 - CVE-2013-5804 OpenJDK: javac does not ignore certain ignorable characters (Javadoc, 8016653) 1019133 - CVE-2013-3829 OpenJDK: java.util.TimeZone does not restrict setting of default time zone (Libraries, 8001029) 1019137 - CVE-2013-5783 OpenJDK: JTable not properly performing certain access checks (Swing, 8013744) 1019139 - CVE-2013-5825 OpenJDK: XML parsing Denial of Service (JAXP, 8014530) 1019145 - CVE-2013-5823 OpenJDK: com.sun.org.apache.xml.internal.security.utils.UnsyncByteArrayOutputStream Denial of Service (Security, 8021290) 1019147 - CVE-2013-5774 OpenJDK: Inet6Address class IPv6 address processing errors (Libraries, 8015743) 1019176 - CVE-2013-4002 OpenJDK: XML parsing Denial of Service (JAXP, 8017298) 1019691 - CVE-2013-5824 Oracle JDK: unspecified vulnerability fixed in 7u45 (Deployment) 1019693 - CVE-2013-5787 Oracle JDK: unspecified vulnerability fixed in 7u45 (Deployment) 1019697 - CVE-2013-5789 Oracle JDK: unspecified vulnerability fixed in 7u45 (Deployment) 1019701 - CVE-2013-5843 Oracle JDK: unspecified vulnerability fixed in 7u45 (2D) 1019702 - CVE-2013-5832 Oracle JDK: unspecified vulnerability fixed in 7u45 (Deployment) 1019705 - CVE-2013-5852 Oracle JDK: unspecified vulnerability fixed in 7u45 (Deployment) 1019706 - CVE-2013-5812 Oracle JDK: unspecified vulnerability fixed in 7u45 (Deployment) 1019710 - CVE-2013-5801 Oracle JDK: unspecified vulnerability fixed in 7u45 (2D) 1019712 - CVE-2013-5776 Oracle JDK: unspecified vulnerability fixed in 7u45 (Deployment) 1019713 - CVE-2013-5818 Oracle JDK: unspecified vulnerability fixed in 7u45 (Deployment) 1019715 - CVE-2013-5819 Oracle JDK: unspecified vulnerability fixed in 7u45 (Deployment) 1019716 - CVE-2013-5831 Oracle JDK: unspecified vulnerability fixed in 7u45 (Deployment) 1019720 - CVE-2013-5848 Oracle JDK: unspecified vulnerability fixed in 7u45 (Deployment) 1031734 - CVE-2013-6629 libjpeg: information leak (read of uninitialized memory) 1045561 - CVE-2013-6954 libpng: unhandled zero-length PLTE chunk or NULL palette 1051519 - CVE-2014-0428 OpenJDK: insufficient security checks in IIOP streams (CORBA, 8025767) 1051528 - CVE-2014-0422 OpenJDK: insufficient package access checks in the Naming component (JNDI, 8025758) 1051699 - CVE-2014-0373 OpenJDK: SnmpStatusException handling issues (Serviceability, 7068126) 1051823 - CVE-2013-5878 OpenJDK: null xmlns handling issue (Security, 8025026) 1051911 - CVE-2013-5884 OpenJDK: insufficient security checks in CORBA stub factories (CORBA, 8026193) 1051912 - CVE-2014-0416 OpenJDK: insecure subject principals set handling (JAAS, 8024306) 1051923 - CVE-2014-0376 OpenJDK: document builder missing security checks (JAXP, 8027201, 8025018) 1052915 - CVE-2013-5907 ICU: Layout Engine LookupProcessor insufficient input checks (JDK 2D, 8025034) 1052919 - CVE-2014-0368 OpenJDK: insufficient Socket checkListen checks (Networking, 8011786) 1052942 - CVE-2013-5910 OpenJDK: XML canonicalizer mutable strings passed to untrusted code (Security, 8026417) 1053010 - CVE-2014-0411 OpenJDK: TLS/SSL handshake timing issues (JSSE, 8023069) 1053066 - CVE-2014-0423 OpenJDK: XXE issue in decoder (Beans, 8023245) 1053266 - CVE-2013-5896 OpenJDK: com.sun.corba.se. should be restricted package (CORBA, 8025022) 1053495 - CVE-2014-0410 Oracle JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment) 1053496 - CVE-2014-0415 Oracle JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment) 1053499 - CVE-2013-5889 Oracle JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment) 1053501 - CVE-2014-0417 Oracle JDK: unspecified vulnerability fixed in 5.0u71, 6u71 and 7u51 (2D) 1053502 - CVE-2014-0387 Oracle JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment) 1053504 - CVE-2014-0424 Oracle JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment) 1053507 - CVE-2014-0403 Oracle JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment) 1053508 - CVE-2014-0375 Oracle JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment) 1053509 - CVE-2013-5905 Oracle JDK: unspecified vulnerability fixed in 5.0u71, 6u71 and 7u51 (Install) 1053510 - CVE-2013-5906 Oracle JDK: unspecified vulnerability fixed in 5.0u71, 6u71 and 7u51 (Install) 1053512 - CVE-2013-5902 Oracle JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment) 1053513 - CVE-2014-0418 Oracle JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment) 1053515 - CVE-2013-5887 Oracle JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment) 1053516 - CVE-2013-5899 Oracle JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment) 1053517 - CVE-2013-5888 Oracle JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment) 1053518 - CVE-2013-5898 Oracle JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment) 1060907 - CVE-2014-1876 OpenJDK: insecure temporary file use in unpack200 (Libraries, 8033618) 1086632 - CVE-2014-2398 OpenJDK: insufficient escaping of window title string (Javadoc, 8026736) 1086645 - CVE-2014-0453 OpenJDK: RSA unpadding timing issues (Security, 8027766) 1087409 - CVE-2014-0429 OpenJDK: Incorrect mlib/raster image validation (2D, 8027841) 1087411 - CVE-2014-0457 OpenJDK: ServiceLoader Exception handling security bypass (Libraries, 8031394) 1087413 - CVE-2014-0456 OpenJDK: System.arraycopy() element race condition (Hotspot, 8029858) 1087417 - CVE-2014-2421 OpenJDK: JPEG decoder input stream handling (2D, 8029854) 1087426 - CVE-2014-0461 OpenJDK: Better ScriptEngineManager ScriptEngine management (Libraries, 8036794) 1087427 - CVE-2014-2412 OpenJDK: AWT thread context handling (AWT, 8025010) 1087428 - CVE-2014-0451 OpenJDK: AWT incorrect FlavorMap seperation (AWT, 8026797) 1087430 - CVE-2014-0458 OpenJDK: Activation framework default command map caching (JAX-WS, 8025152) 1087431 - CVE-2014-2414 OpenJDK: incorrect caching of data initialized via TCCL (JAXB, 8025030) 1087434 - CVE-2014-2423 OpenJDK: incorrect caching of data initialized via TCCL (JAXWS, 8026188) 1087436 - CVE-2014-0452 OpenJDK: incorrect caching of data initialized via TCCL (JAXWS, 8026801) 1087439 - CVE-2014-0446 OpenJDK: Protect logger handlers (Libraries, 8029740) 1087441 - CVE-2014-2427 OpenJDK: remove insecure Java Sound provider caching (Sound, 8026163) 1087442 - CVE-2014-0460 OpenJDK: missing randomization of JNDI DNS client query IDs (JNDI, 8030731) 1087443 - CVE-2014-2403 OpenJDK: JAXP CharInfo file access restriction (JAXP, 8029282) 1088025 - CVE-2014-2428 Oracle JDK: unspecified vulnerability fixed in 6u75, 7u55 and 8u5 (Deployment) 1088027 - CVE-2014-2409 Oracle JDK: unspecified vulnerability fixed in 6u75, 7u55 and 8u5 (Deployment) 1088028 - CVE-2014-0449 Oracle JDK: unspecified vulnerability fixed in 6u75, 7u55 and 8u5 (Deployment) 1088030 - CVE-2014-2401 Oracle JDK: unspecified vulnerability fixed in 5.0u75, 6u75, 7u55 and 8u5 (2D) 1088031 - CVE-2014-2420 Oracle JDK: unspecified vulnerability fixed in 6u75, 7u55 and 8u5 (Deployment)

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2014-0414.html

CWE : Common Weakness Enumeration

%idName
33 %CWE-200Information Exposure
33 %CWE-74Failure to Sanitize Data into a Different Plane ('Injection')
33 %CWE-59Improper Link Resolution Before File Access ('Link Following')

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:19605
 
Oval ID: oval:org.mitre.oval:def:19605
Title: HP-UX Running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2442 and CVE-2013-2466.
Family: unix Class: vulnerability
Reference(s): CVE-2013-2468
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19478
 
Oval ID: oval:org.mitre.oval:def:19478
Title: HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2442 and CVE-2013-2466.
Family: unix Class: vulnerability
Reference(s): CVE-2013-2468
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17206
 
Oval ID: oval:org.mitre.oval:def:17206
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2442 and CVE-2013-2466.
Family: windows Class: vulnerability
Reference(s): CVE-2013-2468
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22106
 
Oval ID: oval:org.mitre.oval:def:22106
Title: Vulnerability in Java SE 6u65, Java SE 7u45 component of Oracle Java SE (subcomponent: Deployment)
Description: Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5902, CVE-2014-0410, CVE-2014-0415, CVE-2014-0418, and CVE-2014-0424.
Family: windows Class: vulnerability
Reference(s): CVE-2013-5889
Version: 4
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18219
 
Oval ID: oval:org.mitre.oval:def:18219
Title: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and JavaFX 2.2.40 and earlier
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and JavaFX 2.2.40 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment.
Family: windows Class: vulnerability
Reference(s): CVE-2013-5848
Version: 5
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
JavaFX
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22135
 
Oval ID: oval:org.mitre.oval:def:22135
Title: HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and JavaFX 2.2.40 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment.
Family: unix Class: vulnerability
Reference(s): CVE-2013-5848
Version: 9
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19718
 
Oval ID: oval:org.mitre.oval:def:19718
Title: HP-UX Running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Javadoc component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier; JavaFX 2.2.21 and earlier; and OpenJDK 7 allows remote attackers to affect integrity via unknown vectors related to Javadoc. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to frame injection in HTML that is generated by Javadoc.
Family: unix Class: vulnerability
Reference(s): CVE-2013-1571
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19667
 
Oval ID: oval:org.mitre.oval:def:19667
Title: HP-UX Running Java5 Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Javadoc component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier; JavaFX 2.2.21 and earlier; and OpenJDK 7 allows remote attackers to affect integrity via unknown vectors related to Javadoc. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to frame injection in HTML that is generated by Javadoc.
Family: unix Class: vulnerability
Reference(s): CVE-2013-1571
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19518
 
Oval ID: oval:org.mitre.oval:def:19518
Title: HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Javadoc component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier; JavaFX 2.2.21 and earlier; and OpenJDK 7 allows remote attackers to affect integrity via unknown vectors related to Javadoc. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to frame injection in HTML that is generated by Javadoc.
Family: unix Class: vulnerability
Reference(s): CVE-2013-1571
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17215
 
Oval ID: oval:org.mitre.oval:def:17215
Title: Unspecified vulnerability in the Javadoc component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, 5.0 Update 45 and earlier, and JavaFX 2.2.21 and earlier allows remote attackers to affect integrity via unknown vectors related to Javadoc.
Description: Unspecified vulnerability in the Javadoc component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier; JavaFX 2.2.21 and earlier; and OpenJDK 7 allows remote attackers to affect integrity via unknown vectors related to Javadoc. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to frame injection in HTML that is generated by Javadoc.
Family: windows Class: vulnerability
Reference(s): CVE-2013-1571
Version: 8
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
JavaFX
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18645
 
Oval ID: oval:org.mitre.oval:def:18645
Title: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
Family: windows Class: vulnerability
Reference(s): CVE-2013-5782
Version: 8
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
JRockit
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22567
 
Oval ID: oval:org.mitre.oval:def:22567
Title: HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
Family: unix Class: vulnerability
Reference(s): CVE-2013-5782
Version: 9
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18761
 
Oval ID: oval:org.mitre.oval:def:18761
Title: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment.
Family: windows Class: vulnerability
Reference(s): CVE-2013-5818
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22525
 
Oval ID: oval:org.mitre.oval:def:22525
Title: HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment.
Family: unix Class: vulnerability
Reference(s): CVE-2013-5818
Version: 9
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19726
 
Oval ID: oval:org.mitre.oval:def:19726
Title: HP-UX Running Java5 Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows local users to affect confidentiality and integrity via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to weak permissions for shared memory.
Family: unix Class: vulnerability
Reference(s): CVE-2013-1500
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19663
 
Oval ID: oval:org.mitre.oval:def:19663
Title: HP-UX Running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows local users to affect confidentiality and integrity via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to weak permissions for shared memory.
Family: unix Class: vulnerability
Reference(s): CVE-2013-1500
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17221
 
Oval ID: oval:org.mitre.oval:def:17221
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows local users to affect confidentiality and integrity via unknown vectors related to 2D.
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows local users to affect confidentiality and integrity via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to weak permissions for shared memory.
Family: windows Class: vulnerability
Reference(s): CVE-2013-1500
Version: 8
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25907
 
Oval ID: oval:org.mitre.oval:def:25907
Title: SUSE-SU-2013:1255-1 -- Security update for java-1_6_0-ibm
Description: IBM Java 1.6.0 has been updated to SR14 to fix bugs and security issues.
Family: unix Class: patch
Reference(s): SUSE-SU-2013:1255-1
CVE-2013-3009
CVE-2013-3011
CVE-2013-3012
CVE-2013-4002
CVE-2013-2468
CVE-2013-2469
CVE-2013-2465
CVE-2013-2464
CVE-2013-2463
CVE-2013-2473
CVE-2013-2472
CVE-2013-2471
CVE-2013-2470
CVE-2013-2459
CVE-2013-2466
CVE-2013-3743
CVE-2013-2448
CVE-2013-2442
CVE-2013-2407
CVE-2013-2454
CVE-2013-2456
CVE-2013-2453
CVE-2013-2457
CVE-2013-2455
CVE-2013-2412
CVE-2013-2443
CVE-2013-2447
CVE-2013-2437
CVE-2013-2444
CVE-2013-2452
CVE-2013-2446
CVE-2013-2450
CVE-2013-1571
CVE-2013-2451
CVE-2013-1500
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Server 10
Product(s): java-1_6_0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25834
 
