CVE-2014-0463: Unspecified vulnerability in Oracle Java SE 8 allows remote attackers to affect confidentiality via unknown vectors related to Scripting, a different…

CVE-2014-0464 [MEDIUM] JDK: unspecified vulnerabilities fixed in 8u5 (JavaFX, Scripting) JDK: unspecified vulnerabilities fixed in 8u5 (JavaFX, Scripting) Unspecified vulnerability in Oracle Java SE 8 allows remote attackers to affect confidentiality via unknown vectors related to Scripting, a different vulnerability than CVE-2014-0463. Package: java-1.5.0-ibm (Red Hat Enterprise Linux 5) - Not affected Package: java-1.6.0-ibm (Red Hat Enterprise Linux 5) - Not affected Package: java-1.7.0-ibm (Red Hat Enterprise Linux 5) - Not affected Package: java-1.7.0-oracle (Red Hat Enterprise Linux 5) - Not affected Package: java-1.5.0-ibm (Red Hat Enterprise Linux 6) - Not affected Package: java-1.6.0-ibm (Red Hat Enterprise Linux 6) - Not affected Package: java-1.7.0-ibm (Red Hat Enterprise Linux 6) - Not affected Package: java-1.7.0-oracle (Red Hat Enterprise Linux 6) - Not

CVE-2014-0463 [MEDIUM] JDK: unspecified vulnerabilities fixed in 8u5 (JavaFX, Scripting) JDK: unspecified vulnerabilities fixed in 8u5 (JavaFX, Scripting) Unspecified vulnerability in Oracle Java SE 8 allows remote attackers to affect confidentiality via unknown vectors related to Scripting, a different vulnerability than CVE-2014-0464. Package: java-1.5.0-ibm (Red Hat Enterprise Linux 5) - Not affected Package: java-1.6.0-ibm (Red Hat Enterprise Linux 5) - Not affected Package: java-1.7.0-ibm (Red Hat Enterprise Linux 5) - Not affected Package: java-1.7.0-oracle (Red Hat Enterprise Linux 5) - Not affected Package: java-1.5.0-ibm (Red Hat Enterprise Linux 6) - Not affected Package: java-1.6.0-ibm (Red Hat Enterprise Linux 6) - Not affected Package: java-1.7.0-ibm (Red Hat Enterprise Linux 6) - Not affected Package: java-1.7.0-oracle (Red Hat Enterprise Linux 6) - Not

CVE-2014-0463 [MEDIUM] Oracle Java SE 8 Scripting information disclosure (Nessus ID 73570 / ID 122007) A vulnerability has been found in Oracle Java SE 8 and classified as problematic. The affected element is an unknown function of the component Scripting Handler. The manipulation leads to information disclosure. This vulnerability is listed as CVE-2014-0463. The attack may be initiated remotely. There is no available exploit. The affected component should be upgraded.

CVE-2014-0464 [MEDIUM] GHSA-p8q4-x73g-2m7x: Unspecified vulnerability in Oracle Java SE 8 allows remote attackers to affect confidentiality via unknown vectors related to Scripting, a different Unspecified vulnerability in Oracle Java SE 8 allows remote attackers to affect confidentiality via unknown vectors related to Scripting, a different vulnerability than CVE-2014-0463.

CVE-2014-0463 [MEDIUM] GHSA-phcj-rpjg-7h8v: Unspecified vulnerability in Oracle Java SE 8 allows remote attackers to affect confidentiality via unknown vectors related to Scripting, a different Unspecified vulnerability in Oracle Java SE 8 allows remote attackers to affect confidentiality via unknown vectors related to Scripting, a different vulnerability than CVE-2014-0464.

CVE-2014-2410 [MEDIUM] Oracle JDK: unspecified vulnerabilities fixed in 8u5 (JavaFX, Scripting) Oracle JDK: unspecified vulnerabilities fixed in 8u5 (JavaFX, Scripting) Oracle Java SE 8u5 fixes an unspecified vulnerability in the JavaFX component (CVE-2014-2410). Upstream has CVSSv2 scored this issue as: 9.3/AV:N/AC:M/Au:N/C:C/I:C/A:C External Reference: http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixJAVA Discussion: There are two other issues fixed via Oracle Critical Patch Update Advisory - April 2014 that only affected Oracle Java SE 8 and not previous versions: CVE-2014-0463 Scripting 4.3/AV:N/AC:M/Au:N/C:P/I:N/A:N CVE-2014-0464 Scripting 4.3/AV:N/AC:M/Au:N/C:P/I:N/A:N Oracle Java SE 8 is not currently shipped as part of any Red Hat product.