[Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems'
Notification of New Vulnerabilties to Windows Systems Fixlet Messages
winvulns-announcements at bigmail.bigfix.com
Tue Jan 28 05:20:14 PST 2014
Fixlet Site - 'Vulnerabilities to Windows Systems'
Current Version: 346 Published: Mon, 27 Jan 2014 22:23:00 GMT
New Fixlets:
============
***************************************************************
Title: Vulnerability in Java SE 5.0u55, Java SE 6u65 and Java SE 7u45 component of Oracle Java SE (subcomponent: Install)
Severity: Medium
Fixlet ID: 2138401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval21384.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5905
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Vulnerability in Java SE 5.0u55, Java SE 6u65 and Java SE 7u45 component of Oracle Java SE (subcomponent: Install). Very difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java SE accessible data as well as read access to a subset of Java SE accessible data and ability to cause a partial denial of service (partial DOS) of Java SE.
***************************************************************
Title: Vulnerability in Java SE 7u45 component of Oracle Java SE (subcomponent: Deployment)
Severity: Medium
Fixlet ID: 2141801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval21418.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5904
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Vulnerability in Java SE 7u45 component of Oracle Java SE (subcomponent: Deployment). Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java SE accessible data as well as read access to a subset of Java SE accessible data and ability to cause a partial denial of service (partial DOS) of Java SE.
***************************************************************
Title: Unspecified vulnerability in the VirtualBox component in Oracle Virtualization VirtualBox 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect confidentiality, integrity, and availability
Severity: Low
Fixlet ID: 2143801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval21438.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0405
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core.
***************************************************************
Title: Word Memory Corruption Vulnerability (CVE-2014-0260) - MS14-001
Severity: High
Fixlet ID: 2144301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval21443.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0260
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office Compatibility Pack SP3; Word Viewer; SharePoint Server 2010 SP1 and SP2 and 2013; Office Web Apps 2010 SP1 and SP2; and Office Web Apps Server 2013 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability."
***************************************************************
Title: Vulnerability in Java SE 6u65 and Java SE 7u45 component of Oracle Java SE (subcomponent: Deployment)
Severity: Medium
Fixlet ID: 2148801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval21488.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0418
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Vulnerability in Java SE 6u65 and Java SE 7u45 component of Oracle Java SE (subcomponent: Deployment). Very difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java SE accessible data as well as read access to a subset of Java SE accessible data and ability to cause a partial denial of service (partial DOS) of Java SE.
***************************************************************
Title: Vulnerability in Java SE 6u65 and Java SE 7u45 component of Oracle Java SE (subcomponent: Deployment)
Severity: High
Fixlet ID: 2165301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval21653.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0424
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Vulnerability in Java SE 6u65 and Java SE 7u45 component of Oracle Java SE (subcomponent: Deployment). Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java SE accessible data as well as read access to a subset of Java SE accessible data and ability to cause a partial denial of service (partial DOS) of Java SE.
***************************************************************
Title: Vulnerability in Java SE 6u65 and Java SE 7u45 component of Oracle Java SE (subcomponent: Deployment)
Severity: Medium
Fixlet ID: 2176801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval21768.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0375
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Vulnerability in Java SE 6u65 and Java SE 7u45 component of Oracle Java SE (subcomponent: Deployment). Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java SE accessible data as well as read access to a subset of Java SE accessible data.
***************************************************************
Title: Win32k window handle vulnerability in Microsoft Windows (CVE-2014-0262) - MS14-003
Severity: High
Fixlet ID: 2177901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval21779.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0262
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1 and Server 2008 R2 SP1 does not properly consider thread-owned objects during the processing of window handles, which allows local users to gain privileges via a crafted application, aka "Win32k Window Handle Vulnerability."
***************************************************************
Title: Unspecified vulnerability in the VirtualBox component in Oracle Virtualization VirtualBox 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect confidentiality, integrity, and availability
Severity: Low
Fixlet ID: 2188301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval21883.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0407
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core.
