CVE-2014-0408

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Unspecified vulnerability in Oracle Java SE 7u45, when running on OS X, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.

References

http://lists.opensuse.org/opensuse-updates/2014-01/msg00105.html

http://lists.opensuse.org/opensuse-updates/2014-01/msg00107.html

http://lists.opensuse.org/opensuse-updates/2014-02/msg00000.html

http://osvdb.org/101999

http://secunia.com/advisories/56485

http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html

http://www.securityfocus.com/bid/64758

http://www.securityfocus.com/bid/64910

http://www.securitytracker.com/id/1029608

http://www.ubuntu.com/usn/USN-2089-1

Details

Source: MITRE

Published: 2014-01-15

Updated: 2020-09-08

Risk Information

CVSS v2

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH

Tenable Plugins

View all (6 total)

IDNameProductFamilySeverity
75414openSUSE Security Update : java-1_7_0-openjdk (openSUSE-SU-2014:0180-1)NessusSuSE Local Security Checks
critical
75413openSUSE Security Update : java-1_7_0-openjdk (openSUSE-SU-2014:0174-1)NessusSuSE Local Security Checks
critical
72139GLSA-201401-30 : Oracle JRE/JDK: Multiple vulnerabilities (ROBOT)NessusGentoo Local Security Checks
critical
72117Ubuntu 12.10 / 13.04 / 13.10 : openjdk-7 vulnerabilities (USN-2089-1)NessusUbuntu Local Security Checks
critical
71967Oracle Java SE Multiple Vulnerabilities (January 2014 CPU) (Unix)NessusMisc.
critical
71966Oracle Java SE Multiple Vulnerabilities (January 2014 CPU)NessusWindows
critical