CVSS: 6.8EPSS: 2%CPEs: 11EXPL: 0CVE-2015-2601 – OpenJDK: non-constant time comparisons in crypto code (JCE, 8074865)
https://notcve.org/view.php?id=CVE-2015-2601
16 Jul 2015 — Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, JRockit R28.3.6, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JCE. Vulnerabilidad no especificada en Oracle Java SE en las versiones 6u95, 7u80 y 8u45, en JRockit R28.3.6 y en Java SE Embedded en las versiones 7u75y 8u33, permite a atacantes remotos afectar la confidencialidad a través de vectores relacionados con la JCE. It was discovered that the JCE component in OpenJDK failed ... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10727 • CWE-385: Covert Timing Channel •
CVSS: 7.5EPSS: 3%CPEs: 10EXPL: 0CVE-2015-2621 – OpenJDK: incorrect code permission checks in RMIConnectionImpl (JMX, 8075853)
https://notcve.org/view.php?id=CVE-2015-2621
16 Jul 2015 — Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33, allows remote attackers to affect confidentiality via vectors related to JMX. Vulnerabilidad no especificada en Oracle Java SE 6u95, 7u80, y 8u45, y Java SE Embedded 7u75 y 8u33, permite a atacantes remotos afectar la confidencialidad a través de vectores relacionados con JMX. An information leak flaw was found in the JMX component in OpenJDK. An untrusted Java application or applet could use this flaw to b... • http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html •
CVSS: 6.8EPSS: 1%CPEs: 11EXPL: 0CVE-2015-2625 – OpenJDK: name for reverse DNS lookup used in certificate identity check (JSSE, 8067694)
https://notcve.org/view.php?id=CVE-2015-2625
16 Jul 2015 — Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JRockit R28.3.6; and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JSSE. Vulnerabilidad no especificada en Oracle Java SE 6u95, 7u80, y 8u45; JRockit R28.3.6; y Java SE Embedded 7u75 y 8u33, permite a atacantes remotos afectar la confidencialidad a través de vectores relacionados con JSSE. A flaw was found in the way the JSSE component in OpenJDK performed X.509 certificate identity ve... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10727 • CWE-295: Improper Certificate Validation •
CVSS: 10.0EPSS: 10%CPEs: 10EXPL: 0CVE-2015-2628 – OpenJDK: IIOPInputStream type confusion vulnerability (CORBA, 8076376)
https://notcve.org/view.php?id=CVE-2015-2628
16 Jul 2015 — Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. Vulnerabilidad no especificada en Oracle Java SE 6u95, 7u80, y 8u45, y Java SE Embedded 7u75 y 8u33, permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores relacionados con CORBA. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Envi... • http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.5EPSS: 1%CPEs: 6EXPL: 0CVE-2015-2632 – ICU: integer overflow in LETableReference verifyLength() (OpenJDK 2D, 8077520)
https://notcve.org/view.php?id=CVE-2015-2632
16 Jul 2015 — Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality via unknown vectors related to 2D. Vulnerabilidad no especificada en Oracle Java SE 6u95, 7u80 y 8u45, permite a atacantes remotos afectar la confidencialidad a través de vectores desconocidos relacionados con 2D. An information leak flaw was found in the 2D component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. The java-1.... • http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 9%CPEs: 8EXPL: 0CVE-2015-4731 – OpenJDK: improper permission checks in MBeanServerInvocationHandler (JMX, 8076397)
https://notcve.org/view.php?id=CVE-2015-4731
16 Jul 2015 — Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; Java SE Embedded 7u75; and Java SE Embedded 8u33 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. Vulnerabilidad no especificada en Oracle Java SE 6u95, 7u80, y 8u45; Java SE Embedded 7u75; y Java SE Embedded 8u33, permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores relacionados con JMX. The java-1.7.0-openjdk packages provide the O... • http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html •
CVSS: 10.0EPSS: 14%CPEs: 10EXPL: 0CVE-2015-4732 – OpenJDK: insufficient context checks during object deserialization (Libraries, 8076405)
https://notcve.org/view.php?id=CVE-2015-4732
16 Jul 2015 — Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2015-2590. Vulnerabilidad no especificada en Oracle Java SE 6u95, 7u80 y 8u45, y Java SE Embedded 7u75 y 8u33, permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con librería... • http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html • CWE-567: Unsynchronized Access to Shared Data in a Multithreaded Context •
CVSS: 10.0EPSS: 12%CPEs: 10EXPL: 0CVE-2015-4733 – OpenJDK: RemoteObjectInvocationHandler allows calling finalize() (RMI, 8076409)
https://notcve.org/view.php?id=CVE-2015-4733
16 Jul 2015 — Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI. Vulnerabilidad no especificada en Oracle Java SE 6u95, 7u80 y 8u45, y Java SE Embedded 7u75 y 8u33, permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores relacionados con RMI. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environme... • http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html •
CVSS: 7.6EPSS: 13%CPEs: 11EXPL: 0CVE-2015-4748 – OpenJDK: incorrect OCSP nextUpdate checking (Libraries, 8075374)
https://notcve.org/view.php?id=CVE-2015-4748
16 Jul 2015 — Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JRockit R28.3.6; and Java SE Embedded 7u75 and Embedded 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security. Vulnerabilidad no especificada en Oracle Java SE 6u95, 7u80 y 8u45; JRockit R28.3.6; y Java SE Embedded 7u75 y Embedded 8u33, permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con Sec... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10727 • CWE-299: Improper Check for Certificate Revocation •
CVSS: 6.8EPSS: 3%CPEs: 11EXPL: 0CVE-2015-4749 – OpenJDK: DnsClient fails to release request information after error (JNDI, 8075378)
https://notcve.org/view.php?id=CVE-2015-4749
16 Jul 2015 — Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JRockit R28.3.6; and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect availability via vectors related to JNDI. Vulnerabilidad no especificada en Oracle Java SE 6u95, 7u80 y 8u45; JRockit R28.3.6; y Java SE Embedded 7u75 y 8u33, permite a atacantes remotos afectar la disponibilidad a través de vectores relacionados con JNDI. It was discovered that the JNDI component in OpenJDK did not handle DNS resolution errors correctly. An... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10727 • CWE-772: Missing Release of Resource after Effective Lifetime •