***************************************************************
Title: Vulnerability in Java SE 7u45 and JavaFX 2.2.45 component of Oracle Java SE (subcomponent: JavaFX)
Severity: Medium
Fixlet ID: 2196201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval21962.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5870
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Vulnerability in Java SE 7u45 and JavaFX 2.2.45 component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE 7u45 and JavaFX 2.2.45. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java SE, JavaFX accessible data as well as read access to a subset of Java SE, JavaFX accessible data and ability to cause a partial denial of service (partial DOS) of Java SE, JavaFX.
***************************************************************
Title: Vulnerability in Java SE 6u65 and Java SE 7u45 component of Oracle Java SE (subcomponent: Deployment)
Severity: Medium
Fixlet ID: 2197701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval21977.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5888
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Vulnerability in Java SE 6u65 and Java SE 7u45 component of Oracle Java SE (subcomponent: Deployment). Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java SE accessible data as well as read access to a subset of Java SE accessible data and ability to cause a partial denial of service (partial DOS) of Java SE.
***************************************************************
Title: Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45, JRockit R27.7.7, JRockit R28.2.9 and Java SE Embedded 7u45 component of Oracle Java SE (subcomponent: Beans)
Severity: Medium
Fixlet ID: 2197901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval21979.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0423
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45, JRockit R27.7.7, JRockit R28.2.9 and Java SE Embedded 7u45 component of Oracle Java SE (subcomponent: Beans). Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized read access to a subset of Java SE, JRockit, Java SE Embedded accessible data and ability to cause a partial denial of service (partial DOS) of Java SE, JRockit, Java SE Embedded.
***************************************************************
Title: Vulnerability in Java SE component of Oracle Java SE 6u65 and Java SE 7u45 (subcomponent: Deployment)
Severity: High
Fixlet ID: 2198901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval21989.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0410
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Vulnerability in Java SE component of Oracle Java SE 6u65 and Java SE 7u45 (subcomponent: Deployment). Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.
***************************************************************
Title: Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45, JavaFX 2.2.45 and Java SE Embedded 7u45 component of Oracle Java SE (subcomponent: 2D)
Severity: High
Fixlet ID: 2203401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22034.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0417
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45, JavaFX 2.2.45 and Java SE Embedded 7u45 component of Oracle Java SE (subcomponent: 2D). Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.
***************************************************************
Title: Vulnerability in Java SE 6u65 and Java SE 7u45 component of Oracle Java SE (subcomponent: Deployment)
Severity: Medium
Fixlet ID: 2206601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22066.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5899
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Vulnerability in Java SE 6u65 and Java SE 7u45 component of Oracle Java SE (subcomponent: Deployment). Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data.
***************************************************************
Title: Vulnerability in Java SE 7u45 and Java SE Embedded 7u45 component of Oracle Java SE (subcomponent: Libraries)
Severity: High
Fixlet ID: 2207301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22073.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5893
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Vulnerability in Java SE 7u45 and Java SE Embedded 7u45 component of Oracle Java SE (subcomponent: Libraries). Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.
***************************************************************
Title: Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45, JRockit R27.7.7, JRockit R28.2.9 and Java SE Embedded 7u45 component of Oracle Java SE (subcomponent: JSSE)
Severity: Medium
Fixlet ID: 2209601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22096.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0411
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45, JRockit R27.7.7, JRockit R28.2.9 and Java SE Embedded 7u45 component of Oracle Java SE (subcomponent: JSSE). Very difficult to exploit vulnerability allows successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java SE, JRockit, Java SE Embedded accessible data as well as read access to a subset of Java SE, JRockit, Java SE Embedded accessible data.
***************************************************************
Title: Vulnerability in Java SE 6u65, Java SE 7u45 component of Oracle Java SE (subcomponent: Deployment)
Severity: High
Fixlet ID: 2210601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22106.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5889
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Vulnerability in Java SE 6u65 and Java SE 7u45 component of Oracle Java SE (subcomponent: Deployment). Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.
***************************************************************
Title: Vulnerability in Java SE 7u45 and JavaFX 2.2.45 component of Oracle Java SE (subcomponent: JavaFX)
Severity: Medium
Fixlet ID: 2211801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22118.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0382
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Vulnerability in Java SE 7u45 and JavaFX 2.2.45 component of Oracle Java SE (subcomponent: JavaFX). Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, JavaFX.