Oval ID: oval:org.mitre.oval:def:25834
Title: SUSE-SU-2013:1264-1 -- Security update for java-1_4_2-ibm
Description: IBM Java 1.4.2 has been updated to SR13-FP18 to fix bugs and security issues. Please see also http://www.ibm.com/developerworks/java/jdk/alerts/ <http://www.ibm.com/developerworks/java/jdk/alerts/> Also the following bug has been fixed: * mark files in jre/bin and bin/ as executable (bnc#823034)
Family: unix Class: patch
Reference(s): SUSE-SU-2013:1264-1
CVE-2013-3009
CVE-2013-3011
CVE-2013-3012
CVE-2013-2469
CVE-2013-2465
CVE-2013-2464
CVE-2013-2463
CVE-2013-2473
CVE-2013-2472
CVE-2013-2471
CVE-2013-2470
CVE-2013-2459
CVE-2013-2456
CVE-2013-2447
CVE-2013-2452
CVE-2013-2446
CVE-2013-2450
CVE-2013-1500
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Server 10
Product(s): java-1_4_2-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25783
 
Oval ID: oval:org.mitre.oval:def:25783
Title: SUSE-SU-2013:1293-2 -- Security update for IBM Java 1.4.2
Description: IBM Java 1.4.2 has been updated to SR13-FP18 to fix bugs and security issues: CVE-2013-3009, CVE-2013-3011, CVE-2013-3012, CVE-2013-2469, CVE-2013-2465, CVE-2013-2464, CVE-2013-2463, CVE-2013-2473, CVE-2013-2472, CVE-2013-2471, CVE-2013-2470, CVE-2013-2459, CVE-2013-2456, CVE-2013-2447, CVE-2013-2452, CVE-2013-2446, CVE-2013-2450, CVE-2013-1500 Please see also http://www.ibm.com/developerworks/java/jdk/alerts/ <http://www.ibm.com/developerworks/java/jdk/alerts/> Also following bug has been fixed: * mark files in jre/bin and bin/ as executable (bnc#823034)
Family: unix Class: patch
Reference(s): SUSE-SU-2013:1293-2
CVE-2013-3009
CVE-2013-3011
CVE-2013-3012
CVE-2013-2469
CVE-2013-2465
CVE-2013-2464
CVE-2013-2463
CVE-2013-2473
CVE-2013-2472
CVE-2013-2471
CVE-2013-2470
CVE-2013-2459
CVE-2013-2456
CVE-2013-2447
CVE-2013-2452
CVE-2013-2446
CVE-2013-2450
CVE-2013-1500
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Server 10
Product(s): IBM Java 1.4.2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25772
 
Oval ID: oval:org.mitre.oval:def:25772
Title: SUSE-SU-2013:1263-2 -- Security update for java-1_5_0-ibm
Description: IBM Java 1.5.0 was updated to SR16-FP3 to fix bugs and security issues.
Family: unix Class: patch
Reference(s): SUSE-SU-2013:1263-2
CVE-2013-3009
CVE-2013-3011
CVE-2013-3012
CVE-2013-4002
CVE-2013-2469
CVE-2013-2465
CVE-2013-2464
CVE-2013-2463
CVE-2013-2473
CVE-2013-2472
CVE-2013-2471
CVE-2013-2470
CVE-2013-2459
CVE-2013-3743
CVE-2013-2448
CVE-2013-2454
CVE-2013-2456
CVE-2013-2457
CVE-2013-2455
CVE-2013-2443
CVE-2013-2447
CVE-2013-2444
CVE-2013-2452
CVE-2013-2446
CVE-2013-2450
CVE-2013-1571
CVE-2013-1500
Version: 3
Platform(s): SUSE Linux Enterprise Server 10
Product(s): java-1_5_0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25758
 
Oval ID: oval:org.mitre.oval:def:25758
Title: SUSE-SU-2013:1257-1 -- Security update for java-1_7_0-ibm
Description: IBM Java 1.7.0 has been updated to SR5 to fix bugs and security issues.
Family: unix Class: patch
Reference(s): SUSE-SU-2013:1257-1
CVE-2013-3006
CVE-2013-3007
CVE-2013-3008
CVE-2013-3009
CVE-2013-3010
CVE-2013-3011
CVE-2013-3012
CVE-2013-4002
CVE-2013-2468
CVE-2013-2469
CVE-2013-2465
CVE-2013-2464
CVE-2013-2463
CVE-2013-2473
CVE-2013-2472
CVE-2013-2471
CVE-2013-2470
CVE-2013-2459
CVE-2013-2466
CVE-2013-2462
CVE-2013-2460
CVE-2013-3743
CVE-2013-2448
CVE-2013-2442
CVE-2013-2407
CVE-2013-2454
CVE-2013-2458
CVE-2013-3744
CVE-2013-2400
CVE-2013-2456
CVE-2013-2453
CVE-2013-2457
CVE-2013-2455
CVE-2013-2412
CVE-2013-2443
CVE-2013-2447
CVE-2013-2437
CVE-2013-2444
CVE-2013-2452
CVE-2013-2446
CVE-2013-2450
CVE-2013-1571
CVE-2013-2449
CVE-2013-2451
CVE-2013-1500
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
Product(s): java-1_7_0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25723
 
Oval ID: oval:org.mitre.oval:def:25723
Title: SUSE-SU-2013:1255-2 -- Security update for java-1_6_0-ibm
Description: IBM Java 1.6.0 has been updated to SR14 to fix bugs and security issues. Please see also http://www.ibm.com/developerworks/java/jdk/alerts/ <http://www.ibm.com/developerworks/java/jdk/alerts/> Also the following bugs have been fixed: * add Europe/Busingen to tzmappings (bnc#817062) * mark files in jre/bin and bin/ as executable (bnc#823034)
Family: unix Class: patch
Reference(s): SUSE-SU-2013:1255-2
CVE-2013-3009
CVE-2013-3011
CVE-2013-3012
CVE-2013-4002
CVE-2013-2468
CVE-2013-2469
CVE-2013-2465
CVE-2013-2464
CVE-2013-2463
CVE-2013-2473
CVE-2013-2472
CVE-2013-2471
CVE-2013-2470
CVE-2013-2459
CVE-2013-2466
CVE-2013-3743
CVE-2013-2448
CVE-2013-2442
CVE-2013-2407
CVE-2013-2454
CVE-2013-2456
CVE-2013-2453
CVE-2013-2457
CVE-2013-2455
CVE-2013-2412
CVE-2013-2443
CVE-2013-2447
CVE-2013-2437
CVE-2013-2444
CVE-2013-2452
CVE-2013-2446
CVE-2013-2450
CVE-2013-1571
CVE-2013-2451
CVE-2013-1500
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
Product(s): java-1_6_0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25638
 
Oval ID: oval:org.mitre.oval:def:25638
Title: SUSE-SU-2013:1305-1 -- Security update for IBM Java 1.6.0
Description: IBM Java 1.6.0 has been updated to SR14 to fix bugs and security issues. Please see also http://www.ibm.com/developerworks/java/jdk/alerts/ <http://www.ibm.com/developerworks/java/jdk/alerts/> Also the following bugs have been fixed: * add Europe/Busingen to tzmappings (bnc#817062) * mark files in jre/bin and bin/ as executable (bnc#823034) * check if installed qa_filelist is not empty (bnc#831936)
Family: unix Class: patch
Reference(s): SUSE-SU-2013:1305-1
CVE-2013-3009
CVE-2013-3011
CVE-2013-3012
CVE-2013-4002
CVE-2013-2468
CVE-2013-2469
CVE-2013-2465
CVE-2013-2464
CVE-2013-2463
CVE-2013-2473
CVE-2013-2472
CVE-2013-2471
CVE-2013-2470
CVE-2013-2459
CVE-2013-2466
CVE-2013-3743
CVE-2013-2448
CVE-2013-2442
CVE-2013-2407
CVE-2013-2454
CVE-2013-2456
CVE-2013-2453
CVE-2013-2457
CVE-2013-2455
CVE-2013-2412
CVE-2013-2443
CVE-2013-2447
CVE-2013-2437
CVE-2013-2444
CVE-2013-2452
CVE-2013-2446
CVE-2013-2450
CVE-2013-1571
CVE-2013-2451
CVE-2013-1500
Version: 3
Platform(s): SUSE Linux Enterprise Server 10
Product(s): IBM Java 1.6.0
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25636
 
Oval ID: oval:org.mitre.oval:def:25636
Title: SUSE-SU-2013:1255-3 -- Security update for IBM Java 1.6.0
Description: IBM Java 1.6.0 was updated to SR14 to fix bugs and security issues. Please see also http://www.ibm.com/developerworks/java/jdk/alerts/ <http://www.ibm.com/developerworks/java/jdk/alerts/> Also the following bugs have been fixed: * add Europe/Busingen to tzmappings (bnc#817062) * mark files in jre/bin and bin/ as executable (bnc#823034)
Family: unix Class: patch
Reference(s): SUSE-SU-2013:1255-3
CVE-2013-3009
CVE-2013-3011
CVE-2013-3012
CVE-2013-4002
CVE-2013-2468
CVE-2013-2469
CVE-2013-2465
CVE-2013-2464
CVE-2013-2463
CVE-2013-2473
CVE-2013-2472
CVE-2013-2471
CVE-2013-2470
CVE-2013-2459
CVE-2013-2466
CVE-2013-3743
CVE-2013-2448
CVE-2013-2442
CVE-2013-2407
CVE-2013-2454
CVE-2013-2456
CVE-2013-2453
CVE-2013-2457
CVE-2013-2455
CVE-2013-2412
CVE-2013-2443
CVE-2013-2447
CVE-2013-2437
CVE-2013-2444
CVE-2013-2452
CVE-2013-2446
CVE-2013-2450
CVE-2013-1571
CVE-2013-2451
CVE-2013-1500
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
Product(s): IBM Java 1.6.0
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25263
 
Oval ID: oval:org.mitre.oval:def:25263
Title: SUSE-SU-2013:1263-1 -- Security update for java-1_5_0-ibm
Description: IBM Java 1.5.0 has been updated to SR16-FP3 to fix bugs and security issues. Please see also http://www.ibm.com/developerworks/java/jdk/alerts/ <http://www.ibm.com/developerworks/java/jdk/alerts/> Also the following bug has been fixed: * add Europe/Busingen to tzmappings (bnc#817062) * mark files in jre/bin and bin/ as executable (bnc#823034)
Family: unix Class: patch
Reference(s): SUSE-SU-2013:1263-1
CVE-2013-3009
CVE-2013-3011
CVE-2013-3012
CVE-2013-4002
CVE-2013-2469
CVE-2013-2465
CVE-2013-2464
CVE-2013-2463
CVE-2013-2473
CVE-2013-2472
CVE-2013-2471
CVE-2013-2470
CVE-2013-2459
CVE-2013-3743
CVE-2013-2448
CVE-2013-2454
CVE-2013-2456
CVE-2013-2457
CVE-2013-2455
CVE-2013-2443
CVE-2013-2447
CVE-2013-2444
CVE-2013-2452
CVE-2013-2446
CVE-2013-2450
CVE-2013-1571
CVE-2013-1500
Version: 3
Platform(s): SUSE Linux Enterprise Server 10
SUSE Linux Enterprise Desktop 10
Product(s): java-1_5_0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19692
 
Oval ID: oval:org.mitre.oval:def:19692
Title: HP-UX Running Java5 Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to insufficient "access restrictions" and "robustness of sound classes."
Family: unix Class: vulnerability
Reference(s): CVE-2013-2448
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19669
 
Oval ID: oval:org.mitre.oval:def:19669
Title: HP-UX Running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to insufficient "access restrictions" and "robustness of sound classes."
Family: unix Class: vulnerability
Reference(s): CVE-2013-2448
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19632
 
Oval ID: oval:org.mitre.oval:def:19632
Title: HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to insufficient "access restrictions" and "robustness of sound classes."
Family: unix Class: vulnerability
Reference(s): CVE-2013-2448
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17052
 
Oval ID: oval:org.mitre.oval:def:17052
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound.
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to insufficient "access restrictions" and "robustness of sound classes."
Family: windows Class: vulnerability
Reference(s): CVE-2013-2448
Version: 8
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21219
 
Oval ID: oval:org.mitre.oval:def:21219
Title: RHSA-2013:1059: java-1.6.0-ibm security update (Critical)
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 allows remote attackers to affect availability via unknown vectors.
Family: unix Class: patch
Reference(s): RHSA-2013:1059-01
CVE-2013-1500
CVE-2013-1571
CVE-2013-2407
CVE-2013-2412
CVE-2013-2437
CVE-2013-2442
CVE-2013-2443
CVE-2013-2444
CVE-2013-2446
CVE-2013-2447
CVE-2013-2448
CVE-2013-2450
CVE-2013-2451
CVE-2013-2452
CVE-2013-2453
CVE-2013-2454
CVE-2013-2455
CVE-2013-2456
CVE-2013-2457
CVE-2013-2459
CVE-2013-2463
CVE-2013-2464
CVE-2013-2465
CVE-2013-2466
CVE-2013-2468
CVE-2013-2469
CVE-2013-2470
CVE-2013-2471
CVE-2013-2472
CVE-2013-2473
CVE-2013-3009
CVE-2013-3011
CVE-2013-3012
CVE-2013-3743
CVE-2013-4002
Version: 495
Platform(s): Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 5
Product(s): java-1.6.0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21196
 
