NotCVE - vendor:"Oracle" product:"Jrockit"

Page 13 of 107 results (0.022 seconds)

CVSS: 5.0EPSS: 3%CPEs: 9EXPL: 0

CVE-2015-4893 – OpenJDK: incomplete MaxXMLNameLimit enforcement (JAXP, 8086733)

https://notcve.org/view.php?id=CVE-2015-4893

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4803 and CVE-2015-4911. Vulnerabilidad no especificada en Oracle Java SE 6u101, 7u85 y 8u60; Java SE Embedded 8u51 y JRockit R28.3.7 permite a atacantes remotos afectar a la disponibilidad a través de vectores relacionados con JAXP, una vulnerabilidad diferente a CVE-2015-4803 y CVE-2015-4911. • http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00019.html http://lists.opensuse.org/opensuse-security-announce/2015-12 • CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 5.0EPSS: 6%CPEs: 9EXPL: 0

CVE-2015-4803 – OpenJDK: inefficient use of hash tables and lists during XML parsing (JAXP, 8068842)

https://notcve.org/view.php?id=CVE-2015-4803

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4893 and CVE-2015-4911. Vulnerabilidad no especificada en Oracle Java SE 6u101, 7u85 y 8u60; Java SE Embedded 8u51 y JRockit R28.3.7 permite a atacantes remotos afectar a la disponibilidad a través de vectores relacionados con JAXP, una vulnerabilidad diferente a CVE-2015-4893 y CVE-2015-4911. • http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00019.html http://lists.opensuse.org/opensuse-security-announce/2015-12 • CWE-407: Inefficient Algorithmic Complexity •

CVSS: 7.6EPSS: 2%CPEs: 11EXPL: 0

CVE-2015-4748 – OpenJDK: incorrect OCSP nextUpdate checking (Libraries, 8075374)

https://notcve.org/view.php?id=CVE-2015-4748

Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JRockit R28.3.6; and Java SE Embedded 7u75 and Embedded 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security. Vulnerabilidad no especificada en Oracle Java SE 6u95, 7u80 y 8u45; JRockit R28.3.6; y Java SE Embedded 7u75 y Embedded 8u33, permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con Security. A flaw was found in the way the Libraries component of OpenJDK verified Online Certificate Status Protocol (OCSP) responses. An OCSP response with no nextUpdate date specified was incorrectly handled as having unlimited validity, possibly causing a revoked X.509 certificate to be interpreted as valid. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10727 http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html http://rhn.redhat.com/errata/RHSA-2015-1228.html http://rhn.redhat.com/errata/RHSA-2015-1229.html http://rhn.redhat.com/errata/R • CWE-299: Improper Check for Certificate Revocation •

CVSS: 5.0EPSS: 0%CPEs: 11EXPL: 0

CVE-2015-2601 – OpenJDK: non-constant time comparisons in crypto code (JCE, 8074865)

https://notcve.org/view.php?id=CVE-2015-2601

Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, JRockit R28.3.6, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JCE. Vulnerabilidad no especificada en Oracle Java SE en las versiones 6u95, 7u80 y 8u45, en JRockit R28.3.6 y en Java SE Embedded en las versiones 7u75y 8u33, permite a atacantes remotos afectar la confidencialidad a través de vectores relacionados con la JCE. It was discovered that the JCE component in OpenJDK failed to use constant time comparisons in multiple cases. An attacker could possibly use these flaws to disclose sensitive information by measuring the time used to perform operations using these non-constant time comparisons. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10727 http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html http://rhn.redhat.com/errata/RHSA-2015-1228.html http://rhn.redhat.com/errata/RHSA-2015-1229.html http://rhn.redhat.com/errata/R • CWE-385: Covert Timing Channel •

CVSS: 4.3EPSS: 3%CPEs: 11EXPL: 0

CVE-2015-4749 – OpenJDK: DnsClient fails to release request information after error (JNDI, 8075378)

https://notcve.org/view.php?id=CVE-2015-4749

Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JRockit R28.3.6; and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect availability via vectors related to JNDI. Vulnerabilidad no especificada en Oracle Java SE 6u95, 7u80 y 8u45; JRockit R28.3.6; y Java SE Embedded 7u75 y 8u33, permite a atacantes remotos afectar la disponibilidad a través de vectores relacionados con JNDI. It was discovered that the JNDI component in OpenJDK did not handle DNS resolution errors correctly. An attacker able to trigger such DNS errors could cause a Java application using JNDI to consume memory and CPU time, and possibly block further DNS resolution. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10727 http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html http://rhn.redhat.com/errata/RHSA-2015-1228.html http://rhn.redhat.com/errata/RHSA-2015-1229.html http://rhn.redhat.com/errata/R • CWE-772: Missing Release of Resource after Effective Lifetime •

1...11 12 13 14 15