CVE-2014-3412
https://notcve.org/view.php?id=CVE-2014-3412
Unspecified vulnerability in Juniper Junos Space before 13.3R1.8, when the firewall in disabled, allows remote attackers to execute arbitrary commands via unspecified vectors. Vulnerabilidad no especificada en Juniper Junos Space anterior a 13.3R1.8, cuando el firewall está deshabilitado, permite a atacantes remotos ejecutar comandos arbitrarios a través de vectores no especificados. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10626 http://www.securityfocus.com/bid/67454 http://www.securitytracker.com/id/1030254 •
CVE-2014-2421 – Oracle Java JPEG Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-2421
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. Vulnerabilidad no especificada en Oracle Java SE 5.0u61, 6u71, 7u51, y 8; JavaFX 2.2.51; y Java SE Embedded 7u51 permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con 2D. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPEG images. The issue lies in the ability to control the count parameter to a call to memmove. • http://marc.info/?l=bugtraq&m=140852886808946&w=2 http://marc.info/?l=bugtraq&m=140852974709252&w=2 http://rhn.redhat.com/errata/RHSA-2014-0675.html http://rhn.redhat.com/errata/RHSA-2014-0685.html http://secunia.com/advisories/58415 http://secunia.com/advisories/59058 http://security.gentoo.org/glsa/glsa-201406-32.xml http://security.gentoo.org/glsa/glsa-201502-12.xml http://www-01.ibm.com/support/docview.wss?uid=swg21672080 http://www-01.ibm.com/support •
CVE-2014-0453 – OpenJDK: RSA unpadding timing issues (Security, 8027766)
https://notcve.org/view.php?id=CVE-2014-0453
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security. Vulnerabilidad no especificada en Oracle Java SE 5.0u61, 6u71, 7u51, y 8; JRockit R27.8.1 y R28.3.1; y Java SE Embedded 7u51 permite a atacantes remotos afectar la confidencialidad y la integridad a través de vectores desconocidos relacionados con la seguridad. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 http://marc.info/?l=bugtraq&m=140852886808946&w=2 http://marc.info/?l=bugtraq&m=140852974709252&w=2 http://rhn.redhat.com/errata/RHSA-2014-0675.html http://rhn.redhat.com/errata/RHSA-2014-0685.html http://secunia.com/advisories/58415 http://secunia.com/advisories/59022 http://secunia.com/advisories/59023 http://secunia.com/advisories/59071 http://secunia.com/advisories/59082 http://secunia.com/adviso •
CVE-2014-0460 – OpenJDK: missing randomization of JNDI DNS client query IDs (JNDI, 8030731)
https://notcve.org/view.php?id=CVE-2014-0460
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via vectors related to JNDI. Vulnerabilidad no especificada en Oracle Java SE 5.0u61, 6u71, 7u51, y 8; JRockit R27.8.1 y R28.3.1; y Java SE Embedded 7u51 permite a atacantes remotos afectar a la confidencialidad e integridad mediante vectores relacionados con JNDI. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 http://marc.info/?l=bugtraq&m=140852886808946&w=2 http://marc.info/?l=bugtraq&m=140852974709252&w=2 http://rhn.redhat.com/errata/RHSA-2014-0675.html http://rhn.redhat.com/errata/RHSA-2014-0685.html http://secunia.com/advisories/58415 http://secunia.com/advisories/59022 http://secunia.com/advisories/59023 http://secunia.com/advisories/59058 http://secunia.com/advisories/59071 http://secunia.com/adviso •
CVE-2014-0456 – Oracle Java System.arraycopy() Race Condition Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-0456
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. Vulnerabilidad no especificada en Oracle Java SE 6u71, 7u51, y 8, y Java SE Embedded 7u51, permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con Hotspot. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the usage of System.arraycopy. With the usage of this method, it is possible to disable the security manager and run code as privileged. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 http://marc.info/?l=bugtraq&m=140852886808946&w=2 http://marc.info/?l=bugtraq&m=140852974709252&w=2 http://rhn.redhat.com/errata/RHSA-2014-0675.html http://rhn.redhat.com/errata/RHSA-2014-0685.html http://secunia.com/advisories/58415 http://security.gentoo.org/glsa/glsa-201406-32.xml http://security.gentoo.org/glsa/glsa-201502-12.xml http://www.debian.org/security/2014/dsa-2912 http://www.ora •