CVE-2015-4734 – OpenJDK: kerberos realm name leak (JGSS, 8048030)
https://notcve.org/view.php?id=CVE-2015-4734
Unspecified vulnerability in Oracle Java SE 6u101, 7u85 and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via vectors related to JGSS. Vulnerabilidad no especificada en Oracle Java SE 6u101, 7u85 y 8u60 y Java SE Embedded 8u51, permite a atacantes remotos afectar a la confidencialidad a través de vectores relacionados con JGSS. • http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00019.html http://lists.opensuse.org/opensuse-security-announce/2015-12 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2015-4805 – OpenJDK: missing checks for proper initialization in ObjectStreamClass (Serialization, 8103671)
https://notcve.org/view.php?id=CVE-2015-4805
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Serialization. Vulnerabilidad no especificada en Oracle Java SE 6u101, 7u85 y 8u60 y Java SE Embedded 8u51, permite a atacantes remotos afectar a la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con Serialization. • http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00019.html http://lists.opensuse.org/opensuse-security-announce/2015-12 • CWE-665: Improper Initialization •
CVE-2015-4803 – OpenJDK: inefficient use of hash tables and lists during XML parsing (JAXP, 8068842)
https://notcve.org/view.php?id=CVE-2015-4803
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4893 and CVE-2015-4911. Vulnerabilidad no especificada en Oracle Java SE 6u101, 7u85 y 8u60; Java SE Embedded 8u51 y JRockit R28.3.7 permite a atacantes remotos afectar a la disponibilidad a través de vectores relacionados con JAXP, una vulnerabilidad diferente a CVE-2015-4893 y CVE-2015-4911. • http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00019.html http://lists.opensuse.org/opensuse-security-announce/2015-12 • CWE-407: Inefficient Algorithmic Complexity •
CVE-2015-4810 – JDK: unspecified vulnerability fixed in 7u91 and 8u65 (Deployment)
https://notcve.org/view.php?id=CVE-2015-4810
Unspecified vulnerability in Oracle Java SE 7u85 and 8u60 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. Vulnerabilidad no especificada en Oracle Java SE 7u85 y 8u60 permite a usuarios locales afectar a la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con Deployment. • http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2015-12 •
CVE-2015-4731 – OpenJDK: improper permission checks in MBeanServerInvocationHandler (JMX, 8076397)
https://notcve.org/view.php?id=CVE-2015-4731
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; Java SE Embedded 7u75; and Java SE Embedded 8u33 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. Vulnerabilidad no especificada en Oracle Java SE 6u95, 7u80, y 8u45; Java SE Embedded 7u75; y Java SE Embedded 8u33, permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores relacionados con JMX. • http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html http://rhn.redhat.com/errata/RHSA-2015-1228.html http://rhn.redhat.com/errata/RHSA-2015-1229.html http://rhn.redhat.com/errata/RHSA-2015-1230.html http://rhn.redhat.com/errata/RHSA-2015-12 •