CVE-2014-2427: Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity…

CVE-2014-2427 [HIGH] Oracle Java SE/Java SE Embedded 5.0u61/6u71/7u51/8 Sound cross site scripting (Nessus ID 73654 / ID 350405) A vulnerability categorized as critical has been discovered in Oracle Java SE and Java SE Embedded 5.0u61/6u71/7u51/8. This affects an unknown function of the component Sound Handler. Such manipulation leads to basic cross site scripting. This vulnerability is traded as CVE-2014-2427. The attack may be launched remotely. There is no exploit available. It is advisable to upgrade the affected component.

CVE-2021-21685 [CRITICAL] CWE-862 Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins The agent-to-controller security subsystem limits which files on the Jenkins controller can be accessed by agent processes. Multiple vulnerabilities in the file path filtering implementation of Jenkins 2.318 and earlier, LTS 2.303.2 and earlier allow agent processes to read and write arbitrary files on the Jenkins controller file system, and obtain some information about Jenkins controller file systems. SECURITY-2427 / CVE-2021-21685: `FilePath#mkdirs` does not check permission to create parent directories. We expect that most of these vulnerabilities have been present since [SECURITY-144 was addressed in the 2014-10-30 security advisory](https://www.jenkins.io/security/advisory/201

CVE-2014-2427 [HIGH] GHSA-2h4c-7xh4-m37v: Unspecified vulnerability in Oracle Java SE 5 Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound.

CVE-2014-0429 [CRITICAL] openjdk-7 vulnerabilities openjdk-7 vulnerabilities Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2014-0429, CVE-2014-0446, CVE-2014-0451, CVE-2014-0452, CVE-2014-0454, CVE-2014-0455, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458, CVE-2014-0461, CVE-2014-2397, CVE-2014-2402, CVE-2014-2412, CVE-2014-2414, CVE-2014-2421, CVE-2014-2423, CVE-2014-2427) Two vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to expose sensitive data over the network. (CVE-2014-0453, CVE-2014-0460) A vulnerability was discovered in the OpenJDK JRE related to availabi

CVE-2014-2427 [HIGH] CVE-2014-2427: Unspecified vulnerability in Oracle Java SE 5 Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound.

CVE-2014-0429 [CRITICAL] OpenJDK 6 vulnerabilities Title: OpenJDK 6 vulnerabilities Summary: Several security issues were fixed in OpenJDK 6. Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2014-0429, CVE-2014-0446, CVE-2014-0451, CVE-2014-0452, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458, CVE-2014-0461, CVE-2014-0462, CVE-2014-2397, CVE-2014-2405, CVE-2014-2412, CVE-2014-2414, CVE-2014-2421, CVE-2014-2423, CVE-2014-2427) Two vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to expose sensitive data over the network. (CVE-2014-0453, CVE-2014-0460) A vulnerability wa

CVE-2014-0429 [CRITICAL] OpenJDK 7 vulnerabilities Title: OpenJDK 7 vulnerabilities Summary: Several security issues were fixed in OpenJDK 7. Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2014-0429, CVE-2014-0446, CVE-2014-0451, CVE-2014-0452, CVE-2014-0454, CVE-2014-0455, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458, CVE-2014-0461, CVE-2014-2397, CVE-2014-2402, CVE-2014-2412, CVE-2014-2414, CVE-2014-2421, CVE-2014-2423, CVE-2014-2427) Two vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to expose sensitive data over the network. (CVE-2014-0453, CVE-2014-0460) A v

CVE-2014-2427 [HIGH] OpenJDK: remove insecure Java Sound provider caching (Sound, 8026163) OpenJDK: remove insecure Java Sound provider caching (Sound, 8026163) Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound. Package: java-1.7.0-oracle (Red Hat Enterprise Linux 7) - Not affected

CVE-2014-2427 [HIGH] CVE-2014-2427 OpenJDK: remove insecure Java Sound provider caching (Sound, 8026163) CVE-2014-2427 OpenJDK: remove insecure Java Sound provider caching (Sound, 8026163) It was discovered that Java Sound provider caching mechanism is insecure. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions. Discussion: Fixed now in Oracle Java SE 5.0u75, 6u75, 7u55 and 8u5 via Oracle Critical Patch Update Advisory - April 2014. Fixed in IcedTea6 1.13.3 and IcedTea7 2.4.7: http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2014-April/027214.html http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2014-April/027222.html External References: http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixJAVA --- This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-20