CVSS: 9.8EPSS: 1%CPEs: 8EXPL: 0CVE-2015-4842 – OpenJDK: leak of user.dir location (JAXP, 8078427)
https://notcve.org/view.php?id=CVE-2015-4842
21 Oct 2015 — Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via vectors related to JAXP. Vulnerabilidad no especificada en Oracle Java SE 6u101, 7u85 y 8u60 y Java SE Embedded 8u51, permite a atacantes remotos afectar a la confidencialidad a través de vectores relacionados con JAXP. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Multiple flaws w... • http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00000.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 19%CPEs: 8EXPL: 1CVE-2015-4843 – OpenJDK: java.nio Buffers integer overflow issues (Libraries, 8130891)
https://notcve.org/view.php?id=CVE-2015-4843
21 Oct 2015 — Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. Vulnerabilidad no especificada en Oracle Java SE 6u101, 7u85 y 8u60 y Java SE Embedded 8u51, permite a atacantes remotos afectar a la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con Libraries. The java-1.7.0-openjdk packages provide the OpenJDK 7 J... • https://github.com/Soteria-Research/cve-2015-4843-type-confusion-phrack • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 28%CPEs: 8EXPL: 0CVE-2015-4844 – ICU: missing boundary checks in layout engine (OpenJDK 2D, 8132042)
https://notcve.org/view.php?id=CVE-2015-4844
21 Oct 2015 — Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. Vulnerabilidad no especificada en Oracle Java SE 6u101, 7u85 y 8u60 y Java SE Embedded 8u51, permite a atacantes remotos afectar a la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con 2D. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime En... • http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00000.html •
CVSS: 10.0EPSS: 10%CPEs: 8EXPL: 0CVE-2015-4860 – OpenJDK: incorrect access control context used in DGCImpl (RMI, 8080688)
https://notcve.org/view.php?id=CVE-2015-4860
21 Oct 2015 — Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI, a different vulnerability than CVE-2015-4883. Vulnerabilidad no especificada en Oracle Java SE 6u101, 7u85 y 8u60 y Java SE Embedded 8u51, permite a atacantes remotos afectar a la confidencialidad, integridad y disponibilidad a través de vectores relacionados con RMI, una vulnerabilidad diferente a CVE-2015-48... • http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00000.html •
CVSS: 9.8EPSS: 3%CPEs: 9EXPL: 0CVE-2015-4872 – OpenJDK: incomplete constraints enforcement by AlgorithmChecker (Security, 8131291)
https://notcve.org/view.php?id=CVE-2015-4872
21 Oct 2015 — Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect integrity via unknown vectors related to Security. Vulnerabilidad no especificada en Oracle Java SE 6u101, 7u85 y 8u60; Java SE Embedded 8u51 y JRockit R28.3.7 permite a atacantes remotos afectar a la integridad a través de vectores desconocidos relacionados con Security. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK ... • http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00000.html •
CVSS: 10.0EPSS: 8%CPEs: 8EXPL: 0CVE-2015-4881 – OpenJDK: missing type checks in IIOPInputStream (CORBA, 8076392)
https://notcve.org/view.php?id=CVE-2015-4881
21 Oct 2015 — Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2015-4835. Vulnerabilidad no especificada en Oracle Java SE 6u101, 7u85 y 8u60 y Java SE Embedded 8u51, permite a atacantes remotos afectar a la confidencialidad, integridad y disponibilidad a través de vectores relacionados con CORBA, una vulnerabilidad diferente a CVE-201... • http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00000.html •
CVSS: 9.1EPSS: 5%CPEs: 8EXPL: 0CVE-2015-4882 – OpenJDK: incorrect String object deserialization in IIOPInputStream (CORBA, 8076387)
https://notcve.org/view.php?id=CVE-2015-4882
21 Oct 2015 — Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect availability via vectors related to CORBA. Vulnerabilidad no especificada en Oracle Java SE 6u101, 7u85 y 8u60 y Java SE Embedded 8u51, permite a atacantes remotos afectar a la disponibilidad a través de vectores relacionados con CORBA. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Multiple flaws were... • http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00000.html •
CVSS: 10.0EPSS: 10%CPEs: 8EXPL: 0CVE-2015-4883 – OpenJDK: incorrect access control context used in DGCClient (RMI, 8076413)
https://notcve.org/view.php?id=CVE-2015-4883
21 Oct 2015 — Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI, a different vulnerability than CVE-2015-4860. Vulnerabilidad no especificada en Oracle Java SE 6u101, 7u85 y 8u60 y Java SE Embedded 8u51, permite a atacantes remotos afectar a la confidencialidad, integridad y disponibilidad a través de vectores relacionados con RMI, una vulnerabilidad diferente a CVE-2015-48... • http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00000.html •
CVSS: 9.1EPSS: 5%CPEs: 9EXPL: 0CVE-2015-4893 – OpenJDK: incomplete MaxXMLNameLimit enforcement (JAXP, 8086733)
https://notcve.org/view.php?id=CVE-2015-4893
21 Oct 2015 — Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4803 and CVE-2015-4911. Vulnerabilidad no especificada en Oracle Java SE 6u101, 7u85 y 8u60; Java SE Embedded 8u51 y JRockit R28.3.7 permite a atacantes remotos afectar a la disponibilidad a través de vectores relacionados con JAXP, una vulnerabilidad diferente a CVE-2015-4803 y CVE-20... • http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00000.html • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 9.8EPSS: 6%CPEs: 64EXPL: 0CVE-2015-4902 – Oracle Java SE Integrity Check Vulnerability
https://notcve.org/view.php?id=CVE-2015-4902
21 Oct 2015 — Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60 allows remote attackers to affect integrity via unknown vectors related to Deployment. Vulnerabilidad no especificada en Oracle Java SE 6u101, 7u85 y 8u60 permite a atacantes remotos afectar a la integridad a través de vectores desconocidos relacionados con Deployment. IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to versions 7 SR9-FP40 and 7R1 SR3... • http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00009.html • CWE-284: Improper Access Control •