CVSS: 10.0EPSS: 1%CPEs: 18EXPL: 0CVE-2014-6601 – OpenJDK: class verifier insufficient invokespecial calls verification (Hotspot, 8058982)
https://notcve.org/view.php?id=CVE-2014-6601
Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. Vulnerabilidad no especificada en Oracle Java SE 6u85, 7u72, y 8u25 permite a atacantes remotos afectar la confidencialidad, integridad, y disponibilidad a través de vectores desconocidos relacionados con Hotspot. A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions. • http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581 http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00018.html http://marc.info/?l=bugtraq&m=142496355704097&w=2 http://marc.info/?l=bugtraq&m=142607790919348&w=2 http://rhn.redhat.com/errata/RHSA-2015-0068.html http://rhn.redhat.com/errata/RHSA& •
CVSS: 2.6EPSS: 0%CPEs: 8EXPL: 0CVE-2014-6585 – ICU: font parsing OOB read (OpenJDK 2D, 8055489)
https://notcve.org/view.php?id=CVE-2014-6585
Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to 2D, a different vulnerability than CVE-2014-6591. Vulnerabilidad no especificada en Oracle Java SE 5.0u75, 6u85, 7u72, y 8u25 permite a atacantes remotos afectar la confidencialidad a través de vectores no conocidos relacionados con 2D, una vulnerabilidad diferente de CVE-2014-6591. A boundary check flaw was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could allow an untrusted Java application or applet to disclose portions of the Java Virtual Machine memory. • http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581 http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00018.html http://marc.info/?l=bugtraq&m=142496355704097&w=2 http://marc.info/?l=bugtraq&m=142607790919348&w=2 http://rhn.redhat.com/errata/RHSA-2015-0068.html http://rhn.redhat.com/errata/RHSA& • CWE-125: Out-of-bounds Read •
CVSS: 2.6EPSS: 0%CPEs: 8EXPL: 0CVE-2014-6591 – ICU: font parsing OOB read (OpenJDK 2D, 8056276)
https://notcve.org/view.php?id=CVE-2014-6591
Unspecified vulnerability in the Java SE component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to 2D, a different vulnerability than CVE-2014-6585. Vulnerabilidad no especificada en el componente Java SE en Oracle Java SE 5.0u75, 6u85, 7u72, y 8u25 permite a atacantes remotos afectar la confidencialidad a través de vectores desconocidos relacionados con 2D, una vulnerabilidad diferente a CVE-2014-6585. A boundary check flaw was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could allow an untrusted Java application or applet to disclose portions of the Java Virtual Machine memory. • http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581 http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00018.html http://marc.info/?l=bugtraq&m=142496355704097&w=2 http://marc.info/?l=bugtraq&m=142607790919348&w=2 http://rhn.redhat.com/errata/RHSA-2015-0068.html http://rhn.redhat.com/errata/RHSA& • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 0CVE-2014-6549 – OpenJDK: incorrect class loader permission check in ClassLoader getParent() (Libraries, 8055314)
https://notcve.org/view.php?id=CVE-2014-6549
Unspecified vulnerability in Oracle Java SE 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. Vulnerabilidad no especificada en Oracle Java SE 8u25 permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores no conocidos relacionados con Libraries. An improper permission check issue was discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. • http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00024.html http://rhn.redhat.com/errata/RHSA-2015-0080.html http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html http://www.securityfocus.com/bid/72137 http://www.securitytracker.com/id/1031580 https://security.gentoo.org/glsa/201507-14 https://www-304.ibm.com/support/docview.wss?uid=swg21695474 https://access.redhat.com/security/cve/CVE-2014-6549 https://bugzilla.redhat.com/show_bug.cgi?id=118366 •
CVSS: 4.0EPSS: 69%CPEs: 14EXPL: 1CVE-2014-6593 – JSSE - SKIP-TLS
https://notcve.org/view.php?id=CVE-2014-6593
Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit 27.8.4 and 28.3.4 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. Vulnerabilidad no especificada en Oracle Java SE 5.0u75, 6u85, 7u72, y 8u25; Java SE Embedded 7u71 y 8u6; y JRockit 27.8.4 y 28.3.4 permite a atacantes remotos afectar la confidencialidad e integridad a través de vectores relacionados con JSSE. It was discovered that the SSL/TLS implementation in the JSSE component in OpenJDK failed to properly check whether the ChangeCipherSpec was received during the SSL/TLS connection handshake. An MITM attacker could possibly use this flaw to force a connection to be established without encryption being enabled. • https://www.exploit-db.com/exploits/38641 http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581 http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00018.html http://marc.info/?l=bugtraq&m=142496355704097&w=2 http://marc.info/?l=bugtraq&m=142607790919348&w=2 http://packetstormsecurity.com/files/134251/Java •