Page 62 of 939 results (0.037 seconds)

CVSS: 5.0EPSS: 0%CPEs: 8EXPL: 0

CVE-2015-4734 – OpenJDK: kerberos realm name leak (JGSS, 8048030)

https://notcve.org/view.php?id=CVE-2015-4734

Unspecified vulnerability in Oracle Java SE 6u101, 7u85 and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via vectors related to JGSS. Vulnerabilidad no especificada en Oracle Java SE 6u101, 7u85 y 8u60 y Java SE Embedded 8u51, permite a atacantes remotos afectar a la confidencialidad a través de vectores relacionados con JGSS. • http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00019.html http://lists.opensuse.org/opensuse-security-announce/2015-12 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.0EPSS: 0%CPEs: 8EXPL: 0

CVE-2015-2613 – JCE: missing EC parameter validation in ECDH_Derive() (OpenJDK JCE, 8075833)

https://notcve.org/view.php?id=CVE-2015-2613

Unspecified vulnerability in Oracle Java SE 7u80 and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JCE. Vulnerabilidad no especificada en Oracle Java SE 7u80 y 8u45, y Java SE Embedded 7u75 y 8u33, permite a atacantes remotos afectar la confidencialidad a través de vectores relacionados con JCE. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10727 http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html http://rhn.redhat.com/errata/RHSA-2015-1241.html http://rhn.redhat.com/errata/RHSA-2015-1242.html http://rhn.redhat.com/errata/R • CWE-358: Improperly Implemented Security Check for Standard •

CVSS: 5.0EPSS: 1%CPEs: 4EXPL: 0

CVE-2015-2659 – OpenJDK: GCM cipher issue causing JVM crash (Security, 8067648)

https://notcve.org/view.php?id=CVE-2015-2659

Unspecified vulnerability in Oracle Java SE 8u45 and Java SE Embedded 8u33 allows remote attackers to affect availability via unknown vectors related to Security. Vulnerabilidad no especificada en Oracle Java SE 8u45 y Java SE Embedded 8u33, permite a atacantes remotos afectar la disponibilidad a través de vectores desconocidos relacionados con Security. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10727 http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html http://rhn.redhat.com/errata/RHSA-2015-1228.html http://rhn.redhat.com/errata/RHSA-2015-1241.html http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html http://www.securityfocus.com/bid/75877 http://www.securitytracker.com/id/1032910 https://security.gentoo.org/glsa/201603-11 https://access.redhat.com/security/cve/CVE-2015-2 • CWE-476: NULL Pointer Dereference •

CVSS: 10.0EPSS: 1%CPEs: 10EXPL: 0

CVE-2015-2628 – OpenJDK: IIOPInputStream type confusion vulnerability (CORBA, 8076376)

https://notcve.org/view.php?id=CVE-2015-2628

Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. Vulnerabilidad no especificada en Oracle Java SE 6u95, 7u80, y 8u45, y Java SE Embedded 7u75 y 8u33, permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores relacionados con CORBA. • http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html http://rhn.redhat.com/errata/RHSA-2015-1228.html http://rhn.redhat.com/errata/RHSA-2015-1229.html http://rhn.redhat.com/errata/RHSA-2015-1230.html http://rhn.redhat.com/errata/RHSA-2015-12 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •

CVSS: 2.6EPSS: 0%CPEs: 11EXPL: 0

CVE-2015-2625 – OpenJDK: name for reverse DNS lookup used in certificate identity check (JSSE, 8067694)

https://notcve.org/view.php?id=CVE-2015-2625

Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JRockit R28.3.6; and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JSSE. Vulnerabilidad no especificada en Oracle Java SE 6u95, 7u80, y 8u45; JRockit R28.3.6; y Java SE Embedded 7u75 y 8u33, permite a atacantes remotos afectar la confidencialidad a través de vectores relacionados con JSSE. A flaw was found in the way the JSSE component in OpenJDK performed X.509 certificate identity verification when establishing a TLS/SSL connection to a host identified by an IP address. In certain cases, the certificate was accepted as valid if it was issued for a host name to which the IP address resolves rather than for the IP address. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10727 http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.h • CWE-295: Improper Certificate Validation •