{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-10-14T00:00:00", "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in Oracle Java SE 8u20 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-30T16:57:01", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle"}, "references": [{"name": "61609", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/61609"}, {"name": "61928", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/61928"}, {"name": "70488", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/70488"}, {"name": "60416", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/60416"}, {"name": "RHSA-2014:1636", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1636.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://linux.oracle.com/errata/ELSA-2014-1636"}, {"name": "GLSA-201502-12", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-201502-12.xml"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21692299"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2014-6468", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unspecified vulnerability in Oracle Java SE 8u20 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "61609", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/61609"}, {"name": "61928", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/61928"}, {"name": "70488", "refsource": "BID", "url": "http://www.securityfocus.com/bid/70488"}, {"name": "60416", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/60416"}, {"name": "RHSA-2014:1636", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-1636.html"}, {"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"}, {"name": "http://linux.oracle.com/errata/ELSA-2014-1636", "refsource": "CONFIRM", "url": "http://linux.oracle.com/errata/ELSA-2014-1636"}, {"name": "GLSA-201502-12", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-201502-12.xml"}, {"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21692299", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21692299"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T12:17:23.977Z"}, "title": "CVE Program Container", "references": [{"name": "61609", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/61609"}, {"name": "61928", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/61928"}, {"name": "70488", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/70488"}, {"name": "60416", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/60416"}, {"name": "RHSA-2014:1636", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1636.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://linux.oracle.com/errata/ELSA-2014-1636"}, {"name": "GLSA-201502-12", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://security.gentoo.org/glsa/glsa-201502-12.xml"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21692299"}]}]}, "cveMetadata": {"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2014-6468", "datePublished": "2014-10-15T15:15:00", "dateReserved": "2014-09-17T00:00:00", "dateUpdated": "2024-08-06T12:17:23.977Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update20:*:*:*:*:*:*", "matchCriteriaId": "1F19BFEB-7202-4156-893E-576486FCCA63", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jre:1.8.0:update_20:*:*:*:*:*:*", "matchCriteriaId": "D776872E-A50A-498D-A68B-84DD910ED429", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in Oracle Java SE 8u20 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot."}, {"lang": "es", "value": "Vulnerabilidad sin especificar en Oracle Java S3 8u20 permite a usuarios locales afectar a la confidencialidad, la integridad, y la disponibilidad a trav\u00e9s de vectores desconocidos relacionados con Hotspot."}], "id": "CVE-2014-6468", "lastModified": "2020-09-08T12:29:40.483", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 6.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-10-15T15:55:08.337", "references": [{"source": "secalert_us@oracle.com", "url": "http://linux.oracle.com/errata/ELSA-2014-1636"}, {"source": "secalert_us@oracle.com", "url": "http://rhn.redhat.com/errata/RHSA-2014-1636.html"}, {"source": "secalert_us@oracle.com", "url": "http://secunia.com/advisories/60416"}, {"source": "secalert_us@oracle.com", "url": "http://secunia.com/advisories/61609"}, {"source": "secalert_us@oracle.com", "url": "http://secunia.com/advisories/61928"}, {"source": "secalert_us@oracle.com", "url": "http://security.gentoo.org/glsa/glsa-201502-12.xml"}, {"source": "secalert_us@oracle.com", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21692299"}, {"source": "secalert_us@oracle.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"}, {"source": "secalert_us@oracle.com", "url": "http://www.securityfocus.com/bid/70488"}], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2014:1636", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "java-1.8.0-openjdk-0:1.8.0.25-1.b17.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-15T00:00:00Z"}], "bugzilla": {"description": "OpenJDK: insufficient SharedArchiveFile checks (Hotspot, 8044269)", "id": "1152049", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1152049"}, "csaw": false, "cvss": {"cvss_base_score": "6.2", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "status": "verified"}, "details": ["Unspecified vulnerability in Oracle Java SE 8u20 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.", "It was discovered that the Hotspot component in OpenJDK failed to properly handle malformed Shared Archive files. A local attacker able to modify a Shared Archive file used by a virtual machine of a different user could possibly use this flaw to escalate their privileges."], "name": "CVE-2014-6468", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "java-1.6.0-openjdk", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "java-1.6.0-sun", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "java-1.7.0-openjdk", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "java-1.7.0-oracle", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "java-1.6.0-openjdk", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "java-1.6.0-sun", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "java-1.7.0-openjdk", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "java-1.7.0-oracle", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "java-1.6.0-openjdk", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "java-1.6.0-sun", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "java-1.7.0-openjdk", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "java-1.7.0-oracle", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2014-10-14T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2014-6468\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-6468\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html#AppendixJAVA"], "threat_severity": "Low"}