CVE-2014-6532
published 2014-10-15CVE-2014-6532: Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown…
critical9.3CVSS 3.1
AVNACMAuNCCICAC
Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6503.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | openjdk-8 | — | — |
| oracle | jdk | — | — |
| oracle | jdk | — | — |
| oracle | jre | — | — |
| oracle | jre | — | — |
| oracle | jre | — | — |
| zendframework | zendframework1 | >= 0 < 1.12.4 | 1.12.4 |
| zendframework | zendopenid | >= 0 < 2.0.2 | 2.0.2 |
| zendframework | zendrest | >= 0 < 2.0.2 | 2.0.2 |
| zendframework | zendservice-amazon | >= 0 < 2.0.3 | 2.0.3 |
| zendframework | zendservice-api | >= 0 < 1.0.0 | 1.0.0 |
| zendframework | zendservice-audioscrobbler | >= 0 < 2.0.2 | 2.0.2 |
| zendframework | zendservice-nirvanix | >= 0 < 2.0.2 | 2.0.2 |
| zendframework | zendservice-slideshare | >= 0 < 2.0.2 | 2.0.2 |
| zendframework | zendservice-technorati | >= 0 < 2.0.2 | 2.0.2 |
| zendframework | zendservice-windowsazure | >= 0 < 2.0.2 | 2.0.2 |
CVSS provenance
nvd9.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
ghsa5.0MEDIUM
GHSA
Several Zend Products Vulnerable to XXE and XEE attacks
ghsa·2022-05-14·CVSS 5.0
CVE-2014-2683 [MEDIUM] CWE-611 Several Zend Products Vulnerable to XXE and XEE attacks
Several Zend Products Vulnerable to XXE and XEE attacks
Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure before 2.0.2, ZendService_Amazon before 2.0.3, and ZendService_Api before 1.0.0 allow remote attackers to cause a denial of service (CPU consumption) via (1) recursive or (2) circular references in an XML entity definition in an XML DOCTYPE declaration, aka an XML Entity Expansion (XEE) attack. NOTE: this issue exists because of an incomplete fix for CVE-2012-6532.
GHSA
GHSA-jvx7-35cg-w97r: Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via un
ghsa_unreviewed·2022-05-13·CVSS 7.6
CVE-2014-4288 [HIGH] GHSA-jvx7-35cg-w97r: Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via un
Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6493, CVE-2014-6503, and CVE-2014-6532.
GHSA
GHSA-x9c3-pfjg-6f43: Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via un
ghsa_unreviewed·2022-05-13·CVSS 7.6
CVE-2014-6493 [HIGH] GHSA-x9c3-pfjg-6f43: Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via un
Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6503, and CVE-2014-6532.
GHSA
GHSA-wqrv-8v5g-pgqj: Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via un
ghsa_unreviewed·2022-05-13·CVSS 7.6
CVE-2014-6503 [HIGH] GHSA-wqrv-8v5g-pgqj: Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via un
Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6532.
GHSA
GHSA-9x5w-fgxg-c345: Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via un
ghsa_unreviewed·2022-05-13·CVSS 7.6
CVE-2014-6532 [HIGH] GHSA-9x5w-fgxg-c345: Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via un
Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6503.
Red Hat
JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment)
vendor_redhat·2014-10-14·CVSS 7.6
CVE-2014-6532 [HIGH] JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment)
JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment)
Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6503.
Red Hat
JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment)
vendor_redhat·2014-10-14·CVSS 7.6
CVE-2014-6493 [HIGH] JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment)
JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment)
Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6503, and CVE-2014-6532.
Red Hat
JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment)
vendor_redhat·2014-10-14·CVSS 7.6
CVE-2014-4288 [HIGH] JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment)
JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment)
Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6493, CVE-2014-6503, and CVE-2014-6532.
Red Hat
JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment)
vendor_redhat·2014-10-14·CVSS 7.6
CVE-2014-6503 [HIGH] JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment)
JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment)
Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6532.
Debian
CVE-2014-6532: openjdk-8 - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote a...
vendor_debian·2014·CVSS 7.6
CVE-2014-6532 [HIGH] CVE-2014-6532: openjdk-8 - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote a...
Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6503.
Scope: local
sid: resolved
Debian
CVE-2014-6493: openjdk-8 - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote a...
vendor_debian·2014·CVSS 7.6
CVE-2014-6493 [HIGH] CVE-2014-6493: openjdk-8 - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote a...
Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6503, and CVE-2014-6532.
Scope: local
sid: resolved
Debian
CVE-2014-6503: openjdk-8 - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote a...
vendor_debian·2014·CVSS 7.6
CVE-2014-6503 [HIGH] CVE-2014-6503: openjdk-8 - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote a...
Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6532.
Scope: local
sid: resolved
Debian
CVE-2014-4288: openjdk-8 - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote a...
vendor_debian·2014·CVSS 7.6
CVE-2014-4288 [HIGH] CVE-2014-4288: openjdk-8 - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote a...
Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6493, CVE-2014-6503, and CVE-2014-6532.
Scope: local
sid: resolved
No detection rules found.
No public exploits indexed.
http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00021.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-12/msg00002.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-02/msg00027.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.htmlhttp://rhn.redhat.com/errata/RHSA-2014-1657.htmlhttp://rhn.redhat.com/errata/RHSA-2014-1658.htmlhttp://rhn.redhat.com/errata/RHSA-2014-1876.htmlhttp://rhn.redhat.com/errata/RHSA-2014-1877.htmlhttp://rhn.redhat.com/errata/RHSA-2014-1880.htmlhttp://rhn.redhat.com/errata/RHSA-2014-1882.htmlhttp://rhn.redhat.com/errata/RHSA-2015-0264.htmlhttp://secunia.com/advisories/61163http://secunia.com/advisories/61164http://secunia.com/advisories/61609http://security.gentoo.org/glsa/glsa-201502-12.xmlhttp://www-01.ibm.com/support/docview.wss?uid=swg21688283http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.htmlhttp://www.securityfocus.com/bid/70507http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00021.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-12/msg00002.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-02/msg00027.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.htmlhttp://rhn.redhat.com/errata/RHSA-2014-1657.htmlhttp://rhn.redhat.com/errata/RHSA-2014-1658.htmlhttp://rhn.redhat.com/errata/RHSA-2014-1876.htmlhttp://rhn.redhat.com/errata/RHSA-2014-1877.htmlhttp://rhn.redhat.com/errata/RHSA-2014-1880.htmlhttp://rhn.redhat.com/errata/RHSA-2014-1882.htmlhttp://rhn.redhat.com/errata/RHSA-2015-0264.htmlhttp://secunia.com/advisories/61163http://secunia.com/advisories/61164http://secunia.com/advisories/61609http://security.gentoo.org/glsa/glsa-201502-12.xmlhttp://www-01.ibm.com/support/docview.wss?uid=swg21688283http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.htmlhttp://www.securityfocus.com/bid/70507
2014-10-15
Published