Update Mon Jul 25 11:30:17 UTC 2022

2013/CVE-2013-2566.md

@@ -11,6 +11,7 @@ The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single
 
 #### Reference
 - http://www.isg.rhul.ac.uk/tls/
+- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
 - http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
 - http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
 - http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

2014/CVE-2014-0114.md

@@ -12,6 +12,7 @@ Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in A
 #### Reference
 - http://openwall.com/lists/oss-security/2014/07/08/1
 - http://seclists.org/fulldisclosure/2014/Dec/23
+- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
 - http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
 - http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
 - http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

2014/CVE-2014-7817.md

@@ -10,6 +10,7 @@ The wordexp function in GNU C Library (aka glibc) 2.21 does not enforce the WRDE
 ### POC
 
 #### Reference
+- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
 - http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
 
 #### Github

2014/CVE-2014-9402.md

@@ -14,6 +14,7 @@ The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2
 - http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html
 - http://seclists.org/fulldisclosure/2019/Jun/18
 - http://seclists.org/fulldisclosure/2019/Sep/7
+- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
 - https://seclists.org/bugtraq/2019/Jun/14
 - https://seclists.org/bugtraq/2019/Sep/7
 

2015/CVE-2015-0293.md

@@ -10,6 +10,7 @@ The SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 b
 ### POC
 
 #### Reference
+- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
 - http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
 - http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
 - http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html

2015/CVE-2015-1472.md

@@ -14,6 +14,7 @@ The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc
 - http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html
 - http://seclists.org/fulldisclosure/2019/Jun/18
 - http://seclists.org/fulldisclosure/2019/Sep/7
+- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
 - http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
 - https://seclists.org/bugtraq/2019/Jun/14
 - https://seclists.org/bugtraq/2019/Sep/7

2015/CVE-2015-2808.md

@@ -11,6 +11,7 @@ The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not proper
 
 #### Reference
 - http://www-304.ibm.com/support/docview.wss?uid=swg21960015
+- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
 - http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
 - http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
 - http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

2015/CVE-2015-3195.md

@@ -11,6 +11,7 @@ The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before
 
 #### Reference
 - http://fortiguard.com/advisory/openssl-advisory-december-2015
+- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
 - http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
 - http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
 - http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

2015/CVE-2015-3253.md

@@ -11,6 +11,7 @@ The MethodClosure class in runtime/MethodClosure.java in Apache Groovy 1.7.0 thr
 
 #### Reference
 - http://packetstormsecurity.com/files/132714/Apache-Groovy-2.4.3-Code-Execution.html
+- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
 - http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
 - http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
 - http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

2015/CVE-2015-4852.md

@@ -13,6 +13,7 @@ The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.
 - http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/
 - http://packetstormsecurity.com/files/152268/Oracle-Weblogic-Server-Deserialization-Remote-Code-Execution.html
 - http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html
+- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
 - http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
 - http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
 - http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html

2015/CVE-2015-7501.md

@@ -10,6 +10,7 @@ Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG)
 ### POC
 
 #### Reference
+- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
 - http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
 - http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
 - https://www.oracle.com/security-alerts/cpujul2020.html

2015/CVE-2015-7547.md

@@ -18,6 +18,7 @@ Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functio
 - http://seclists.org/fulldisclosure/2019/Sep/7
 - http://seclists.org/fulldisclosure/2021/Sep/0
 - http://seclists.org/fulldisclosure/2022/Jun/36
+- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
 - https://googleonlinesecurity.blogspot.com/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html
 - https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes
 - https://seclists.org/bugtraq/2019/Sep/7

2015/CVE-2015-7940.md

@@ -10,6 +10,7 @@ The Bouncy Castle Java library before 1.51 does not validate a point is withing
 ### POC
 
 #### Reference
+- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
 - http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
 - http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
 - http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

2016/CVE-2016-0635.md

@@ -11,6 +11,7 @@ Unspecified vulnerability in the Enterprise Manager Ops Center component in Orac
 
 #### Reference
 - http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html
+- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
 - http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
 - http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
 - http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

2016/CVE-2016-0703.md

@@ -10,6 +10,7 @@ The get_client_master_key function in s2_srvr.c in the SSLv2 implementation in O
 ### POC
 
 #### Reference
+- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
 - http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
 - https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168
 

2016/CVE-2016-0704.md

@@ -10,6 +10,7 @@ An oracle protection mechanism in the get_client_master_key function in s2_srvr.
 ### POC
 
 #### Reference
+- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
 - http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
 - https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168
 

