CVE-2014-6502 – OpenJDK: LogRecord use of incorrect CL when loading ResourceBundle (Libraries, 8042797)
https://notcve.org/view.php?id=CVE-2014-6502
Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Libraries. Vulnerabilidad sin especificar en Oracle Java SE 5.0u71, 6u81, 7u67 y 8u20, y Java SE Embedded 7u60, permite a atacantes remotos afectar la confidencialidad a través de vectores relacionados con las librerías. • http://linux.oracle.com/errata/ELSA-2014-1633.html http://linux.oracle.com/errata/ELSA-2014-1634.html http://linux.oracle.com/errata/ELSA-2014-1636 http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html http://lists.opensuse.org/opensuse-security-annou •
CVE-2014-6511 – ICU: Layout Engine ContextualSubstitution missing boundary checks (JDK 2D, 8041540)
https://notcve.org/view.php?id=CVE-2014-6511
Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality via unknown vectors related to 2D. Vulnerabilidad sin especificar en Oracle Java SE 5.0u71, 6u81, 7u67, y 8u20 permite a atacantes remotos afectar la confidencialidad a través de vectores desconocidos relacionados con el 2D. • http://linux.oracle.com/errata/ELSA-2014-1633.html http://linux.oracle.com/errata/ELSA-2014-1634.html http://linux.oracle.com/errata/ELSA-2014-1636 http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html http://lists.opensuse.org/opensuse-security-annou •
CVE-2014-4288 – JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment)
https://notcve.org/view.php?id=CVE-2014-4288
Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6493, CVE-2014-6503, and CVE-2014-6532. Vulnerabilidad sin especificar en Oracle Java SE 6u81, 7u67, y 8u20 permite a atacantes remotos afectar a la confidencialidad, la integridad y la disponibilidad a través de vectores relacionados con Deployment, una vulnerabilidad diferente a CVE-2014-6493, CVE-2014-6503, y CVE-2014-6532. • http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html http://marc.info/?l=bugtraq&m=141775382904016&w=2 http://rhn.redhat.com/errata/RHSA-2014-1657.html http://rhn.redhat.co •
CVE-2014-6456 – JDK: unspecified vulnerability fixed in 7u71 and 8u25 (Deployment)
https://notcve.org/view.php?id=CVE-2014-6456
Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. Vulnerabilidad sin especificar en Oracle Java SE 7u67 y 8u20 permite a atacantes remotos afectar a la confidencialidad, la integridad y la disponibilidad a través de vectores sin especificar. • http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html http://marc.info/?l=bugtraq&m=141775382904016&w=2 http://rhn.redhat.com/errata/RHSA-2014-1657.html http://rhn.redhat.com/errata/RHSA-2014-1876.html http://rhn.redhat.com/errata/RHSA-2014-1880.html http://rhn.redhat.com/errata/RHSA-2014-1882.html http:/ •
CVE-2014-6457 – OpenJDK: Triple Handshake attack against TLS/SSL connections (JSSE, 8037066)
https://notcve.org/view.php?id=CVE-2014-6457
Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3, and R28.3.3 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. Vulnerabilidad sin especificar en Oracle Java SE 5.0u71, 6u81, 7u67, y 8u20; Java SE Embedded 7u60; y JRockit R27.8.3, y R28.3.3 permite a atacantes remotos afectar la confidencialidad y la integridad a través de vectores relacionados con JSSE. It was discovered that the TLS/SSL implementation in the JSSE component in OpenJDK failed to properly verify the server identity during the renegotiation following session resumption, making it possible for malicious TLS/SSL servers to perform a Triple Handshake attack against clients using JSSE and client certificate authentication. • http://linux.oracle.com/errata/ELSA-2014-1633.html http://linux.oracle.com/errata/ELSA-2014-1634.html http://linux.oracle.com/errata/ELSA-2014-1636 http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html http://lists.opensuse.org/opensuse-security-annou •