Описание
Security update for IBM Java 6
IBM Java 6 SR15 has been released and fixes lots of bugs and security issues.
More information can be found on: http://www.ibm.com/developerworks/java/jdk/alerts/ http://www.ibm.com/developerworks/java/jdk/alerts/
Security Issue references:
Список пакетов
SUSE Linux Enterprise Server 11 SP1-LTSS
SUSE Linux Enterprise Server 11 SP1-TERADATA
SUSE Linux Enterprise Server 11 SP2
SUSE Linux Enterprise Server 11 SP2-LTSS
SUSE Linux Enterprise Server for SAP Applications 11 SP2
SUSE Manager 1.7
Ссылки
- Link for SUSE-SU-2015:1086-1
- E-Mail link for SUSE-SU-2015:1086-1
- SUSE Security Ratings
- SUSE Bug 592934
- SUSE Bug 666744
- SUSE Bug 771808
- SUSE Bug 773021
- SUSE Bug 778629
- SUSE Bug 785631
- SUSE Bug 788750
- SUSE Bug 798535
- SUSE Bug 808625
- SUSE Bug 813939
- SUSE Bug 817062
- SUSE Bug 819288
- SUSE Bug 823034
- SUSE Bug 829212
- SUSE Bug 849212
- SUSE Bug 862064
- SUSE Bug 877430
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE 7 update 4 and earlier and 6 update 32 and earlier, and the GlassFish Enterprise Server component in Oracle Sun Products Suite GlassFish Enterprise Server 3.1.1, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Web Container or Deployment.
Затронутые продукты
Ссылки
- CVE-2012-0551
- SUSE Bug 778629
- SUSE Bug 780897
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier; and JavaFX 2.2 and earlier; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
Затронутые продукты
Ссылки
- CVE-2012-1531
- SUSE Bug 785429
- SUSE Bug 785433
- SUSE Bug 785814
- SUSE Bug 788750
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier and 6 Update 35 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
Затронутые продукты
Ссылки
- CVE-2012-1532
- SUSE Bug 785429
- SUSE Bug 785433
- SUSE Bug 785814
- SUSE Bug 788750
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2012-3159.
Затронутые продукты
Ссылки
- CVE-2012-1533
- SUSE Bug 785429
- SUSE Bug 785433
- SUSE Bug 785814
- SUSE Bug 788750
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from a third party that the issue is due to an interaction error in between the JRE plug-in for WebKit-based browsers and the Javascript engine, which allows remote attackers to execute arbitrary code by modifying DOM nodes that contain applet elements in a way that triggers an incorrect reference count and a use after free.
Затронутые продукты
Ссылки
- CVE-2012-1541
- SUSE Bug 798535
- SUSE Bug 806786
- SUSE Bug 818972
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, 1.4.2_37 and earlier, and JavaFX 2.1 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
Затронутые продукты
Ссылки
- CVE-2012-1713
- SUSE Bug 766802
- SUSE Bug 778629
- SUSE Bug 780897
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, and 5 update 35 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Swing.
Затронутые продукты
Ссылки
- CVE-2012-1716
- SUSE Bug 766802
- SUSE Bug 778629
- SUSE Bug 780897
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows local users to affect confidentiality via unknown vectors related to printing on Solaris or Linux.
Затронутые продукты
Ссылки
- CVE-2012-1717
- SUSE Bug 766802
- SUSE Bug 778629
- SUSE Bug 780897
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect availability via unknown vectors related to Security.
Затронутые продукты
Ссылки
- CVE-2012-1718
- SUSE Bug 778629
- SUSE Bug 780897
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect integrity, related to CORBA.
Затронутые продукты
Ссылки
- CVE-2012-1719
- SUSE Bug 766802
- SUSE Bug 778629
- SUSE Bug 780897
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, and 6 update 32 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2012-1722.
Затронутые продукты
Ссылки
- CVE-2012-1721
- SUSE Bug 778629
- SUSE Bug 780897
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, and 6 update 32 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2012-1721.
Затронутые продукты
Ссылки
- CVE-2012-1722
- SUSE Bug 778629
- SUSE Bug 780897
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, and 5 update 35 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
Затронутые продукты
Ссылки
- CVE-2012-1725
- SUSE Bug 766802
- SUSE Bug 778629
- SUSE Bug 780897
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JMX, a different vulnerability than CVE-2012-5089.
Затронутые продукты
Ссылки
- CVE-2012-3143
- SUSE Bug 785429
- SUSE Bug 785433
- SUSE Bug 785814
- SUSE Bug 788750
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2012-1533.
Затронутые продукты
Ссылки
- CVE-2012-3159
- SUSE Bug 785429
- SUSE Bug 785433
- SUSE Bug 785814
- SUSE Bug 788750
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Scripting.
Затронутые продукты
Ссылки
- CVE-2012-3213
- SUSE Bug 798535
- SUSE Bug 803379
- SUSE Bug 806786
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Libraries.
Затронутые продукты
Ссылки
- CVE-2012-3216
- SUSE Bug 785429
- SUSE Bug 785433
- SUSE Bug 785814
- SUSE Bug 788750
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU.
Затронутые продукты
Ссылки
- CVE-2012-3342
- SUSE Bug 798535
- SUSE Bug 803379
- SUSE Bug 806786
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Затронутые продукты
Ссылки
- CVE-2012-5068
- SUSE Bug 785429
- SUSE Bug 785433
- SUSE Bug 785814
- SUSE Bug 788750
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Concurrency.
Затронутые продукты
Ссылки
- CVE-2012-5069
- SUSE Bug 785429
- SUSE Bug 785433
- SUSE Bug 785814
- SUSE Bug 788750
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality and integrity, related to JMX.
Затронутые продукты
Ссылки
- CVE-2012-5071
- SUSE Bug 785429
- SUSE Bug 785433
- SUSE Bug 785814
- SUSE Bug 788750
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality via unknown vectors related to Security.
Затронутые продукты
Ссылки
- CVE-2012-5072
- SUSE Bug 785429
- SUSE Bug 785433
- SUSE Bug 785814
- SUSE Bug 788750
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries, a different vulnerability than CVE-2012-5079.
Затронутые продукты
Ссылки
- CVE-2012-5073
- SUSE Bug 785429
- SUSE Bug 785433
- SUSE Bug 785814
- SUSE Bug 788750
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, related to JMX.
Затронутые продукты
Ссылки
- CVE-2012-5075
- SUSE Bug 785429
- SUSE Bug 785433
- SUSE Bug 785814
- SUSE Bug 788750
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries, a different vulnerability than CVE-2012-5073.
Затронутые продукты
Ссылки
- CVE-2012-5079
- SUSE Bug 785429
- SUSE Bug 785433
- SUSE Bug 785814
- SUSE Bug 788750
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect availability, related to JSSE.
Затронутые продукты
Ссылки
- CVE-2012-5081
- SUSE Bug 785429
- SUSE Bug 785433
- SUSE Bug 785814
- SUSE Bug 788750
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, 1.4.2_38 and earlier, and JavaFX 2.2 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
Затронутые продукты
Ссылки
- CVE-2012-5083
- SUSE Bug 785429
- SUSE Bug 785433
- SUSE Bug 785814
- SUSE Bug 788750
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Swing.
