488210 – (CVE-2013-3829) <dev-java/oracle-{jdk,jre}-bin-1.7.0.45 - Multiple vulnerabilities.

Bug 488210 (CVE-2013-3829) - <dev-java/oracle-{jdk,jre}-bin-1.7.0.45 - Multiple vulnerabilities.

Summary: <dev-java/oracle-{jdk,jre}-bin-1.7.0.45 - Multiple vulnerabilities.

Status:	RESOLVED FIXED

Alias:	CVE-2013-3829

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal major
Assignee:	Gentoo Security

URL:	http://secunia.com/advisories/55315/
Whiteboard:	A2 [glsa]
Keywords:

Depends on:	java15removal 483018
Blocks:
	Show dependency tree

Reported:	2013-10-16 11:00 UTC by Agostino Sarubbo
Modified:	2014-01-27 01:28 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Agostino Sarubbo gentoo-dev

2013-10-16 11:00:31 UTC

From ${URL} :

Description

Multiple vulnerabilities have been reported in Oracle Java, which can be exploited by malicious users to manipulate certain data and by malicious people to disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.

1) An unspecified error within the 2D component of the client and server deployment can be exploited to potentially execute arbitrary code.

2) An unspecified error within the Libraries component of the client and server deployment can be exploited to potentially execute arbitrary code.

3) An unspecified error within the 2D component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to potentially execute arbitrary code.

4) Another unspecified error within the 2D component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to potentially execute arbitrary code.

5) An unspecified error within the CORBA component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to potentially execute arbitrary code.

6) An unspecified error within the Deployment component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to potentially execute arbitrary code.

7) Another unspecified error within the Deployment component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to potentially execute arbitrary code.

8) Another unspecified error within the Deployment component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to potentially execute arbitrary code.

9) Another unspecified error within the Deployment component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to potentially execute arbitrary code.

10) An unspecified error within the JNDI component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to potentially execute arbitrary code.

11) An unspecified error within the Libraries component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to potentially execute arbitrary code.

12) An unspecified error within the 2D component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to potentially execute arbitrary code.

13) An unspecified error within the Deployment component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to potentially execute arbitrary code.

14) An unspecified error within the Libraries component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to potentially execute arbitrary code.

15) Another unspecified error within the Libraries component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to potentially execute arbitrary code.

16) An unspecified error within the Swing component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to potentially execute arbitrary code.

17) Another unspecified error within the Swing component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to potentially execute arbitrary code.

18) An unspecified error within the JavaFX component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to potentially execute arbitrary code.

19) Another unspecified error within the JavaFX component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to potentially execute arbitrary code.

20) Another unspecified error within the JavaFX component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to potentially execute arbitrary code.

21) Another unspecified error within the JavaFX component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to potentially execute arbitrary code.

22) An unspecified error within the Deployment component of the client deployment installation process can be exploited to potentially execute arbitrary code.

23) An unspecified error within the JAXP component of the client and server deployment can be exploited to update, insert, or delete some Java accessible data and cause a partial DoS.

24) An unspecified error within the JavaFX component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to update, insert, or delete some Java accessible data and cause a partial DoS.

25) An unspecified error within the Javadoc component in the context of sites running the Javadoc tool as a service and hosting the resulting documentation can be exploited read, update, insert, or delete some Java accessible data.

26) An unspecified error within the Deployment component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to read a subset of some Java accessible data and cause a partial DoS.

27) An unspecified error within the Libraries component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to read, update, insert, or delete some Java accessible data.

28) An unspecified error within the Swing component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to read, update, insert, or delete some Java accessible data.

29) An unspecified error within the JAXP component of the client and server deployment can be exploited to cause a partial DoS.

30) Another unspecified error within the JAXP component of the client and server deployment can be exploited to cause a partial DoS.

31) An unspecified error within the Security component of the client and server deployment can be exploited to cause a partial DoS.

32) An unspecified error within the 2D component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to read a subset of Java accessible data.

33) Another unspecified error within the 2D component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to read a subset of Java accessible data.

34) An unspecified error within the Deployment component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to update, insert, or delete some Java accessible data.

