CVSS: 6.8EPSS: 2%CPEs: 11EXPL: 0CVE-2015-2601 – OpenJDK: non-constant time comparisons in crypto code (JCE, 8074865)
https://notcve.org/view.php?id=CVE-2015-2601
16 Jul 2015 — Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, JRockit R28.3.6, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JCE. Vulnerabilidad no especificada en Oracle Java SE en las versiones 6u95, 7u80 y 8u45, en JRockit R28.3.6 y en Java SE Embedded en las versiones 7u75y 8u33, permite a atacantes remotos afectar la confidencialidad a través de vectores relacionados con la JCE. It was discovered that the JCE component in OpenJDK failed ... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10727 • CWE-385: Covert Timing Channel •
CVSS: 6.8EPSS: 1%CPEs: 11EXPL: 0CVE-2015-2625 – OpenJDK: name for reverse DNS lookup used in certificate identity check (JSSE, 8067694)
https://notcve.org/view.php?id=CVE-2015-2625
16 Jul 2015 — Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JRockit R28.3.6; and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JSSE. Vulnerabilidad no especificada en Oracle Java SE 6u95, 7u80, y 8u45; JRockit R28.3.6; y Java SE Embedded 7u75 y 8u33, permite a atacantes remotos afectar la confidencialidad a través de vectores relacionados con JSSE. A flaw was found in the way the JSSE component in OpenJDK performed X.509 certificate identity ve... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10727 • CWE-295: Improper Certificate Validation •
CVSS: 7.6EPSS: 13%CPEs: 11EXPL: 0CVE-2015-4748 – OpenJDK: incorrect OCSP nextUpdate checking (Libraries, 8075374)
https://notcve.org/view.php?id=CVE-2015-4748
16 Jul 2015 — Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JRockit R28.3.6; and Java SE Embedded 7u75 and Embedded 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security. Vulnerabilidad no especificada en Oracle Java SE 6u95, 7u80 y 8u45; JRockit R28.3.6; y Java SE Embedded 7u75 y Embedded 8u33, permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con Sec... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10727 • CWE-299: Improper Check for Certificate Revocation •
CVSS: 6.8EPSS: 3%CPEs: 11EXPL: 0CVE-2015-4749 – OpenJDK: DnsClient fails to release request information after error (JNDI, 8075378)
https://notcve.org/view.php?id=CVE-2015-4749
16 Jul 2015 — Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JRockit R28.3.6; and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect availability via vectors related to JNDI. Vulnerabilidad no especificada en Oracle Java SE 6u95, 7u80 y 8u45; JRockit R28.3.6; y Java SE Embedded 7u75 y 8u33, permite a atacantes remotos afectar la disponibilidad a través de vectores relacionados con JNDI. It was discovered that the JNDI component in OpenJDK did not handle DNS resolution errors correctly. An... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10727 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 4.3EPSS: 94%CPEs: 42EXPL: 1CVE-2015-4000 – LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks
https://notcve.org/view.php?id=CVE-2015-4000
21 May 2015 — The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue. El protocolo TLS 1.2 y anteriores, cuando una suite de cifrado DHE_EXPORT está habilitada en un servidor pero no en un cliente, no t... • https://github.com/fatlan/HAProxy-Keepalived-Sec-HighLoads • CWE-310: Cryptographic Issues CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 9.1EPSS: 2%CPEs: 199EXPL: 0CVE-2013-5804 – OpenJDK: javac does not ignore certain ignorable characters (Javadoc, 8016653)
https://notcve.org/view.php?id=CVE-2013-5804
16 Oct 2013 — Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, and JRockit R27.7.6 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Javadoc. Vulnerabilidad no especificada en Oracle Java SE 7u40 y anteriores, Java SE 6u60 y anteriores, Java SE 5.0u51 y anteriores, JRockit R28.2.8 y anteriores, y JRockit R27.7.6 y anteriores que permite a atacantes remotos afectar la con... • http://lists.apple.com/archives/security-announce/2013/Oct/msg00001.html •
CVSS: 10.0EPSS: 5%CPEs: 138EXPL: 0CVE-2013-5823 – OpenJDK: com.sun.org.apache.xml.internal.security.utils.UnsyncByteArrayOutputStream Denial of Service (Security, 8021290)
https://notcve.org/view.php?id=CVE-2013-5823
16 Oct 2013 — Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect availability via unknown vectors related to Security. Vulnerabilidad no especificada en Oracle Java SE y anteriores, Java SE 6u60 y anteriores, JRockit R28.2.8 y anteriores, JRockit R27.7.6 y anteriores, y Java SE Embedded 7u40 y anteriores permite a atacantes remotos afectar la disponibilidad... • http://lists.apple.com/archives/security-announce/2013/Oct/msg00001.html •
CVSS: 5.5EPSS: 3%CPEs: 216EXPL: 0CVE-2013-5803 – OpenJDK: insufficient checks of KDC replies (JGSS, 8014341)
https://notcve.org/view.php?id=CVE-2013-5803
16 Oct 2013 — Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect availability via vectors related to JGSS. Vulnerabilidad sin especificar en Oracle Java SE 7u40 y anteriores, Java SE 6u60 y anteriores, Java SE 5.0u51 y anteriores, JRockit R28.2.8 y anteriores, JRockit R27.7.6 y anteriores, and Java SE Embedded 7u40 y anteriores p... • http://lists.apple.com/archives/security-announce/2013/Oct/msg00001.html •
CVSS: 7.5EPSS: 3%CPEs: 216EXPL: 0CVE-2013-5825 – OpenJDK: XML parsing Denial of Service (JAXP, 8014530)
https://notcve.org/view.php?id=CVE-2013-5825
16 Oct 2013 — Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect availability via vectors related to JAXP. Vulnerabilidad no especificada en Oracle Java SE 7u40 y anteriores, Java SE 6u60 y anteriores, Java SE 5.0u51 y anteriores, JRockit R28.2.8 y anteriores, JRockit R27.7.6 y anteriores, y Java SE Embedded 7u40 y anteriores per... • http://lists.apple.com/archives/security-announce/2013/Oct/msg00001.html •
CVSS: 9.8EPSS: 7%CPEs: 216EXPL: 0CVE-2013-5802 – OpenJDK: javax.xml.transform.TransformerFactory does not properly honor XMLConstants.FEATURE_SECURE_PROCESSING (JAXP, 8012425)
https://notcve.org/view.php?id=CVE-2013-5802
16 Oct 2013 — Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXP. Vulnerabilidad sin especificar en Oracle Java SE 7u40 y anteriores, Java SE 6u60 y anteriores, Java SE 5.0u51 y anteriores, JRockit R28.2.8 y anteriores, JRockit R27.7.6 y anteriores, y Java S... • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=1019130 •