CVE-2015-1914 – JDK: unspecified partial Java sandbox restrictions bypass
https://notcve.org/view.php?id=CVE-2015-1914
IBM Java 7 R1 before SR3, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to bypass "permission checks" and obtain sensitive information via vectors related to the Java Virtual Machine. IBM Java 7 R1 anterior a SR3, 7 anterior a SR9, 6 R1 anterior a SR8 FP4, 6 anterior a SR16 FP4, y 5.0 anterior a SR16 FP10 permite a atacantes remotos evadir 'comprobaciones de permisos' y obtener información sensible a través de vectores relacionados con Java Virtual Machine. • http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html http://rhn.redhat.com/errata/RHSA-2015-1006.html http://rhn.redhat.com/errata/RHSA-2015-1007.html http://rhn.redhat.com • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2015-0192 – JDK: unspecified Java sandbox restrictions bypass
https://notcve.org/view.php?id=CVE-2015-0192
Unspecified vulnerability in IBM Java 8 before SR1, 7 R1 before SR2 FP11, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to gain privileges via unknown vectors related to the Java Virtual Machine. Vulnerabilidad no especificada en IBM Java 8 anterior a SR1, 7 R1 anterior a SR2 FP11, 7 anterior a SR9, 6 R1 anterior a SR8 FP4, 6 anterior a SR16 FP4, y 5.0 anterior a SR16 FP10 permite a atacantes remotos ganar privilegios a través de vectores desconocidos relacionados con Java Virtual Machine. • http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html http://rhn.redhat.com/errata/RHSA-2015-1006.html http://rhn.redhat.com/errata/RHSA-2015-1007.html http://rhn.redhat.com •
CVE-2014-3068 – JDK: Java CMS keystore provider potentially allows brute-force private key recovery
https://notcve.org/view.php?id=CVE-2014-3068
IBM Java Runtime Environment (JRE) 7 R1 before SR1 FP1 (7.1.1.1), 7 before SR7 FP1 (7.0.7.1), 6 R1 before SR8 FP1 (6.1.8.1), 6 before SR16 FP1 (6.0.16.1), and before 5.0 SR16 FP7 (5.0.16.7) allows attackers to obtain the private key from a Certificate Management System (CMS) keystore via a brute force attack. IBM Java Runtime Environment (JRE) 7 R1 anterior a SR1 FP1 (7.1.1.1), 7 anterior a SR7 FP1 (7.0.7.1), 6 R1 anterior a SR8 FP1 (6.1.8.1), 6 anterior a SR16 FP1 (6.0.16.1), y anterior a 5.0 SR16 FP7 (5.0.16.7) permite a atacantes obtener la clave privada de un almacén de claves del sistema de gestión de certificados 'Certificate Management System (CMS)' a través de un ataque de fuerza bruta. • http://rhn.redhat.com/errata/RHSA-2015-0264.html http://www-01.ibm.com/support/docview.wss?uid=swg1IV66876 http://www-01.ibm.com/support/docview.wss?uid=swg1IV66894 http://www-01.ibm.com/support/docview.wss?uid=swg21691089 https://bugzilla.redhat.com/show_bug.cgi?id=1164201 https://exchange.xforce.ibmcloud.com/vulnerabilities/93756 https://access.redhat.com/security/cve/CVE-2014-3068 • CWE-255: Credentials Management Errors •
CVE-2014-3065 – JDK: privilege escalation via shared class cache
https://notcve.org/view.php?id=CVE-2014-3065
Unspecified vulnerability in IBM Java Runtime Environment (JRE) 7 R1 before SR2 (7.1.2.0), 7 before SR8 (7.0.8.0), 6 R1 before SR8 FP2 (6.1.8.2), 6 before SR16 FP2 (6.0.16.2), and before SR16 FP8 (5.0.16.8) allows local users to execute arbitrary code via vectors related to the shared classes cache. Vulnerabilidad no especificada en IBM Java Runtime Environment (JRE) 7 R1 anterior a SR2 (7.1.2.0), 7 anterior a SR8 (7.0.8.0), 6 R1 anterior a SR8 FP2 (6.1.8.2), 6 anterior a SR16 FP2 (6.0.16.2), y anterior a SR16 FP8 (5.0.16.8) permite a usuarios locales ejecutar código arbitrario a través de vectores relacionados con el caché de clases compartidas. • http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00033.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html http://rhn.redhat.com/errata/RHSA-2014-1876.html http: • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2013-0485
https://notcve.org/view.php?id=CVE-2013-0485
Unspecified vulnerability in IBM Java SDK 7 before SR4-FP1, 6 before SR13-FP1, 5.0 before SR16-FP1, and 1.4.2 before SR13-FP16 has unknown impact and attack vectors related to Class Libraries. Vulnerabilidad no especificada en IBM Java SDK 7 en versiones anteriores a SR4-FP1, 6 en versiones anteriores a SR13-FP1, 5.0 en versiones anteriores a SR16-FP1 y 1.4.2 en versiones anteriores a SR13-FP16 tiene impacto desconocido y vectores de ataque relacionados con Class Libraries. • http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00020.html http://www.ibm.com/developerworks/java/jdk/aix/142_64/fixes.html#SR13FP16 http://www.ibm.com/developerworks/java/jdk/aix/j532/fixes.html#SR16FP1 http://www.ibm.com/developerworks/java/jdk/aix/j664/Java6_64.fixes.html#SR13FP1 http://www.ibm.com/developerworks/java/jdk/aix/j732/Java7.fixes.html#SR4FP1 https://bugzilla.redhat.com/show_bug.cgi?id=950072 •