CVE-2015-1241 – chromium-browser: tap-jacking vulnerability
https://notcve.org/view.php?id=CVE-2015-1241
Google Chrome before 42.0.2311.90 does not properly consider the interaction of page navigation with the handling of touch events and gesture events, which allows remote attackers to trigger unintended UI actions via a crafted web site that conducts a "tapjacking" attack. Google Chrome anterior a 42.0.2311.90 no considera correctamente la interacción de la navegación de páginas con el manejo de los eventos 'táctiles' (touch) y los eventos de 'gestos' (gesture), lo que permite a atacantes remotos provocar acciones no intencionadas de la interfaz del usuario a través de un sitio web manipulado que realiza un ataque de 'tapjacking'. • http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html http://lists.opensuse.org/opensuse-updates/2015-04/msg00040.html http://lists.opensuse.org/opensuse-updates/2015-11/msg00024.html http://rhn.redhat.com/errata/RHSA-2015-0816.html http://ubuntu.com/usn/usn-2570-1 http://www.debian.org/security/2015/dsa-3238 http://www.securitytracker.com/id/1032209 https://code.google.com/p/chromium/issues/detail?id=418402 https://codereview.chromium.org/628763003 http • CWE-352: Cross-Site Request Forgery (CSRF) CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVE-2015-0492 – JDK: unspecified vulnerability fixed in 7u79 and 8u45 (JavaFX)
https://notcve.org/view.php?id=CVE-2015-0492
Unspecified vulnerability in Oracle Java SE 7u76 and 8u40, and JavaFX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-0484. Vulnerabilidad no especificada en Oracle Java SE 7u76 y 8u40, y JavaFX 2.2.76, permite a atacantes remotos afectar la confidencialidad, la integridad y la disponibilidad a través de vectores desconocidos, una vulnerabilidad diferente a CVE-2015-0484. • http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00002.html http://rhn.redhat.com/errata/RHSA-2015-0854.html http://rhn.redhat.com/errata/RHSA-2015-0857.html http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html http://www.securityfocus.com/bid/74129 http://www.securitytracker.com/id/1032120 https://securit •
CVE-2015-0486 – JDK: unspecified vulnerability fixed in 8u45 (Deployment)
https://notcve.org/view.php?id=CVE-2015-0486
Unspecified vulnerability in Oracle Java SE 8u40 allows remote attackers to affect confidentiality via unknown vectors related to Deployment. Vulnerabilidad no especificada en Oracle Java SE 8u40 permite a atacantes remotos afectar la confidencialidad a través de vectores desconocidos relacionados con Deployment. • http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00017.html http://rhn.redhat.com/errata/RHSA-2015-0854.html http://www-01.ibm.com/support/docview.wss?uid=swg21883640 http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html http://www.securityfocus.com/bid/74145 http://www.securitytracker.com/id/1032120 https://security.gentoo.org/glsa/201603-11 https://access.redhat.com/security/cve/CVE-2015-0486 https://bugzilla.redhat.com/show_bug.cgi?id=1211774 •
CVE-2015-0484 – JDK: unspecified vulnerability fixed in 7u79 and 8u45 (JavaFX)
https://notcve.org/view.php?id=CVE-2015-0484
Unspecified vulnerability in Oracle Java SE 7u76 and 8u40, and Java FX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-0492. Vulnerabilidad no especificada en Oracle Java SE 7u76 y 8u40, y Java FX 2.2.76, permite a atacantes remotos afectar la confidencialidad, la integridad y la disponibilidad a través de vectores desconocidos, una vulnerabilidad diferente a CVE-2015-0492. • http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00002.html http://rhn.redhat.com/errata/RHSA-2015-0854.html http://rhn.redhat.com/errata/RHSA-2015-0857.html http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html http://www.securityfocus.com/bid/74135 http://www.securitytracker.com/id/1032120 https://securit •
CVE-2015-0491 – JDK: unspecified vulnerability fixed in 5.0u85, 6u95, 7u79 and 8u45 (2D)
https://notcve.org/view.php?id=CVE-2015-0491
Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and Java FX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2015-0459. Vulnerabilidad no especificada en Oracle Java SE 5.0u81, 6u91, 7u76, y 8u40, y Java FX 2.2.76, permite a atacantes remotos afectar la confidencialidad, la integridad y la disponibilidad a través de vectores desconocidos relacionados con 2D, una vulnerabilidad diferente a CVE-2015-0459. • http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2015-06 •