CVSS: 7.5EPSS: 6%CPEs: 32EXPL: 0CVE-2016-2180 – OpenSSL: OOB read in TS_OBJ_print_bio()
https://notcve.org/view.php?id=CVE-2016-2180
01 Aug 2016 — The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation in OpenSSL through 1.0.2h allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted time-stamp file that is mishandled by the "openssl ts" command. La función TS_OBJ_print_bio en crypto/ts/ts_lib.c en la implementación X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) en OpenSSL hasta la versión 1.0.2h permite a atacan... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 • CWE-125: Out-of-bounds Read •
CVSS: 4.3EPSS: 1%CPEs: 9EXPL: 0CVE-2016-3458 – OpenJDK: insufficient restrictions on the use of custom ValueHandler (CORBA, 8079718)
https://notcve.org/view.php?id=CVE-2016-3458
21 Jul 2016 — Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; and Java SE Embedded 8u91 allows remote attackers to affect integrity via vectors related to CORBA. Vulnerabilidad no especificada en Oracle Java SE 6u115, 7u101 y 8u92 y Java SE Embedded 8u91 permite a atacantes remotos afectar la integridad a través de vectores relacionados con CORBA. The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. Security Fix: An insufficien... • http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00011.html •
CVSS: 5.3EPSS: 6%CPEs: 12EXPL: 0CVE-2016-3500 – OpenJDK: maximum XML name limit not applied to namespace URIs (JAXP, 8148872)
https://notcve.org/view.php?id=CVE-2016-3500
21 Jul 2016 — Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2016-3508. Vulnerabilidad no especificada en Oracle Java SE 6u115, 7u101 y 8u92; Java SE Embedded 8u91 y JRockit R28.3.10 permite a atacantes remotos afectar la disponibilidad a través de vectores relacionados con JAXP, una vulnerabilidad diferente a CVE-2016-3508. The java-1.6.0-openjdk ... • http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00011.html • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.3EPSS: 5%CPEs: 12EXPL: 0CVE-2016-3508 – OpenJDK: missing entity replacement limits (JAXP, 8149962)
https://notcve.org/view.php?id=CVE-2016-3508
21 Jul 2016 — Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2016-3500. Vulnerabilidad no especificada en Oracle Java SE 6u115, 7u101 y 8u92; Java SE Embedded 8u91 y JRockit R28.3.10 permite a atacantes remotos afectar la disponibilidad a través de vectores relacionados con JAXP, una vulnerabilidad diferente a CVE-2016-3500. The java-1.6.0-openjdk ... • http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00011.html • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 4.3EPSS: 1%CPEs: 11EXPL: 0CVE-2016-3550 – OpenJDK: integer overflows in bytecode streams (Hotspot, 8152479)
https://notcve.org/view.php?id=CVE-2016-3550
21 Jul 2016 — Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality via vectors related to Hotspot. Vulnerabilidad en Oracle Java SE 6u115, 7u101 y 8u92 y Java SE Embedded 8u91 permite a atacantes remotos afectar la confidencialidad a través de vectores relacionados con Hotspot. The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. Security Fix: An insufficient... • http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00011.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.6EPSS: 5%CPEs: 6EXPL: 0CVE-2016-3587 – Oracle Java MethodHandle Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-3587
21 Jul 2016 — Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot. Vulnerabilidad no especificada en Oracle Java SE 8u92 y Java SE Embedded 8u91 permite a atacantes remotos afectar la confidencialidad, la integridad y la disponibilidad a través de vectores relacionados con Hotspot. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Jav... • http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00024.html •
CVSS: 9.6EPSS: 10%CPEs: 7EXPL: 0CVE-2016-3598 – Oracle Java MethodHandles dropArguments Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-3598
21 Jul 2016 — Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different vulnerability than CVE-2016-3610. Vulnerabilidad no especificada en Oracle Java SE 8u92 y Java SE Embedded 8u91 permite a atacantes remotos afectar la confidencialidad, la integridad y la disponibilidad a través de vectores relacionados con Libraries, una vulnerabilidad diferente a CVE-2016-3610. This vulnerabi... • http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00011.html •
CVSS: 9.6EPSS: 3%CPEs: 9EXPL: 0CVE-2016-3606 – Oracle Java Uninitialized Object Generation Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-3606
21 Jul 2016 — Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot. Vulnerabilidad no especificada en Oracle Java SE 7u101 y 8u92 y Java SE Embedded 8u91 permite a atacantes remotos afectar la confidencialidad, la integridad y disponibilidad a través de vectores relacionados con Hotspot. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installation... • http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00011.html •
CVSS: 9.6EPSS: 7%CPEs: 7EXPL: 0CVE-2016-3610 – Oracle Java MethodHandles filterReturnValue Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-3610
21 Jul 2016 — Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different vulnerability than CVE-2016-3598. Vulnerabilidad no especificada en Oracle Java SE 8u92 y Java SE Embedded 8u91 permite a atacantes remotos afectar la confidencialidad, la integridad y la disponibilidad a través de vectores relacionados con Libraries, una vulnerabilidad diferente a CVE-2016-3598. This vulnerabi... • http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00011.html •
CVSS: 8.1EPSS: 79%CPEs: 21EXPL: 0CVE-2016-5385 – PHP: sets environmental variable based on user supplied Proxy request header
https://notcve.org/view.php?id=CVE-2016-5385
19 Jul 2016 — PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an "httpoxy" issu... • http://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html • CWE-20: Improper Input Validation CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •