CVSS: 8.8EPSS: 12%CPEs: 36EXPL: 0CVE-2016-9840 – zlib: Out-of-bounds pointer arithmetic in inftrees.c
https://notcve.org/view.php?id=CVE-2016-9840
23 Jan 2017 — inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. Inftrees.c en zlib 1.2.8 podría permitir que los atacantes dependientes del contexto tener un impacto no especificado al aprovechar la aritmética de puntero incorrecta. It was discovered that rsync incorrectly handled pointer arithmetic in zlib. An attacker could use this issue to cause rsync to crash, resulting in a denial of service, or possibly execute arbitrary code. It ... • http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html •
CVSS: 9.6EPSS: 1%CPEs: 8EXPL: 0CVE-2017-3272 – Oracle Java AtomicReferenceFieldUpdater Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-3272
20 Jan 2017 — Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may signif... • http://rhn.redhat.com/errata/RHSA-2017-0175.html •
CVSS: 5.3EPSS: 0%CPEs: 9EXPL: 0CVE-2016-5552 – OpenJDK: incorrect URL parsing in URLStreamHandler (Networking, 8167223)
https://notcve.org/view.php?id=CVE-2016-5552
20 Jan 2017 — Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java... • http://rhn.redhat.com/errata/RHSA-2017-0175.html • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2016-5548 – OpenJDK: DSA implementation timing attack (Libraries, 8168728)
https://notcve.org/view.php?id=CVE-2016-5548
20 Jan 2017 — Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to ... • http://rhn.redhat.com/errata/RHSA-2017-0175.html • CWE-385: Covert Timing Channel •
CVSS: 7.5EPSS: 1%CPEs: 9EXPL: 0CVE-2017-3253 – OpenJDK: imageio PNGImageReader failed to honor ignoreMetadata for iTXt and zTXt chunks (2D, 8166988)
https://notcve.org/view.php?id=CVE-2017-3253
20 Jan 2017 — Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete... • http://rhn.redhat.com/errata/RHSA-2017-0175.html • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.8EPSS: 0%CPEs: 9EXPL: 0CVE-2017-3252 – OpenJDK: LdapLoginModule incorrect userDN extraction (JAAS, 8161743)
https://notcve.org/view.php?id=CVE-2017-3252
20 Jan 2017 — Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAAS). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Jav... • http://rhn.redhat.com/errata/RHSA-2017-0175.html • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0CVE-2017-3231 – OpenJDK: URLClassLoader insufficient access control checks (Networking, 8151934)
https://notcve.org/view.php?id=CVE-2017-3231
20 Jan 2017 — Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read acce... • http://rhn.redhat.com/errata/RHSA-2017-0175.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2016-5546 – OpenJDK: incorrect ECDSA signature extraction from the DER input (Libraries, 8168714)
https://notcve.org/view.php?id=CVE-2016-5546
20 Jan 2017 — Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical dat... • http://rhn.redhat.com/errata/RHSA-2017-0175.html • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2017-3259 – JDK: unspecified vulnerability fixed in 6u141, 7u131, and 8u121 (Deployment)
https://notcve.org/view.php?id=CVE-2017-3259
20 Jan 2017 — Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java We... • http://rhn.redhat.com/errata/RHSA-2017-0175.html •
CVSS: 9.0EPSS: 80%CPEs: 9EXPL: 5CVE-2017-3241 – Oracle OpenJDK Runtime Environment 1.8.0_112-b15 - Java Serialization Denial Of Service
https://notcve.org/view.php?id=CVE-2017-3241
20 Jan 2017 — Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successfu... • https://packetstorm.news/files/id/141104 • CWE-20: Improper Input Validation CWE-502: Deserialization of Untrusted Data •