35) Another unspecified error within the Deployment component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to update, insert, or delete some Java accessible data.

36) Another unspecified error within the Deployment component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to update, insert, or delete some Java accessible data.

37) Another unspecified error within the Deployment component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to update, insert, or delete some Java accessible data.

38) An unspecified error within the JAX-WS component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to update, insert, or delete some Java accessible data.

39) An unspecified error within the JAXP component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to read a subset of Java accessible data.

40) An unspecified error within the Libraries component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to read a subset of Java accessible data.

41) An unspecified error within the Libraries component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to update, insert, or delete some Java accessible data.

42) An unspecified error within the Deployment component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to update, insert, or delete some Java accessible data.

43) An unspecified error within the Libraries component of the client and server deployment can be exploited to read a subset of Java accessible data.

44) An unspecified error within the JGSS component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to read a subset of Java accessible data.

45) An unspecified error within the AWT component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to read a subset of Java accessible data.

46) An unspecified error within the BEANS component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to read a subset of Java accessible data.

47) An unspecified error within the SCRIPTING component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to update, insert, or delete some Java accessible data.

48) An unspecified error within the Javadoc component in the context of sites running the Javadoc tool as a service and hosting the resulting documentation can be exploited by authenticated users to update, insert, or delete some Java accessible data.

49) An unspecified error within the jhat component of the jhat developer tool can be exploited to update, insert, or delete some Java accessible data.

50) An unspecified error within the JGSS component of the client and server deployment can be exploited to cause a partial DoS.

51) An unspecified error within the JavaFX component of the client deployment can be exploited via untrusted Java Web Start applications and untrusted Java applets to read access a subset of Java accessible data.

The vulnerabilities are reported in the following products:
* JDK and JRE 7 Update 40 and prior
* JDK and JRE 6 Update 60 and prior
* JDK and JRE 5 Update 51 and prior


Solution:
Apply updates.

Further details available to Secunia VIM customers

Provided and/or discovered by:
It is currently unclear who reported the vulnerabilities as the Oracle Critical Patch Update for October 2013 only provides a bundled list of credits. This section will be updated when/if the original reporters provide more information.

Original Advisory:
Oracle:
http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html#AppendixJAVA
http://www.oracle.com/technetwork/topics/security/cpuoct2013verbose-1899842.html#JAVA

Comment 1 Tom Wijsman (TomWij) (RETIRED) gentoo-dev

2013-10-16 11:35:09 UTC

Please stabilize =dev-java/oracle-{jdk,jre}-bin-1.7.0.45.

Target keywords: amd64 x86

Please ignore the "Depends on" field for this stabilization.

Comment 2 Agostino Sarubbo gentoo-dev

2013-10-20 08:03:14 UTC

amd64 and x86 stable. Old removed.

Comment 3 GLSAMaker/CVETool Bot gentoo-dev

2013-10-23 23:58:18 UTC

CVE-2013-5854 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5854):
  Unspecified vulnerability in Oracle Java SE Java SE 7u40 and earlier and
  JavaFX 2.2.40 and earlier allows remote attackers to affect confidentiality
  via unknown vectors.

CVE-2013-5852 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5852):
  Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60
  and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers
  to affect confidentiality, integrity, and availability via unknown vectors
  related to Deployment.

CVE-2013-5851 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5851):
  Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE
  Embedded 7u40 and earlier allows remote attackers to affect confidentiality
  via vectors related to JAXP.

CVE-2013-5850 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5850):
  Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60
  and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and
  earlier allows remote attackers to affect confidentiality, integrity, and
  availability via unknown vectors related to Libraries.

CVE-2013-5849 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5849):
  Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60
  and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and
  earlier allows remote attackers to affect confidentiality via vectors
  related to AWT.

CVE-2013-5848 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5848):
  Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60
  and earlier, and JavaFX 2.2.40 and earlier allows remote attackers to affect
  integrity via unknown vectors related to Deployment.

CVE-2013-5846 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5846):
  Unspecified vulnerability in Oracle Java SE 7u40 and earlier, and JavaFX
  2.2.40 and earlier, allows remote attackers to affect confidentiality,
  integrity, and availability via unknown vectors related to JavaFX.