Затронутые продукты
Ссылки
- CVE-2012-5084
- SUSE Bug 785429
- SUSE Bug 785433
- SUSE Bug 785814
- SUSE Bug 788750
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JMX, a different vulnerability than CVE-2012-3143.
Затронутые продукты
Ссылки
- CVE-2012-5089
- SUSE Bug 785429
- SUSE Bug 785433
- SUSE Bug 785814
- SUSE Bug 788750
Описание
The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
Затронутые продукты
Ссылки
- CVE-2013-0169
- SUSE Bug 1070148
- SUSE Bug 1103036
- SUSE Bug 1103597
- SUSE Bug 802184
- SUSE Bug 802648
- SUSE Bug 802746
- SUSE Bug 803379
- SUSE Bug 804654
- SUSE Bug 809839
- SUSE Bug 813366
- SUSE Bug 813939
- SUSE Bug 821818
- SUSE Bug 905106
- SUSE Bug 977584
- SUSE Bug 977616
- SUSE Bug 984977
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU.
Затронутые продукты
Ссылки
- CVE-2013-0351
- SUSE Bug 798535
- SUSE Bug 803379
- SUSE Bug 806786
Описание
The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to execute arbitrary code via vectors related to AWT, as demonstrated by Ben Murphy during a Pwn2Own competition at CanSecWest 2013. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to invocation of the system class loader by the sun.awt.datatransfer.ClassLoaderObjectInputStream class, which allows remote attackers to bypass Java sandbox restrictions.
Затронутые продукты
Ссылки
- CVE-2013-0401
- SUSE Bug 816720
- SUSE Bug 817157
- SUSE Bug 819288
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38 allows remote attackers to affect confidentiality via vectors related to JMX.
Затронутые продукты
Ссылки
- CVE-2013-0409
- SUSE Bug 798535
- SUSE Bug 803379
- SUSE Bug 806786
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU.
Затронутые продукты
Ссылки
- CVE-2013-0419
- SUSE Bug 798535
- SUSE Bug 803379
- SUSE Bug 806786
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU.
Затронутые продукты
Ссылки
- CVE-2013-0423
- SUSE Bug 798535
- SUSE Bug 803379
- SUSE Bug 806786
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via vectors related to RMI. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to cross-site scripting (XSS) in the sun.rmi.transport.proxy CGIHandler class that does not properly handle error messages in a (1) command or (2) port number.
Затронутые продукты
Ссылки
- CVE-2013-0424
- SUSE Bug 798535
- SUSE Bug 801972
- SUSE Bug 803379
- SUSE Bug 806786
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0428 and CVE-2013-0426. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect "access control checks" in the logging API that allow remote attackers to bypass Java sandbox restrictions.
Затронутые продукты
Ссылки
- CVE-2013-0425
- SUSE Bug 798535
- SUSE Bug 801972
- SUSE Bug 803379
- SUSE Bug 806786
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0425 and CVE-2013-0428. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect "access control checks" in the logging API that allow remote attackers to bypass Java sandbox restrictions.
Затронутые продукты
Ссылки
- CVE-2013-0426
- SUSE Bug 798535
- SUSE Bug 801972
- SUSE Bug 803379
- SUSE Bug 806786
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect integrity via unknown vectors related to Libraries. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to interrupt certain threads that should not be interrupted.
Затронутые продукты
Ссылки
- CVE-2013-0427
- SUSE Bug 798535
- SUSE Bug 801972
- SUSE Bug 803379
- SUSE Bug 806786
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0425 and CVE-2013-0426. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "incorrect checks for proxy classes" in the Reflection API.
Затронутые продукты
Ссылки
- CVE-2013-0428
- SUSE Bug 798535
- SUSE Bug 801972
- SUSE Bug 803379
- SUSE Bug 806786
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality and integrity via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient clipboard access premission checks."
Затронутые продукты
Ссылки
- CVE-2013-0432
- SUSE Bug 798535
- SUSE Bug 801972
- SUSE Bug 803379
- SUSE Bug 806786
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect integrity via unknown vectors related to Networking. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to avoid triggering an exception during the deserialization of invalid InetSocketAddress data.
Затронутые продукты
Ссылки
- CVE-2013-0433
- SUSE Bug 798535
- SUSE Bug 801972
- SUSE Bug 803379
- SUSE Bug 806786
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality via vectors related to JAXP. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to the public declaration of the loadPropertyFile method in the JAXP FuncSystemProperty class, which allows remote attackers to obtain sensitive information.
Затронутые продукты
Ссылки
- CVE-2013-0434
- SUSE Bug 798535
- SUSE Bug 801972
- SUSE Bug 803379
- SUSE Bug 806786
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality via vectors related to JAX-WS. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper restriction of com.sun.xml.internal packages and "Better handling of UI elements."
Затронутые продукты
Ссылки
- CVE-2013-0435
- SUSE Bug 798535
- SUSE Bug 801972
- SUSE Bug 803379
- SUSE Bug 806786
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality via unknown vectors related to Deployment.
Затронутые продукты
Ссылки
- CVE-2013-0438
- SUSE Bug 798535
- SUSE Bug 803379
- SUSE Bug 806786
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, allows remote attackers to affect availability via vectors related to JSSE. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to CPU consumption in the SSL/TLS implementation via a large number of ClientHello packets that are not properly handled by (1) ClientHandshaker.java and (2) ServerHandshaker.java.
Затронутые продукты
Ссылки
- CVE-2013-0440
- SUSE Bug 798535
- SUSE Bug 801972
- SUSE Bug 803379
- SUSE Bug 806786
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2013-1476 and CVE-2013-1475. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass Java sandbox restrictions via certain methods that should not be serialized, aka "missing serialization restriction."
Затронутые продукты
Ссылки
- CVE-2013-0441
- SUSE Bug 798535
- SUSE Bug 801972
- SUSE Bug 803379
- SUSE Bug 806786
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to an improper check of "privileges of the code" that bypasses the sandbox.
Затронутые продукты
Ссылки
- CVE-2013-0442
- SUSE Bug 798535
- SUSE Bug 801972
- SUSE Bug 803379
- SUSE Bug 806786
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect validation of Diffie-Hellman keys, which allows remote attackers to conduct a "small subgroup attack" to force the use of weak session keys or obtain sensitive information about the private key.
Затронутые продукты
Ссылки
- CVE-2013-0443
- SUSE Bug 798535
- SUSE Bug 801972
- SUSE Bug 803379
- SUSE Bug 806786
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to an improper check of "privileges of the code" that bypasses the sandbox.
Затронутые продукты
Ссылки
- CVE-2013-0445
- SUSE Bug 798535
- SUSE Bug 803379
- SUSE Bug 806786
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU.
Затронутые продукты
Ссылки
- CVE-2013-0446
- SUSE Bug 798535
- SUSE Bug 803379
- SUSE Bug 806786
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper checks of "access control context" in the JMX RequiredModelMBean class.
Затронутые продукты
Ссылки
- CVE-2013-0450
- SUSE Bug 798535
- SUSE Bug 801972
- SUSE Bug 803379
- SUSE Bug 806786
Описание
Unspecified vulnerability in IBM Java SDK 7 before SR4-FP1, 6 before SR13-FP1, 5.0 before SR16-FP1, and 1.4.2 before SR13-FP16 has unknown impact and attack vectors related to Class Libraries.