***************************************************************
Title: Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45, JRockit R27.7.7, Java SE Embedded 7u45 component of Oracle Java SE (subcomponent: 2D)
Severity: High
Fixlet ID: 2217001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22170.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5907
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45, JRockit R27.7.7, Java SE Embedded 7u45 component of Oracle Java SE (subcomponent: 2D). Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.
***************************************************************
Title: Vulnerability in Java SE component of Oracle Java SE 6u65 and Java SE 7u45 (subcomponent: Deployment)
Severity: High
Fixlet ID: 2219201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22192.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0415
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Vulnerability in Java SE component of Oracle Java SE 6u65 and Java SE 7u45 (subcomponent: Deployment). Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.
***************************************************************
Title: Vulnerability in Java SE 5.0u55, Java SE 6u65 and Java SE 7u45 component of Oracle Java SE (subcomponent: Install)
Severity: Medium
Fixlet ID: 2220001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22200.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5906
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Vulnerability in Java SE 5.0u55, Java SE 6u65 and Java SE 7u45 component of Oracle Java SE (subcomponent: Install). Very difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java SE accessible data as well as read access to a subset of Java SE accessible data and ability to cause a partial denial of service (partial DOS) of Java SE.
***************************************************************
Title: Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45 and Java SE Embedded 7u45 component of Oracle Java SE (subcomponent: JAAS)
Severity: Medium
Fixlet ID: 2221401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22214.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0416
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45 and Java SE Embedded 7u45 component of Oracle Java SE (subcomponent: JAAS). Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java SE, Java SE Embedded accessible data.
***************************************************************
Title: Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45 and Java SE Embedded 7u45 component of Oracle Java SE (subcomponent: CORBA)
Severity: Medium
Fixlet ID: 2222701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22227.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5884
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45 and Java SE Embedded 7u45 component of Oracle Java SE (subcomponent: CORBA). Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data.
***************************************************************
Title: Word Memory Corruption Vulnerability (CVE-2014-0258) - MS14-001
Severity: High
Fixlet ID: 2223101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22231.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0258
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Word 2003 SP3 and 2007 SP3, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability."
***************************************************************
Title: Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45, Java SE Embedded 7u45 component of Oracle Java SE (subcomponent: CORBA)
Severity: High
Fixlet ID: 2223301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22233.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0428
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45, Java SE Embedded 7u45 component of Oracle Java SE (subcomponent: CORBA). Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.
***************************************************************
Title: Vulnerability in Java SE 6u65, Java SE 7u45 and Java SE Embedded 7u45 component of Oracle Java SE (subcomponent: Security)
Severity: High
Fixlet ID: 2224501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22245.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5878
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Vulnerability in Java SE 6u65, Java SE 7u45 and Java SE Embedded 7u45 component of Oracle Java SE (subcomponent: Security). Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java SE, Java SE Embedded accessible data as well as read access to a subset of Java SE, Java SE Embedded accessible data and ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.
***************************************************************
Title: Vulnerability in Java SE 6u65, Java SE 7u45 and Java SE Embedded 7u45 component of Oracle Java SE (subcomponent: Security)
Severity: Medium
Fixlet ID: 2225801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22258.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5910
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Vulnerability in Java SE 6u65, Java SE 7u45 and Java SE Embedded 7u45 component of Oracle Java SE (subcomponent: Security). Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java SE, Java SE Embedded accessible data.
***************************************************************
Title: Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45 and Java SE Embedded 7u45 component of Oracle Java SE (subcomponent: JAXP)
Severity: Medium
Fixlet ID: 2227001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22270.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0376
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45 and Java SE Embedded 7u45 component of Oracle Java SE (subcomponent: JAXP). Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java SE, Java SE Embedded accessible data.
***************************************************************
Title: Kernel NDProxy Vulnerability (CVE-2013-5065) - MS14-002
Severity: High
Fixlet ID: 2228801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22288.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5065
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: NDProxy.sys in the kernel in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted application, as exploited in the wild in November 2013.
***************************************************************
Title: Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45 and Java SE Embedded 7u45 component of Oracle Java SE (subcomponent: Networking)
Severity: Medium
Fixlet ID: 2228901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22289.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0368
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45 and Java SE Embedded 7u45 component of Oracle Java SE (subcomponent: Networking). Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data.