Oval ID: oval:org.mitre.oval:def:21196
Title: RHSA-2013:1081: java-1.5.0-ibm security update (Important)
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 allows remote attackers to affect availability via unknown vectors.
Family: unix Class: patch
Reference(s): RHSA-2013:1081-01
CVE-2013-1500
CVE-2013-1571
CVE-2013-2443
CVE-2013-2444
CVE-2013-2446
CVE-2013-2447
CVE-2013-2448
CVE-2013-2450
CVE-2013-2452
CVE-2013-2454
CVE-2013-2455
CVE-2013-2456
CVE-2013-2457
CVE-2013-2459
CVE-2013-2463
CVE-2013-2464
CVE-2013-2465
CVE-2013-2469
CVE-2013-2470
CVE-2013-2471
CVE-2013-2472
CVE-2013-2473
CVE-2013-3009
CVE-2013-3011
CVE-2013-3012
CVE-2013-3743
CVE-2013-4002
Version: 383
Platform(s): Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 5
Product(s): java-1.5.0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21131
 
Oval ID: oval:org.mitre.oval:def:21131
Title: RHSA-2013:1060: java-1.7.0-ibm security update (Critical)
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 allows remote attackers to affect availability via unknown vectors.
Family: unix Class: patch
Reference(s): RHSA-2013:1060-01
CVE-2013-1500
CVE-2013-1571
CVE-2013-2400
CVE-2013-2407
CVE-2013-2412
CVE-2013-2437
CVE-2013-2442
CVE-2013-2444
CVE-2013-2446
CVE-2013-2447
CVE-2013-2448
CVE-2013-2449
CVE-2013-2450
CVE-2013-2451
CVE-2013-2452
CVE-2013-2453
CVE-2013-2454
CVE-2013-2455
CVE-2013-2456
CVE-2013-2457
CVE-2013-2458
CVE-2013-2459
CVE-2013-2460
CVE-2013-2462
CVE-2013-2463
CVE-2013-2464
CVE-2013-2465
CVE-2013-2466
CVE-2013-2468
CVE-2013-2469
CVE-2013-2470
CVE-2013-2471
CVE-2013-2472
CVE-2013-2473
CVE-2013-3006
CVE-2013-3007
CVE-2013-3008
CVE-2013-3009
CVE-2013-3010
CVE-2013-3011
CVE-2013-3012
CVE-2013-3744
CVE-2013-4002
Version: 607
Platform(s): Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 5
Product(s): java-1.7.0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21576
 
Oval ID: oval:org.mitre.oval:def:21576
Title: HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 allows remote attackers to affect availability via unknown vectors.
Family: unix Class: vulnerability
Reference(s): CVE-2013-4002
Version: 9
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24095
 
Oval ID: oval:org.mitre.oval:def:24095
Title: ELSA-2013:1059: java-1.6.0-ibm security update (Critical)
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 allows remote attackers to affect availability via unknown vectors.
Family: unix Class: patch
Reference(s): ELSA-2013:1059-01
CVE-2013-1500
CVE-2013-1571
CVE-2013-2407
CVE-2013-2412
CVE-2013-2437
CVE-2013-2442
CVE-2013-2443
CVE-2013-2444
CVE-2013-2446
CVE-2013-2447
CVE-2013-2448
CVE-2013-2450
CVE-2013-2451
CVE-2013-2452
CVE-2013-2453
CVE-2013-2454
CVE-2013-2455
CVE-2013-2456
CVE-2013-2457
CVE-2013-2459
CVE-2013-2463
CVE-2013-2464
CVE-2013-2465
CVE-2013-2466
CVE-2013-2468
CVE-2013-2469
CVE-2013-2470
CVE-2013-2471
CVE-2013-2472
CVE-2013-2473
CVE-2013-3009
CVE-2013-3011
CVE-2013-3012
CVE-2013-3743
CVE-2013-4002
Version: 145
Platform(s): Oracle Linux 6
Product(s): java-1.6.0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24028
 
Oval ID: oval:org.mitre.oval:def:24028
Title: ELSA-2013:1081: java-1.5.0-ibm security update (Important)
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 allows remote attackers to affect availability via unknown vectors.
Family: unix Class: patch
Reference(s): ELSA-2013:1081-01
CVE-2013-1500
CVE-2013-1571
CVE-2013-2443
CVE-2013-2444
CVE-2013-2446
CVE-2013-2447
CVE-2013-2448
CVE-2013-2450
CVE-2013-2452
CVE-2013-2454
CVE-2013-2455
CVE-2013-2456
CVE-2013-2457
CVE-2013-2459
CVE-2013-2463
CVE-2013-2464
CVE-2013-2465
CVE-2013-2469
CVE-2013-2470
CVE-2013-2471
CVE-2013-2472
CVE-2013-2473
CVE-2013-3009
CVE-2013-3011
CVE-2013-3012
CVE-2013-3743
CVE-2013-4002
Version: 113
Platform(s): Oracle Linux 6
Product(s): java-1.5.0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23596
 
Oval ID: oval:org.mitre.oval:def:23596
Title: ELSA-2013:1060: java-1.7.0-ibm security update (Critical)
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 allows remote attackers to affect availability via unknown vectors.
Family: unix Class: patch
Reference(s): ELSA-2013:1060-01
CVE-2013-1500
CVE-2013-1571
CVE-2013-2400
CVE-2013-2407
CVE-2013-2412
CVE-2013-2437
CVE-2013-2442
CVE-2013-2444
CVE-2013-2446
CVE-2013-2447
CVE-2013-2448
CVE-2013-2449
CVE-2013-2450
CVE-2013-2451
CVE-2013-2452
CVE-2013-2453
CVE-2013-2454
CVE-2013-2455
CVE-2013-2456
CVE-2013-2457
CVE-2013-2458
CVE-2013-2459
CVE-2013-2460
CVE-2013-2462
CVE-2013-2463
CVE-2013-2464
CVE-2013-2465
CVE-2013-2466
CVE-2013-2468
CVE-2013-2469
CVE-2013-2470
CVE-2013-2471
CVE-2013-2472
CVE-2013-2473
CVE-2013-3006
CVE-2013-3007
CVE-2013-3008
CVE-2013-3009
CVE-2013-3010
CVE-2013-3011
CVE-2013-3012
CVE-2013-3744
CVE-2013-4002
Version: 177
Platform(s): Oracle Linux 6
Product(s): java-1.7.0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26596
 
Oval ID: oval:org.mitre.oval:def:26596
Title: ELSA-2014-1319 -- xerces-j2 security update (Moderate)
Description: Apache Xerces for Java (Xerces-J) is a high performance, standards compliant, validating XML parser written in Java. The xerces-j2 packages provide Xerces-J version 2. A resource consumption issue was found in the way Xerces-J handled XML declarations. A remote attacker could use an XML document with a specially crafted declaration using a long pseudo-attribute name that, when parsed by an application using Xerces-J, would cause that application to use an excessive amount of CPU. (CVE-2013-4002) All xerces-j2 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. Applications using the Xerces-J must be restarted for this update to take effect.
Family: unix Class: patch
Reference(s): ELSA-2014-1319
CVE-2013-4002
Version: 3
Platform(s): Oracle Linux 7
Product(s): xerces-j2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27229
 
Oval ID: oval:org.mitre.oval:def:27229
Title: RHSA-2014:1319: xerces-j2 security update (Moderate)
Description: Apache Xerces for Java (Xerces-J) is a high performance, standards compliant, validating XML parser written in Java. The xerces-j2 packages provide Xerces-J version 2. A resource consumption issue was found in the way Xerces-J handled XML declarations. A remote attacker could use an XML document with a specially crafted declaration using a long pseudo-attribute name that, when parsed by an application using Xerces-J, would cause that application to use an excessive amount of CPU. (CVE-2013-4002) All xerces-j2 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. Applications using the Xerces-J must be restarted for this update to take effect.
Family: unix Class: patch
Reference(s): RHSA-2014:1319-00
CESA-2014:1319
CVE-2013-4002
Version: 3
Platform(s): Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
CentOS Linux 6
CentOS Linux 7
Product(s): xerces-j2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24520
 
Oval ID: oval:org.mitre.oval:def:24520
Title: Unspecified vulnerability in Oracle Java SE 5.0u61, SE 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries
Description: Unspecified vulnerability in Oracle Java SE 5.0u61, SE 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Family: windows Class: vulnerability
Reference(s): CVE-2014-0457
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
JRockit
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24482
 
Oval ID: oval:org.mitre.oval:def:24482
Title: Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D
Description: Unspecified vulnerability in Oracle Java SE 5.0u61, SE 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Family: windows Class: vulnerability
Reference(s): CVE-2014-0457
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
JavaFX
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26257
 
Oval ID: oval:org.mitre.oval:def:26257
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 5.0u61, SE 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Family: unix Class: vulnerability
Reference(s): CVE-2014-0457
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22245
 
Oval ID: oval:org.mitre.oval:def:22245
Title: Vulnerability in Java SE 6u65, Java SE 7u45 and Java SE Embedded 7u45 component of Oracle Java SE (subcomponent: Security)
Description: Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, Java SE Embedded 7u45, and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the the Security component does not properly handle null XML namespace (xmlns) attributes during XML document canonicalization, which allows attackers to escape the sandbox.
Family: windows Class: vulnerability
Reference(s): CVE-2013-5878
Version: 4
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24275
 
Oval ID: oval:org.mitre.oval:def:24275
Title: HP-UX Running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, Java SE Embedded 7u45, and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the the Security component does not properly handle null XML namespace (xmlns) attributes during XML document canonicalization, which allows attackers to escape the sandbox.
Family: unix Class: vulnerability
Reference(s): CVE-2013-5878
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21198
 
Oval ID: oval:org.mitre.oval:def:21198
Title: RHSA-2013:1505: java-1.6.0-openjdk security update (Important)
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Family: unix Class: patch
Reference(s): RHSA-2013:1505-00
CESA-2013:1505
CVE-2013-3829
CVE-2013-4002
CVE-2013-5772
CVE-2013-5774
CVE-2013-5778
CVE-2013-5780
CVE-2013-5782
CVE-2013-5783
CVE-2013-5784
CVE-2013-5790
CVE-2013-5797
CVE-2013-5802
CVE-2013-5803
CVE-2013-5804
CVE-2013-5809
CVE-2013-5814
CVE-2013-5817
CVE-2013-5820
CVE-2013-5823
CVE-2013-5825
CVE-2013-5829
CVE-2013-5830
CVE-2013-5840
CVE-2013-5842
CVE-2013-5849
CVE-2013-5850
Version: 367
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
CentOS Linux 5
CentOS Linux 6
Product(s): java-1.6.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19566
 
Oval ID: oval:org.mitre.oval:def:19566
Title: USN-2033-1 -- openjdk-6 vulnerabilities
Description: Several security issues were fixed in OpenJDK 6.
Family: unix Class: patch
Reference(s): USN-2033-1
CVE-2013-3829
CVE-2013-5783
CVE-2013-5804
CVE-2013-4002
CVE-2013-5803
CVE-2013-5823
CVE-2013-5825
CVE-2013-5772
CVE-2013-5774
CVE-2013-5784
CVE-2013-5797
CVE-2013-5820
CVE-2013-5778
CVE-2013-5780
CVE-2013-5790
CVE-2013-5840
CVE-2013-5849
CVE-2013-5851
CVE-2013-5782
CVE-2013-5802
CVE-2013-5809
CVE-2013-5829
CVE-2013-5814
CVE-2013-5817
CVE-2013-5830
CVE-2013-5842
CVE-2013-5850
Version: 5
Platform(s): Ubuntu 12.04
Ubuntu 10.04
Product(s): openjdk-6
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19150
 
Oval ID: oval:org.mitre.oval:def:19150
Title: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Family: windows Class: vulnerability
Reference(s): CVE-2013-5850
Version: 8
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22570
 
Oval ID: oval:org.mitre.oval:def:22570
Title: HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Family: unix Class: vulnerability
Reference(s): CVE-2013-5850
Version: 9
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23949
 
Oval ID: oval:org.mitre.oval:def:23949
Title: ELSA-2013:1505: java-1.6.0-openjdk security update (Important)
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Family: unix Class: patch
Reference(s): ELSA-2013:1505-00
CVE-2013-3829
CVE-2013-4002
CVE-2013-5772
CVE-2013-5774
CVE-2013-5778
CVE-2013-5780
CVE-2013-5782
CVE-2013-5783
CVE-2013-5784
CVE-2013-5790
CVE-2013-5797
CVE-2013-5802
CVE-2013-5803
CVE-2013-5804
CVE-2013-5809
CVE-2013-5814
CVE-2013-5817
CVE-2013-5820
CVE-2013-5823
CVE-2013-5825
CVE-2013-5829
CVE-2013-5830
CVE-2013-5840
CVE-2013-5842
CVE-2013-5849
CVE-2013-5850
Version: 109
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): java-1.6.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23260
 
Oval ID: oval:org.mitre.oval:def:23260
Title: DEPRECATED: ELSA-2013:1505: java-1.6.0-openjdk security update (Important)
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Family: unix Class: patch
Reference(s): ELSA-2013:1505-00
CVE-2013-3829
CVE-2013-4002
CVE-2013-5772
CVE-2013-5774
CVE-2013-5778
CVE-2013-5780
CVE-2013-5782
CVE-2013-5783
CVE-2013-5784
CVE-2013-5790
CVE-2013-5797
CVE-2013-5802
CVE-2013-5803
CVE-2013-5804
CVE-2013-5809
CVE-2013-5814
CVE-2013-5817
CVE-2013-5820
CVE-2013-5823
CVE-2013-5825
CVE-2013-5829
CVE-2013-5830
CVE-2013-5840
CVE-2013-5842
CVE-2013-5849
CVE-2013-5850
Version: 110
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): java-1.6.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27040
 
