KLA10001
Multiple vulnerabilities in Oracle Java Runtime Environment & Java Development Kit
Updated: 06/17/2019
Detect date
?
04/30/2014
Severity
?
Critical
Description

Multiple serious vulnerabilities have been found in Oracle Java Runtime Environment & Java Development Kit: 5.61, 6.71, 7.51, 8. Malicious use of these vulnerabilities can affect confidentiality, integrity and availability, cause denial of service, obtain sensitive information or overwrite arbitrary files.

Below is a complete list of vulnerabilities

  1. Vectors related to 2D, Libraries, Hotspot, JavaFX, Deployment, AWT, JAX-WS, JAXB, Security, Sound, JNDI, JAXP, Scripting, Javadoc and other unknown points can be exploited to affect confidentiality, integrity and availability.
  2. Zero-size PLTE chunk or NULL palette, related to pngrtran.c and pngset.c.
  3. Unintialized memory locations at get_sos from libjpeg (6b) & libjpeg-turbo (through 1.3.0).
  4. Nonsecurely temporary files creation at unpacker::redirect_stdio from unpack200.
Affected products

Oracle Java Runtime Environment & Java Development Kit: 5.61, 6.71, 7.51, 8

Solution

Update to latest version
Java SE

Original advisories

Oracle

Impacts
?
OSI 
[?]

DoS 
[?]

OAF 
[?]

LoI 
[?]
CVE-IDS
?
CVE-2013-66295.0Critical
CVE-2014-24147.5Critical
CVE-2014-24027.5Critical
CVE-2014-04467.5Critical
CVE-2014-04547.5Critical
CVE-2014-24277.5Critical
CVE-2014-24226.8High
CVE-2014-24096.4High
CVE-2014-04605.8High
CVE-2013-69545.0Critical
CVE-2014-24109.3Critical
CVE-2014-23979.3Critical
CVE-2014-045610.0Critical
CVE-2014-242110.0Critical
CVE-2014-042910.0Critical
CVE-2014-045710.0Critical
CVE-2014-23983.5Warning
CVE-2014-04534.0Warning
CVE-2014-24134.3Warning
CVE-2014-04594.3Warning
CVE-2014-04644.3Warning
CVE-2014-04634.3Warning
CVE-2014-24015.0Critical
CVE-2014-24035.0Critical
CVE-2014-24202.6Warning
CVE-2014-18764.4Warning
CVE-2014-04527.5Critical
CVE-2014-24237.5Critical
CVE-2014-24127.5Critical
CVE-2014-24287.6Critical
CVE-2014-04587.5Critical
CVE-2014-04517.5Critical
CVE-2014-04559.3Critical
CVE-2014-04329.3Critical
CVE-2014-04487.6Critical
CVE-2014-04619.3Critical