CVSS: 10.0EPSS: 8%CPEs: 8EXPL: 0CVE-2015-0469 – ICU: layout engine glyphStorage off-by-one (OpenJDK 2D, 8067699)
https://notcve.org/view.php?id=CVE-2015-0469
Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. Vulnerabilidad no especificada en Oracle Java SE 5.0u81, 6u91, 7u76, y 8u40 permite a atacantes remotos afectar la confidencialidad, la integridad y la disponibilidad a través de vectores desconocidos relacionados con 2D. An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. • http://advisories.mageia.org/MGASA-2015-0158.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html http:/ • CWE-122: Heap-based Buffer Overflow •
CVSS: 5.8EPSS: 0%CPEs: 8EXPL: 0CVE-2015-0480 – OpenJDK: jar directory traversal issues (Tools, 8064601)
https://notcve.org/view.php?id=CVE-2015-0480
Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect integrity and availability via unknown vectors related to Tools. Vulnerabilidad no especificada en Oracle Java SE 5.0u81, 6u91, 7u76, y 8u40 permite a atacantes remotos afectar la integridad y la disponibilidad a través de vectores desconocidos relacionados con Tools. A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted. • http://advisories.mageia.org/MGASA-2015-0158.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html http:/ • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 1.9EPSS: 0%CPEs: 7EXPL: 0CVE-2015-0413 – JDK: unspecified vulnerability fixed in 7u75 and 8u31 (Serviceability)
https://notcve.org/view.php?id=CVE-2015-0413
Unspecified vulnerability in Oracle Java SE 7u72 and 8u25 allows local users to affect integrity via unknown vectors related to Serviceability. Vulnerabilidad no especificada en Oracle Java SE 7u72 y 8u25 permite a usuarios locales afectar la integridad a a través de vectores desconocidos relacionados con Serviceability • http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581 http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00024.html http://marc.info/?l=bugtraq&m=142607790919348&w=2 http://rhn.redhat.com/errata/RHSA-2015-0079.html http://rhn.redhat.com/errata/RHSA-2015-0080.html http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html http://www.securityfocus.com/bid/72176 http://www.securitytracker.com/id/1031580 http://www.ubuntu.com/usn& •
CVSS: 9.3EPSS: 1%CPEs: 3EXPL: 0CVE-2015-0437 – OpenJDK: code generation issue (Hotspot, 8064524)
https://notcve.org/view.php?id=CVE-2015-0437
Unspecified vulnerability in Oracle Java SE 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. Vulnerabilidad no especificada en Oracle Java SE 8u25 permite a atacantes remotos afectar la confidencialidad, la integridad y la disponibilidad a través de vectores desconocidos relacionados con Hotspot. A flaw was found in the way the Hotspot component in OpenJDK in the way this component generated code for bytecode. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions. • http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00024.html http://rhn.redhat.com/errata/RHSA-2015-0080.html http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html http://www.securityfocus.com/bid/72146 http://www.securitytracker.com/id/1031580 https://exchange.xforce.ibmcloud.com/vulnerabilities/100144 https://security.gentoo.org/glsa/201603-11 https://access.redhat.com/security/cve/CVE-2015-0437 https://bugzilla.redhat.com/show_bug.cgi?id=1183670 •
CVSS: 6.9EPSS: 0%CPEs: 3EXPL: 0CVE-2015-0421 – JDK: unspecified vulnerability fixed in 8u31 (Install)
https://notcve.org/view.php?id=CVE-2015-0421
Unspecified vulnerability in Oracle Java SE 8u25 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to the installation process. Vulnerabilidad no especificada en Oracle Java SE 8u25 permite a usuarios locales afectar la confidencialidad, la integridad y la disponibilidad a través de vectores desconocidos relacionados con el proceso de instalación. • http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00024.html http://rhn.redhat.com/errata/RHSA-2015-0080.html http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html http://www.securityfocus.com/bid/72150 http://www.securitytracker.com/id/1031580 https://exchange.xforce.ibmcloud.com/vulnerabilities/100146 https://security.gentoo.org/glsa/201507-14 https://access.redhat.com/security/cve/CVE-2015-0421 https://bugzilla.redhat.com/show_bug.cgi?id=1184276 •