CVE-2015-0478 – OpenJDK: insufficient hardening of RSA-CRT implementation (JCE, 8071726)
https://notcve.org/view.php?id=CVE-2015-0478
Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JRockit R28.3.5, allows remote attackers to affect confidentiality via vectors related to JCE. Vulnerabilidad no especificada en Oracle Java SE 5.0u81, 6u91, 7u76, y 8u40, y JRockit R28.3.5, permite a atacantes remotos afectar la confidencialidad a través de vectores relacionados con JCE. It was found that the RSA implementation in the JCE component in OpenJDK did not follow recommended practices for implementing RSA signatures. • http://advisories.mageia.org/MGASA-2015-0158.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html http:/ • CWE-358: Improperly Implemented Security Check for Standard •
CVE-2015-0480 – OpenJDK: jar directory traversal issues (Tools, 8064601)
https://notcve.org/view.php?id=CVE-2015-0480
Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect integrity and availability via unknown vectors related to Tools. Vulnerabilidad no especificada en Oracle Java SE 5.0u81, 6u91, 7u76, y 8u40 permite a atacantes remotos afectar la integridad y la disponibilidad a través de vectores desconocidos relacionados con Tools. A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted. • http://advisories.mageia.org/MGASA-2015-0158.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html http:/ • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2015-0488 – OpenJDK: certificate options parsing uncaught exception (JSSE, 8068720)
https://notcve.org/view.php?id=CVE-2015-0488
Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JRockit R28.3.5, allows remote attackers to affect availability via vectors related to JSSE. Vulnerabilidad no especificada en Oracle Java SE 5.0u81, 6u91, 7u76, y 8u40, y JRockit R28.3.5, permite a atacantes remotos afectar la disponibilidad a través de vectores relacionados con JSSE. A flaw was found in the way the JSSE component in OpenJDK parsed X.509 certificate options. A specially crafted certificate could cause JSSE to raise an exception, possibly causing an application using JSSE to exit unexpectedly. • http://advisories.mageia.org/MGASA-2015-0158.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html http:/ • CWE-248: Uncaught Exception •
CVE-2015-0400
https://notcve.org/view.php?id=CVE-2015-0400
Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to Libraries. Vulnerabilidad no especificada en Oracle Java SE 6u85, 7u72, y 8u25 permite a atacantes remotos afectar la confidencialidad a través de vectores desconocidos relacionados con Libraries. • http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581 http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00018.html http://marc.info/?l=bugtraq&m=142496355704097&w=2 http://marc.info/?l=bugtraq&m=142607790919348&w=2 http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html http://www.securi •
CVE-2015-0403 – JDK: unspecified vulnerability fixed in 6u91, 7u75 and 8u31 (Deployment)
https://notcve.org/view.php?id=CVE-2015-0403
Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. Vulnerabilidad no especificada en Oracle Java SE 6u85, 7u72, y 8u25 permite a usuarios locales afectar la confidencialidad, la integridad y la disponibilidad a través de vectores desconocidos relacionados con Deployment. • http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581 http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00024.html http://marc.info/?l=bugtraq&m=142496355704097&w=2 http://marc.info/?l=bugtraq&m=142607790919348&w=2 http://rhn.redhat.com/errata/RHSA-2015-0079.html http://rhn.redhat.com/errata/RHSA-2015-0080.html http://rhn.redhat.com/errata/RHSA-2015-0086.html http://rhn.redhat.com/errata/RHSA-2015-0264.html http://www.oracle. •