Затронутые продукты
Ссылки
- CVE-2013-0485
- SUSE Bug 813939
Описание
Unspecified vulnerability in the 2D component in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2013-1493.
Затронутые продукты
Ссылки
- CVE-2013-0809
- SUSE Bug 806786
- SUSE Bug 807487
- SUSE Bug 809386
- SUSE Bug 813939
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect integrity via unknown vectors related to Deployment.
Затронутые продукты
Ссылки
- CVE-2013-1473
- SUSE Bug 798535
- SUSE Bug 803379
- SUSE Bug 806786
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2013-0441 and CVE-2013-1475. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass Java sandbox restrictions via "certain value handler constructors."
Затронутые продукты
Ссылки
- CVE-2013-1476
- SUSE Bug 798535
- SUSE Bug 801972
- SUSE Bug 803379
- SUSE Bug 806786
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" that can trigger an integer overflow and memory corruption.
Затронутые продукты
Ссылки
- CVE-2013-1478
- SUSE Bug 798535
- SUSE Bug 801972
- SUSE Bug 803379
- SUSE Bug 806786
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" in awt_parseImage.c, which triggers memory corruption.
Затронутые продукты
Ссылки
- CVE-2013-1480
- SUSE Bug 798535
- SUSE Bug 801972
- SUSE Bug 803379
- SUSE Bug 806786
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound.
Затронутые продукты
Ссылки
- CVE-2013-1481
- SUSE Bug 798535
- SUSE Bug 803379
- SUSE Bug 806786
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier, 6 Update 39 and earlier, and 5.0 Update 39 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.
Затронутые продукты
Ссылки
- CVE-2013-1486
- SUSE Bug 798535
- SUSE Bug 803379
- SUSE Bug 804654
Описание
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE 7 Update 13 and earlier and 6 Update 39 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
Затронутые продукты
Ссылки
- CVE-2013-1487
- SUSE Bug 798535
Описание
The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to execute arbitrary code via vectors related to 2D, as demonstrated by Joshua Drake during a Pwn2Own competition at CanSecWest 2013.
Затронутые продукты
Ссылки
- CVE-2013-1491
- SUSE Bug 819288
Описание
The color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (crash) via an image with crafted raster parameters, which triggers (1) an out-of-bounds read or (2) memory corruption in the JVM, as exploited in the wild in February 2013.
Затронутые продукты
Ссылки
- CVE-2013-1493
- SUSE Bug 806786
- SUSE Bug 807487
- SUSE Bug 809386
- SUSE Bug 813939
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows local users to affect confidentiality and integrity via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to weak permissions for shared memory.
Затронутые продукты
Ссылки
- CVE-2013-1500
- SUSE Bug 825624
- SUSE Bug 828665
- SUSE Bug 829212
- SUSE Bug 829708
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to the default java.rmi.server.useCodebaseOnly setting of false, which allows remote attackers to perform "dynamic class downloading" and execute arbitrary code.
Затронутые продукты
Ссылки
- CVE-2013-1537
- SUSE Bug 816720
- SUSE Bug 817157
- SUSE Bug 819288
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2433.
Затронутые продукты
Ссылки
- CVE-2013-1540
- SUSE Bug 819288
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "missing security restrictions" in the LogStream.setDefaultStream method.
Затронутые продукты
Ссылки
- CVE-2013-1557
- SUSE Bug 816720
- SUSE Bug 817157
- SUSE Bug 819288
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install.
Затронутые продукты
Ссылки
- CVE-2013-1563
- SUSE Bug 819288
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "checking of [a] glyph table" in the International Components for Unicode (ICU) Layout Engine before 51.2.
Затронутые продукты
Ссылки
- CVE-2013-1569
- SUSE Bug 816720
- SUSE Bug 817157
- SUSE Bug 819288
Описание
Unspecified vulnerability in the Javadoc component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier; JavaFX 2.2.21 and earlier; and OpenJDK 7 allows remote attackers to affect integrity via unknown vectors related to Javadoc. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to frame injection in HTML that is generated by Javadoc.
Затронутые продукты
Ссылки
- CVE-2013-1571
- SUSE Bug 824397
- SUSE Bug 825624
- SUSE Bug 828665
- SUSE Bug 829212
- SUSE Bug 829708
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-1569, CVE-2013-2384, and CVE-2013-2420. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "handling of [a] glyph table" in the International Components for Unicode (ICU) Layout Engine before 51.2.
Затронутые продукты
Ссылки
- CVE-2013-2383
- SUSE Bug 816720
- SUSE Bug 817157
- SUSE Bug 819288
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-1569, CVE-2013-2383, and CVE-2013-2420. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "font layout" in the International Components for Unicode (ICU) Layout Engine before 51.2.
Затронутые продукты
Ссылки
- CVE-2013-2384
- SUSE Bug 816720
- SUSE Bug 817157
- SUSE Bug 819288
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-2432 and CVE-2013-1491.
Затронутые продукты
Ссылки
- CVE-2013-2394
- SUSE Bug 819288
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and availability via unknown vectors related to Libraries. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "XML security and the class loader."
Затронутые продукты
Ссылки
- CVE-2013-2407
- SUSE Bug 825624
- SUSE Bug 828665
- SUSE Bug 829212
- SUSE Bug 829708
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Serviceability. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to insufficient indication of an SSL connection failure by JConsole, related to RMI connection dialog box.
Затронутые продукты
Ссылки
- CVE-2013-2412
- SUSE Bug 825624
- SUSE Bug 828665
- SUSE Bug 829212
- SUSE Bug 829708
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect availability via unknown vectors related to Networking. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to an information leak involving InetAddress serialization. CVE has not investigated the apparent discrepancy between vendor reports regarding the impact of this issue.
Затронутые продукты
Ссылки
- CVE-2013-2417
- SUSE Bug 816720
- SUSE Bug 817157
- SUSE Bug 819288
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
Затронутые продукты
Ссылки
- CVE-2013-2418
- SUSE Bug 819288
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect availability via unknown vectors related to 2D. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "font processing errors" in the International Components for Unicode (ICU) Layout Engine before 51.2.
Затронутые продукты
Ссылки
- CVE-2013-2419
- SUSE Bug 816720
- SUSE Bug 817157
- SUSE Bug 819288
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to insufficient "validation of images" in share/native/sun/awt/image/awt_ImageRep.c, possibly involving offsets.
Затронутые продукты
Ссылки
- CVE-2013-2420
- SUSE Bug 816720
- SUSE Bug 817157
- SUSE Bug 819288
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper method-invocation restrictions by the MethodUtil trampoline class, which allows remote attackers to bypass the Java sandbox.
Затронутые продукты
Ссылки
- CVE-2013-2422
- SUSE Bug 816720
- SUSE Bug 817157
- SUSE Bug 819288
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality via vectors related to JMX. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient class access checks" when "creating new instances" using MBeanInstantiator.
Затронутые продукты
Ссылки
- CVE-2013-2424
- SUSE Bug 816720
- SUSE Bug 817157
- SUSE Bug 819288
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to ImageIO. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "JPEGImageWriter state corruption" when using native code, which triggers memory corruption.
