CVSS: 4.3EPSS: 0%CPEs: 25EXPL: 0CVE-2017-3533 – OpenJDK: newline injection in the FTP client (Networking, 8170222)
https://notcve.org/view.php?id=CVE-2017-3533
21 Apr 2017 — Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via FTP to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded,... • http://www.debian.org/security/2017/dsa-3858 • CWE-20: Improper Input Validation •
CVSS: 3.1EPSS: 0%CPEs: 24EXPL: 0CVE-2017-3539 – OpenJDK: MD5 allowed for jar verification (Security, 8171121)
https://notcve.org/view.php?id=CVE-2017-3539
21 Apr 2017 — Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, i... • http://www.debian.org/security/2017/dsa-3858 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 4.3EPSS: 0%CPEs: 33EXPL: 0CVE-2017-3544 – OpenJDK: newline injection in the SMTP client (Networking, 8171533)
https://notcve.org/view.php?id=CVE-2017-3544
21 Apr 2017 — Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SMTP to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded... • http://www.debian.org/security/2017/dsa-3858 • CWE-20: Improper Input Validation •
CVSS: 8.3EPSS: 1%CPEs: 4EXPL: 0CVE-2017-3260 – Gentoo Linux Security Advisory 201707-01
https://notcve.org/view.php?id=CVE-2017-3260
25 Jan 2017 — Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 7u121 and 8u112. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in... • http://www.debian.org/security/2017/dsa-3782 •
CVSS: 8.8EPSS: 12%CPEs: 36EXPL: 0CVE-2016-9840 – zlib: Out-of-bounds pointer arithmetic in inftrees.c
https://notcve.org/view.php?id=CVE-2016-9840
23 Jan 2017 — inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. Inftrees.c en zlib 1.2.8 podría permitir que los atacantes dependientes del contexto tener un impacto no especificado al aprovechar la aritmética de puntero incorrecta. It was discovered that rsync incorrectly handled pointer arithmetic in zlib. An attacker could use this issue to cause rsync to crash, resulting in a denial of service, or possibly execute arbitrary code. It ... • http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html •
CVSS: 9.8EPSS: 19%CPEs: 62EXPL: 0CVE-2016-9841 – zlib: Out-of-bounds pointer arithmetic in inffast.c
https://notcve.org/view.php?id=CVE-2016-9841
23 Jan 2017 — inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. inffast.c en zlib 1.2.8 puede permitir que atacantes dependientes del contexto causen un impacto no especificado aprovechando una aritmética de puntero incorrecta.. It was discovered that rsync incorrectly handled pointer arithmetic in zlib. An attacker could use this issue to cause rsync to crash, resulting in a denial of service, or possibly execute arbitrary code. It was d... • http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html •
CVSS: 8.8EPSS: 10%CPEs: 36EXPL: 0CVE-2016-9842 – zlib: Undefined left shift of negative number
https://notcve.org/view.php?id=CVE-2016-9842
23 Jan 2017 — The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers. La función inflateMark en inflate.c en zlib 1.2.8 podría permitir que los atacantes dependientes del contexto tener un impacto no especificado a través de vectores que implican cambios a la izquierda de enteros negativos. It was discovered that rsync incorrectly handled pointer arithmetic in zlib. An attacker could use this issue to ca... • http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html •
CVSS: 9.8EPSS: 9%CPEs: 46EXPL: 0CVE-2016-9843 – zlib: Big-endian out-of-bounds pointer
https://notcve.org/view.php?id=CVE-2016-9843
23 Jan 2017 — The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation. La función crc32_big en crc32.c in zlib 1.2.8 podría permitir que atacantes dependientes del contexto causen impactos no especificados mediante vectores que implican cálculos CRC big-endian. It was discovered that rsync incorrectly handled pointer arithmetic in zlib. An attacker could use this issue to cause rsync to crash, resulting in a denial... • http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2016-5546 – OpenJDK: incorrect ECDSA signature extraction from the DER input (Libraries, 8168714)
https://notcve.org/view.php?id=CVE-2016-5546
20 Jan 2017 — Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical dat... • http://rhn.redhat.com/errata/RHSA-2017-0175.html • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 7EXPL: 0CVE-2016-5547 – OpenJDK: missing ObjectIdentifier length check (Libraries, 8168705)
https://notcve.org/view.php?id=CVE-2016-5547
20 Jan 2017 — Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Ja... • http://rhn.redhat.com/errata/RHSA-2017-0175.html • CWE-770: Allocation of Resources Without Limits or Throttling •