rpm package
suse/java-1_7_1-ibm&distro=SUSE Linux Enterprise Software Development Kit 12
pkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012
Vulnerabilities (75)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2015-0192 | — | < 1.7.1_sr3.0-11.1 | 1.7.1_sr3.0-11.1 | Jul 2, 2015 | Unspecified vulnerability in IBM Java 8 before SR1, 7 R1 before SR2 FP11, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to gain privileges via unknown vectors related to the Java Virtual Machine. | ||
| CVE-2015-4000 | Low | 3.7 | < 1.7.1_sr3.10-14.1 | 1.7.1_sr3.10-14.1 | May 21, 2015 | The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by D | |
| CVE-2015-0491 | — | < 1.7.1_sr3.20-18.1 | 1.7.1_sr3.20-18.1 | Apr 16, 2015 | Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and Java FX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2015-0459. | ||
| CVE-2015-0488 | — | < 1.7.1_sr3.20-18.1 | 1.7.1_sr3.20-18.1 | Apr 16, 2015 | Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JRockit R28.3.5, allows remote attackers to affect availability via vectors related to JSSE. | ||
| CVE-2015-0480 | — | < 1.7.1_sr3.20-18.1 | 1.7.1_sr3.20-18.1 | Apr 16, 2015 | Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect integrity and availability via unknown vectors related to Tools. | ||
| CVE-2015-0478 | — | < 1.7.1_sr3.20-18.1 | 1.7.1_sr3.20-18.1 | Apr 16, 2015 | Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JRockit R28.3.5, allows remote attackers to affect confidentiality via vectors related to JCE. | ||
| CVE-2015-0477 | — | < 1.7.1_sr3.20-18.1 | 1.7.1_sr3.20-18.1 | Apr 16, 2015 | Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect integrity via unknown vectors related to Beans. | ||
| CVE-2015-0469 | — | < 1.7.1_sr3.20-18.1 | 1.7.1_sr3.20-18.1 | Apr 16, 2015 | Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. | ||
| CVE-2015-0459 | — | < 1.7.1_sr3.20-18.1 | 1.7.1_sr3.20-18.1 | Apr 16, 2015 | Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JavaFX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2015-0491. | ||
| CVE-2015-0458 | — | < 1.7.1_sr3.20-18.1 | 1.7.1_sr3.20-18.1 | Apr 16, 2015 | Unspecified vulnerability in in Oracle Java SE 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. | ||
| CVE-2015-2808 | — | < 1.7.1_sr3.0-11.1 | 1.7.1_sr3.0-11.1 | Apr 1, 2015 | The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing | ||
| CVE-2015-0138 | — | < 1.7.1_sr3.0-11.1 | 1.7.1_sr3.0-11.1 | Mar 25, 2015 | GSKit in IBM Tivoli Directory Server (ITDS) 6.0 before 6.0.0.73-ISS-ITDS-IF0073, 6.1 before 6.1.0.66-ISS-ITDS-IF0066, 6.2 before 6.2.0.42-ISS-ITDS-IF0042, and 6.3 before 6.3.0.35-ISS-ITDS-IF0035 and IBM Security Directory Server (ISDS) 6.3.1 before 6.3.1.9-ISS-ISDS-IF0009 does no | ||
| CVE-2014-8892 | — | < 1.7.1_sr2.10-8.1 | 1.7.1_sr2.10-8.1 | Mar 6, 2015 | Unspecified vulnerability in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 5.0 before SR16-FP9, 6 before SR16-FP3, 6R1 before SR8-FP3, 7 before SR8-FP10, and 7R1 before SR2-FP10 allows remote attackers to bypass intended access permissions and obtain sensitiv | ||
| CVE-2014-8891 | — | < 1.7.1_sr2.10-8.1 | 1.7.1_sr2.10-8.1 | Mar 6, 2015 | Unspecified vulnerability in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 5.0 before SR16-FP9, 6 before SR16-FP3, 6R1 before SR8-FP3, 7 before SR8-FP10, and 7R1 before SR2-FP10 allows remote attackers to escape the Java sandbox and execute arbitrary code via | ||
| CVE-2015-0204 | — | < 1.7.1_sr3.20-18.1 | 1.7.1_sr3.20-18.1 | Jan 9, 2015 | The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncomp |
- CVE-2015-0192Jul 2, 2015affected < 1.7.1_sr3.0-11.1fixed 1.7.1_sr3.0-11.1
Unspecified vulnerability in IBM Java 8 before SR1, 7 R1 before SR2 FP11, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to gain privileges via unknown vectors related to the Java Virtual Machine.