Затронутые продукты
Ссылки
- CVE-2013-2429
- SUSE Bug 816720
- SUSE Bug 817157
- SUSE Bug 819288
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; JavaFX 2.2.7 and earlier; and OpenJDK 6 and 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to ImageIO. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "JPEGImageReader state corruption" when using native code.
Затронутые продукты
Ссылки
- CVE-2013-2430
- SUSE Bug 816720
- SUSE Bug 817157
- SUSE Bug 819288
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-2394 and CVE-2013-1491.
Затронутые продукты
Ссылки
- CVE-2013-2432
- SUSE Bug 819288
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-1540.
Затронутые продукты
Ссылки
- CVE-2013-2433
- SUSE Bug 819288
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2440.
Затронутые продукты
Ссылки
- CVE-2013-2435
- SUSE Bug 819288
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Deployment.
Затронутые продукты
Ссылки
- CVE-2013-2437
- SUSE Bug 825624
- SUSE Bug 829212
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2435.
Затронутые продукты
Ссылки
- CVE-2013-2440
- SUSE Bug 819288
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2466 and CVE-2013-2468.
Затронутые продукты
Ссылки
- CVE-2013-2442
- SUSE Bug 825624
- SUSE Bug 829212
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries, a different vulnerability than CVE-2013-2452 and CVE-2013-2455. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is due to an incorrect "checking order" within the AccessControlContext class.
Затронутые продукты
Ссылки
- CVE-2013-2443
- SUSE Bug 825624
- SUSE Bug 828665
- SUSE Bug 829212
- SUSE Bug 829708
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier; JavaFX 2.2.21 and earlier; and OpenJDK 7 allows remote attackers to affect availability via vectors related to AWT. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue does not "properly manage and restrict certain resources related to the processing of fonts," possibly involving temporary files.
Затронутые продукты
Ссылки
- CVE-2013-2444
- SUSE Bug 825624
- SUSE Bug 828665
- SUSE Bug 829212
- SUSE Bug 829708
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via vectors related to CORBA. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue does not properly enforce access restrictions for CORBA output streams.
Затронутые продукты
Ссылки
- CVE-2013-2446
- SUSE Bug 825624
- SUSE Bug 828665
- SUSE Bug 829212
- SUSE Bug 829708
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Networking. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to obtain a socket's local address via vectors involving inconsistencies between Socket.getLocalAddress and InetAddress.getLocalHost.
Затронутые продукты
Ссылки
- CVE-2013-2447
- SUSE Bug 825624
- SUSE Bug 828665
- SUSE Bug 829212
- SUSE Bug 829708
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to insufficient "access restrictions" and "robustness of sound classes."
Затронутые продукты
Ссылки
- CVE-2013-2448
- SUSE Bug 825624
- SUSE Bug 828665
- SUSE Bug 829212
- SUSE Bug 829708
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect availability via unknown vectors related to Serialization. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper handling of circular references in ObjectStreamClass.
Затронутые продукты
Ссылки
- CVE-2013-2450
- SUSE Bug 825624
- SUSE Bug 828665
- SUSE Bug 829212
- SUSE Bug 829708
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Networking. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper enforcement of exclusive port binds when running on Windows, which allows attackers to bind to ports that are already in use.
Затронутые продукты
Ссылки
- CVE-2013-2451
- SUSE Bug 825624
- SUSE Bug 828665
- SUSE Bug 829212
- SUSE Bug 829708
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries, a different vulnerability than CVE-2013-2443 and CVE-2013-2455. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "network address handling in virtual machine identifiers" and the lack of "unique and unpredictable IDs" in the java.rmi.dgc.VMID class.
Затронутые продукты
Ссылки
- CVE-2013-2452
- SUSE Bug 825624
- SUSE Bug 828665
- SUSE Bug 829212
- SUSE Bug 829708
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect integrity via vectors related to JMX. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is due to a missing check for "package access" by the MBeanServer Introspector.
Затронутые продукты
Ссылки
- CVE-2013-2453
- SUSE Bug 825624
- SUSE Bug 828665
- SUSE Bug 829212
- SUSE Bug 829708
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and integrity via vectors related to JDBC. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue does not properly restrict access to certain class packages in the SerialJavaObject class, which allows remote attackers to bypass the Java sandbox.
Затронутые продукты
Ссылки
- CVE-2013-2454
- SUSE Bug 825624
- SUSE Bug 828665
- SUSE Bug 829212
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries, a different vulnerability than CVE-2013-2443 and CVE-2013-2452. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect access checks by the (1) getEnclosingClass, (2) getEnclosingMethod, and (3) getEnclosingConstructor methods.
Затронутые продукты
Ссылки
- CVE-2013-2455
- SUSE Bug 825624
- SUSE Bug 828665
- SUSE Bug 829212
- SUSE Bug 829708
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Serialization. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper access checks for subclasses in the ObjectOutputStream class.
Затронутые продукты
Ссылки
- CVE-2013-2456
- SUSE Bug 825624
- SUSE Bug 828665
- SUSE Bug 829212
- SUSE Bug 829708
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via vectors related to JMX. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is due to an incorrect implementation of "certain class checks" that allows remote attackers to bypass intended class restrictions.
Затронутые продукты
Ссылки
- CVE-2013-2457
- SUSE Bug 825624
- SUSE Bug 828665
- SUSE Bug 829212
- SUSE Bug 829708
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "integer overflow checks."
Затронутые продукты
Ссылки
- CVE-2013-2459
- SUSE Bug 825624
- SUSE Bug 828665
- SUSE Bug 829212
- SUSE Bug 829708
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect image attribute verification" in 2D.
Затронутые продукты
Ссылки
- CVE-2013-2463
- SUSE Bug 825624
- SUSE Bug 828665
- SUSE Bug 829212
- SUSE Bug 829708
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-2463, CVE-2013-2465, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, and CVE-2013-2473.
Затронутые продукты
Ссылки
- CVE-2013-2464
- SUSE Bug 825624
- SUSE Bug 829212
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect image channel verification" in 2D.
Затронутые продукты
Ссылки
- CVE-2013-2465
- SUSE Bug 825624
- SUSE Bug 828665
- SUSE Bug 829212
- SUSE Bug 829708
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2442 and CVE-2013-2468.
Затронутые продукты
Ссылки
- CVE-2013-2466
- SUSE Bug 825624
- SUSE Bug 829212
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2442 and CVE-2013-2466.
Затронутые продукты
Ссылки
- CVE-2013-2468
- SUSE Bug 825624
- SUSE Bug 829212
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect image layout verification" in 2D.
Затронутые продукты
Ссылки
- CVE-2013-2469
- SUSE Bug 825624
- SUSE Bug 828665
- SUSE Bug 829212
- SUSE Bug 829708
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "ImagingLib byte lookup processing."
Затронутые продукты
Ссылки
- CVE-2013-2470
- SUSE Bug 825624
- SUSE Bug 828665
- SUSE Bug 829212
- SUSE Bug 829708
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect IntegerComponentRaster size checks."
