CVSS: 5.0EPSS: 6%CPEs: 9EXPL: 0CVE-2015-0488 – OpenJDK: certificate options parsing uncaught exception (JSSE, 8068720)
https://notcve.org/view.php?id=CVE-2015-0488
Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JRockit R28.3.5, allows remote attackers to affect availability via vectors related to JSSE. Vulnerabilidad no especificada en Oracle Java SE 5.0u81, 6u91, 7u76, y 8u40, y JRockit R28.3.5, permite a atacantes remotos afectar la disponibilidad a través de vectores relacionados con JSSE. A flaw was found in the way the JSSE component in OpenJDK parsed X.509 certificate options. A specially crafted certificate could cause JSSE to raise an exception, possibly causing an application using JSSE to exit unexpectedly. • http://advisories.mageia.org/MGASA-2015-0158.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html http:/ • CWE-248: Uncaught Exception •
CVSS: 9.3EPSS: 5%CPEs: 8EXPL: 0CVE-2015-0460 – OpenJDK: incorrect handling of phantom references (Hotspot, 8071931)
https://notcve.org/view.php?id=CVE-2015-0460
Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. Vulnerabilidad no especificada en Oracle Java SE 5.0u81, 6u91, 7u76, y 8u40 permite a atacantes remotos afectar la confidencialidad, la integridad y la disponibilidad a través de vectores desconocidos relacionados con Hotspot. A flaw was found in the way the Hotspot component in OpenJDK handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions. • http://advisories.mageia.org/MGASA-2015-0158.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00002.html http://rhn.redhat.com/errata/RHSA-2015-0806.html http://rhn.redhat.com/errata/RHSA-2015-0807.html http://rhn.redhat.com/errata/RHSA-2015-0808.html http://rhn.redhat.com/errata/RHSA-2015-0809.html http://rh •
CVSS: 10.0EPSS: 8%CPEs: 8EXPL: 0CVE-2015-0469 – ICU: layout engine glyphStorage off-by-one (OpenJDK 2D, 8067699)
https://notcve.org/view.php?id=CVE-2015-0469
Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. Vulnerabilidad no especificada en Oracle Java SE 5.0u81, 6u91, 7u76, y 8u40 permite a atacantes remotos afectar la confidencialidad, la integridad y la disponibilidad a través de vectores desconocidos relacionados con 2D. An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. • http://advisories.mageia.org/MGASA-2015-0158.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html http:/ • CWE-122: Heap-based Buffer Overflow •
CVSS: 1.9EPSS: 0%CPEs: 7EXPL: 0CVE-2015-0413 – JDK: unspecified vulnerability fixed in 7u75 and 8u31 (Serviceability)
https://notcve.org/view.php?id=CVE-2015-0413
Unspecified vulnerability in Oracle Java SE 7u72 and 8u25 allows local users to affect integrity via unknown vectors related to Serviceability. Vulnerabilidad no especificada en Oracle Java SE 7u72 y 8u25 permite a usuarios locales afectar la integridad a a través de vectores desconocidos relacionados con Serviceability • http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581 http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00024.html http://marc.info/?l=bugtraq&m=142607790919348&w=2 http://rhn.redhat.com/errata/RHSA-2015-0079.html http://rhn.redhat.com/errata/RHSA-2015-0080.html http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html http://www.securityfocus.com/bid/72176 http://www.securitytracker.com/id/1031580 http://www.ubuntu.com/usn& •
CVSS: 5.0EPSS: 1%CPEs: 13EXPL: 0CVE-2015-0400
https://notcve.org/view.php?id=CVE-2015-0400
Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to Libraries. Vulnerabilidad no especificada en Oracle Java SE 6u85, 7u72, y 8u25 permite a atacantes remotos afectar la confidencialidad a través de vectores desconocidos relacionados con Libraries. • http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581 http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00018.html http://marc.info/?l=bugtraq&m=142496355704097&w=2 http://marc.info/?l=bugtraq&m=142607790919348&w=2 http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html http://www.securi •