Total
745 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-0424 | 1 Oracle | 2 Jdk, Jre | 2024-11-21 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5889, CVE-2013-5902, CVE-2014-0410, CVE-2014-0415, and CVE-2014-0418. | |||||
| CVE-2014-0423 | 1 Oracle | 3 Jdk, Jre, Jrockit | 2024-11-21 | 5.5 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote authenticated users to affect confidentiality and availability via unknown vectors related to Beans. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that this issue is an XML External Entity (XXE) vulnerability in DocumentHandler.java, related to Beans decoding. | |||||
| CVE-2014-0422 | 1 Oracle | 2 Jdk, Jre | 2024-11-21 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JNDI. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to missing package access checks in the Naming / JNDI component, which allows attackers to escape the sandbox. | |||||
| CVE-2014-0418 | 3 Hp, Oracle, Redhat | 11 Hp-ux, Jdk, Jre and 8 more | 2024-11-21 | 5.1 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5889, CVE-2013-5902, CVE-2014-0410, CVE-2014-0415, and CVE-2014-0424. | |||||
| CVE-2014-0417 | 1 Oracle | 3 Javafx, Jdk, Jre | 2024-11-21 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JavaFX 2.2.45; and Java SE Embedded 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. | |||||
| CVE-2014-0416 | 1 Oracle | 2 Jdk, Jre | 2024-11-21 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect integrity via vectors related to JAAS. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to how principals are set for the Subject class, which allows attackers to escape the sandbox using deserialization of a crafted Subject instance. | |||||
| CVE-2014-0415 | 1 Oracle | 2 Jdk, Jre | 2024-11-21 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5889, CVE-2013-5902, CVE-2014-0410, CVE-2014-0418, and CVE-2014-0424. | |||||
| CVE-2014-0411 | 1 Oracle | 3 Jdk, Jre, Jrockit | 2024-11-21 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that this issue allows remote attackers to obtain sensitive information about encryption keys via a timing discrepancy during the TLS/SSL handshake. | |||||
| CVE-2014-0410 | 1 Oracle | 2 Jdk, Jre | 2024-11-21 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5889, CVE-2013-5902, CVE-2014-0415, CVE-2014-0418, and CVE-2014-0424. | |||||
| CVE-2014-0408 | 2 Apple, Oracle | 2 Mac Os X, Jre | 2024-11-21 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Oracle Java SE 7u45, when running on OS X, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. | |||||
| CVE-2014-0403 | 1 Oracle | 2 Jdk, Jre | 2024-11-21 | 5.8 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5898 and CVE-2014-0375. | |||||
| CVE-2014-0387 | 2 Mozilla, Oracle | 3 Firefox, Jdk, Jre | 2024-11-21 | 7.6 HIGH | N/A |
| Unspecified vulnerability in Oracle Java SE 6u65 and Java SE 7u45, when running on Firefox, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. | |||||
| CVE-2014-0385 | 1 Oracle | 2 Jdk, Jre | 2024-11-21 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Oracle Java SE 7u45, when installing on OS X, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install. | |||||
| CVE-2014-0382 | 3 Hp, Oracle, Redhat | 11 Hp-ux, Jdk, Jre and 8 more | 2024-11-21 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Java SE 7u45 and JavaFX 2.2.45 allows remote attackers to affect availability via unknown vectors related to JavaFX. | |||||
| CVE-2014-0376 | 1 Oracle | 2 Jdk, Jre | 2024-11-21 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect integrity via vectors related to JAXP. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to an improper check for "code permissions when creating document builder factories." | |||||
| CVE-2014-0375 | 1 Oracle | 2 Jdk, Jre | 2024-11-21 | 5.8 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5898 and CVE-2014-0403. | |||||
| CVE-2014-0373 | 1 Oracle | 2 Jdk, Jre | 2024-11-21 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Serviceability. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to throwing of an incorrect exception when SnmpStatusException should have been used in the SNMP implementation, which allows attackers to escape the sandbox. | |||||
| CVE-2014-0368 | 1 Oracle | 2 Jdk, Jre | 2024-11-21 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45, and Java SE Embedded 7u45, allows remote attackers to affect confidentiality via unknown vectors related to Networking. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to incorrect permission checks when listening on a socket, which allows attackers to escape the sandbox. | |||||
| CVE-2013-5910 | 1 Oracle | 2 Jdk, Jre | 2024-11-21 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, Java SE Embedded 7u45, and OpenJDK 7 allows remote attackers to affect integrity via unknown vectors related to Security. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that CanonicalizerBase.java in the XML canonicalizer allows untrusted code to access mutable byte arrays. | |||||
| CVE-2013-5907 | 1 Oracle | 3 Jdk, Jre, Jrockit | 2024-11-21 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is due to incorrect input validation in LookupProcessor.cpp in the ICU Layout Engine, which allows attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted font file. | |||||