- affected < 1.7.1_sr3.10-14.1fixed 1.7.1_sr3.10-14.1
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by D
- CVE-2015-0491Apr 16, 2015affected < 1.7.1_sr3.20-18.1fixed 1.7.1_sr3.20-18.1
Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and Java FX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2015-0459.
- CVE-2015-0488Apr 16, 2015affected < 1.7.1_sr3.20-18.1fixed 1.7.1_sr3.20-18.1
Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JRockit R28.3.5, allows remote attackers to affect availability via vectors related to JSSE.
- CVE-2015-0480Apr 16, 2015affected < 1.7.1_sr3.20-18.1fixed 1.7.1_sr3.20-18.1
Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect integrity and availability via unknown vectors related to Tools.
- CVE-2015-0478Apr 16, 2015affected < 1.7.1_sr3.20-18.1fixed 1.7.1_sr3.20-18.1
Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JRockit R28.3.5, allows remote attackers to affect confidentiality via vectors related to JCE.
- CVE-2015-0477Apr 16, 2015affected < 1.7.1_sr3.20-18.1fixed 1.7.1_sr3.20-18.1
Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect integrity via unknown vectors related to Beans.
- CVE-2015-0469Apr 16, 2015affected < 1.7.1_sr3.20-18.1fixed 1.7.1_sr3.20-18.1
Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
- CVE-2015-0459Apr 16, 2015affected < 1.7.1_sr3.20-18.1fixed 1.7.1_sr3.20-18.1
Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JavaFX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2015-0491.
- CVE-2015-0458Apr 16, 2015affected < 1.7.1_sr3.20-18.1fixed 1.7.1_sr3.20-18.1
Unspecified vulnerability in in Oracle Java SE 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
- CVE-2015-2808Apr 1, 2015affected < 1.7.1_sr3.0-11.1fixed 1.7.1_sr3.0-11.1
The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing
- CVE-2015-0138Mar 25, 2015affected < 1.7.1_sr3.0-11.1fixed 1.7.1_sr3.0-11.1
GSKit in IBM Tivoli Directory Server (ITDS) 6.0 before 6.0.0.73-ISS-ITDS-IF0073, 6.1 before 6.1.0.66-ISS-ITDS-IF0066, 6.2 before 6.2.0.42-ISS-ITDS-IF0042, and 6.3 before 6.3.0.35-ISS-ITDS-IF0035 and IBM Security Directory Server (ISDS) 6.3.1 before 6.3.1.9-ISS-ISDS-IF0009 does no
- CVE-2014-8892Mar 6, 2015affected < 1.7.1_sr2.10-8.1fixed 1.7.1_sr2.10-8.1
Unspecified vulnerability in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 5.0 before SR16-FP9, 6 before SR16-FP3, 6R1 before SR8-FP3, 7 before SR8-FP10, and 7R1 before SR2-FP10 allows remote attackers to bypass intended access permissions and obtain sensitiv
- CVE-2014-8891Mar 6, 2015affected < 1.7.1_sr2.10-8.1fixed 1.7.1_sr2.10-8.1
Unspecified vulnerability in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 5.0 before SR16-FP9, 6 before SR16-FP3, 6R1 before SR8-FP3, 7 before SR8-FP10, and 7R1 before SR2-FP10 allows remote attackers to escape the Java sandbox and execute arbitrary code via
- CVE-2015-0204Jan 9, 2015affected < 1.7.1_sr3.20-18.1fixed 1.7.1_sr3.20-18.1
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncomp
Page 4 of 4