CVSS: 4.3EPSS: 1%CPEs: 11EXPL: 0CVE-2016-3550 – OpenJDK: integer overflows in bytecode streams (Hotspot, 8152479)
https://notcve.org/view.php?id=CVE-2016-3550
21 Jul 2016 — Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality via vectors related to Hotspot. Vulnerabilidad en Oracle Java SE 6u115, 7u101 y 8u92 y Java SE Embedded 8u91 permite a atacantes remotos afectar la confidencialidad a través de vectores relacionados con Hotspot. The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. Security Fix: An insufficient... • http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00011.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.6EPSS: 8%CPEs: 6EXPL: 0CVE-2016-3587 – Oracle Java MethodHandle Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-3587
21 Jul 2016 — Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot. Vulnerabilidad no especificada en Oracle Java SE 8u92 y Java SE Embedded 8u91 permite a atacantes remotos afectar la confidencialidad, la integridad y la disponibilidad a través de vectores relacionados con Hotspot. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Jav... • http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00024.html •
CVSS: 9.6EPSS: 10%CPEs: 7EXPL: 0CVE-2016-3598 – Oracle Java MethodHandles dropArguments Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-3598
21 Jul 2016 — Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different vulnerability than CVE-2016-3610. Vulnerabilidad no especificada en Oracle Java SE 8u92 y Java SE Embedded 8u91 permite a atacantes remotos afectar la confidencialidad, la integridad y la disponibilidad a través de vectores relacionados con Libraries, una vulnerabilidad diferente a CVE-2016-3610. This vulnerabi... • http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00011.html •
CVSS: 9.6EPSS: 5%CPEs: 9EXPL: 0CVE-2016-3606 – Oracle Java Uninitialized Object Generation Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-3606
21 Jul 2016 — Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot. Vulnerabilidad no especificada en Oracle Java SE 7u101 y 8u92 y Java SE Embedded 8u91 permite a atacantes remotos afectar la confidencialidad, la integridad y disponibilidad a través de vectores relacionados con Hotspot. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installation... • http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00011.html •
CVSS: 9.6EPSS: 6%CPEs: 7EXPL: 0CVE-2016-3610 – Oracle Java MethodHandles filterReturnValue Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-3610
21 Jul 2016 — Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different vulnerability than CVE-2016-3598. Vulnerabilidad no especificada en Oracle Java SE 8u92 y Java SE Embedded 8u91 permite a atacantes remotos afectar la confidencialidad, la integridad y la disponibilidad a través de vectores relacionados con Libraries, una vulnerabilidad diferente a CVE-2016-3598. This vulnerabi... • http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00011.html •
CVSS: 4.3EPSS: 1%CPEs: 9EXPL: 0CVE-2016-3458 – OpenJDK: insufficient restrictions on the use of custom ValueHandler (CORBA, 8079718)
https://notcve.org/view.php?id=CVE-2016-3458
21 Jul 2016 — Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; and Java SE Embedded 8u91 allows remote attackers to affect integrity via vectors related to CORBA. Vulnerabilidad no especificada en Oracle Java SE 6u115, 7u101 y 8u92 y Java SE Embedded 8u91 permite a atacantes remotos afectar la integridad a través de vectores relacionados con CORBA. The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. Security Fix: An insufficien... • http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00011.html •
CVSS: 5.3EPSS: 5%CPEs: 12EXPL: 0CVE-2016-3500 – OpenJDK: maximum XML name limit not applied to namespace URIs (JAXP, 8148872)
https://notcve.org/view.php?id=CVE-2016-3500
21 Jul 2016 — Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2016-3508. Vulnerabilidad no especificada en Oracle Java SE 6u115, 7u101 y 8u92; Java SE Embedded 8u91 y JRockit R28.3.10 permite a atacantes remotos afectar la disponibilidad a través de vectores relacionados con JAXP, una vulnerabilidad diferente a CVE-2016-3508. The java-1.6.0-openjdk ... • http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00011.html • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.3EPSS: 3%CPEs: 12EXPL: 0CVE-2016-3508 – OpenJDK: missing entity replacement limits (JAXP, 8149962)
https://notcve.org/view.php?id=CVE-2016-3508
21 Jul 2016 — Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2016-3500. Vulnerabilidad no especificada en Oracle Java SE 6u115, 7u101 y 8u92; Java SE Embedded 8u91 y JRockit R28.3.10 permite a atacantes remotos afectar la disponibilidad a través de vectores relacionados con JAXP, una vulnerabilidad diferente a CVE-2016-3500. The java-1.6.0-openjdk ... • http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00011.html • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.1EPSS: 79%CPEs: 21EXPL: 0CVE-2016-5385 – PHP: sets environmental variable based on user supplied Proxy request header
https://notcve.org/view.php?id=CVE-2016-5385
19 Jul 2016 — PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an "httpoxy" issu... • http://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html • CWE-20: Improper Input Validation CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 8.1EPSS: 80%CPEs: 18EXPL: 0CVE-2016-5388 – Tomcat: CGI sets environmental variable based on user supplied Proxy request header
https://notcve.org/view.php?id=CVE-2016-5388
19 Jul 2016 — Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "A mitigation is planned for future releases of Tomcat... • http://lists.opensuse.org/opensuse-updates/2016-09/msg00025.html • CWE-20: Improper Input Validation CWE-284: Improper Access Control •