Oval ID: oval:org.mitre.oval:def:27040
Title: DEPRECATED: ELSA-2013-1505 -- java-1.6.0-openjdk security update (important)
Description: [1:1.6.0.0-1.68.1.11.14] - updated to icedtea6-1.11.14.tar.gz - added and applied 1.11.14-fixes.patch, patch10 to fix build issues - adapted patch8 java-1.6.0-openjdk-timezone-id.patch - Resolves: rhbz#1017618 [1:1.6.0.1-1.67.1.13.0] - reverted previous update - Resolves: rhbz#1017618 [1:1.6.0.1-1.66.1.13.0] - updated to icedtea 1.13 - updated to openjdk-6-src-b28-04_oct_2013 - added --disable-lcms2 configure switch to fix tck - removed upstreamed patch7,java-1.6.0-openjdk-jstack.patch - added patch7 1.13_fixes.patch to fix 1.13 build issues - adapted patch0 java-1.6.0-openjdk-optflags.patch - adapted patch3 java-1.6.0-openjdk-java-access-bridge-security.patch - adapted patch8 java-1.6.0-openjdk-timezone-id.patch - removed useless runtests parts - included also java.security.old files - Resolves: rhbz#1017618
Family: unix Class: patch
Reference(s): ELSA-2013-1505
CVE-2013-3829
CVE-2013-4002
CVE-2013-5772
CVE-2013-5774
CVE-2013-5778
CVE-2013-5780
CVE-2013-5782
CVE-2013-5783
CVE-2013-5784
CVE-2013-5790
CVE-2013-5797
CVE-2013-5802
CVE-2013-5803
CVE-2013-5804
CVE-2013-5809
CVE-2013-5814
CVE-2013-5817
CVE-2013-5820
CVE-2013-5823
CVE-2013-5825
CVE-2013-5829
CVE-2013-5830
CVE-2013-5840
CVE-2013-5842
CVE-2013-5849
CVE-2013-5850
Version: 4
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): java-1.6.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19568
 
Oval ID: oval:org.mitre.oval:def:19568
Title: HP-UX Running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and availability via unknown vectors related to Libraries. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "XML security and the class loader."
Family: unix Class: vulnerability
Reference(s): CVE-2013-2407
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18622
 
Oval ID: oval:org.mitre.oval:def:18622
Title: HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and availability via unknown vectors related to Libraries. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "XML security and the class loader."
Family: unix Class: vulnerability
Reference(s): CVE-2013-2407
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17195
 
Oval ID: oval:org.mitre.oval:def:17195
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality and availability via unknown vectors related to Libraries.
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and availability via unknown vectors related to Libraries. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "XML security and the class loader."
Family: windows Class: vulnerability
Reference(s): CVE-2013-2407
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19020
 
Oval ID: oval:org.mitre.oval:def:19020
Title: Unspecified vulnerability in Oracle Java SE Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, 6u60 and earlier, 5.0u51 and earlier, and Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to 2D.
Family: windows Class: vulnerability
Reference(s): CVE-2013-5778
Version: 9
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22202
 
Oval ID: oval:org.mitre.oval:def:22202
Title: HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, 6u60 and earlier, 5.0u51 and earlier, and Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to 2D.
Family: unix Class: vulnerability
Reference(s): CVE-2013-5778
Version: 9
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19676
 
Oval ID: oval:org.mitre.oval:def:19676
Title: HP-UX Running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Serialization. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper access checks for subclasses in the ObjectOutputStream class.
Family: unix Class: vulnerability
Reference(s): CVE-2013-2456
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19643
 
Oval ID: oval:org.mitre.oval:def:19643
Title: HP-UX Running Java5 Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Serialization. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper access checks for subclasses in the ObjectOutputStream class.
Family: unix Class: vulnerability
Reference(s): CVE-2013-2456
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19267
 
Oval ID: oval:org.mitre.oval:def:19267
Title: HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Serialization. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper access checks for subclasses in the ObjectOutputStream class.
Family: unix Class: vulnerability
Reference(s): CVE-2013-2456
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17294
 
Oval ID: oval:org.mitre.oval:def:17294
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Serialization.
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Serialization. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper access checks for subclasses in the ObjectOutputStream class.
Family: windows Class: vulnerability
Reference(s): CVE-2013-2456
Version: 8
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24502
 
Oval ID: oval:org.mitre.oval:def:24502
Title: Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries
Description: Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Family: windows Class: vulnerability
Reference(s): CVE-2014-0446
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26415
 
Oval ID: oval:org.mitre.oval:def:26415
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Family: unix Class: vulnerability
Reference(s): CVE-2014-0446
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21989
 
Oval ID: oval:org.mitre.oval:def:21989
Title: Vulnerability in Java SE component of Oracle Java SE 6u65 and Java SE 7u45 (subcomponent: Deployment)
Description: Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5889, CVE-2013-5902, CVE-2014-0415, CVE-2014-0418, and CVE-2014-0424.
Family: windows Class: vulnerability
Reference(s): CVE-2014-0410
Version: 4
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19470
 
Oval ID: oval:org.mitre.oval:def:19470
Title: HP-UX Running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and integrity via vectors related to JDBC. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue does not properly restrict access to certain class packages in the SerialJavaObject class, which allows remote attackers to bypass the Java sandbox.
Family: unix Class: vulnerability
Reference(s): CVE-2013-2454
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19407
 
Oval ID: oval:org.mitre.oval:def:19407
Title: HP-UX Running Java5 Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and integrity via vectors related to JDBC. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue does not properly restrict access to certain class packages in the SerialJavaObject class, which allows remote attackers to bypass the Java sandbox.
Family: unix Class: vulnerability
Reference(s): CVE-2013-2454
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19237
 
Oval ID: oval:org.mitre.oval:def:19237
Title: HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and integrity via vectors related to JDBC. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue does not properly restrict access to certain class packages in the SerialJavaObject class, which allows remote attackers to bypass the Java sandbox.
Family: unix Class: vulnerability
Reference(s): CVE-2013-2454
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17236
 
Oval ID: oval:org.mitre.oval:def:17236
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality and integrity via vectors related to JDBC.
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and integrity via vectors related to JDBC. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue does not properly restrict access to certain class packages in the SerialJavaObject class, which allows remote attackers to bypass the Java sandbox.
Family: windows Class: vulnerability
Reference(s): CVE-2013-2454
Version: 8
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19655
 
Oval ID: oval:org.mitre.oval:def:19655
Title: HP-UX Running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "ImagingLib byte lookup processing."
Family: unix Class: vulnerability
Reference(s): CVE-2013-2470
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19517
 
Oval ID: oval:org.mitre.oval:def:19517
Title: HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "ImagingLib byte lookup processing."
Family: unix Class: vulnerability
Reference(s): CVE-2013-2470
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19348
 
Oval ID: oval:org.mitre.oval:def:19348
Title: HP-UX Running Java5 Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "ImagingLib byte lookup processing."
Family: unix Class: vulnerability
Reference(s): CVE-2013-2470
Version: 13
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16806
 
Oval ID: oval:org.mitre.oval:def:16806
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "ImagingLib byte lookup processing."
Family: windows Class: vulnerability
Reference(s): CVE-2013-2470
Version: 8
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22192
 
Oval ID: oval:org.mitre.oval:def:22192
Title: Vulnerability in Java SE component of Oracle Java SE 6u65 and Java SE 7u45 (subcomponent: Deployment)
Description: Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5889, CVE-2013-5902, CVE-2014-0410, CVE-2014-0418, and CVE-2014-0424.
Family: windows Class: vulnerability
Reference(s): CVE-2014-0415
Version: 4
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24226
 
Oval ID: oval:org.mitre.oval:def:24226
Title: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8 allows remote attackers to affect integrity via unknown vectors related to Deployment
Description: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect integrity via unknown vectors related to Deployment.
Family: windows Class: vulnerability
Reference(s): CVE-2014-2420
Version: 4
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26429
 
Oval ID: oval:org.mitre.oval:def:26429
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect integrity via unknown vectors related to Deployment.
Family: unix Class: vulnerability
Reference(s): CVE-2014-2420
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23723
 
Oval ID: oval:org.mitre.oval:def:23723
Title: The unpacker::redirect_stdio function in unpack.cpp in unpack200 in OpenJDK 6, 7, and 8; Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1 does not securely create temporary files when a log file cannot be opened, which allows local users to overwrite arbitrary files via a symlink attack on /tmp/unpack.log
Description: The unpacker::redirect_stdio function in unpack.cpp in unpack200 in OpenJDK 6, 7, and 8; Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 does not securely create temporary files when a log file cannot be opened, which allows local users to overwrite arbitrary files via a symlink attack on /tmp/unpack.log.
Family: windows Class: vulnerability
Reference(s): CVE-2014-1876
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
JRockit
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26220
 
Oval ID: oval:org.mitre.oval:def:26220
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: The unpacker::redirect_stdio function in unpack.cpp in unpack200 in OpenJDK 6, 7, and 8; Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 does not securely create temporary files when a log file cannot be opened, which allows local users to overwrite arbitrary files via a symlink attack on /tmp/unpack.log.
Family: unix Class: vulnerability
Reference(s): CVE-2014-1876
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24228
 
Oval ID: oval:org.mitre.oval:def:24228
Title: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS
Description: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0452 and CVE-2014-2423.
Family: windows Class: vulnerability
Reference(s): CVE-2014-0458
Version: 4
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26352
 
Oval ID: oval:org.mitre.oval:def:26352
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0452 and CVE-2014-2423.
Family: unix Class: vulnerability
Reference(s): CVE-2014-0458
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22227
 
Oval ID: oval:org.mitre.oval:def:22227
Title: Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45 and Java SE Embedded 7u45 component of Oracle Java SE (subcomponent: CORBA)
Description: Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality via vectors related to CORBA. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to an incorrect check for code permissions by CORBA stub factories.
Family: windows Class: vulnerability
Reference(s): CVE-2013-5884
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24510
 
Oval ID: oval:org.mitre.oval:def:24510
Title: Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound
Description: Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound.
Family: windows Class: vulnerability
Reference(s): CVE-2014-2427
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24666
 
Oval ID: oval:org.mitre.oval:def:24666
Title: RHSA-2014:0406: java-1.7.0-openjdk security update (Critical)
Description: The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2014-0429) Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-0457, CVE-2014-0455, CVE-2014-0461) Multiple improper permission check issues were discovered in the AWT, JAX-WS, JAXB, Libraries, Security, Sound, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-2402, CVE-2014-0446, CVE-2014-2413, CVE-2014-0454, CVE-2014-2427, CVE-2014-0459) Multiple flaws were identified in the Java Naming and Directory Interface (JNDI) DNS client. These flaws could make it easier for a remote attacker to perform DNS spoofing attacks. (CVE-2014-0460) It was discovered that the JAXP component did not properly prevent access to arbitrary files when a SecurityManager was present. This flaw could cause a Java application using JAXP to leak sensitive information, or affect application availability. (CVE-2014-2403) It was discovered that the Security component in OpenJDK could leak some timing information when performing PKCS#1 unpadding. This could possibly lead to the disclosure of some information that was meant to be protected by encryption. (CVE-2014-0453) It was discovered that the fix for CVE-2013-5797 did not properly resolve input sanitization flaws in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting (XSS) attacks. (CVE-2014-2398) An insecure temporary file use flaw was found in the way the unpack200 utility created log files. A local attacker could possibly use this flaw to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running unpack200. (CVE-2014-1876) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
Family: unix Class: patch
Reference(s): RHSA-2014:0406-00
CESA-2014:0406
CVE-2014-0429
CVE-2014-0446
CVE-2014-0451
CVE-2014-0452
CVE-2014-0453
CVE-2014-0454
CVE-2014-0455
CVE-2014-0456
CVE-2014-0457
CVE-2014-0458
CVE-2014-0459
CVE-2014-0460
CVE-2014-0461
CVE-2014-1876
CVE-2014-2397
CVE-2014-2398
CVE-2014-2402
CVE-2014-2403
CVE-2014-2412
CVE-2014-2413
CVE-2014-2414
CVE-2014-2421
CVE-2014-2423
CVE-2014-2427
Version: 3
Platform(s): Red Hat Enterprise Linux 6
CentOS Linux 6
Product(s): java-1.7.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24641
 
Oval ID: oval:org.mitre.oval:def:24641
Title: RHSA-2014:0407: java-1.7.0-openjdk security update (Important)
Description: The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2014-0429) Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-0457, CVE-2014-0455, CVE-2014-0461) Multiple improper permission check issues were discovered in the AWT, JAX-WS, JAXB, Libraries, Security, Sound, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-2402, CVE-2014-0446, CVE-2014-2413, CVE-2014-0454, CVE-2014-2427, CVE-2014-0459) Multiple flaws were identified in the Java Naming and Directory Interface (JNDI) DNS client. These flaws could make it easier for a remote attacker to perform DNS spoofing attacks. (CVE-2014-0460) It was discovered that the JAXP component did not properly prevent access to arbitrary files when a SecurityManager was present. This flaw could cause a Java application using JAXP to leak sensitive information, or affect application availability. (CVE-2014-2403) It was discovered that the Security component in OpenJDK could leak some timing information when performing PKCS#1 unpadding. This could possibly lead to the disclosure of some information that was meant to be protected by encryption. (CVE-2014-0453) It was discovered that the fix for CVE-2013-5797 did not properly resolve input sanitization flaws in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting (XSS) attacks. (CVE-2014-2398) An insecure temporary file use flaw was found in the way the unpack200 utility created log files. A local attacker could possibly use this flaw to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running unpack200. (CVE-2014-1876) All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
Family: unix Class: patch
Reference(s): RHSA-2014:0407-00
CESA-2014:0407
CVE-2014-0429
CVE-2014-0446
CVE-2014-0451
CVE-2014-0452
CVE-2014-0453
CVE-2014-0454
CVE-2014-0455
CVE-2014-0456
CVE-2014-0457
CVE-2014-0458
CVE-2014-0459
CVE-2014-0460
CVE-2014-0461
CVE-2014-1876
CVE-2014-2397
CVE-2014-2398
CVE-2014-2402
CVE-2014-2403
CVE-2014-2412
CVE-2014-2413
CVE-2014-2414
CVE-2014-2421
CVE-2014-2423
CVE-2014-2427
Version: 3
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): java-1.7.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24444
 