Затронутые продукты
Ссылки
- CVE-2013-2471
- SUSE Bug 825624
- SUSE Bug 828665
- SUSE Bug 829212
- SUSE Bug 829708
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect ShortBandedRaster size checks" in 2D.
Затронутые продукты
Ссылки
- CVE-2013-2472
- SUSE Bug 825624
- SUSE Bug 828665
- SUSE Bug 829212
- SUSE Bug 829708
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect ByteBandedRaster size checks" in 2D.
Затронутые продукты
Ссылки
- CVE-2013-2473
- SUSE Bug 825624
- SUSE Bug 828665
- SUSE Bug 829212
- SUSE Bug 829708
Описание
The com.ibm.CORBA.iiop.ClientDelegate class in IBM Java 1.4.2 before 1.4.2 SR13-FP18, 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 improperly exposes the invoke method of the java.lang.reflect.Method class, which allows remote attackers to call setSecurityManager and bypass a sandbox protection mechanism via vectors related to the AccessController doPrivileged block.
Затронутые продукты
Ссылки
- CVE-2013-3009
- SUSE Bug 829212
- SUSE Bug 977650
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 1.4.2 before 1.4.2 SR13-FP18, 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 allows remote attackers to affect confidentiality, availability, and integrity via unknown vectors, a different vulnerability than CVE-2013-3009 and CVE-2013-3012.
Затронутые продукты
Ссылки
- CVE-2013-3011
- SUSE Bug 829212
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 1.4.2 before 1.4.2 SR13-FP18, 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 allows remote attackers to affect confidentiality, availability, and integrity via unknown vectors, a different vulnerability than CVE-2013-3009 and CVE-2013-3011.
Затронутые продукты
Ссылки
- CVE-2013-3012
- SUSE Bug 829212
Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 45 and earlier and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT.
Затронутые продукты
Ссылки
- CVE-2013-3743
- SUSE Bug 825624
- SUSE Bug 829212
Описание
Unspecified vulnerability in the Java SE, Java SE Embedded component in Oracle Java SE Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries.
Затронутые продукты
Ссылки
- CVE-2013-3829
- SUSE Bug 846177
- SUSE Bug 846999
- SUSE Bug 849212
- SUSE Bug 852367
Описание
XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, Java SE Embedded 7u40 and earlier, and possibly other products allows remote attackers to cause a denial of service via vectors related to XML attribute names.
Затронутые продукты
Ссылки
- CVE-2013-4002
- SUSE Bug 829212
- SUSE Bug 846177
- SUSE Bug 846999
- SUSE Bug 849212
- SUSE Bug 852367
Описание
Unspecified vulnerability in IBM Java SDK 5.0.0 before SR16 FP4, 7.0.0 before SR6, 6.0.1 before SR7, and 6.0.0 before SR15 allows remote attackers to access restricted classes via unspecified vectors.
Затронутые продукты
Ссылки
- CVE-2013-4041
- SUSE Bug 849212
Описание
The XML4J parser in IBM WebSphere Message Broker 6.1 before 6.1.0.12, 7.0 before 7.0.0.7, and 8.0 before 8.0.0.4 and IBM Integration Bus 9.0 before 9.0.0.1 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document that triggers expansion for many entities.
Затронутые продукты
Ссылки
- CVE-2013-5372
- SUSE Bug 849212
Описание
Unspecified vulnerability in IBM Java SDK 7.0.0 before SR6, 6.0.1 before SR7, 6.0.0 before SR15, and 5.0.0 before SR16 FP4 allows remote attackers to access restricted classes via unspecified vectors related to XML and XSL.
Затронутые продукты
Ссылки
- CVE-2013-5375
- SUSE Bug 849212
Описание
The com.ibm.rmi.io.SunSerializableFactory class in IBM Java SDK 7.0.0 before SR6 allows remote attackers to bypass a sandbox protection mechanism and execute arbitrary code via vectors related to deserialization inside the AccessController doPrivileged block.
Затронутые продукты
Ссылки
- CVE-2013-5456
- SUSE Bug 849212
- SUSE Bug 977646
- SUSE Bug 981057
- SUSE Bug 981060
- SUSE Bug 981087
Описание
Unspecified vulnerability in IBM Java SDK 7.0.0 before SR6, 6.0.1 before SR7, and 6.0.0 before SR15 allows remote attackers to execute arbitrary code via unspecified vectors.
Затронутые продукты
Ссылки
- CVE-2013-5457
- SUSE Bug 849212
Описание
Unspecified vulnerability in IBM Java SDK 7.0.0 before SR6 allows remote attackers to execute arbitrary code via unspecified vectors.
Затронутые продукты
Ссылки
- CVE-2013-5458
- SUSE Bug 849212
Описание
Unspecified vulnerability in the Java SE component in Oracle Java SE Java SE 7u40 and earlier and Java SE 6u60 and earlier allows remote attackers to affect integrity via unknown vectors related to jhat.
Затронутые продукты
Ссылки
- CVE-2013-5772
- SUSE Bug 846177
- SUSE Bug 846999
- SUSE Bug 849212
- SUSE Bug 852367
Описание
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, 6u60 and earlier, 5.0u51 and earlier, and Embedded 7u40 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries.
Затронутые продукты
Ссылки
- CVE-2013-5774
- SUSE Bug 846177
- SUSE Bug 846999
- SUSE Bug 849212
- SUSE Bug 852367
Описание
Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment.
Затронутые продукты
Ссылки
- CVE-2013-5776
- SUSE Bug 846177
- SUSE Bug 849212
Описание
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, 6u60 and earlier, 5.0u51 and earlier, and Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to 2D.
Затронутые продукты
Ссылки
- CVE-2013-5778
- SUSE Bug 846177
- SUSE Bug 846999
- SUSE Bug 849212
- SUSE Bug 852367
Описание
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Libraries.
Затронутые продукты
Ссылки
- CVE-2013-5780
- SUSE Bug 846177
- SUSE Bug 846999
- SUSE Bug 849212
- SUSE Bug 852367
Описание
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
Затронутые продукты
Ссылки
- CVE-2013-5782
- SUSE Bug 846177
- SUSE Bug 846999
- SUSE Bug 849212
- SUSE Bug 852367
Описание
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Swing.
Затронутые продукты
Ссылки
- CVE-2013-5783
- SUSE Bug 846177
- SUSE Bug 846999
- SUSE Bug 849212
- SUSE Bug 852367
Описание
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via vectors related to SCRIPTING.
Затронутые продукты
Ссылки
- CVE-2013-5784
- SUSE Bug 846177
- SUSE Bug 846999
- SUSE Bug 849212
- SUSE Bug 852367
Описание
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5789, CVE-2013-5824, CVE-2013-5832, and CVE-2013-5852.
Затронутые продукты
Ссылки
- CVE-2013-5787
- SUSE Bug 846177
- SUSE Bug 849212
Описание
Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
Затронутые продукты
Ссылки
- CVE-2013-5788
- SUSE Bug 846177
- SUSE Bug 849212
Описание
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5787, CVE-2013-5824, CVE-2013-5832, and CVE-2013-5852.
Затронутые продукты
Ссылки
- CVE-2013-5789
- SUSE Bug 846177
- SUSE Bug 849212
Описание
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to BEANS.
