CVE-2015-2637 – JDK: unspecified vulnerability fixed in 6u101, 7u85 and 8u51 (2D)
https://notcve.org/view.php?id=CVE-2015-2637
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JavaFX 2.2.80; and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via unknown vectors related to 2D. Vulnerabilidad no especificada en Oracle Java SE 6u95, 7u80, y 8u45; JavaFX 2.2.80; y Java SE Embedded 7u75 y 8u33, permite a atacantes remotos afectar la confidencialidad a través de vectores desconocidos relacionados con 2D. • http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html http://rhn.redhat.com/errata/RHSA-2015-1241.html http://rhn.redhat.com/errata/RHSA-2015-1242.html http://rhn.redhat.com/errata/RHSA-2015-1243.html http://rhn.redhat.com/errata/RHSA-2015-14 •
CVE-2015-4732 – OpenJDK: insufficient context checks during object deserialization (Libraries, 8076405)
https://notcve.org/view.php?id=CVE-2015-4732
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2015-2590. Vulnerabilidad no especificada en Oracle Java SE 6u95, 7u80 y 8u45, y Java SE Embedded 7u75 y 8u33, permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con librerías, una vulnerabilidad diferente a CVE-2015-2590. • http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html http://rhn.redhat.com/errata/RHSA-2015-1228.html http://rhn.redhat.com/errata/RHSA-2015-1229.html http://rhn.redhat.com/errata/RHSA-2015-1230.html http://rhn.redhat.com/errata/RHSA-2015-12 • CWE-567: Unsynchronized Access to Shared Data in a Multithreaded Context •
CVE-2015-4760 – ICU: missing boundary checks in layout engine (OpenJDK 2D, 8071715)
https://notcve.org/view.php?id=CVE-2015-4760
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. Vulnerabilidad no especificada en Oracle Java SE 6u95, 7u80 y 8u45, permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con 2D. • http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html http://rhn.redhat.com/errata/RHSA-2015-1228.html http://rhn.redhat.com/errata/RHSA-2015-1229.html http://rhn.redhat.com/errata/RHSA-2015-1230.html http://rhn.redhat.com/errata/RHSA-2015-12 • CWE-787: Out-of-bounds Write •
CVE-2015-2590 – Oracle Java SE and Java SE Embedded Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-2590
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2015-4732. Vulnerabilidad no especificada en Oracle Java SE versiones 6u95, 7u80 y 8u45 y en Java SE Embedded versiones 7u75 y 8u33, permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con librerías, una vulnerabilidad diferente a CVE-2015-4732. An unspecified vulnerability exists within Oracle Java Runtime Environment that allows an attacker to perform remote code execution. • http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html http://rhn.redhat.com/errata/RHSA-2015-1228.html http://rhn.redhat.com/errata/RHSA-2015-1229.html http://rhn.redhat.com/errata/RHSA-2015-1230.html http://rhn.redhat.com/errata/RHSA-2015-12 •
CVE-2015-2625 – OpenJDK: name for reverse DNS lookup used in certificate identity check (JSSE, 8067694)
https://notcve.org/view.php?id=CVE-2015-2625
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JRockit R28.3.6; and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JSSE. Vulnerabilidad no especificada en Oracle Java SE 6u95, 7u80, y 8u45; JRockit R28.3.6; y Java SE Embedded 7u75 y 8u33, permite a atacantes remotos afectar la confidencialidad a través de vectores relacionados con JSSE. A flaw was found in the way the JSSE component in OpenJDK performed X.509 certificate identity verification when establishing a TLS/SSL connection to a host identified by an IP address. In certain cases, the certificate was accepted as valid if it was issued for a host name to which the IP address resolves rather than for the IP address. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10727 http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.h • CWE-295: Improper Certificate Validation •