CVE-2015-2590 – Oracle Java SE and Java SE Embedded Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-2590
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2015-4732. Vulnerabilidad no especificada en Oracle Java SE versiones 6u95, 7u80 y 8u45 y en Java SE Embedded versiones 7u75 y 8u33, permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con librerías, una vulnerabilidad diferente a CVE-2015-4732. An unspecified vulnerability exists within Oracle Java Runtime Environment that allows an attacker to perform remote code execution. • http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html http://rhn.redhat.com/errata/RHSA-2015-1228.html http://rhn.redhat.com/errata/RHSA-2015-1229.html http://rhn.redhat.com/errata/RHSA-2015-1230.html http://rhn.redhat.com/errata/RHSA-2015-12 •
CVE-2015-2596 – JDK: unspecified vulnerability fixed in 7u85 (Hotspot)
https://notcve.org/view.php?id=CVE-2015-2596
Unspecified vulnerability in Oracle Java SE 7u80 allows remote attackers to affect integrity via unknown vectors related to Hotspot. Vulnerabilidad no especificada en Oracle Java SE versiones 7u80, permite a atacantes remotos afectar la integridad a través de vectores desconocidos relacionados con Hotspot. • http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html http://rhn.redhat.com/errata/RHSA-2015-1242.html http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html http://www.securityfocus.com/bid/75887 http://www.securitytracker.com/id/1032910 https://access.redhat.com/security/cve/CVE-2015-2596 https://bu •
CVE-2015-2601 – OpenJDK: non-constant time comparisons in crypto code (JCE, 8074865)
https://notcve.org/view.php?id=CVE-2015-2601
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, JRockit R28.3.6, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JCE. Vulnerabilidad no especificada en Oracle Java SE en las versiones 6u95, 7u80 y 8u45, en JRockit R28.3.6 y en Java SE Embedded en las versiones 7u75y 8u33, permite a atacantes remotos afectar la confidencialidad a través de vectores relacionados con la JCE. It was discovered that the JCE component in OpenJDK failed to use constant time comparisons in multiple cases. An attacker could possibly use these flaws to disclose sensitive information by measuring the time used to perform operations using these non-constant time comparisons. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10727 http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html http://rhn.redhat.com/errata/RHSA-2015-1228.html http://rhn.redhat.com/errata/RHSA-2015-1229.html http://rhn.redhat.com/errata/R • CWE-385: Covert Timing Channel •
CVE-2015-2613 – JCE: missing EC parameter validation in ECDH_Derive() (OpenJDK JCE, 8075833)
https://notcve.org/view.php?id=CVE-2015-2613
Unspecified vulnerability in Oracle Java SE 7u80 and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JCE. Vulnerabilidad no especificada en Oracle Java SE 7u80 y 8u45, y Java SE Embedded 7u75 y 8u33, permite a atacantes remotos afectar la confidencialidad a través de vectores relacionados con JCE. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10727 http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html http://rhn.redhat.com/errata/RHSA-2015-1241.html http://rhn.redhat.com/errata/RHSA-2015-1242.html http://rhn.redhat.com/errata/R • CWE-358: Improperly Implemented Security Check for Standard •
CVE-2015-2619 – JDK: unspecified vulnerability fixed in 7u85 and 8u51 (2D)
https://notcve.org/view.php?id=CVE-2015-2619
Unspecified vulnerability in Oracle Java SE 7u80 and 8u45, JavaFX 2.2.80, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via unknown vectors related to 2D. Vulnerabilidad no especificada en Oracle Java SE 7u80 y 8u45, JavaFX 2.2.80, y Java SE Embedded 7u75 y 8u33, permite a atacantes remotos afectar la confidencialidad a través de vectores desconocidos relacionados con 2D. • http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html http://rhn.redhat.com/errata/RHSA-2015-1241.html http://rhn.redhat.com/errata/RHSA-2015-1242.html http://rhn.redhat.com/errata/RHSA-2015-1485.html http://rhn.redhat.com/errata/RHSA-2015-14 •