JDK: unspecified vulnerability fixed in 6u75, 7u55 and 8u5 (Deployment)

Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect integrity via unknown vectors related to Deployment...

OpenJDK: MethodHandle variable argument lists handling (Libraries, 8029844)

Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-0432 and CVE-2014-2402...

OpenJDK: JPEG decoder input stream handling (2D, 8029854)

Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D...

April 2014 Oracle Critical Patch Update

Software maker and database management company Oracle yesterday released its quarterly Critical Patch Update. The release resolves more than 100 security vulnerabilities, many of which received high common vulnerability scoring system base scores and should be applied as soon as possible. Product...

OpenJDK: RSA unpadding timing issues (Security, 8027766)

Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security...

OpenJDK: insufficient escaping of window title string (Javadoc, 8026736)

Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and JRockit R27.8.1 and R28.3.1 allows remote authenticated users to affect integrity via unknown vectors related to Javadoc...

Oracle releases Critical Update to Patch 104 Vulnerabilities

It’s time to update your Java program as Oracle has released its massive patch package for multiple security vulnerabilities. The United States software maker Oracle releases its security updates every three months, which it referred to as "Critical Patch Updates" CPU. Yesterday, Oracle released...

CVE-2014-2413

CVE-2014-2413 affects Oracle Java SE 7u51, 8 and Java SE Embedded 7u51. The connected document describes an unspecified vulnerability with integrity impact, exploitable remotely, via unknown vectors related to Libraries. The exact root cause, exploit details, affected subcomponents, impact scope,...

CVE-2014-2423

CVE-2014-2423 is an unspecified vulnerability in the JAX-WS component affecting Oracle Java SE (6u71, 7u51, 8, and Embedded 7u51) with partial confidentiality, integrity, and availability impacts. Public IBM-related documentation maps this and related Java CPU entries to IBM SDK/JAVA packages, e....

CVE-2014-2421

CVE-2014-2421 is an unspecified vulnerability in the 2D component of Oracle Java SE (and related IBM SDK for Java builds) with a base impact of complete confidentiality, integrity, and availability. Connected IBM advisories confirm this CVE appears in multiple IBM products that bundle IBM SDK for...

CVE-2014-2428

CVE-2014-2428 is documented in IBM’s Java vulnerability bulletin as an unspecified vulnerability in the Deployment component affecting IBM SDK/JAVA platforms (IBM SDK Java Technology Edition versions up to specific service refreshes/fix packs). The entry states complete confidentiality, integrity...

CVE-2014-2409

Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Deployment...

Buffer overflow

Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via vectors related to JNDI...

CVE-2014-0451

Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT, a different vulnerability than CVE-2014-2412...

CVE-2014-0454

CVE-2014-0454 (Oracle Java 7u45-/6u65-, etc.) is addressed in IBM advisories for IBM SDK/Java included with IBM products. Connected IBM bulletins enumerate multiple CVEs from the Oracle April 2014 CPU (CVE-2014-0457, -2421, -0429, -0461, -0455, -2428, -0448, -0454, -0446, -0452, -0451, -2402, -24...

CVE-2014-0456

CVE-2014-0456 is an unspecified remote vulnerability in Oracle Java SE (versions 6u71, 7u51, 8, and Java SE Embedded 7u51) and related Hotspot components. The issue enables confidentiality, integrity, and availability impact via unknown vectors and is documented across multiple advisories (e.g., ...

CVE-2014-2397

CVE-2014-2397 is an unspecified vulnerability affecting Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51. The linked MiracleLinux advisories enumerate CVE-2014-2397 among OpenJDK/Java vulnerabilities, explicitly noting impact to confidentiality, integrity, and availability via unknown vectors...

CVE-2014-2403

CVE-2014-2403 affects Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51. It is described as an unspecified vulnerability with confidentiality impact via vectors related to JAXP. Connected documents (MiracleLinux AXSA advisories) list CVE-2014-2403 among affected OpenJDK/Oracle Java comp...

CVE-2014-0452

CVE-2014-0452 is an Oracle Java SE vulnerability affecting Java 6u71, 7u51, 8 and Java SE Embedded 7u51, with the issue related to the JAX-WS component. The vulnerability is described as unspecified with partial confidentiality, integrity, and availability impact (C/P, I/P, A/P). Exploitation vec...

CVE-2014-2398

CVE-2014-2398 concerns an unspecified Javadoc-related vulnerability in Oracle Java SE (affecting 5.0u61, 6u71, 7u51, 8; JavaFX 2.2.51; JRockit R27.8.1/R28.3.1) with no confidentiality impact, partial integrity impact, and no availability impact (CVSS 3.5). IBM security bulletins note impact acros...