Затронутые продукты
Ссылки
- CVE-2013-5790
- SUSE Bug 846177
- SUSE Bug 846999
- SUSE Bug 849212
- SUSE Bug 852367
Описание
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and JavaFX 2.2.40 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Javadoc.
Затронутые продукты
Ссылки
- CVE-2013-5797
- SUSE Bug 846177
- SUSE Bug 846999
- SUSE Bug 849212
- SUSE Bug 852367
Описание
Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to JGSS.
Затронутые продукты
Ссылки
- CVE-2013-5800
- SUSE Bug 846177
- SUSE Bug 846999
- SUSE Bug 849212
Описание
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to 2D.
Затронутые продукты
Ссылки
- CVE-2013-5801
- SUSE Bug 846177
- SUSE Bug 849212
Описание
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXP.
Затронутые продукты
Ссылки
- CVE-2013-5802
- SUSE Bug 846177
- SUSE Bug 846999
- SUSE Bug 849212
- SUSE Bug 852367
Описание
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect availability via vectors related to JGSS.
Затронутые продукты
Ссылки
- CVE-2013-5803
- SUSE Bug 846177
- SUSE Bug 846999
- SUSE Bug 849212
- SUSE Bug 852367
Описание
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, and JRockit R27.7.6 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Javadoc.
Затронутые продукты
Ссылки
- CVE-2013-5804
- SUSE Bug 846177
- SUSE Bug 846999
- SUSE Bug 849212
- SUSE Bug 852367
Описание
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-5829.
Затронутые продукты
Ссылки
- CVE-2013-5809
- SUSE Bug 846177
- SUSE Bug 846999
- SUSE Bug 849212
- SUSE Bug 852367
Описание
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality and availability via unknown vectors related to Deployment.
Затронутые продукты
Ссылки
- CVE-2013-5812
- SUSE Bug 846177
- SUSE Bug 849212
Описание
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA.
Затронутые продукты
Ссылки
- CVE-2013-5814
- SUSE Bug 846177
- SUSE Bug 846999
- SUSE Bug 849212
- SUSE Bug 852367
Описание
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JNDI.
Затронутые продукты
Ссылки
- CVE-2013-5817
- SUSE Bug 846177
- SUSE Bug 846999
- SUSE Bug 849212
- SUSE Bug 852367
Описание
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5819 and CVE-2013-5831.
Затронутые продукты
Ссылки
- CVE-2013-5818
- SUSE Bug 846177
- SUSE Bug 849212
Описание
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5818 and CVE-2013-5831.
Затронутые продукты
Ссылки
- CVE-2013-5819
- SUSE Bug 846177
- SUSE Bug 849212
Описание
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via vectors related to JAX-WS.
Затронутые продукты
Ссылки
- CVE-2013-5820
- SUSE Bug 846177
- SUSE Bug 846999
- SUSE Bug 849212
- SUSE Bug 852367
Описание
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect availability via unknown vectors related to Security.
Затронутые продукты
Ссылки
- CVE-2013-5823
- SUSE Bug 846177
- SUSE Bug 846999
- SUSE Bug 849212
- SUSE Bug 852367
Описание
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5787, CVE-2013-5789, CVE-2013-5832, and CVE-2013-5852.
Затронутые продукты
Ссылки
- CVE-2013-5824
- SUSE Bug 846177
- SUSE Bug 849212
Описание
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect availability via vectors related to JAXP.
Затронутые продукты
Ссылки
- CVE-2013-5825
- SUSE Bug 846177
- SUSE Bug 846999
- SUSE Bug 849212
- SUSE Bug 852367
Описание
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-5809.
Затронутые продукты
Ссылки
- CVE-2013-5829
- SUSE Bug 846177
- SUSE Bug 846999
- SUSE Bug 849212
- SUSE Bug 852367
Описание
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Затронутые продукты
Ссылки
- CVE-2013-5830
- SUSE Bug 846177
- SUSE Bug 846999
- SUSE Bug 849212
- SUSE Bug 852367
Описание
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5818 and CVE-2013-5819.
Затронутые продукты
Ссылки
- CVE-2013-5831
- SUSE Bug 846177
- SUSE Bug 849212
Описание
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5787, CVE-2013-5789, CVE-2013-5824, and CVE-2013-5852.
Затронутые продукты
Ссылки
- CVE-2013-5832
- SUSE Bug 846177
- SUSE Bug 849212
Описание
Unspecified vulnerability in Oracle Java SE 7u25 and earlier, and Java SE Embedded 7u25 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Затронутые продукты
Ссылки
- CVE-2013-5838
- SUSE Bug 846177
- SUSE Bug 849212
- SUSE Bug 972468
Описание
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Libraries.
Затронутые продукты
Ссылки
- CVE-2013-5840
- SUSE Bug 846177
- SUSE Bug 846999
- SUSE Bug 849212
- SUSE Bug 852367
Описание
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-5850.
Затронутые продукты
Ссылки
- CVE-2013-5842
- SUSE Bug 846177
- SUSE Bug 846999
- SUSE Bug 849212
- SUSE Bug 852367
Описание
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JavaFX 2.2.40 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
Затронутые продукты
Ссылки
- CVE-2013-5843
- SUSE Bug 846177
- SUSE Bug 849212
Описание
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and JavaFX 2.2.40 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment.
Затронутые продукты
Ссылки
- CVE-2013-5848
- SUSE Bug 846177
- SUSE Bug 849212
Описание
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to AWT.
Затронутые продукты
Ссылки
- CVE-2013-5849
- SUSE Bug 846177
- SUSE Bug 846999
- SUSE Bug 849212
- SUSE Bug 852367
Описание
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-5842.
Затронутые продукты
Ссылки
- CVE-2013-5850
- SUSE Bug 846177
- SUSE Bug 846999
- SUSE Bug 849212
- SUSE Bug 852367
Описание
Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to JAXP.
Затронутые продукты
Ссылки
- CVE-2013-5851
- SUSE Bug 846177
- SUSE Bug 846999
- SUSE Bug 849212
- SUSE Bug 852367
Описание
Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, Java SE Embedded 7u45, and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the Security component does not properly handle null XML namespace (xmlns) attributes during XML document canonicalization, which allows attackers to escape the sandbox.
Затронутые продукты
Ссылки
- CVE-2013-5878
- SUSE Bug 858818
- SUSE Bug 862064
Описание
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality via vectors related to CORBA. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to an incorrect check for code permissions by CORBA stub factories.
Затронутые продукты
Ссылки
- CVE-2013-5884
- SUSE Bug 858818
- SUSE Bug 862064
Описание
Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect availability via unknown vectors related to Deployment.
Затронутые продукты
Ссылки
- CVE-2013-5887
- SUSE Bug 862064
Описание
Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, when running with GNOME, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
Затронутые продукты
Ссылки
- CVE-2013-5888
- SUSE Bug 862064
Описание
Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5902, CVE-2014-0410, CVE-2014-0415, CVE-2014-0418, and CVE-2014-0424.
Затронутые продукты
Ссылки
- CVE-2013-5889
- SUSE Bug 862064
Описание
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect availability via vectors related to CORBA. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that com.sun.corba.se and its sub-packages are not included on the restricted package list.
Затронутые продукты
Ссылки
- CVE-2013-5896
- SUSE Bug 858818
- SUSE Bug 862064
Описание
Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-0375 and CVE-2014-0403.
