Lucene search

K
archlinuxArch LinuxASA-201501-15
HistoryJan 23, 2015 - 12:00 a.m.

jre8-openjdk: multiple issues

2015-01-2300:00:00
Arch Linux
lists.archlinux.org
23

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.975 High

EPSS

Percentile

100.0%

  • CVE-2014-3566 (man-in-the-middle)
    Nondeterministic CBC padding, which makes it easier for
    man-in-the-middle attackers to obtain cleartext data via a
    padding-oracle attack, aka the "POODLE" issue.

  • CVE-2014-6549 (arbitrary code execution)
    Incorrect class loader permission check in ClassLoader getParent()
    allows remote attackers to affect confidentiality, integrity, and
    availability.

  • CVE-2014-6585 (out-of-bounds read)
    Allows remote attackers to affect confidentiality via font parsing
    out-of-bounds read related to 2D.

  • CVE-2014-6587 (privilege escalation)
    MulticastSocket NULL pointer dereference allows local users to affect
    confidentiality, integrity, and availability.

  • CVE-2014-6591 (out-of-bounds read)
    Allows remote attackers to affect confidentiality via font parsing
    out-of-bounds read related to 2D.

  • CVE-2014-6593 (man-in-the-middle)
    Incorrect tracking of ChangeCipherSpec during SSL/TLS handshake allows
    remote attackers to affect confidentiality and integrity.

  • CVE-2014-6601 (arbitrary code execution)
    Class verifier insufficient invokespecial calls verification related to
    Hotspot allows remote attackers to affect confidentiality, integrity,
    and availability.

  • CVE-2015-0383 (denial of service)
    Insecure hsperfdata temporary file handling related to Hotspot allows
    local users to affect integrity and availability.

  • CVE-2015-0395 (arbitrary code execution)
    Phantom references handling issue in garbage collector related to
    Hotspot allows remote attackers to affect confidentiality, integrity,
    and availability.

  • CVE-2015-0400 (information disclosure)
    Successful unauthenticated network attacks via multiple protocols can
    result in unauthorized read access to a subset of Java SE accessible data.

  • CVE-2015-0403 (arbitrary code execution)
    Successful attack of this vulnerability can result in unauthorized
    Operating System takeover including arbitrary code execution.

  • CVE-2015-0406 (information disclosure)
    Successful unauthenticated network attacks via multiple protocols can
    result in unauthorized read access to a subset of accessible data and
    ability to cause a partial denial of service.

  • CVE-2015-0407 (information disclosure)
    Directory information leak via file chooser related to Swing allows
    remote attackers to affect confidentiality.

  • CVE-2015-0408 (arbitrary code execution)
    Incorrect context class loader use in RMI transport allows remote
    attackers to affect confidentiality, integrity, and availability.

  • CVE-2015-0410 (denial of service)
    DER decoder infinite loop allows remote attackers to affect availability.

  • CVE-2015-0412 (arbitrary code execution)
    Insufficient code privileges checks related to JAX-WS allows remote
    attackers to affect confidentiality, integrity, and availability.

  • CVE-2015-0413 (unauthorized modification)
    Successful attack of this vulnerability can result in unauthorized
    update, insert or delete access to some Java SE accessible data.

  • CVE-2015-0421 (arbitrary code execution)
    Successful attack of this vulnerability can result in unauthorized
    Operating System takeover including arbitrary code execution.

  • CVE-2015-0437 (arbitrary code execution)
    Code generation issue related to Hotspot allows remote attackers to
    affect confidentiality, integrity, and availability.

OSVersionArchitecturePackageVersionFilename
anyanyanyjre8-openjdk< 8.u31-1UNKNOWN

References

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.975 High

EPSS

Percentile

100.0%