Oval ID: oval:org.mitre.oval:def:24444
Title: RHSA-2014:0408: java-1.6.0-openjdk security and bug fix update (Important)
Description: The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2014-0429) Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-0457, CVE-2014-0461) Multiple improper permission check issues were discovered in the AWT, JAX-WS, JAXB, Libraries, and Sound components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-0446, CVE-2014-2427) Multiple flaws were identified in the Java Naming and Directory Interface (JNDI) DNS client. These flaws could make it easier for a remote attacker to perform DNS spoofing attacks. (CVE-2014-0460) It was discovered that the JAXP component did not properly prevent access to arbitrary files when a SecurityManager was present. This flaw could cause a Java application using JAXP to leak sensitive information, or affect application availability. (CVE-2014-2403) It was discovered that the Security component in OpenJDK could leak some timing information when performing PKCS#1 unpadding. This could possibly lead to the disclosure of some information that was meant to be protected by encryption. (CVE-2014-0453) It was discovered that the fix for CVE-2013-5797 did not properly resolve input sanitization flaws in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting (XSS) attacks. (CVE-2014-2398) An insecure temporary file use flaw was found in the way the unpack200 utility created log files. A local attacker could possibly use this flaw to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running unpack200. (CVE-2014-1876) This update also fixes the following bug: * The OpenJDK update to IcedTea version 1.13 introduced a regression related to the handling of the jdk_version_info variable. This variable was not properly zeroed out before being passed to the Java Virtual Machine, resulting in a memory leak in the java.lang.ref.Finalizer class. This update fixes this issue, and memory leaks no longer occur. (BZ#1085373) All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
Family: unix Class: patch
Reference(s): RHSA-2014:0408-00
CESA-2014:0408
CVE-2014-0429
CVE-2014-0446
CVE-2014-0451
CVE-2014-0452
CVE-2014-0453
CVE-2014-0456
CVE-2014-0457
CVE-2014-0458
CVE-2014-0460
CVE-2014-0461
CVE-2014-1876
CVE-2014-2397
CVE-2014-2398
CVE-2014-2403
CVE-2014-2412
CVE-2014-2414
CVE-2014-2421
CVE-2014-2423
CVE-2014-2427
Version: 3
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
CentOS Linux 5
CentOS Linux 6
Product(s): java-1.6.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24662
 
Oval ID: oval:org.mitre.oval:def:24662
Title: ELSA-2014:0407: java-1.7.0-openjdk security update (Important)
Description: The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2014-0429) Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-0457, CVE-2014-0455, CVE-2014-0461) Multiple improper permission check issues were discovered in the AWT, JAX-WS, JAXB, Libraries, Security, Sound, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-2402, CVE-2014-0446, CVE-2014-2413, CVE-2014-0454, CVE-2014-2427, CVE-2014-0459) Multiple flaws were identified in the Java Naming and Directory Interface (JNDI) DNS client. These flaws could make it easier for a remote attacker to perform DNS spoofing attacks. (CVE-2014-0460) It was discovered that the JAXP component did not properly prevent access to arbitrary files when a SecurityManager was present. This flaw could cause a Java application using JAXP to leak sensitive information, or affect application availability. (CVE-2014-2403) It was discovered that the Security component in OpenJDK could leak some timing information when performing PKCS#1 unpadding. This could possibly lead to the disclosure of some information that was meant to be protected by encryption. (CVE-2014-0453) It was discovered that the fix for CVE-2013-5797 did not properly resolve input sanitization flaws in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting (XSS) attacks. (CVE-2014-2398) An insecure temporary file use flaw was found in the way the unpack200 utility created log files. A local attacker could possibly use this flaw to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running unpack200. (CVE-2014-1876) All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
Family: unix Class: patch
Reference(s): ELSA-2014:0407-00
CVE-2014-0429
CVE-2014-0446
CVE-2014-0451
CVE-2014-0452
CVE-2014-0453
CVE-2014-0454
CVE-2014-0455
CVE-2014-0456
CVE-2014-0457
CVE-2014-0458
CVE-2014-0459
CVE-2014-0460
CVE-2014-0461
CVE-2014-1876
CVE-2014-2397
CVE-2014-2398
CVE-2014-2402
CVE-2014-2403
CVE-2014-2412
CVE-2014-2413
CVE-2014-2414
CVE-2014-2421
CVE-2014-2423
CVE-2014-2427
Version: 5
Platform(s): Oracle Linux 5
Product(s): java-1.7.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24276
 
Oval ID: oval:org.mitre.oval:def:24276
Title: ELSA-2014:0406: java-1.7.0-openjdk security update (Critical)
Description: The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2014-0429) Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-0457, CVE-2014-0455, CVE-2014-0461) Multiple improper permission check issues were discovered in the AWT, JAX-WS, JAXB, Libraries, Security, Sound, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-2402, CVE-2014-0446, CVE-2014-2413, CVE-2014-0454, CVE-2014-2427, CVE-2014-0459) Multiple flaws were identified in the Java Naming and Directory Interface (JNDI) DNS client. These flaws could make it easier for a remote attacker to perform DNS spoofing attacks. (CVE-2014-0460) It was discovered that the JAXP component did not properly prevent access to arbitrary files when a SecurityManager was present. This flaw could cause a Java application using JAXP to leak sensitive information, or affect application availability. (CVE-2014-2403) It was discovered that the Security component in OpenJDK could leak some timing information when performing PKCS#1 unpadding. This could possibly lead to the disclosure of some information that was meant to be protected by encryption. (CVE-2014-0453) It was discovered that the fix for CVE-2013-5797 did not properly resolve input sanitization flaws in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting (XSS) attacks. (CVE-2014-2398) An insecure temporary file use flaw was found in the way the unpack200 utility created log files. A local attacker could possibly use this flaw to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running unpack200. (CVE-2014-1876) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
Family: unix Class: patch
Reference(s): ELSA-2014:0406-00
CVE-2014-0429
CVE-2014-0446
CVE-2014-0451
CVE-2014-0452
CVE-2014-0453
CVE-2014-0454
CVE-2014-0455
CVE-2014-0456
CVE-2014-0457
CVE-2014-0458
CVE-2014-0459
CVE-2014-0460
CVE-2014-0461
CVE-2014-1876
CVE-2014-2397
CVE-2014-2398
CVE-2014-2402
CVE-2014-2403
CVE-2014-2412
CVE-2014-2413
CVE-2014-2414
CVE-2014-2421
CVE-2014-2423
CVE-2014-2427
Version: 5
Platform(s): Oracle Linux 6
Product(s): java-1.7.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23985
 
Oval ID: oval:org.mitre.oval:def:23985
Title: ELSA-2014:0408: java-1.6.0-openjdk security and bug fix update (Important)
Description: The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2014-0429) Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-0457, CVE-2014-0461) Multiple improper permission check issues were discovered in the AWT, JAX-WS, JAXB, Libraries, and Sound components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-0446, CVE-2014-2427) Multiple flaws were identified in the Java Naming and Directory Interface (JNDI) DNS client. These flaws could make it easier for a remote attacker to perform DNS spoofing attacks. (CVE-2014-0460) It was discovered that the JAXP component did not properly prevent access to arbitrary files when a SecurityManager was present. This flaw could cause a Java application using JAXP to leak sensitive information, or affect application availability. (CVE-2014-2403) It was discovered that the Security component in OpenJDK could leak some timing information when performing PKCS#1 unpadding. This could possibly lead to the disclosure of some information that was meant to be protected by encryption. (CVE-2014-0453) It was discovered that the fix for CVE-2013-5797 did not properly resolve input sanitization flaws in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting (XSS) attacks. (CVE-2014-2398) An insecure temporary file use flaw was found in the way the unpack200 utility created log files. A local attacker could possibly use this flaw to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running unpack200. (CVE-2014-1876) This update also fixes the following bug: * The OpenJDK update to IcedTea version 1.13 introduced a regression related to the handling of the jdk_version_info variable. This variable was not properly zeroed out before being passed to the Java Virtual Machine, resulting in a memory leak in the java.lang.ref.Finalizer class. This update fixes this issue, and memory leaks no longer occur. (BZ#1085373) All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
Family: unix Class: patch
Reference(s): ELSA-2014:0408-00
CVE-2014-0429
CVE-2014-0446
CVE-2014-0451
CVE-2014-0452
CVE-2014-0453
CVE-2014-0456
CVE-2014-0457
CVE-2014-0458
CVE-2014-0460
CVE-2014-0461
CVE-2014-1876
CVE-2014-2397
CVE-2014-2398
CVE-2014-2403
CVE-2014-2412
CVE-2014-2414
CVE-2014-2421
CVE-2014-2423
CVE-2014-2427
Version: 5
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): java-1.6.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23968
 
Oval ID: oval:org.mitre.oval:def:23968
Title: DEPRECATED: ELSA-2014:0408: java-1.6.0-openjdk security and bug fix update (Important)
Description: The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2014-0429) Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-0457, CVE-2014-0461) Multiple improper permission check issues were discovered in the AWT, JAX-WS, JAXB, Libraries, and Sound components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-0446, CVE-2014-2427) Multiple flaws were identified in the Java Naming and Directory Interface (JNDI) DNS client. These flaws could make it easier for a remote attacker to perform DNS spoofing attacks. (CVE-2014-0460) It was discovered that the JAXP component did not properly prevent access to arbitrary files when a SecurityManager was present. This flaw could cause a Java application using JAXP to leak sensitive information, or affect application availability. (CVE-2014-2403) It was discovered that the Security component in OpenJDK could leak some timing information when performing PKCS#1 unpadding. This could possibly lead to the disclosure of some information that was meant to be protected by encryption. (CVE-2014-0453) It was discovered that the fix for CVE-2013-5797 did not properly resolve input sanitization flaws in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting (XSS) attacks. (CVE-2014-2398) An insecure temporary file use flaw was found in the way the unpack200 utility created log files. A local attacker could possibly use this flaw to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running unpack200. (CVE-2014-1876) This update also fixes the following bug: * The OpenJDK update to IcedTea version 1.13 introduced a regression related to the handling of the jdk_version_info variable. This variable was not properly zeroed out before being passed to the Java Virtual Machine, resulting in a memory leak in the java.lang.ref.Finalizer class. This update fixes this issue, and memory leaks no longer occur. (BZ#1085373) All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
Family: unix Class: patch
Reference(s): ELSA-2014:0408-00
CVE-2014-0429
CVE-2014-0446
CVE-2014-0451
CVE-2014-0452
CVE-2014-0453
CVE-2014-0456
CVE-2014-0457
CVE-2014-0458
CVE-2014-0460
CVE-2014-0461
CVE-2014-1876
CVE-2014-2397
CVE-2014-2398
CVE-2014-2403
CVE-2014-2412
CVE-2014-2414
CVE-2014-2421
CVE-2014-2423
CVE-2014-2427
Version: 5
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): java-1.6.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24794
 
Oval ID: oval:org.mitre.oval:def:24794
Title: RHSA-2014:0509: java-1.5.0-ibm security update (Important)
Description: IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2014-0457, CVE-2014-2421, CVE-2014-0429, CVE-2014-0446, CVE-2014-0451, CVE-2014-2427, CVE-2014-2412, CVE-2014-0460, CVE-2013-6629, CVE-2014-2401, CVE-2014-0453, CVE-2014-2398, CVE-2014-1876) All users of java-1.5.0-ibm are advised to upgrade to these updated packages, containing the IBM J2SE 5.0 SR16-FP6 release. All running instances of IBM Java must be restarted for this update to take effect.
Family: unix Class: patch
Reference(s): RHSA-2014:0509-00
CVE-2013-6629
CVE-2014-0429
CVE-2014-0446
CVE-2014-0451
CVE-2014-0453
CVE-2014-0457
CVE-2014-0460
CVE-2014-1876
CVE-2014-2398
CVE-2014-2401
CVE-2014-2412
CVE-2014-2421
CVE-2014-2427
Version: 3
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
Product(s): java-1.5.0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24751
 
Oval ID: oval:org.mitre.oval:def:24751
Title: DSA-2912-1 openjdk-6 - security update
Description: Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service.
Family: unix Class: patch
Reference(s): DSA-2912-1
CVE-2014-0429
CVE-2014-0446
CVE-2014-0451
CVE-2014-0452
CVE-2014-0453
CVE-2014-0456
CVE-2014-0457
CVE-2014-0458
CVE-2014-0459
CVE-2014-0460
CVE-2014-0461
CVE-2014-0462
CVE-2014-1876
CVE-2014-2397
CVE-2014-2398
CVE-2014-2403
CVE-2014-2405
CVE-2014-2412
CVE-2014-2414
CVE-2014-2421
CVE-2014-2423
CVE-2014-2427
Version: 5
Platform(s): Debian GNU/Linux 6.0
Debian GNU/Linux 7
Debian GNU/kFreeBSD 6.0
Debian GNU/kFreeBSD 7
Product(s): openjdk-6
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24881
 
Oval ID: oval:org.mitre.oval:def:24881
Title: ELSA-2014:0509: java-1.5.0-ibm security update (Important)
Description: IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2014-0457, CVE-2014-2421, CVE-2014-0429, CVE-2014-0446, CVE-2014-0451, CVE-2014-2427, CVE-2014-2412, CVE-2014-0460, CVE-2013-6629, CVE-2014-2401, CVE-2014-0453, CVE-2014-2398, CVE-2014-1876) All users of java-1.5.0-ibm are advised to upgrade to these updated packages, containing the IBM J2SE 5.0 SR16-FP6 release. All running instances of IBM Java must be restarted for this update to take effect.
Family: unix Class: patch
Reference(s): ELSA-2014:0509-01
CVE-2013-6629
CVE-2014-0429
CVE-2014-0446
CVE-2014-0451
CVE-2014-0453
CVE-2014-0457
CVE-2014-0460
CVE-2014-0878
CVE-2014-1876
CVE-2014-2398
CVE-2014-2401
CVE-2014-2412
CVE-2014-2421
CVE-2014-2427
Version: 4
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): java-1.5.0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25220
 