CVE-2013-5844 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5844):
  Unspecified vulnerability in Oracle Java SE 7u40 and earlier and JavaFX
  2.2.40 and earlier allows remote attackers to affect confidentiality,
  integrity, and availability via unknown vectors related to JavaFX.

CVE-2013-5843 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5843):
  Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60
  and earlier, Java SE 5.0u51 and earlier, JavaFX 2.2.40 and earlier, and Java
  SE Embedded 7u40 and earlier allows remote attackers to affect
  confidentiality, integrity, and availability via unknown vectors related to
  2D.

CVE-2013-5842 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5842):
  Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60
  and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and
  earlier allows remote attackers to affect confidentiality, integrity, and
  availability via unknown vectors related to Libraries.

CVE-2013-5840 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5840):
  Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60
  and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and
  earlier allows remote attackers to affect confidentiality via unknown
  vectors related to Libraries.

CVE-2013-5838 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5838):
  Unspecified vulnerability in Oracle Java SE 7u25 and earlier, and Java SE
  Embedded 7u25 and earlier, allows remote attackers to affect
  confidentiality, integrity, and availability via unknown vectors related to
  Libraries.

CVE-2013-5832 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5832):
  Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60
  and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers
  to affect confidentiality, integrity, and availability via unknown vectors
  related to Deployment.

CVE-2013-5831 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5831):
  Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60
  and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers
  to affect integrity via unknown vectors related to Deployment.

CVE-2013-5830 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5830):
  Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60
  and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier,
  JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows
  remote attackers to affect confidentiality, integrity, and availability via
  unknown vectors related to Libraries.

CVE-2013-5829 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5829):
  Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60
  and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and
  earlier allows remote attackers to affect confidentiality, integrity, and
  availability via unknown vectors related to 2D.

CVE-2013-5825 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5825):
  Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60
  and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier,
  JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows
  remote attackers to affect availability via vectors related to JAXP.

CVE-2013-5824 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5824):
  Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60
  and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers
  to affect confidentiality, integrity, and availability via unknown vectors
  related to Deployment.

CVE-2013-5823 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5823):
  Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60
  and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and
  Java SE Embedded 7u40 and earlier allows remote attackers to affect
  availability via unknown vectors related to Security.

CVE-2013-5820 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5820):
  Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60
  and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers
  to affect integrity via vectors related to JAX-WS.

CVE-2013-5819 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5819):
  Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60
  and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers
  to affect integrity via unknown vectors related to Deployment.

CVE-2013-5818 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5818):
  Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60
  and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers
  to affect integrity via unknown vectors related to Deployment.

CVE-2013-5817 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5817):
  Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60
  and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and
  earlier allows remote attackers to affect confidentiality, integrity, and
  availability via vectors related to JNDI.

CVE-2013-5814 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5814):
  Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60
  and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and
  earlier allows remote attackers to affect confidentiality, integrity, and
  availability via vectors related to CORBA.

CVE-2013-5812 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5812):
  Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60
  and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers
  to affect confidentiality and availability via unknown vectors related to
  Deployment.

CVE-2013-5810 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5810):
  Unspecified vulnerability in Oracle Java SE 7u40 and earlier and JavaFX
  2.2.40 and earlier allows remote attackers to affect confidentiality,
  integrity, and availability via unknown vectors.

CVE-2013-5809 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5809):
  Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60
  and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and
  earlier allows remote attackers to affect confidentiality, integrity, and
  availability via unknown vectors related to 2D.

CVE-2013-5806 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5806):
  Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE
  Embedded 7u40 and earlier allows remote attackers to affect confidentiality,
  integrity, and availability via unknown vectors related to Swing.

CVE-2013-5805 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5805):
  Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE
  Embedded 7u40 and earlier allows remote attackers to affect confidentiality,
  integrity, and availability via unknown vectors related to Swing.

CVE-2013-5804 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5804):
  Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60
  and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, and
  JRockit R27.7.6 and earlier allows remote attackers to affect
  confidentiality and integrity via unknown vectors related to Javadoc.

