Page 4 of 137 results (0.010 seconds)

CVSS: 5.3EPSS: 1%CPEs: 12EXPL: 0

CVE-2016-3508 – OpenJDK: missing entity replacement limits (JAXP, 8149962)

https://notcve.org/view.php?id=CVE-2016-3508

Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2016-3500. Vulnerabilidad no especificada en Oracle Java SE 6u115, 7u101 y 8u92; Java SE Embedded 8u91 y JRockit R28.3.10 permite a atacantes remotos afectar la disponibilidad a través de vectores relacionados con JAXP, una vulnerabilidad diferente a CVE-2016-3500. • http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00033.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00034.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00035.html http://lists.opensuse.org/opensuse-updates/2016-08/msg00028. • CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 4.3EPSS: 0%CPEs: 11EXPL: 0

CVE-2016-3550 – OpenJDK: integer overflows in bytecode streams (Hotspot, 8152479)

https://notcve.org/view.php?id=CVE-2016-3550

Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality via vectors related to Hotspot. Vulnerabilidad en Oracle Java SE 6u115, 7u101 y 8u92 y Java SE Embedded 8u91 permite a atacantes remotos afectar la confidencialidad a través de vectores relacionados con Hotspot. • http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00033.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00034.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00035.html http://lists.opensuse.org/opensuse-updates/2016-08/msg00028. • CWE-190: Integer Overflow or Wraparound •

CVSS: 9.6EPSS: 1%CPEs: 7EXPL: 0

CVE-2016-3598 – Oracle Java MethodHandles dropArguments Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2016-3598

Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different vulnerability than CVE-2016-3610. Vulnerabilidad no especificada en Oracle Java SE 8u92 y Java SE Embedded 8u91 permite a atacantes remotos afectar la confidencialidad, la integridad y la disponibilidad a través de vectores relacionados con Libraries, una vulnerabilidad diferente a CVE-2016-3610. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation of MethodHandles' dropArguments method. Due to unsafe handling of reflection of privileged classes inside the MethodHandles class, it is possible for untrusted code to gain access to privileged methods and properties. • http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00033.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00034.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00035.html http://lists.opensuse.org/opensuse-security-announce/2016-09 •

CVSS: 9.6EPSS: 1%CPEs: 9EXPL: 0

CVE-2016-3606 – Oracle Java Uninitialized Object Generation Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2016-3606

Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot. Vulnerabilidad no especificada en Oracle Java SE 7u101 y 8u92 y Java SE Embedded 8u91 permite a atacantes remotos afectar la confidencialidad, la integridad y disponibilidad a través de vectores relacionados con Hotspot. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way the runtime evaluates uninitialized objects that are not compiler generated. Due to unsafe handling of privileged classes within the uninitialized objects, it is possible for untrusted code to gain access to privileged methods and properties. • http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00033.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00034.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00035.html http://lists.opensuse.org/opensuse-updates/2016-08/msg00028. •

CVSS: 9.6EPSS: 1%CPEs: 7EXPL: 0

CVE-2016-3610 – Oracle Java MethodHandles filterReturnValue Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2016-3610

Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different vulnerability than CVE-2016-3598. Vulnerabilidad no especificada en Oracle Java SE 8u92 y Java SE Embedded 8u91 permite a atacantes remotos afectar la confidencialidad, la integridad y la disponibilidad a través de vectores relacionados con Libraries, una vulnerabilidad diferente a CVE-2016-3598. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation of MethodHandles.filterReturnValue. Due to unsafe handling of reflection of privileged classes inside the MethodHandles class, it is possible for untrusted code to gain access to privileged methods and properties. • http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00033.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00034.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00035.html http://lists.opensuse.org/opensuse-updates/2016-08/msg00028. •