Oval ID: oval:org.mitre.oval:def:25220
Title: RHSA-2014:0685: java-1.6.0-openjdk security update (Important)
Description: The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2014-0429) Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-0457, CVE-2014-0461) Multiple improper permission check issues were discovered in the AWT, JAX-WS, JAXB, Libraries, and Sound components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-0446, CVE-2014-2427) Multiple flaws were identified in the Java Naming and Directory Interface (JNDI) DNS client. These flaws could make it easier for a remote attacker to perform DNS spoofing attacks. (CVE-2014-0460) It was discovered that the JAXP component did not properly prevent access to arbitrary files when a SecurityManager was present. This flaw could cause a Java application using JAXP to leak sensitive information, or affect application availability. (CVE-2014-2403) It was discovered that the Security component in OpenJDK could leak some timing information when performing PKCS#1 unpadding. This could possibly lead to the disclosure of some information that was meant to be protected by encryption. (CVE-2014-0453) It was discovered that the fix for CVE-2013-5797 did not properly resolve input sanitization flaws in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting (XSS) attacks. (CVE-2014-2398) An insecure temporary file use flaw was found in the way the unpack200 utility created log files. A local attacker could possibly use this flaw to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running unpack200. (CVE-2014-1876) All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
Family: unix Class: patch
Reference(s): RHSA-2014:0685-00
CVE-2014-0429
CVE-2014-0446
CVE-2014-0451
CVE-2014-0452
CVE-2014-0453
CVE-2014-0456
CVE-2014-0457
CVE-2014-0458
CVE-2014-0460
CVE-2014-0461
CVE-2014-1876
CVE-2014-2397
CVE-2014-2398
CVE-2014-2403
CVE-2014-2412
CVE-2014-2414
CVE-2014-2421
CVE-2014-2423
CVE-2014-2427
Version: 4
Platform(s): Red Hat Enterprise Linux 7
CentOS Linux 7
Product(s): java-1.6.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24880
 
Oval ID: oval:org.mitre.oval:def:24880
Title: RHSA-2014:0675: java-1.7.0-openjdk security update (Critical)
Description: The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2014-0429) Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-0457, CVE-2014-0455, CVE-2014-0461) Multiple improper permission check issues were discovered in the AWT, JAX-WS, JAXB, Libraries, Security, Sound, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-2402, CVE-2014-0446, CVE-2014-2413, CVE-2014-0454, CVE-2014-2427, CVE-2014-0459) Multiple flaws were identified in the Java Naming and Directory Interface (JNDI) DNS client. These flaws could make it easier for a remote attacker to perform DNS spoofing attacks. (CVE-2014-0460) It was discovered that the JAXP component did not properly prevent access to arbitrary files when a SecurityManager was present. This flaw could cause a Java application using JAXP to leak sensitive information, or affect application availability. (CVE-2014-2403) It was discovered that the Security component in OpenJDK could leak some timing information when performing PKCS#1 unpadding. This could possibly lead to the disclosure of some information that was meant to be protected by encryption. (CVE-2014-0453) It was discovered that the fix for CVE-2013-5797 did not properly resolve input sanitization flaws in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting (XSS) attacks. (CVE-2014-2398) An insecure temporary file use flaw was found in the way the unpack200 utility created log files. A local attacker could possibly use this flaw to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running unpack200. (CVE-2014-1876) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
Family: unix Class: patch
Reference(s): RHSA-2014:0675-00
CVE-2014-0429
CVE-2014-0446
CVE-2014-0451
CVE-2014-0452
CVE-2014-0453
CVE-2014-0454
CVE-2014-0455
CVE-2014-0456
CVE-2014-0457
CVE-2014-0458
CVE-2014-0459
CVE-2014-0460
CVE-2014-0461
CVE-2014-1876
CVE-2014-2397
CVE-2014-2398
CVE-2014-2402
CVE-2014-2403
CVE-2014-2412
CVE-2014-2413
CVE-2014-2414
CVE-2014-2421
CVE-2014-2423
CVE-2014-2427
Version: 4
Platform(s): Red Hat Enterprise Linux 7
CentOS Linux 7
Product(s): java-1.7.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26484
 
Oval ID: oval:org.mitre.oval:def:26484
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound.
Family: unix Class: vulnerability
Reference(s): CVE-2014-2427
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19043
 
Oval ID: oval:org.mitre.oval:def:19043
Title: Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE Java SE 7u40 and earlier, Java SE 6u60 and earlier
Description: Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment.
Family: windows Class: vulnerability
Reference(s): CVE-2013-5776
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21588
 
Oval ID: oval:org.mitre.oval:def:21588
Title: HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment.
Family: unix Class: vulnerability
Reference(s): CVE-2013-5776
Version: 9
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21384
 
Oval ID: oval:org.mitre.oval:def:21384
Title: Vulnerability in Java SE 5.0u55, Java SE 6u65 and Java SE 7u45 component of Oracle Java SE (subcomponent: Install)
Description: Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install, a different vulnerability than CVE-2013-5906.
Family: windows Class: vulnerability
Reference(s): CVE-2013-5905
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21977
 
Oval ID: oval:org.mitre.oval:def:21977
Title: Vulnerability in Java SE 6u65 and Java SE 7u45 component of Oracle Java SE (subcomponent: Deployment)
Description: Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, when running with GNOME, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
Family: windows Class: vulnerability
Reference(s): CVE-2013-5888
Version: 4
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19665
 
Oval ID: oval:org.mitre.oval:def:19665
Title: HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries, a different vulnerability than CVE-2013-2443 and CVE-2013-2455. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "network address handling in virtual machine identifiers" and the lack of "unique and unpredictable IDs" in the java.rmi.dgc.VMID class.
Family: unix Class: vulnerability
Reference(s): CVE-2013-2452
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19231
 
Oval ID: oval:org.mitre.oval:def:19231
Title: HP-UX Running Java5 Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries, a different vulnerability than CVE-2013-2443 and CVE-2013-2455. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "network address handling in virtual machine identifiers" and the lack of "unique and unpredictable IDs" in the java.rmi.dgc.VMID class.
Family: unix Class: vulnerability
Reference(s): CVE-2013-2452
Version: 13
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19213
 
Oval ID: oval:org.mitre.oval:def:19213
Title: HP-UX Running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries, a different vulnerability than CVE-2013-2443 and CVE-2013-2455. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "network address handling in virtual machine identifiers" and the lack of "unique and unpredictable IDs" in the java.rmi.dgc.VMID class.
Family: unix Class: vulnerability
Reference(s): CVE-2013-2452
Version: 13
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16580
 
Oval ID: oval:org.mitre.oval:def:16580
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Libraries.
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries, a different vulnerability than CVE-2013-2443 and CVE-2013-2455. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "network address handling in virtual machine identifiers" and the lack of "unique and unpredictable IDs" in the java.rmi.dgc.VMID class.
Family: windows Class: vulnerability
Reference(s): CVE-2013-2452
Version: 8
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19535
 
Oval ID: oval:org.mitre.oval:def:19535
Title: HP-UX Running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Networking. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper enforcement of exclusive port binds when running on Windows, which allows attackers to bind to ports that are already in use.
Family: unix Class: vulnerability
Reference(s): CVE-2013-2451
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17265
 
Oval ID: oval:org.mitre.oval:def:17265
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Networking.
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Networking. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper enforcement of exclusive port binds when running on Windows, which allows attackers to bind to ports that are already in use.
Family: windows Class: vulnerability
Reference(s): CVE-2013-2451
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18436
 
Oval ID: oval:org.mitre.oval:def:18436
Title: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Family: windows Class: vulnerability
Reference(s): CVE-2013-5842
Version: 8
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22260
 
Oval ID: oval:org.mitre.oval:def:22260
Title: HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Family: unix Class: vulnerability
Reference(s): CVE-2013-5842
Version: 9
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24269
 
Oval ID: oval:org.mitre.oval:def:24269
Title: Unspecified vulnerability in Oracle Java SE 6u65 and Java SE 7u45, when running on Firefox, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment
Description: Unspecified vulnerability in Oracle Java SE 6u65 and Java SE 7u45, when running on Firefox, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
Family: windows Class: vulnerability
Reference(s): CVE-2014-0387
Version: 3
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19096
 
Oval ID: oval:org.mitre.oval:def:19096
Title: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Family: windows Class: vulnerability
Reference(s): CVE-2013-5830
Version: 8
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
JRockit
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22571
 
Oval ID: oval:org.mitre.oval:def:22571
Title: HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Family: unix Class: vulnerability
Reference(s): CVE-2013-5830
Version: 9
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21222
 
Oval ID: oval:org.mitre.oval:def:21222
Title: RHSA-2013:0958: java-1.7.0-openjdk security update (Important)
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect ByteBandedRaster size checks" in 2D.
Family: unix Class: patch
Reference(s): RHSA-2013:0958-00
CESA-2013:0958
CVE-2013-1500
CVE-2013-1571
CVE-2013-2407
CVE-2013-2412
CVE-2013-2443
CVE-2013-2444
CVE-2013-2445
CVE-2013-2446
CVE-2013-2447
CVE-2013-2448
CVE-2013-2449
CVE-2013-2450
CVE-2013-2452
CVE-2013-2453
CVE-2013-2454
CVE-2013-2455
CVE-2013-2456
CVE-2013-2457
CVE-2013-2458
CVE-2013-2459
CVE-2013-2460
CVE-2013-2461
CVE-2013-2463
CVE-2013-2465
CVE-2013-2469
CVE-2013-2470
CVE-2013-2471
CVE-2013-2472
CVE-2013-2473
Version: 409
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): java-1.7.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21135
 
Oval ID: oval:org.mitre.oval:def:21135
Title: RHSA-2013:0957: java-1.7.0-openjdk security update (Critical)
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect ByteBandedRaster size checks" in 2D.
Family: unix Class: patch
Reference(s): RHSA-2013:0957-00
CESA-2013:0957
CVE-2013-1500
CVE-2013-1571
CVE-2013-2407
CVE-2013-2412
CVE-2013-2443
CVE-2013-2444
CVE-2013-2445
CVE-2013-2446
CVE-2013-2447
CVE-2013-2448
CVE-2013-2449
CVE-2013-2450
CVE-2013-2452
CVE-2013-2453
CVE-2013-2454
CVE-2013-2455
CVE-2013-2456
CVE-2013-2457
CVE-2013-2458
CVE-2013-2459
CVE-2013-2460
CVE-2013-2461
CVE-2013-2463
CVE-2013-2465
CVE-2013-2469
CVE-2013-2470
CVE-2013-2471
CVE-2013-2472
CVE-2013-2473
Version: 409
Platform(s): Red Hat Enterprise Linux 6
CentOS Linux 6
Product(s): java-1.7.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20807
 
Oval ID: oval:org.mitre.oval:def:20807
Title: RHSA-2013:1014: java-1.6.0-openjdk security update (Important)
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect ByteBandedRaster size checks" in 2D.
Family: unix Class: patch
Reference(s): RHSA-2013:1014-00
CESA-2013:1014
CVE-2013-1500
CVE-2013-1571
CVE-2013-2407
CVE-2013-2412
CVE-2013-2443
CVE-2013-2444
CVE-2013-2445
CVE-2013-2446
CVE-2013-2447
CVE-2013-2448
CVE-2013-2450
CVE-2013-2452
CVE-2013-2453
CVE-2013-2455
CVE-2013-2456
CVE-2013-2457
CVE-2013-2459
CVE-2013-2461
CVE-2013-2463
CVE-2013-2465
CVE-2013-2469
CVE-2013-2470
CVE-2013-2471
CVE-2013-2472
CVE-2013-2473
Version: 353
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
CentOS Linux 5
CentOS Linux 6
Product(s): java-1.6.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19652
 
Oval ID: oval:org.mitre.oval:def:19652
Title: HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect ByteBandedRaster size checks" in 2D.
Family: unix Class: vulnerability
Reference(s): CVE-2013-2473
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19600
 
Oval ID: oval:org.mitre.oval:def:19600
Title: HP-UX Running Java5 Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect ByteBandedRaster size checks" in 2D.
Family: unix Class: vulnerability
Reference(s): CVE-2013-2473
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19486
 
Oval ID: oval:org.mitre.oval:def:19486
Title: DSA-2722-1 openjdk-7 - several
Description: Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service.
Family: unix Class: patch
Reference(s): DSA-2722-1
CVE-2013-1500
CVE-2013-1571
CVE-2013-2407
CVE-2013-2412
CVE-2013-2443
CVE-2013-2444
CVE-2013-2445
CVE-2013-2446
CVE-2013-2447
CVE-2013-2448
CVE-2013-2449
CVE-2013-2450
CVE-2013-2451
CVE-2013-2452
CVE-2013-2453
CVE-2013-2454
CVE-2013-2455
CVE-2013-2456
CVE-2013-2457
CVE-2013-2458
CVE-2013-2459
CVE-2013-2460
CVE-2013-2461
CVE-2013-2463
CVE-2013-2465
CVE-2013-2469
CVE-2013-2470
CVE-2013-2471
CVE-2013-2472
CVE-2013-2473
Version: 5
Platform(s): Debian GNU/Linux 7
Debian GNU/kFreeBSD 7
Product(s): openjdk-7
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18905
 
Oval ID: oval:org.mitre.oval:def:18905
Title: DSA-2727-1 openjdk-6 - several
Description: Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service.
Family: unix Class: patch
Reference(s): DSA-2727-1
CVE-2013-1500
CVE-2013-1571
CVE-2013-2407
CVE-2013-2412
CVE-2013-2443
CVE-2013-2444
CVE-2013-2445
CVE-2013-2446
CVE-2013-2447
CVE-2013-2448
CVE-2013-2450
CVE-2013-2451
CVE-2013-2452
CVE-2013-2453
CVE-2013-2455
CVE-2013-2456
CVE-2013-2457
CVE-2013-2459
CVE-2013-2461
CVE-2013-2463
CVE-2013-2465
CVE-2013-2469
CVE-2013-2470
CVE-2013-2471
CVE-2013-2472
CVE-2013-2473
Version: 8
Platform(s): Debian GNU/Linux 6.0
Debian GNU/Linux 7
Debian GNU/kFreeBSD 6.0
Debian GNU/kFreeBSD 7
Product(s): openjdk-6
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18888
 
Oval ID: oval:org.mitre.oval:def:18888
Title: HP-UX Running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect ByteBandedRaster size checks" in 2D.
Family: unix Class: vulnerability
Reference(s): CVE-2013-2473
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17189
 
