CVE-2016-9843 – zlib: Big-endian out-of-bounds pointer
https://notcve.org/view.php?id=CVE-2016-9843
The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation. La función crc32_big en crc32.c in zlib 1.2.8 podría permitir que atacantes dependientes del contexto causen impactos no especificados mediante vectores que implican cálculos CRC big-endian. • http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html http://www.openwall.com/lists/oss-security/2016/12/05/21 http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus •
CVE-2016-9841 – zlib: Out-of-bounds pointer arithmetic in inffast.c
https://notcve.org/view.php?id=CVE-2016-9841
inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. inffast.c en zlib 1.2.8 puede permitir que atacantes dependientes del contexto causen un impacto no especificado aprovechando una aritmética de puntero incorrecta.. • http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html http://www.openwall.com/lists/oss-security/2016/12/05/21 http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus •
CVE-2016-9842 – zlib: Undefined left shift of negative number
https://notcve.org/view.php?id=CVE-2016-9842
The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers. La función inflateMark en inflate.c en zlib 1.2.8 podría permitir que los atacantes dependientes del contexto tener un impacto no especificado a través de vectores que implican cambios a la izquierda de enteros negativos. • http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html http://www.openwall.com/lists/oss-security/2016/12/05/21 http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/95131 http://www.securitytracker.com/id/1039427 https:/ •
CVE-2016-5546 – OpenJDK: incorrect ECDSA signature extraction from the DER input (Libraries, 8168714)
https://notcve.org/view.php?id=CVE-2016-5546
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. • http://rhn.redhat.com/errata/RHSA-2017-0175.html http://rhn.redhat.com/errata/RHSA-2017-0176.html http://rhn.redhat.com/errata/RHSA-2017-0177.html http://rhn.redhat.com/errata/RHSA-2017-0180.html http://rhn.redhat.com/errata/RHSA-2017-0263.html http://rhn.redhat.com/errata/RHSA-2017-0269.html http://rhn.redhat.com/errata/RHSA-2017-0336.html http://rhn.redhat.com/errata/RHSA-2017-0337.html http://rhn.redhat.com/errata/RHSA-2017-0338.html http://www • CWE-20: Improper Input Validation •
CVE-2016-5552 – OpenJDK: incorrect URL parsing in URLStreamHandler (Networking, 8167223)
https://notcve.org/view.php?id=CVE-2016-5552
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. • http://rhn.redhat.com/errata/RHSA-2017-0175.html http://rhn.redhat.com/errata/RHSA-2017-0176.html http://rhn.redhat.com/errata/RHSA-2017-0177.html http://rhn.redhat.com/errata/RHSA-2017-0180.html http://rhn.redhat.com/errata/RHSA-2017-0263.html http://rhn.redhat.com/errata/RHSA-2017-0269.html http://rhn.redhat.com/errata/RHSA-2017-0336.html http://rhn.redhat.com/errata/RHSA-2017-0337.html http://rhn.redhat.com/errata/RHSA-2017-0338.html http://www • CWE-20: Improper Input Validation •