CVE-2014-6506: Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality…

CVE-2014-6513 [MEDIUM] OpenJDK 7 vulnerabilities Title: OpenJDK 7 vulnerabilities Summary: Several security issues were fixed in OpenJDK 7. USN-2388-1 fixed vulnerabilities in OpenJDK 7 for Ubuntu 14.04 LTS. This update provides the corresponding updates for Ubuntu 14.10. Original advisory details: A vulnerability was discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit this to expose sensitive data over the network. (CVE-2014-6457) Several vulnerabilities were discovered in the OpenJDK JRE related to data integrity. (CVE-2014-6502, CVE-2014-6512, CVE-2014-6519, CVE-2014-6527, CVE-2014-6558) Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure. An attacker could exploit these to expose sensitive data over the network. (CVE-2014-6504, CV

CVE-2014-6457 [MEDIUM] OpenJDK 7 vulnerabilities Title: OpenJDK 7 vulnerabilities Summary: Several security issues were fixed in OpenJDK 7. A vulnerability was discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit this to expose sensitive data over the network. (CVE-2014-6457) Several vulnerabilities were discovered in the OpenJDK JRE related to data integrity. (CVE-2014-6502, CVE-2014-6512, CVE-2014-6519, CVE-2014-6527, CVE-2014-6558) Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure. An attacker could exploit these to expose sensitive data over the network. (CVE-2014-6504, CVE-2014-6511, CVE-2014-6517, CVE-2014-6531) Two vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availabil

CVE-2014-6457 [MEDIUM] OpenJDK 6 vulnerabilities Title: OpenJDK 6 vulnerabilities Summary: Several security issues were fixed in OpenJDK 6. A vulnerability was discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit this to expose sensitive data over the network. (CVE-2014-6457) Several vulnerabilities were discovered in the OpenJDK JRE related to data integrity. (CVE-2014-6502, CVE-2014-6512, CVE-2014-6519, CVE-2014-6558) Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure. An attacker could exploit these to expose sensitive data over the network. (CVE-2014-6504, CVE-2014-6511, CVE-2014-6517, CVE-2014-6531) Two vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacke

CVE-2014-6506 [MEDIUM] OpenJDK: insufficient permission checks when setting resource bundle on system logger (Libraries, 8041564) OpenJDK: insufficient permission checks when setting resource bundle on system logger (Libraries, 8041564) Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.

CVE-2014-6506 [MEDIUM] CVE-2014-6506: openjdk-8 - Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Ja... Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. Scope: local sid: resolved (fixed in 8u40~b09-1)

CVE-2014-6506 [MEDIUM] GHSA-4mgp-qq86-9gj5: Unspecified vulnerability in Oracle Java SE 5 Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.

CVE-2014-6457 [MEDIUM] openjdk-7 vulnerabilities openjdk-7 vulnerabilities A vulnerability was discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit this to expose sensitive data over the network. (CVE-2014-6457) Several vulnerabilities were discovered in the OpenJDK JRE related to data integrity. (CVE-2014-6502, CVE-2014-6512, CVE-2014-6519, CVE-2014-6527, CVE-2014-6558) Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure. An attacker could exploit these to expose sensitive data over the network. (CVE-2014-6504, CVE-2014-6511, CVE-2014-6517, CVE-2014-6531) Two vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service

CVE-2014-6506 [MEDIUM] CVE-2014-6506: Unspecified vulnerability in Oracle Java SE 5 Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.

CVE-2014-6506 [MEDIUM] CVE-2014-6506 OpenJDK: insufficient permission checks when setting resource bundle on system logger (Libraries, 8041564) CVE-2014-6506 OpenJDK: insufficient permission checks when setting resource bundle on system logger (Libraries, 8041564) It was discovered that the Libraries component in OpenJDK failed to properly check permission of the code when setting resource bundles on the Logger class instances. An untrusted Java application or applet could possibly use this flaw to set resource bundle on system logger instance, making it possible to see or manipulate logs of privileged code, and hence bypass certain Java sandbox restrictions. Discussion: Public now via Oracle Critical Patch Update - October 2014. Fixed in Oracle Java SE 5.0u75, 6u85, 7u71, and 8u25. External References: http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html#AppendixJAVA --- This issue has been addressed i