Oval ID: oval:org.mitre.oval:def:17189
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect ByteBandedRaster size checks" in 2D.
Family: windows Class: vulnerability
Reference(s): CVE-2013-2473
Version: 8
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24043
 
Oval ID: oval:org.mitre.oval:def:24043
Title: ELSA-2013:1014: java-1.6.0-openjdk security update (Important)
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect ByteBandedRaster size checks" in 2D.
Family: unix Class: patch
Reference(s): ELSA-2013:1014-00
CVE-2013-1500
CVE-2013-1571
CVE-2013-2407
CVE-2013-2412
CVE-2013-2443
CVE-2013-2444
CVE-2013-2445
CVE-2013-2446
CVE-2013-2447
CVE-2013-2448
CVE-2013-2450
CVE-2013-2452
CVE-2013-2453
CVE-2013-2455
CVE-2013-2456
CVE-2013-2457
CVE-2013-2459
CVE-2013-2461
CVE-2013-2463
CVE-2013-2465
CVE-2013-2469
CVE-2013-2470
CVE-2013-2471
CVE-2013-2472
CVE-2013-2473
Version: 105
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): java-1.6.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23887
 
Oval ID: oval:org.mitre.oval:def:23887
Title: ELSA-2013:0957: java-1.7.0-openjdk security update (Critical)
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect ByteBandedRaster size checks" in 2D.
Family: unix Class: patch
Reference(s): ELSA-2013:0957-00
CVE-2013-1500
CVE-2013-1571
CVE-2013-2407
CVE-2013-2412
CVE-2013-2443
CVE-2013-2444
CVE-2013-2445
CVE-2013-2446
CVE-2013-2447
CVE-2013-2448
CVE-2013-2449
CVE-2013-2450
CVE-2013-2452
CVE-2013-2453
CVE-2013-2454
CVE-2013-2455
CVE-2013-2456
CVE-2013-2457
CVE-2013-2458
CVE-2013-2459
CVE-2013-2460
CVE-2013-2461
CVE-2013-2463
CVE-2013-2465
CVE-2013-2469
CVE-2013-2470
CVE-2013-2471
CVE-2013-2472
CVE-2013-2473
Version: 121
Platform(s): Oracle Linux 6
Product(s): java-1.7.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23554
 
Oval ID: oval:org.mitre.oval:def:23554
Title: DEPRECATED: ELSA-2013:1014: java-1.6.0-openjdk security update (Important)
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect ByteBandedRaster size checks" in 2D.
Family: unix Class: patch
Reference(s): ELSA-2013:1014-00
CVE-2013-1500
CVE-2013-1571
CVE-2013-2407
CVE-2013-2412
CVE-2013-2443
CVE-2013-2444
CVE-2013-2445
CVE-2013-2446
CVE-2013-2447
CVE-2013-2448
CVE-2013-2450
CVE-2013-2452
CVE-2013-2453
CVE-2013-2455
CVE-2013-2456
CVE-2013-2457
CVE-2013-2459
CVE-2013-2461
CVE-2013-2463
CVE-2013-2465
CVE-2013-2469
CVE-2013-2470
CVE-2013-2471
CVE-2013-2472
CVE-2013-2473
Version: 106
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): java-1.6.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23377
 
Oval ID: oval:org.mitre.oval:def:23377
Title: ELSA-2013:0958: java-1.7.0-openjdk security update (Important)
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect ByteBandedRaster size checks" in 2D.
Family: unix Class: patch
Reference(s): ELSA-2013:0958-00
CVE-2013-1500
CVE-2013-1571
CVE-2013-2407
CVE-2013-2412
CVE-2013-2443
CVE-2013-2444
CVE-2013-2445
CVE-2013-2446
CVE-2013-2447
CVE-2013-2448
CVE-2013-2449
CVE-2013-2450
CVE-2013-2452
CVE-2013-2453
CVE-2013-2454
CVE-2013-2455
CVE-2013-2456
CVE-2013-2457
CVE-2013-2458
CVE-2013-2459
CVE-2013-2460
CVE-2013-2461
CVE-2013-2463
CVE-2013-2465
CVE-2013-2469
CVE-2013-2470
CVE-2013-2471
CVE-2013-2472
CVE-2013-2473
Version: 121
Platform(s): Oracle Linux 5
Product(s): java-1.7.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27582
 
Oval ID: oval:org.mitre.oval:def:27582
Title: DEPRECATED: ELSA-2013-0958 -- java-1.7.0-openjdk security update (important)
Description: [1.7.0.25-2.3.10.4.0.1.el5_9] - Add oracle-enterprise.patch - Fix DISTRO_NAME to 'Enterprise Linux' [1.7.0.25-2.3.10.4.el5] - updated to newer IcedTea7-forest 2.3.10 with 8010118 fix - removed upstreamed patch1000 MBeanFix.patch - Resolves: rhbz#973117 [1.7.0.25-2.3.10.3.el5] - reverted fix for license files owning - Resolves: rhbz#973117 [1.7.0.25-2.3.10.2.el5] - added patch1000 MBeanFix.patch to fix regressions caused by security patches - Resolves: rhbz#973117 [1.7.0.25-2.3.10.1.el6] - build bumped to 25 - Resolves: rhbz#973117 [1.7.0.19-2.3.10.0.el5] - Updated to latest IcedTea7-forest 2.3.10 - patch 107 renamed to 500 for cosmetic purposes - Added fix for RH857717, owned /etc/.java/ and /etc/.java/.systemPrefs - Resolves: rhbz#973117 [1.7.0.19-2.3.10.0.el5] - Updated to latest IcedTea7-forest 2.3.10 - Resolves: rhbz#973117
Family: unix Class: patch
Reference(s): ELSA-2013-0958
CVE-2013-1500
CVE-2013-1571
CVE-2013-2407
CVE-2013-2412
CVE-2013-2443
CVE-2013-2444
CVE-2013-2445
CVE-2013-2446
CVE-2013-2447
CVE-2013-2448
CVE-2013-2449
CVE-2013-2450
CVE-2013-2452
CVE-2013-2453
CVE-2013-2454
CVE-2013-2455
CVE-2013-2456
CVE-2013-2457
CVE-2013-2458
CVE-2013-2459
CVE-2013-2460
CVE-2013-2461
CVE-2013-2463
CVE-2013-2465
CVE-2013-2469
CVE-2013-2470
CVE-2013-2471
CVE-2013-2472
CVE-2013-2473
Version: 4
Platform(s): Oracle Linux 5
Product(s): java-1.7.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27291
 
Oval ID: oval:org.mitre.oval:def:27291
Title: DEPRECATED: ELSA-2013-0957 -- java-1.7.0-openjdk security update (critical)
Description: [1.7.0.25-2.3.10.3.0.1.el6_4] - Update DISTRO_NAME in specfile [1.7.0.25-2.3.10.3.el6] - removed upstreamed patch1000 MBeanFix.patch - updated to newer IcedTea7-forest 2.3.10 with 8010118 fix - Resolves: rhbz#973119 [1.7.0.25-2.3.10.2.el6] - added patch1000 MBeanFix.patch to fix regressions caused by security patches - Resolves: rhbz#973119 [1.7.0.25-2.3.10.1.el6] - build bumped to 25 - Resolves: rhbz#973119 [1.7.0.19-2.3.10.0.el6] - Updated to latest IcedTea7-forest 2.3.10 - patch 107 renamed to 500 for cosmetic purposes - improved handling of patch111 - nss-config-2.patch - removed patch 117, java-1.7.0-openjdk-nss-multiplePKCS11libraryInitialisationNnonCritical.patch duplicated with patch 108 (java-1.7.0-openjdk-nss-icedtea-e9c857dcb964) - Added client/server directories so they can be owned - Added fix for RH857717, owned /etc/.java/ and /etc/.java/.systemPrefs - Resolves: rhbz#973119
Family: unix Class: patch
Reference(s): ELSA-2013-0957
CVE-2013-1500
CVE-2013-1571
CVE-2013-2407
CVE-2013-2412
CVE-2013-2443
CVE-2013-2444
CVE-2013-2445
CVE-2013-2446
CVE-2013-2447
CVE-2013-2448
CVE-2013-2449
CVE-2013-2450
CVE-2013-2452
CVE-2013-2453
CVE-2013-2454
CVE-2013-2455
CVE-2013-2456
CVE-2013-2457
CVE-2013-2458
CVE-2013-2459
CVE-2013-2460
CVE-2013-2461
CVE-2013-2463
CVE-2013-2465
CVE-2013-2469
CVE-2013-2470
CVE-2013-2471
CVE-2013-2472
CVE-2013-2473
Version: 4
Platform(s): Oracle Linux 6
Product(s): java-1.7.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27075
 
Oval ID: oval:org.mitre.oval:def:27075
Title: DEPRECATED: ELSA-2013-1014 -- java-1.6.0-openjdk security update (important)
Description: [1:1.6.0.0-1.62.1.11.11.90] - updated to icedtea6-1.11.11.90.tar.gz - removed upstreamed patch9 jaxp-backport-factoryfinder.patch - removed upstreamed patch10 fixToFontSecurityFix.patch. - modified patch3, java-1.6.0-openjdk-java-access-bridge-security.patch - Resolves: rhbz#973129
Family: unix Class: patch
Reference(s): ELSA-2013-1014
CVE-2013-1500
CVE-2013-1571
CVE-2013-2407
CVE-2013-2412
CVE-2013-2443
CVE-2013-2444
CVE-2013-2445
CVE-2013-2446
CVE-2013-2447
CVE-2013-2448
CVE-2013-2450
CVE-2013-2452
CVE-2013-2453
CVE-2013-2455
CVE-2013-2456
CVE-2013-2457
CVE-2013-2459
CVE-2013-2461
CVE-2013-2463
CVE-2013-2465
CVE-2013-2469
CVE-2013-2470
CVE-2013-2471
CVE-2013-2472
CVE-2013-2473
Version: 4
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): java-1.6.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24515
 
Oval ID: oval:org.mitre.oval:def:24515
Title: Vulnerability in Java SE 6u71, Java SE 7u51, Java SE 8, JRockit R28.3.1 allows successful unauthenticated network attacks via multiple protocols
Description: The png_do_expand_palette function in libpng before 1.6.8 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via (1) a PLTE chunk of zero bytes or (2) a NULL palette, related to pngrtran.c and pngset.c.
Family: windows Class: vulnerability
Reference(s): CVE-2013-6954
Version: 4
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
JRockit
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26420
 
Oval ID: oval:org.mitre.oval:def:26420
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: The png_do_expand_palette function in libpng before 1.6.8 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via (1) a PLTE chunk of zero bytes or (2) a NULL palette, related to pngrtran.c and pngset.c.
Family: unix Class: vulnerability
Reference(s): CVE-2013-6954
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22363
 
Oval ID: oval:org.mitre.oval:def:22363
Title: Vulnerability in Java SE 6u65 and Java SE 7u45 component of Oracle Java SE (subcomponent: Deployment)
Description: Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-0375 and CVE-2014-0403.
Family: windows Class: vulnerability
Reference(s): CVE-2013-5898
Version: 4
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25365
 
Oval ID: oval:org.mitre.oval:def:25365
Title: SUSE-SU-2014:0266-2 -- Security update for IBM Java 6
Description: IBM Java 6 was updated to version SR15-FP1 which received security and bug fixes. More information at: http://www.ibm.com/developerworks/java/jdk/alerts/#Oracle_Ja nuary_14_2014_CPU <http://www.ibm.com/developerworks/java/jdk/alerts/#Oracle_J anuary_14_2014_CPU>
Family: unix Class: patch
Reference(s): SUSE-SU-2014:0266-2
CVE-2014-0428
CVE-2014-0422
CVE-2013-5907
CVE-2014-0417
CVE-2014-0373
CVE-2014-0423
CVE-2014-0376
CVE-2014-0416
CVE-2014-0368
CVE-2014-0411
CVE-2014-0415
CVE-2014-0410
CVE-2013-5889
CVE-2014-0387
CVE-2014-0424
CVE-2013-5878
CVE-2014-0375
CVE-2014-0403
CVE-2013-5910
CVE-2013-5884
CVE-2013-5896
CVE-2013-5899
CVE-2013-5887
CVE-2013-5888
CVE-2013-5898
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
Product(s): IBM Java 6
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25245
 
Oval ID: oval:org.mitre.oval:def:25245
Title: SUSE-SU-2014:0266-3 -- Security update for IBM Java 6
Description: IBM Java 6 was updated to version SR15-FP1 which received security and bug fixes. More information at: http://www.ibm.com/developerworks/java/jdk/alerts/#Oracle_Ja nuary_14_2014_CPU <http://www.ibm.com/developerworks/java/jdk/alerts/#Oracle_J anuary_14_2014_CPU>
Family: unix Class: patch
Reference(s): SUSE-SU-2014:0266-3
CVE-2014-0428
CVE-2014-0422
CVE-2013-5907
CVE-2014-0417
CVE-2014-0373
CVE-2014-0423
CVE-2014-0376
CVE-2014-0416
CVE-2014-0368
CVE-2014-0411
CVE-2014-0415
CVE-2014-0410
CVE-2013-5889
CVE-2014-0387
CVE-2014-0424
CVE-2013-5878
CVE-2014-0375
CVE-2014-0403
CVE-2013-5910
CVE-2013-5884
CVE-2013-5896
CVE-2013-5899
CVE-2013-5887
CVE-2013-5888
CVE-2013-5898
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Server 10
Product(s): IBM Java 6
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19095
 
Oval ID: oval:org.mitre.oval:def:19095
Title: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
Family: windows Class: vulnerability
Reference(s): CVE-2013-5832
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22501
 
Oval ID: oval:org.mitre.oval:def:22501
Title: HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
Family: unix Class: vulnerability
Reference(s): CVE-2013-5832
Version: 9
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24441
 
Oval ID: oval:org.mitre.oval:def:24441
Title: Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security
Description: Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security.
Family: windows Class: vulnerability
Reference(s): CVE-2014-0453
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
JRockit
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26368
 
Oval ID: oval:org.mitre.oval:def:26368
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security.
Family: unix Class: vulnerability
Reference(s): CVE-2014-0453
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27331
 