CVE-2013-5803 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5803):
  Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60
  and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier,
  JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows
  remote attackers to affect availability via vectors related to JGSS.

CVE-2013-5802 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5802):
  Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60
  and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier,
  JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows
  remote attackers to affect confidentiality, integrity, and availability via
  vectors related to JAXP.

CVE-2013-5801 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5801):
  Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60
  and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and
  earlier allows remote attackers to affect confidentiality via unknown
  vectors related to 2D.

CVE-2013-5800 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5800):
  Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE
  Embedded 7u40 and earlier allows remote attackers to affect confidentiality
  via vectors related to JGSS.

CVE-2013-5797 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5797):
  Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60
  and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier,
  JRockit R27.7.6 and earlier, and JavaFX 2.2.40 and earlier allows remote
  authenticated users to affect integrity via unknown vectors related to
  Javadoc.

CVE-2013-5790 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5790):
  Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60
  and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and
  earlier allows remote attackers to affect confidentiality via vectors
  related to BEANS.

CVE-2013-5789 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5789):
  Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60
  and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers
  to affect confidentiality, integrity, and availability via unknown vectors
  related to Deployment.

CVE-2013-5788 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5788):
  Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE
  Embedded 7u40 and earlier allows remote attackers to affect confidentiality,
  integrity, and availability via unknown vectors related to Deployment.

CVE-2013-5787 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5787):
  Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60
  and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers
  to affect confidentiality, integrity, and availability via unknown vectors
  related to Deployment.

CVE-2013-5784 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5784):
  Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60
  and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers
  to affect integrity via vectors related to SCRIPTING.

CVE-2013-5783 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5783):
  Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60
  and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and
  earlier allows remote attackers to affect confidentiality and integrity via
  unknown vectors related to Swing.

CVE-2013-5782 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5782):
  Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60
  and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier,
  JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows
  remote attackers to affect confidentiality, integrity, and availability via
  unknown vectors related to 2D.

CVE-2013-5780 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5780):
  Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60
  and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier,
  JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows
  remote attackers to affect confidentiality via unknown vectors related to
  Libraries.

CVE-2013-5778 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5778):
  Unspecified vulnerability in Oracle Java SE Java SE 7u40 and earlier, Java
  SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40
  and earlier allows remote attackers to affect confidentiality via unknown
  vectors related to 2D.

CVE-2013-5777 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5777):
  Unspecified vulnerability in the Java SE and JavaFX components in Oracle
  Java SE Java SE 7u40 and earlier and JavaFX 2.2.40 and earlier allows remote
  attackers to affect confidentiality, integrity, and availability via unknown
  vectors.

CVE-2013-5776 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5776):
  Unspecified vulnerability in the Java SE and Java SE Embedded components in
  Oracle Java SE Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java
  SE Embedded 7u40 and earlier allows remote attackers to affect integrity via
  unknown vectors related to Deployment.

CVE-2013-5775 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5775):
  Unspecified vulnerability in the Java SE and JavaFX components in Oracle
  Java SE Java SE 7u40 and earlier and JavaFX 2.2.40 and earlier allows remote
  attackers to affect confidentiality, integrity, and availability via unknown
  vectors.

CVE-2013-5774 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5774):
  Unspecified vulnerability in the Java SE, Java SE Embedded component in
  Oracle Java SE Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE
  5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote
  attackers to affect integrity via unknown vectors related to Libraries.

CVE-2013-5772 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5772):
  Unspecified vulnerability in the Java SE component in Oracle Java SE Java SE
  7u40 and earlier and Java SE 6u60 and earlier allows remote attackers to
  affect integrity via unknown vectors related to jhat.

CVE-2013-3829 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3829):
  Unspecified vulnerability in the Java SE, Java SE Embedded component in
  Oracle Java SE Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE
  5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote
  attackers to affect confidentiality and integrity via unknown vectors
  related to Libraries.

Comment 4 GLSAMaker/CVETool Bot gentoo-dev

2014-01-27 01:28:24 UTC

This issue was resolved and addressed in
 GLSA 201401-30 at http://security.gentoo.org/glsa/glsa-201401-30.xml
by GLSA coordinator Sean Amoss (ackle).