Затронутые продукты
Ссылки
- CVE-2013-5898
- SUSE Bug 862064
Описание
Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality via unknown vectors related to Deployment.
Затронутые продукты
Ссылки
- CVE-2013-5899
- SUSE Bug 862064
Описание
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is due to incorrect input validation in LookupProcessor.cpp in the ICU Layout Engine, which allows attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted font file.
Затронутые продукты
Ссылки
- CVE-2013-5907
- SUSE Bug 858818
- SUSE Bug 862064
Описание
Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, Java SE Embedded 7u45, and OpenJDK 7 allows remote attackers to affect integrity via unknown vectors related to Security. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that CanonicalizerBase.java in the XML canonicalizer allows untrusted code to access mutable byte arrays.
Затронутые продукты
Ссылки
- CVE-2013-5910
- SUSE Bug 858818
- SUSE Bug 862064
Описание
The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.
Затронутые продукты
Ссылки
- CVE-2013-6629
- SUSE Bug 850430
- SUSE Bug 873872
- SUSE Bug 873873
- SUSE Bug 877429
- SUSE Bug 877430
- SUSE Bug 880246
Описание
The png_do_expand_palette function in libpng before 1.6.8 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via (1) a PLTE chunk of zero bytes or (2) a NULL palette, related to pngrtran.c and pngset.c.
Затронутые продукты
Ссылки
- CVE-2013-6954
- SUSE Bug 856522
- SUSE Bug 873872
- SUSE Bug 873873
- SUSE Bug 877429
- SUSE Bug 877430
Описание
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45, and Java SE Embedded 7u45, allows remote attackers to affect confidentiality via unknown vectors related to Networking. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to incorrect permission checks when listening on a socket, which allows attackers to escape the sandbox.
Затронутые продукты
Ссылки
- CVE-2014-0368
- SUSE Bug 858818
- SUSE Bug 862064
Описание
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Serviceability. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to throwing of an incorrect exception when SnmpStatusException should have been used in the SNMP implementation, which allows attackers to escape the sandbox.
Затронутые продукты
Ссылки
- CVE-2014-0373
- SUSE Bug 858818
- SUSE Bug 862064
Описание
Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5898 and CVE-2014-0403.
Затронутые продукты
Ссылки
- CVE-2014-0375
- SUSE Bug 862064
Описание
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect integrity via vectors related to JAXP. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to an improper check for "code permissions when creating document builder factories."
Затронутые продукты
Ссылки
- CVE-2014-0376
- SUSE Bug 858818
- SUSE Bug 862064
Описание
Unspecified vulnerability in Oracle Java SE 6u65 and Java SE 7u45, when running on Firefox, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
Затронутые продукты
Ссылки
- CVE-2014-0387
- SUSE Bug 862064
Описание
Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5898 and CVE-2014-0375.
Затронутые продукты
Ссылки
- CVE-2014-0403
- SUSE Bug 862064
Описание
Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5889, CVE-2013-5902, CVE-2014-0415, CVE-2014-0418, and CVE-2014-0424.
Затронутые продукты
Ссылки
- CVE-2014-0410
- SUSE Bug 862064
Описание
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that this issue allows remote attackers to obtain sensitive information about encryption keys via a timing discrepancy during the TLS/SSL handshake.
Затронутые продукты
Ссылки
- CVE-2014-0411
- SUSE Bug 858818
- SUSE Bug 862064
Описание
Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5889, CVE-2013-5902, CVE-2014-0410, CVE-2014-0418, and CVE-2014-0424.
Затронутые продукты
Ссылки
- CVE-2014-0415
- SUSE Bug 862064
Описание
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect integrity via vectors related to JAAS. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to how principals are set for the Subject class, which allows attackers to escape the sandbox using deserialization of a crafted Subject instance.
Затронутые продукты
Ссылки
- CVE-2014-0416
- SUSE Bug 858818
- SUSE Bug 862064
Описание
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JavaFX 2.2.45; and Java SE Embedded 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
Затронутые продукты
Ссылки
- CVE-2014-0417
- SUSE Bug 862064
Описание
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JNDI. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to missing package access checks in the Naming / JNDI component, which allows attackers to escape the sandbox.
Затронутые продукты
Ссылки
- CVE-2014-0422
- SUSE Bug 858818
- SUSE Bug 862064
Описание
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote authenticated users to affect confidentiality and availability via unknown vectors related to Beans. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that this issue is an XML External Entity (XXE) vulnerability in DocumentHandler.java, related to Beans decoding.
Затронутые продукты
Ссылки
- CVE-2014-0423
- SUSE Bug 858818
- SUSE Bug 862064
Описание
Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5889, CVE-2013-5902, CVE-2014-0410, CVE-2014-0415, and CVE-2014-0418.
Затронутые продукты
Ссылки
- CVE-2014-0424
- SUSE Bug 862064
Описание
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to "insufficient security checks in IIOP streams," which allows attackers to escape the sandbox.
Затронутые продукты
Ссылки
- CVE-2014-0428
- SUSE Bug 858818
- SUSE Bug 862064
- SUSE Bug 877429
- SUSE Bug 877430
Описание
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
Затронутые продукты
Ссылки
- CVE-2014-0429
- SUSE Bug 873872
- SUSE Bug 873873
- SUSE Bug 877429
- SUSE Bug 877430
Описание
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Затронутые продукты
Ссылки
- CVE-2014-0446
- SUSE Bug 873872
- SUSE Bug 873873
- SUSE Bug 877429
- SUSE Bug 877430
Описание
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality via unknown vectors related to Deployment.
Затронутые продукты
Ссылки
- CVE-2014-0449
- SUSE Bug 877429
- SUSE Bug 877430
Описание
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT, a different vulnerability than CVE-2014-2412.
Затронутые продукты
Ссылки
- CVE-2014-0451
- SUSE Bug 873872
- SUSE Bug 873873
- SUSE Bug 877429
- SUSE Bug 877430
Описание
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0458 and CVE-2014-2423.
Затронутые продукты
Ссылки
- CVE-2014-0452
- SUSE Bug 873872
- SUSE Bug 873873
- SUSE Bug 877429
- SUSE Bug 877430
Описание
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security.
Затронутые продукты
Ссылки
- CVE-2014-0453
- SUSE Bug 873872
- SUSE Bug 873873
- SUSE Bug 877429
- SUSE Bug 877430
Описание
Unspecified vulnerability in Oracle Java SE 5.0u61, SE 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Затронутые продукты
Ссылки
- CVE-2014-0457
- SUSE Bug 873872
- SUSE Bug 873873
- SUSE Bug 877429
- SUSE Bug 877430
Описание
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0452 and CVE-2014-2423.
Затронутые продукты
Ссылки
- CVE-2014-0458
- SUSE Bug 873872
- SUSE Bug 873873
- SUSE Bug 877429
- SUSE Bug 877430
Описание
Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect availability via unknown vectors related to 2D.
Затронутые продукты
Ссылки
- CVE-2014-0459
- SUSE Bug 873872
- SUSE Bug 873873
- SUSE Bug 877429
- SUSE Bug 877430
Описание
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via vectors related to JNDI.
