CVE-2014-6468: Unspecified vulnerability in Oracle Java SE 8u20 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to…

CVE-2014-6468 [MEDIUM] GHSA-fx6v-47q8-469f: Unspecified vulnerability in Oracle Java SE 8u20 allows local users to affect confidentiality, integrity, and availability via unknown vectors related Unspecified vulnerability in Oracle Java SE 8u20 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.

CVE-2014-6468 [MEDIUM] OpenJDK: insufficient SharedArchiveFile checks (Hotspot, 8044269) OpenJDK: insufficient SharedArchiveFile checks (Hotspot, 8044269) Unspecified vulnerability in Oracle Java SE 8u20 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. It was discovered that the Hotspot component in OpenJDK failed to properly handle malformed Shared Archive files. A local attacker able to modify a Shared Archive file used by a virtual machine of a different user could possibly use this flaw to escalate their privileges. Package: java-1.6.0-openjdk (Red Hat Enterprise Linux 5) - Not affected Package: java-1.6.0-sun (Red Hat Enterprise Linux 5) - Not affected Package: java-1.7.0-openjdk (Red Hat Enterprise Linux 5) - Not affected Package: java-1.7.0-oracle (Red Hat Enterprise Linux 5) - Not affected Package:

CVE-2014-6468 [MEDIUM] CVE-2014-6468: openjdk-8 - Unspecified vulnerability in Oracle Java SE 8u20 allows local users to affect co... Unspecified vulnerability in Oracle Java SE 8u20 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. Scope: local sid: resolved (fixed in 8u40~b09-1)

CVE-2014-6468 [MEDIUM] CVE-2014-6468 OpenJDK: insufficient SharedArchiveFile checks (Hotspot, 8044269) CVE-2014-6468 OpenJDK: insufficient SharedArchiveFile checks (Hotspot, 8044269) It was discovered that the Hotspot component in OpenJDK failed to properly check the format of a loaded SharedArchiveFile. If a JVM was instructed to load untrusted SharedArchiveFile, it could cause JVM to execute arbitrary code. OpenJDK versions 6 and 7 only load shared archive that is distributed with JDK and the file path is hard-coded in JVM. OpenJDK 8 allows alternate shared archive file name to be specified using the -XX:SharedArchiveFile= command line option. Discussion: Public now via Oracle Critical Patch Update - October 2014. Fixed in Oracle Java SE 8u25. External References: http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html#AppendixJAVA --- This issue has been address

CVE-2013-6468 [MEDIUM] CVE-2013-6468 Drools: Remote Java Code Execution in MVEL CVE-2013-6468 Drools: Remote Java Code Execution in MVEL A code execution vulnerability has been discovered in Drools. The flaw allows remote authenticated attackers to submit arbitrary Java code in MVEL or Drools expressions, the code would be executed within the security context of the application server. Discussion: This issue has been addressed in following products: Red Hat JBoss BPM Suite 6.0.1 Via RHSA-2014:0371 https://rhn.redhat.com/errata/RHSA-2014-0371.html --- This issue has been addressed in following products: Red Hat JBoss BRMS 6.0.1 Via RHSA-2014:0372 https://rhn.redhat.com/errata/RHSA-2014-0372.html