CVE-2015-2632 – ICU: integer overflow in LETableReference verifyLength() (OpenJDK 2D, 8077520)
https://notcve.org/view.php?id=CVE-2015-2632
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality via unknown vectors related to 2D. Vulnerabilidad no especificada en Oracle Java SE 6u95, 7u80 y 8u45, permite a atacantes remotos afectar la confidencialidad a través de vectores desconocidos relacionados con 2D. An information leak flaw was found in the 2D component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. • http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html http://rhn.redhat.com/errata/RHSA-2015-1228.html http://rhn.redhat.com/errata/RHSA-2015-1229.html http://rhn.redhat.com/errata/RHSA-2015-1230.html http://rhn.redhat.com/errata/RHSA-2015-12 • CWE-125: Out-of-bounds Read •
CVE-2015-2601 – OpenJDK: non-constant time comparisons in crypto code (JCE, 8074865)
https://notcve.org/view.php?id=CVE-2015-2601
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, JRockit R28.3.6, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JCE. Vulnerabilidad no especificada en Oracle Java SE en las versiones 6u95, 7u80 y 8u45, en JRockit R28.3.6 y en Java SE Embedded en las versiones 7u75y 8u33, permite a atacantes remotos afectar la confidencialidad a través de vectores relacionados con la JCE. It was discovered that the JCE component in OpenJDK failed to use constant time comparisons in multiple cases. An attacker could possibly use these flaws to disclose sensitive information by measuring the time used to perform operations using these non-constant time comparisons. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10727 http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html http://rhn.redhat.com/errata/RHSA-2015-1228.html http://rhn.redhat.com/errata/RHSA-2015-1229.html http://rhn.redhat.com/errata/R • CWE-385: Covert Timing Channel •
CVE-2015-4733 – OpenJDK: RemoteObjectInvocationHandler allows calling finalize() (RMI, 8076409)
https://notcve.org/view.php?id=CVE-2015-4733
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI. Vulnerabilidad no especificada en Oracle Java SE 6u95, 7u80 y 8u45, y Java SE Embedded 7u75 y 8u33, permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores relacionados con RMI. • http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html http://rhn.redhat.com/errata/RHSA-2015-1228.html http://rhn.redhat.com/errata/RHSA-2015-1229.html http://rhn.redhat.com/errata/RHSA-2015-1230.html http://rhn.redhat.com/errata/RHSA-2015-12 •
CVE-2015-2659 – OpenJDK: GCM cipher issue causing JVM crash (Security, 8067648)
https://notcve.org/view.php?id=CVE-2015-2659
Unspecified vulnerability in Oracle Java SE 8u45 and Java SE Embedded 8u33 allows remote attackers to affect availability via unknown vectors related to Security. Vulnerabilidad no especificada en Oracle Java SE 8u45 y Java SE Embedded 8u33, permite a atacantes remotos afectar la disponibilidad a través de vectores desconocidos relacionados con Security. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10727 http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html http://rhn.redhat.com/errata/RHSA-2015-1228.html http://rhn.redhat.com/errata/RHSA-2015-1241.html http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html http://www.securityfocus.com/bid/75877 http://www.securitytracker.com/id/1032910 https://security.gentoo.org/glsa/201603-11 https://access.redhat.com/security/cve/CVE-2015-2 • CWE-476: NULL Pointer Dereference •
CVE-2015-2664 – JDK: unspecified vulnerability fixed in 6u101, 7u85 and 8u51 (Deployment)
https://notcve.org/view.php?id=CVE-2015-2664
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. Vulnerabilidad no especificada en Oracle Java SE 6u95, 7u80 y 8u45, permite a usuarios locales afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con Deployment. • http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html http://rhn.redhat.com/errata/RHSA-2015-1241.html http://rhn.redhat.com/errata/RHSA-2015-1242.html http://rhn.redhat.com/errata/RHSA-2015-1243.html http://rhn.redhat.com/errata/RHSA-2015-14 •