Затронутые продукты
Ссылки
- CVE-2014-0460
- SUSE Bug 873872
- SUSE Bug 873873
- SUSE Bug 877429
- SUSE Bug 877430
Описание
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Затронутые продукты
Ссылки
- CVE-2014-0461
- SUSE Bug 873872
- SUSE Bug 873873
- SUSE Bug 877429
- SUSE Bug 877430
Описание
The IBMSecureRandom component in the IBMJCE and IBMSecureRandom cryptographic providers in IBM SDK Java Technology Edition 5.0 before Service Refresh 16 FP6, 6 before Service Refresh 16, 6.0.1 before Service Refresh 8, 7 before Service Refresh 7, and 7R1 before Service Refresh 1 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by predicting the random number generator's output.
Затронутые продукты
Ссылки
- CVE-2014-0878
- SUSE Bug 877429
- SUSE Bug 877430
Описание
The unpacker::redirect_stdio function in unpack.cpp in unpack200 in OpenJDK 6, 7, and 8; Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 does not securely create temporary files when a log file cannot be opened, which allows local users to overwrite arbitrary files via a symlink attack on /tmp/unpack.log.
Затронутые продукты
Ссылки
- CVE-2014-1876
- SUSE Bug 863305
- SUSE Bug 873872
- SUSE Bug 873873
- SUSE Bug 877429
- SUSE Bug 877430
Описание
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and JRockit R27.8.1 and R28.3.1 allows remote authenticated users to affect integrity via unknown vectors related to Javadoc.
Затронутые продукты
Ссылки
- CVE-2014-2398
- SUSE Bug 873872
- SUSE Bug 873873
- SUSE Bug 877429
- SUSE Bug 877430
Описание
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality via unknown vectors related to 2D.
Затронутые продукты
Ссылки
- CVE-2014-2401
- SUSE Bug 877429
- SUSE Bug 877430
Описание
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Deployment.
Затронутые продукты
Ссылки
- CVE-2014-2409
- SUSE Bug 877429
- SUSE Bug 877430
Описание
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, SE 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT, a different vulnerability than CVE-2014-0451.
Затронутые продукты
Ссылки
- CVE-2014-2412
- SUSE Bug 873872
- SUSE Bug 873873
- SUSE Bug 877429
- SUSE Bug 877430
Описание
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXB.
Затронутые продукты
Ссылки
- CVE-2014-2414
- SUSE Bug 873872
- SUSE Bug 873873
- SUSE Bug 877429
- SUSE Bug 877430
Описание
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect integrity via unknown vectors related to Deployment.
Затронутые продукты
Ссылки
- CVE-2014-2420
- SUSE Bug 877429
- SUSE Bug 877430
Описание
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
Затронутые продукты
Ссылки
- CVE-2014-2421
- SUSE Bug 873872
- SUSE Bug 873873
- SUSE Bug 877429
- SUSE Bug 877430
Описание
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0452 and CVE-2014-0458.
Затронутые продукты
Ссылки
- CVE-2014-2423
- SUSE Bug 873872
- SUSE Bug 873873
- SUSE Bug 877429
- SUSE Bug 877430
Описание
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound.
Затронутые продукты
Ссылки
- CVE-2014-2427
- SUSE Bug 873872
- SUSE Bug 873873
- SUSE Bug 877429
- SUSE Bug 877430
Описание
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
Затронутые продукты
Ссылки
- CVE-2014-2428
- SUSE Bug 877429
- SUSE Bug 877430
Описание
Unspecified vulnerability in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 5.0 before SR16-FP9, 6 before SR16-FP3, 6R1 before SR8-FP3, 7 before SR8-FP10, and 7R1 before SR2-FP10 allows remote attackers to escape the Java sandbox and execute arbitrary code via unspecified vectors related to the security manager.
Затронутые продукты
Ссылки
- CVE-2014-8891
- SUSE Bug 916266
Описание
Unspecified vulnerability in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 5.0 before SR16-FP9, 6 before SR16-FP3, 6R1 before SR8-FP3, 7 before SR8-FP10, and 7R1 before SR2-FP10 allows remote attackers to bypass intended access permissions and obtain sensitive information via unspecified vectors related to the security manager.
Затронутые продукты
Ссылки
- CVE-2014-8892
- SUSE Bug 916265
Описание
GSKit in IBM Tivoli Directory Server (ITDS) 6.0 before 6.0.0.73-ISS-ITDS-IF0073, 6.1 before 6.1.0.66-ISS-ITDS-IF0066, 6.2 before 6.2.0.42-ISS-ITDS-IF0042, and 6.3 before 6.3.0.35-ISS-ITDS-IF0035 and IBM Security Directory Server (ISDS) 6.3.1 before 6.3.1.9-ISS-ISDS-IF0009 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204.
Затронутые продукты
Ссылки
- CVE-2015-0138
- SUSE Bug 952088
Описание
Unspecified vulnerability in IBM Java 8 before SR1, 7 R1 before SR2 FP11, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to gain privileges via unknown vectors related to the Java Virtual Machine.
Затронутые продукты
Ссылки
- CVE-2015-0192
- SUSE Bug 952088
Описание
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the "FREAK" issue. NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations.
Затронутые продукты
Ссылки
- CVE-2015-0204
- SUSE Bug 912014
- SUSE Bug 920482
- SUSE Bug 920484
- SUSE Bug 927591
- SUSE Bug 927623
- SUSE Bug 936787
- SUSE Bug 952088
Описание
Unspecified vulnerability in in Oracle Java SE 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
Затронутые продукты
Ссылки
- CVE-2015-0458
- SUSE Bug 927591
Описание
Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JavaFX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2015-0491.
Затронутые продукты
Ссылки
- CVE-2015-0459
- SUSE Bug 927591
- SUSE Bug 932310
Описание
Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
Затронутые продукты
Ссылки
- CVE-2015-0469
- SUSE Bug 927591
- SUSE Bug 932310
Описание
Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect integrity via unknown vectors related to Beans.
Затронутые продукты
Ссылки
- CVE-2015-0477
- SUSE Bug 927591
Описание
Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JRockit R28.3.5, allows remote attackers to affect confidentiality via vectors related to JCE.
Затронутые продукты
Ссылки
- CVE-2015-0478
- SUSE Bug 927591
- SUSE Bug 944456
Описание
Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect integrity and availability via unknown vectors related to Tools.
Затронутые продукты
Ссылки
- CVE-2015-0480
- SUSE Bug 927591
Описание
Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JRockit R28.3.5, allows remote attackers to affect availability via vectors related to JSSE.
Затронутые продукты
Ссылки
- CVE-2015-0488
- SUSE Bug 927591
Описание
Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and Java FX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2015-0459.
Затронутые продукты
Ссылки
- CVE-2015-0491
- SUSE Bug 927591
- SUSE Bug 932310
Описание
IBM Java 7 R1 before SR3, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to bypass "permission checks" and obtain sensitive information via vectors related to the Java Virtual Machine.
Затронутые продукты
Ссылки
- CVE-2015-1914
- SUSE Bug 952088
Описание
The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue.
Затронутые продукты
Ссылки
- CVE-2015-2808
- SUSE Bug 925378
- SUSE Bug 938248
- SUSE Bug 938895
- SUSE Bug 952088