CVE-2014-6511: Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality via unknown vectors related to 2D.

CVE-2014-6513 [MEDIUM] OpenJDK 7 vulnerabilities Title: OpenJDK 7 vulnerabilities Summary: Several security issues were fixed in OpenJDK 7. USN-2388-1 fixed vulnerabilities in OpenJDK 7 for Ubuntu 14.04 LTS. This update provides the corresponding updates for Ubuntu 14.10. Original advisory details: A vulnerability was discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit this to expose sensitive data over the network. (CVE-2014-6457) Several vulnerabilities were discovered in the OpenJDK JRE related to data integrity. (CVE-2014-6502, CVE-2014-6512, CVE-2014-6519, CVE-2014-6527, CVE-2014-6558) Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure. An attacker could exploit these to expose sensitive data over the network. (CVE-2014-6504, CV

CVE-2014-6457 [MEDIUM] OpenJDK 7 vulnerabilities Title: OpenJDK 7 vulnerabilities Summary: Several security issues were fixed in OpenJDK 7. A vulnerability was discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit this to expose sensitive data over the network. (CVE-2014-6457) Several vulnerabilities were discovered in the OpenJDK JRE related to data integrity. (CVE-2014-6502, CVE-2014-6512, CVE-2014-6519, CVE-2014-6527, CVE-2014-6558) Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure. An attacker could exploit these to expose sensitive data over the network. (CVE-2014-6504, CVE-2014-6511, CVE-2014-6517, CVE-2014-6531) Two vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availabil

CVE-2014-6457 [MEDIUM] OpenJDK 6 vulnerabilities Title: OpenJDK 6 vulnerabilities Summary: Several security issues were fixed in OpenJDK 6. A vulnerability was discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit this to expose sensitive data over the network. (CVE-2014-6457) Several vulnerabilities were discovered in the OpenJDK JRE related to data integrity. (CVE-2014-6502, CVE-2014-6512, CVE-2014-6519, CVE-2014-6558) Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure. An attacker could exploit these to expose sensitive data over the network. (CVE-2014-6504, CVE-2014-6511, CVE-2014-6517, CVE-2014-6531) Two vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacke

CVE-2014-6511 [MEDIUM] ICU: Layout Engine ContextualSubstitution missing boundary checks (JDK 2D, 8041540) ICU: Layout Engine ContextualSubstitution missing boundary checks (JDK 2D, 8041540) Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality via unknown vectors related to 2D. Package: icu (Red Hat Enterprise Linux 5) - Will not fix Package: icu (Red Hat Enterprise Linux 6) - Will not fix Package: icu (Red Hat Enterprise Linux 7) - Will not fix

CVE-2014-6511 [MEDIUM] CVE-2014-6511: openjdk-8 - Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20 allows ... Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality via unknown vectors related to 2D. Scope: local sid: resolved (fixed in 8u40~b09-1)

CVE-2014-6511 [MEDIUM] GHSA-vv94-8r3c-gfw5: Unspecified vulnerability in Oracle Java SE 5 Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality via unknown vectors related to 2D.

CVE-2014-6457 [MEDIUM] openjdk-7 vulnerabilities openjdk-7 vulnerabilities A vulnerability was discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit this to expose sensitive data over the network. (CVE-2014-6457) Several vulnerabilities were discovered in the OpenJDK JRE related to data integrity. (CVE-2014-6502, CVE-2014-6512, CVE-2014-6519, CVE-2014-6527, CVE-2014-6558) Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure. An attacker could exploit these to expose sensitive data over the network. (CVE-2014-6504, CVE-2014-6511, CVE-2014-6517, CVE-2014-6531) Two vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service

CVE-2014-6511 [MEDIUM] CVE-2014-6511: Unspecified vulnerability in Oracle Java SE 5 Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality via unknown vectors related to 2D.

CVE-2014-6511 [MEDIUM] CVE-2014-6511 ICU: Layout Engine ContextualSubstitution missing boundary checks (JDK 2D, 8041540) CVE-2014-6511 ICU: Layout Engine ContextualSubstitution missing boundary checks (JDK 2D, 8041540) An insufficient array boundary check flaw was discovered in the ICU library Layout Engine component, used as part of the 2D component in OpenJDK. A specially-crafted font file could trigger an out of bounds read, which could lead to information disclosure or application crash. A malicious Java application or applet could use this flaw to bypass certain Java sandbox restrictions. Discussion: Public now via Oracle Critical Patch Update - October 2014. Fixed in Oracle Java SE 5.0u75, 6u85, 7u71, and 8u25. External References: http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html#AppendixJAVA --- This issue has been addressed in the following products: Red Hat Enterpris