CVE-2014-6457 – OpenJDK: Triple Handshake attack against TLS/SSL connections (JSSE, 8037066)
https://notcve.org/view.php?id=CVE-2014-6457
Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3, and R28.3.3 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. Vulnerabilidad sin especificar en Oracle Java SE 5.0u71, 6u81, 7u67, y 8u20; Java SE Embedded 7u60; y JRockit R27.8.3, y R28.3.3 permite a atacantes remotos afectar la confidencialidad y la integridad a través de vectores relacionados con JSSE. It was discovered that the TLS/SSL implementation in the JSSE component in OpenJDK failed to properly verify the server identity during the renegotiation following session resumption, making it possible for malicious TLS/SSL servers to perform a Triple Handshake attack against clients using JSSE and client certificate authentication. • http://linux.oracle.com/errata/ELSA-2014-1633.html http://linux.oracle.com/errata/ELSA-2014-1634.html http://linux.oracle.com/errata/ELSA-2014-1636 http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html http://lists.opensuse.org/opensuse-security-annou •
CVE-2014-6466 – Oracle Java jp2launcher.exe Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2014-6466
Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Internet Explorer, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. Vulnerabilidad sin especificar en Oracle Java S3 u81, 7u67, and 8u20, cuando se utiliza en Internet Explorer, permite a usuarios locales afectar a la confidencialidad, la integridad y la disponibilidad a través de vectores desconocidos relacionados con Deployment. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of paths within jp2launcher.exe. The issue lies in assumptions made in preparation for the call to java.exe. • http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html http://marc.info/?l=bugtraq&m=141775382904016&w=2 http://secunia.com/advisories/61609 http://security.gentoo.org/glsa/glsa •
CVE-2014-6458 – JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment)
https://notcve.org/view.php?id=CVE-2014-6458
Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. Vulnerabilidad sin especificar en Oracle Java SE 6u81, 7u67, y 8u20 permite a usuarios locales afectar a la confidencialidad, la integridad y la disponibilidad a través de vectores relacionados con Deployment. • http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html http://marc.info/?l=bugtraq&m=141775382904016&w=2 http://rhn.redhat.com/errata/RHSA-2014-1657.html http://rhn.redhat.co •
CVE-2014-4265 – JDK: unspecified vulnerability fixed in 6u81, 7u65 and 8u11 (Deployment)
https://notcve.org/view.php?id=CVE-2014-4265
Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect integrity via unknown vectors related to Deployment. Vulnerabilidad no especificada en Oracle Java SE 6u75, 7u60, y 8u5 permite a atacantes remotos afectar a la integridad a través de vectores relacionados con la implementación. • http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html http://marc.info/?l=bugtraq&m=140852886808946&w=2 http://marc.info/?l=bugtraq&m=140852974709252&w=2 http://rhn.redhat.com/errata/RHSA-2015-0264.html http://seclists.org/fulldisclosure/2014/Dec/23 http://secunia.com/advisories/59404 http://secunia.com/advisories/59680 http://secunia.com/advisories/59924 http://secunia.com/ad •
CVE-2014-4268
https://notcve.org/view.php?id=CVE-2014-4268
Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Swing. Vulnerabilidad no especificada en Oracle Java SE 5.0u65, 6u75, 7u60, y 8u5 permite a atacantes remotos afectar a la confidencialidad a través de vectores desconocidos relacionados con Swing. • http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00033.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html http://marc.info/?l=bugtraq&m=140852886808946&w=2 http://marc.info/?l=bugtraq&m=140852974709252&w=2 http://seclists.org/fulldisclosure/2014/Dec/23 http://secunia.com/advisories/59404 http://secunia.com/advisories/59680 http://secunia.com/advisories/60081 http: •