Oval ID: oval:org.mitre.oval:def:27331
Title: ELSA-2014-0675 -- java-1.7.0-openjdk security update (critical)
Description: [1.7.0.55-2.4.7.2.0.1.el7_0] - Update DISTRO_NAME in specfile [1.7.0.55-2.4.7.2] - Remove NSS patches. Issues with PKCS11 provider mean it shouldn't be enabled. - Always setup nss.cfg and depend on nss-devel at build-time to do so. - This allows users who wish to use PKCS11+NSS to just add it to java.security. - Patches to PKCS11 provider will be included upstream in 2.4.8 (ETA July 2014) - Resolves: rhbz#1099565 [1.7.0.55-2.4.7.0.el7] - bumped to future icedtea-forest 2.4.7 - updatever set to 55, buildver se to 13, release reset to 0 - removed upstreamed patch402 gstackbounds.patch - removed Requires: rhino, BuildRequires is enough - ppc64 repalced by power64 macro - patch111 applied as dry-run (6.6 forward port) - nss enabled, but notused as default (6.6 forward port) - Resolves: rhbz#1099565
Family: unix Class: patch
Reference(s): ELSA-2014-0675
CVE-2014-0454
CVE-2014-0455
CVE-2014-0456
CVE-2014-0457
CVE-2014-0458
CVE-2014-0459
CVE-2014-0460
CVE-2014-0461
CVE-2014-1876
CVE-2014-2397
CVE-2014-2398
CVE-2014-2402
CVE-2014-2403
CVE-2014-2412
CVE-2014-2413
CVE-2014-2414
CVE-2014-2421
CVE-2014-2423
CVE-2014-2427
CVE-2014-0429
CVE-2014-0446
CVE-2014-0451
CVE-2014-0452
CVE-2014-0453
Version: 5
Platform(s): Oracle Linux 7
Product(s): java-1.7.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27029
 
Oval ID: oval:org.mitre.oval:def:27029
Title: ELSA-2014-0685 -- java-1.6.0-openjdk security update (important)
Description: [1:1.6.0.1-6.1.13.3] - updated to icedtea 1.13.3 - updated to openjdk-6-src-b31-15_apr_2014 - renmoved upstreamed patch7, 1.13_fixes.patch - renmoved upstreamed patch9, 1051245.patch - Resolves: rhbz#1099563
Family: unix Class: patch
Reference(s): ELSA-2014-0685
CVE-2014-0456
CVE-2014-0457
CVE-2014-0458
CVE-2014-0460
CVE-2014-0461
CVE-2014-1876
CVE-2014-2397
CVE-2014-2398
CVE-2014-2403
CVE-2014-2412
CVE-2014-2414
CVE-2014-2421
CVE-2014-2423
CVE-2014-2427
CVE-2014-0429
CVE-2014-0446
CVE-2014-0451
CVE-2014-0452
CVE-2014-0453
Version: 5
Platform(s): Oracle Linux 7
Product(s): java-1.6.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19049
 
Oval ID: oval:org.mitre.oval:def:19049
Title: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via vectors related to SCRIPTING.
Family: windows Class: vulnerability
Reference(s): CVE-2013-5784
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22469
 
Oval ID: oval:org.mitre.oval:def:22469
Title: HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via vectors related to SCRIPTING.
Family: unix Class: vulnerability
Reference(s): CVE-2013-5784
Version: 9
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18504
 
Oval ID: oval:org.mitre.oval:def:18504
Title: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
Family: windows Class: vulnerability
Reference(s): CVE-2013-5809
Version: 8
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22015
 
Oval ID: oval:org.mitre.oval:def:22015
Title: HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
Family: unix Class: vulnerability
Reference(s): CVE-2013-5809
Version: 9
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19207
 
Oval ID: oval:org.mitre.oval:def:19207
Title: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXP.
Family: windows Class: vulnerability
Reference(s): CVE-2013-5802
Version: 8
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
JRockit
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22466
 
Oval ID: oval:org.mitre.oval:def:22466
Title: HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXP.
Family: unix Class: vulnerability
Reference(s): CVE-2013-5802
Version: 9
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21768
 
Oval ID: oval:org.mitre.oval:def:21768
Title: Vulnerability in Java SE 6u65 and Java SE 7u45 component of Oracle Java SE (subcomponent: Deployment)
Description: Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5898 and CVE-2014-0403.
Family: windows Class: vulnerability
Reference(s): CVE-2014-0375
Version: 4
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19024
 
Oval ID: oval:org.mitre.oval:def:19024
Title: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JNDI.
Family: windows Class: vulnerability
Reference(s): CVE-2013-5817
Version: 8
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21993
 
Oval ID: oval:org.mitre.oval:def:21993
Title: HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JNDI.
Family: unix Class: vulnerability
Reference(s): CVE-2013-5817
Version: 9
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24522
 
Oval ID: oval:org.mitre.oval:def:24522
Title: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries
Description: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Family: windows Class: vulnerability
Reference(s): CVE-2014-0461
Version: 4
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25315
 
Oval ID: oval:org.mitre.oval:def:25315
Title: SUSE-SU-2014:0639-1 -- Security update for OpenJDK
Description: This java-1_7_0-openjdk update to version 2.4.7 fixes the following security and non-security issues: * Security fixes o S8023046: Enhance splashscreen support o S8025005: Enhance CORBA initializations o S8025010, CVE-2014-2412: Enhance AWT contexts o S8025030, CVE-2014-2414: Enhance stream handling o S8025152, CVE-2014-0458: Enhance activation set up o S8026067: Enhance signed jar verification o S8026163, CVE-2014-2427: Enhance media provisioning o S8026188, CVE-2014-2423: Enhance envelope factory o S8026200: Enhance RowSet Factory o S8026716, CVE-2014-2402: (aio) Enhance asynchronous channel handling o S8026736, CVE-2014-2398: Enhance Javadoc pages o S8026797, CVE-2014-0451: Enhance data transfers o S8026801, CVE-2014-0452: Enhance endpoint addressing o S8027766, CVE-2014-0453: Enhance RSA processing o S8027775: Enhance ICU code. o S8027841, CVE-2014-0429: Enhance pixel manipulations o S8028385: Enhance RowSet Factory o S8029282, CVE-2014-2403: Enhance CharInfo set up o S8029286: Enhance subject delegation o S8029699: Update Poller demo o S8029730: Improve audio device additions o S8029735: Enhance service mgmt natives o S8029740, CVE-2014-0446: Enhance handling of loggers o S8029745, CVE-2014-0454: Enhance algorithm checking o S8029750: Enhance LCMS color processing (in-tree LCMS) o S8029760, CVE-2013-6629: Enhance AWT image libraries (in-tree libjpeg) o S8029844, CVE-2014-0455: Enhance argument validation o S8029854, CVE-2014-2421: Enhance JPEG decodings o S8029858, CVE-2014-0456: Enhance array copies o S8030731, CVE-2014-0460: Improve name service robustness o S8031330: Refactor ObjectFactory o S8031335, CVE-2014-0459: Better color profiling (in-tree LCMS) o S8031352, CVE-2013-6954: Enhance PNG handling (in-tree libpng) o S8031394, CVE-2014-0457: (sl) Fix exception handling in ServiceLoader o S8031395: Enhance LDAP processing o S8032686, CVE-2014-2413: Issues with method invoke o S8033618, CVE-2014-1876: Correct logging output o S8034926, CVE-2014-2397: Attribute classes properly o S8036794, CVE-2014-0461: Manage JavaScript instances * Backports o S8004145: New improved hgforest.sh, ctrl-c now properly terminates mercurial processes. o S8007625: race with nested repos in /common/bin/hgforest.sh o S8011178: improve common/bin/hgforest.sh python detection (MacOS) o S8011342: hgforest.sh : 'python --version' not supported on older python o S8011350: hgforest.sh uses non-POSIX sh features that may fail with some shells o S8024200: handle hg wrapper with space after #! o S8025796: hgforest.sh could trigger unbuffered output from hg without complicated machinations o S8028388: 9 jaxws tests failed in nightly build with java.lang.ClassCastException o S8031477: [macosx] Loading AWT native library fails o S8032370: No "Truncated file" warning from IIOReadWarningListener on JPEGImageReader o S8035834: InetAddress.getLocalHost() can hang after JDK-8030731 was fixed * Bug fixes o PR1393: JPEG support in build is broken on non-system-libjpeg builds o PR1726: configure fails looking for ecj.jar before even trying to find javac o Red Hat local: Fix for repo with path statting with / . o Remove unused hgforest script
Family: unix Class: patch
Reference(s): SUSE-SU-2014:0639-1
CVE-2014-2412
CVE-2014-2414
CVE-2014-0458
CVE-2014-2427
CVE-2014-2423
CVE-2014-2402
CVE-2014-2398
CVE-2014-0451
CVE-2014-0452
CVE-2014-0453
CVE-2014-0429
CVE-2014-2403
CVE-2014-0446
CVE-2014-0454
CVE-2013-6629
CVE-2014-0455
CVE-2014-2421
CVE-2014-0456
CVE-2014-0460
CVE-2014-0459
CVE-2013-6954
CVE-2014-0457
CVE-2014-2413
CVE-2014-1876
CVE-2014-2397
CVE-2014-0461
Version: 3
Platform(s): SUSE Linux Enterprise Desktop 11
Product(s): OpenJDK
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26326
 
Oval ID: oval:org.mitre.oval:def:26326
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Family: unix Class: vulnerability
Reference(s): CVE-2014-0461
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19685
 
Oval ID: oval:org.mitre.oval:def:19685
Title: HP-UX Running Java5 Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect image attribute verification" in 2D.
Family: unix Class: vulnerability
Reference(s): CVE-2013-2463
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19620
 
Oval ID: oval:org.mitre.oval:def:19620
Title: HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect image attribute verification" in 2D.
Family: unix Class: vulnerability
Reference(s): CVE-2013-2463
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19373
 
Oval ID: oval:org.mitre.oval:def:19373
Title: HP-UX Running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect image attribute verification" in 2D.
Family: unix Class: vulnerability
Reference(s): CVE-2013-2463
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17149
 
Oval ID: oval:org.mitre.oval:def:17149
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect image attribute verification" in 2D.
Family: windows Class: vulnerability
Reference(s): CVE-2013-2463
Version: 8
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19713
 
Oval ID: oval:org.mitre.oval:def:19713
Title: HP-UX Running Java5 Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect image layout verification" in 2D.
Family: unix Class: vulnerability
Reference(s): CVE-2013-2469
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19552
 
Oval ID: oval:org.mitre.oval:def:19552
Title: HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect image layout verification" in 2D.
Family: unix Class: vulnerability
Reference(s): CVE-2013-2469
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19314
 
Oval ID: oval:org.mitre.oval:def:19314
Title: HP-UX Running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect image layout verification" in 2D.
Family: unix Class: vulnerability
Reference(s): CVE-2013-2469
Version: 13
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17042
 
Oval ID: oval:org.mitre.oval:def:17042
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect image layout verification" in 2D.
Family: windows Class: vulnerability
Reference(s): CVE-2013-2469
Version: 8
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19147
 
Oval ID: oval:org.mitre.oval:def:19147
Title: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
Family: windows Class: vulnerability
Reference(s): CVE-2013-5787
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22553
 
Oval ID: oval:org.mitre.oval:def:22553
Title: HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
Family: unix Class: vulnerability
Reference(s): CVE-2013-5787
Version: 9
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24535
 
Oval ID: oval:org.mitre.oval:def:24535
Title: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot
Description: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
Family: windows Class: vulnerability
Reference(s): CVE-2014-0456
Version: 4
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26524
 
Oval ID: oval:org.mitre.oval:def:26524
Title: HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
Family: unix Class: vulnerability
Reference(s): CVE-2014-0456
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18983
 
Oval ID: oval:org.mitre.oval:def:18983
Title: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
Family: windows Class: vulnerability
Reference(s): CVE-2013-5852
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22522
 
Oval ID: oval:org.mitre.oval:def:22522
Title: HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
Family: unix Class: vulnerability
Reference(s): CVE-2013-5852
Version: 9
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21488
 
Oval ID: oval:org.mitre.oval:def:21488
Title: Vulnerability in Java SE 6u65 and Java SE 7u45 component of Oracle Java SE (subcomponent: Deployment)
Description: Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5889, CVE-2013-5902, CVE-2014-0410, CVE-2014-0415, and CVE-2014-0424.
Family: windows Class: vulnerability
Reference(s): CVE-2014-0418
Version: 4
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19703
 
Oval ID: oval:org.mitre.oval:def:19703
Title: HP-UX Running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect image channel verification" in 2D.
Family: unix Class: vulnerability
Reference(s): CVE-2013-2465
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19455
 
Oval ID: oval:org.mitre.oval:def:19455
Title: HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect image channel verification" in 2D.
Family: unix Class: vulnerability
Reference(s): CVE-2013-2465
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19074
 
Oval ID: oval:org.mitre.oval:def:19074
Title: HP-UX Running Java5 Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect image channel verification" in 2D.
Family: unix Class: vulnerability
Reference(s): CVE-2013-2465
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17106
 
Oval ID: oval:org.mitre.oval:def:17106
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect image channel verification" in 2D.
Family: windows Class: vulnerability
Reference(s): CVE-2013-2465
Version: 8
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22304
 
Oval ID: oval:org.mitre.oval:def:22304
Title: Vulnerability in Java SE 5.0u55, Java SE 6u65 and Java SE 7u45 component of Oracle Java SE (subcomponent: Serviceability)
Description: Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Serviceability. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to throwing of an incorrect exception when SnmpStatusException should have been used in the SNMP implementation, which allows attackers to escape the sandbox.
Family: windows Class: vulnerability
Reference(s): CVE-2014-0373
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19591
 
Oval ID: oval:org.mitre.oval:def:19591
Title: HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 45 and earlier and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT.
Family: unix Class: vulnerability
Reference(s): CVE-2013-3743
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19453
 
Oval ID: oval:org.mitre.oval:def:19453
Title: HP-UX Running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 45 and earlier and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT.
Family: unix Class: vulnerability
Reference(s): CVE-2013-3743
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis: