CVE-2014-2402: Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and…

CVE-2014-2402 [HIGH] Oracle Java SE/Java SE Embedded 7u51/8 Library cross site scripting (Nessus ID 73655 / ID 185086) A vulnerability was found in Oracle Java SE and Java SE Embedded 7u51/8. It has been classified as critical. Impacted is an unknown function of the component Library Handler. The manipulation leads to basic cross site scripting. This vulnerability is documented as CVE-2014-2402. The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is recommended.

CVE-2014-0455 [CRITICAL] GHSA-phr9-8xqw-f8f7: Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and a Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-0432 and CVE-2014-2402.

CVE-2014-0432 [CRITICAL] GHSA-gj43-gc6c-4xvw: Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and a Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-0455 and CVE-2014-2402.

CVE-2014-2402 [CRITICAL] GHSA-4f69-3vj6-7fww: Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and a Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-0432 and CVE-2014-0455.

CVE-2014-0429 [CRITICAL] openjdk-7 vulnerabilities openjdk-7 vulnerabilities Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2014-0429, CVE-2014-0446, CVE-2014-0451, CVE-2014-0452, CVE-2014-0454, CVE-2014-0455, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458, CVE-2014-0461, CVE-2014-2397, CVE-2014-2402, CVE-2014-2412, CVE-2014-2414, CVE-2014-2421, CVE-2014-2423, CVE-2014-2427) Two vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to expose sensitive data over the network. (CVE-2014-0453, CVE-2014-0460) A vulnerability was discovered in the OpenJDK JRE related to availabi

CVE-2014-0455 [CRITICAL] CVE-2014-0455: Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and a Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-0432 and CVE-2014-2402.

CVE-2014-2402 [CRITICAL] CVE-2014-2402: Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and a Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-0432 and CVE-2014-0455.

CVE-2014-0429 [CRITICAL] OpenJDK 7 vulnerabilities Title: OpenJDK 7 vulnerabilities Summary: Several security issues were fixed in OpenJDK 7. Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2014-0429, CVE-2014-0446, CVE-2014-0451, CVE-2014-0452, CVE-2014-0454, CVE-2014-0455, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458, CVE-2014-0461, CVE-2014-2397, CVE-2014-2402, CVE-2014-2412, CVE-2014-2414, CVE-2014-2421, CVE-2014-2423, CVE-2014-2427) Two vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to expose sensitive data over the network. (CVE-2014-0453, CVE-2014-0460) A v

CVE-2014-0455 [CRITICAL] OpenJDK: MethodHandle variable argument lists handling (Libraries, 8029844) OpenJDK: MethodHandle variable argument lists handling (Libraries, 8029844) Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-0432 and CVE-2014-2402. Package: java-1.5.0-ibm (Red Hat Enterprise Linux 5) - Not affected Package: java-1.6.0-ibm (Red Hat Enterprise Linux 5) - Not affected Package: java-1.6.0-openjdk (Red Hat Enterprise Linux 5) - Not affected Package: java-1.5.0-ibm (Red Hat Enterprise Linux 6) - Not affected Package: java-1.6.0-ibm (Red Hat Enterprise Linux 6) - Not affected Package: java-1.6.0-openjdk (Red Hat Enterprise Linux 6) - Not affected Package: java-1.6.0-openjdk (Red

CVE-2014-2402 [CRITICAL] OpenJDK: Incorrect NIO channel separation (Libraries, 8026716) OpenJDK: Incorrect NIO channel separation (Libraries, 8026716) Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-0432 and CVE-2014-0455. Package: java-1.5.0-ibm (Red Hat Enterprise Linux 5) - Not affected Package: java-1.6.0-ibm (Red Hat Enterprise Linux 5) - Not affected Package: java-1.6.0-openjdk (Red Hat Enterprise Linux 5) - Not affected Package: java-1.5.0-ibm (Red Hat Enterprise Linux 6) - Not affected Package: java-1.6.0-ibm (Red Hat Enterprise Linux 6) - Not affected Package: java-1.6.0-openjdk (Red Hat Enterprise Linux 6) - Not affected Package: java-1.6.0-openjdk (Red Hat Enterpri

CVE-2014-0432 [CRITICAL] JDK: unspecified vulnerability fixed in 7u55 and 8u5 (Libraries) JDK: unspecified vulnerability fixed in 7u55 and 8u5 (Libraries) Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-0455 and CVE-2014-2402. Package: java-1.5.0-ibm (Red Hat Enterprise Linux 5) - Not affected Package: java-1.6.0-ibm (Red Hat Enterprise Linux 5) - Not affected Package: java-1.7.0-ibm (Red Hat Enterprise Linux 5) - Not affected Package: java-1.5.0-ibm (Red Hat Enterprise Linux 6) - Not affected Package: java-1.6.0-ibm (Red Hat Enterprise Linux 6) - Not affected Package: java-1.7.0-ibm (Red Hat Enterprise Linux 6) - Not affected Package: java-1.7.0-oracle (Red Hat Enterprise Linu

CVE-2014-2402 [HIGH] CVE-2014-2402 OpenJDK: Incorrect NIO channel separation (Libraries, 8026716) CVE-2014-2402 OpenJDK: Incorrect NIO channel separation (Libraries, 8026716) It was discovered that NIO channels were not properly separated across threads. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions. Discussion: Fixed now in Oracle Java SE 7u55 and 8u5 via Oracle Critical Patch Update Advisory - April 2014. Fixed in IcedTea7 2.4.7: http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2014-April/027222.html External References: http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixJAVA --- This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2014:0407 https://rhn.redhat.com/errata/RHSA-2014-0407.html --- This issue has been addressed in following produ