***************************************************************
Title: Vulnerability in Java SE 5.0u55, Java SE 6u65 and Java SE 7u45 component of Oracle Java SE (subcomponent: Serviceability)
Severity: High
Fixlet ID: 2230401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22304.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0373
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Vulnerability in Java SE 5.0u55, Java SE 6u65 and Java SE 7u45 component of Oracle Java SE (subcomponent: Serviceability). Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java SE accessible data as well as read access to a subset of Java SE accessible data and ability to cause a partial denial of service (partial DOS) of Java SE.
***************************************************************
Title: Word Memory Corruption Vulnerability (CVE-2014-0259) - MS14-001
Severity: High
Fixlet ID: 2231501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22315.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0259
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Word 2007 SP3 and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability."
***************************************************************
Title: Vulnerability in Java SE 7u45 and JavaFX 2.2.45 component of Oracle Java SE (subcomponent: JavaFX)
Severity: Medium
Fixlet ID: 2231701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22317.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5895
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Vulnerability in Java SE 7u45 and JavaFX 2.2.45 component of Oracle Java SE (subcomponent: JavaFX). Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized read access to a subset of Java SE, JavaFX accessible data.
***************************************************************
Title: Vulnerability in Java SE 6u65 and Java SE 7u45 component of Oracle Java SE (subcomponent: Deployment)
Severity: Medium
Fixlet ID: 2233001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22330.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0403
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Vulnerability in Java SE 6u65 and Java SE 7u45 component of Oracle Java SE (subcomponent: Deployment). Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java SE accessible data as well as read access to a subset of Java SE accessible data.
***************************************************************
Title: Vulnerability in Java SE 6u65 and Java SE 7u45 component of Oracle Java SE (subcomponent: Deployment)
Severity: Medium
Fixlet ID: 2234901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22349.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5902
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Vulnerability in Java SE 6u65 and Java SE 7u45 component of Oracle Java SE (subcomponent: Deployment). Very difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java SE accessible data as well as read access to a subset of Java SE accessible data and ability to cause a partial denial of service (partial DOS) of Java SE.
***************************************************************
Title: Vulnerability in Java SE 6u65 and Java SE 7u45 component of Oracle Java SE (subcomponent: Deployment)
Severity: Medium
Fixlet ID: 2236301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22363.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5898
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Vulnerability in Java SE 6u65 and Java SE 7u45 component of Oracle Java SE (subcomponent: Deployment). Very difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java SE accessible data as well as read access to a subset of Java SE accessible data.
***************************************************************
Title: Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45 and Java SE Embedded 7u45 component of Oracle Java SE (subcomponent: CORBA)
Severity: Medium
Fixlet ID: 2237201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22372.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5896
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45 and Java SE Embedded 7u45 component of Oracle Java SE (subcomponent: CORBA). Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.
***************************************************************
Title: Vulnerability in Java SE 6u65 and Java SE 7u45 component of Oracle Java SE (subcomponent: Deployment)
Severity: Medium
Fixlet ID: 2237701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22377.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5887
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Vulnerability in Java SE 6u65 and Java SE 7u45 component of Oracle Java SE (subcomponent: Deployment). Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE.
***************************************************************
Title: Unspecified vulnerability in the VirtualBox component in Oracle Virtualization VirtualBox 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect integrity and availability, a different vulnerability than CVE-2014-0406
Severity: Low
Fixlet ID: 2239101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22391.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0404
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect integrity and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-0406.
***************************************************************
Title: Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45, Java SE Embedded 7u45 component of Oracle Java SE (subcomponent: JNDI)
Severity: High
Fixlet ID: 2240201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22402.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0422
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45, Java SE Embedded 7u45 component of Oracle Java SE (subcomponent: JNDI). Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.
***************************************************************
Title: Unspecified vulnerability in the VirtualBox component in Oracle Virtualization VirtualBox 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect integrity and availability, a different vulnerability than CVE-2014-0404
Severity: Low
Fixlet ID: 2243401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval22434.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0406
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect integrity and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-0404.
More information about the WinVulns-Announcements
mailing list