CVE-2014-0449 – JDK: unspecified vulnerability fixed in 6u75, 7u55 and 8u5 (Deployment)
https://notcve.org/view.php?id=CVE-2014-0449
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality via unknown vectors related to Deployment. Vulnerabilidad no especificada en Oracle Java SE 6u71, 7u51, y 8, y Java SE Embedded 7u51, permite a los atacantes remotos afectar a la confidencialidad a través de vectores desconocidos relacionados con la implementación. • http://marc.info/?l=bugtraq&m=140852886808946&w=2 http://marc.info/?l=bugtraq&m=140852974709252&w=2 http://security.gentoo.org/glsa/glsa-201502-12.xml http://www-01.ibm.com/support/docview.wss?uid=swg21672080 http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html http://www.securityfocus.com/bid/66907 https://access.redhat.com/errata/RHSA-2014:0413 https://access.redhat.com/errata/RHSA-2014:0414 https://access.redhat.com/security/cve/CVE-2014-0449 •
CVE-2014-0429 – OpenJDK: Incorrect mlib/raster image validation (2D, 8027841)
https://notcve.org/view.php?id=CVE-2014-0429
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. Vulnerabilidad no especificada en Oracle Java SE 5.0u61, 6u71, 7u51, y 8; JRockit R27.8.1 y R28.3.1; y Java SE Embedded 7u51 permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con 2D. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 http://marc.info/?l=bugtraq&m=140852974709252&w=2 http://rhn.redhat.com/errata/RHSA-2014-0675.html http://rhn.redhat.com/errata/RHSA-2014-0685.html http://secunia.com/advisories/58415 http://secunia.com/advisories/58974 http://secunia.com/advisories/59058 http://security.gentoo.org/glsa/glsa-201406-32.xml http://security.gentoo.org/glsa/glsa-201502-12.xml http://www-01.ibm.com/support/docview.wss?u •
CVE-2014-0448 – JDK: unspecified vulnerability fixed in 7u55 and 8u5 (Deployment)
https://notcve.org/view.php?id=CVE-2014-0448
Unspecified vulnerability in Oracle Java SE 7u51 and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. Vulnerabilidad no especificada en Oracle Java SE 7u51 y 8 permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con la implementación. • http://marc.info/?l=bugtraq&m=140852886808946&w=2 http://security.gentoo.org/glsa/glsa-201502-12.xml http://www-01.ibm.com/support/docview.wss?uid=swg21672080 http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html http://www.securityfocus.com/bid/66904 https://access.redhat.com/errata/RHSA-2014:0413 https://access.redhat.com/security/cve/CVE-2014-0448 https://bugzilla.redhat.com/show_bug.cgi?id=1088024 •
CVE-2014-0417 – JDK: unspecified vulnerability fixed in 5.0u71, 6u71 and 7u51 (2D)
https://notcve.org/view.php?id=CVE-2014-0417
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JavaFX 2.2.45; and Java SE Embedded 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. Vulnerabilidad no especificada en Oracle Java SE 5u55, 6u65 y 7u45, Java FX 2.2.45 y Java SE Embedded 7u45 permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores relacionados con 2D. • http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00024.html http://marc.info/?l=bugtraq&m=139402697611681&w=2 http://marc.info/?l=bugtraq&m=139402749111889&w=2 http://osvdb.org/102001 http://rhn.redhat.com/errata/RHSA-2014-0030.html http://rhn.redhat.com/errata/RHSA-2014-0134.html http://rhn.redhat.com/errata •
CVE-2014-0422 – OpenJDK: insufficient package access checks in the Naming component (JNDI, 8025758)
https://notcve.org/view.php?id=CVE-2014-0422
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JNDI. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to missing package access checks in the Naming / JNDI component, which allows attackers to escape the sandbox. Vulnerabilidad no especificada en Oracle Java SE 5.0u55, 6u65 and 7u45 y Java SE Embedded 7u45 permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores relacionados con JNDI. • http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00024.html http://lists.opensuse.org/opensuse-updates/2014-01/msg00105.html http://lists.opensuse.org/opensuse-updates/2014-01/msg00107.html http://lists.opensuse.org/opensuse-updates/2014-02/msg00000.html http://marc.info/?l=bugtraq&m=139402697611681&w=2 http://marc.info/?l •