2016/CVE-2016-0800.md

@@ -10,6 +10,7 @@ The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and
 ### POC
 
 #### Reference
+- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
 - http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
 - http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
 - http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

2016/CVE-2016-1181.md

@@ -10,6 +10,7 @@ ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreade
 ### POC
 
 #### Reference
+- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
 - http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
 - http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
 - http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

2016/CVE-2016-1182.md

@@ -10,6 +10,7 @@ ActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not properly restr
 ### POC
 
 #### Reference
+- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
 - http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
 - http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
 - http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

2016/CVE-2016-2105.md

@@ -11,6 +11,7 @@ Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in Open
 
 #### Reference
 - http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html
+- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
 - http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
 - http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
 - http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

2016/CVE-2016-2106.md

@@ -11,6 +11,7 @@ Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in Op
 
 #### Reference
 - http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html
+- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
 - http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
 - http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
 - http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

2016/CVE-2016-2107.md

@@ -12,6 +12,7 @@ The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does
 #### Reference
 - http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html
 - http://web-in-security.blogspot.ca/2016/05/curious-padding-oracle-in-openssl-cve.html
+- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
 - http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
 - http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
 - http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

2016/CVE-2016-2109.md

@@ -11,6 +11,7 @@ The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implem
 
 #### Reference
 - http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html
+- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
 - http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
 - http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
 - http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

2016/CVE-2016-2177.md

@@ -11,6 +11,7 @@ OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer bound
 
 #### Reference
 - http://seclists.org/fulldisclosure/2017/Jul/31
+- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
 - http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
 - http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
 - http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

2016/CVE-2016-2178.md

@@ -12,6 +12,7 @@ The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h d
 #### Reference
 - http://eprint.iacr.org/2016/594.pdf
 - http://seclists.org/fulldisclosure/2017/Jul/31
+- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
 - http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
 - http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
 - http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

2016/CVE-2016-2179.md

@@ -10,6 +10,7 @@ The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the l
 ### POC
 
 #### Reference
+- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
 - http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
 - http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
 - http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

2016/CVE-2016-2180.md

@@ -10,6 +10,7 @@ The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Public Key Infr
 ### POC
 
 #### Reference
+- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
 - http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
 - http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
 - http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

2016/CVE-2016-2181.md

@@ -11,6 +11,7 @@ The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 misha
 
 #### Reference
 - http://seclists.org/fulldisclosure/2017/Jul/31
+- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
 - http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
 - http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
 - http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

2016/CVE-2016-2182.md

@@ -11,6 +11,7 @@ The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not
 
 #### Reference
 - http://seclists.org/fulldisclosure/2017/Jul/31
+- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
 - http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
 - http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
 - http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

2016/CVE-2016-2183.md

@@ -13,6 +13,7 @@ The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and
 - http://packetstormsecurity.com/files/142756/IBM-Informix-Dynamic-Server-DLL-Injection-Code-Execution.html
 - http://seclists.org/fulldisclosure/2017/Jul/31
 - http://seclists.org/fulldisclosure/2017/May/105
+- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
 - http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
 - http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
 - http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

2016/CVE-2016-2518.md

@@ -11,6 +11,7 @@ The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 a
 
 #### Reference
 - http://packetstormsecurity.com/files/136864/Slackware-Security-Advisory-ntp-Updates.html
+- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
 - http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
 - https://www.kb.cert.org/vuls/id/718152
 

2016/CVE-2016-2550.md

@@ -10,7 +10,7 @@ The Linux kernel before 4.5 allows local users to bypass file-descriptor limits
 ### POC
 
 #### Reference
-No PoCs from references.
+- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
 
 #### Github
 - https://github.com/thdusdl1219/CVE-Study

2016/CVE-2016-4449.md

@@ -10,6 +10,7 @@ XML external entity (XXE) vulnerability in the xmlStringLenDecodeEntities functi
 ### POC
 
 #### Reference
+- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
 - http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
 
 #### Github

2016/CVE-2016-5385.md

@@ -11,6 +11,7 @@ PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace
 
 #### Reference
 - http://www.kb.cert.org/vuls/id/797896
+- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
 - http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
 - http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
 - https://httpoxy.org/

2016/CVE-2016-5387.md

@@ -11,6 +11,7 @@ The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and theref
 
 #### Reference
 - http://www.kb.cert.org/vuls/id/797896
+- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
 - http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
 - http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
 - https://httpoxy.org/

2016/CVE-2016-6302.md

@@ -10,6 +10,7 @@ The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not
 ### POC
 
 #### Reference
+- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
 - http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
 - http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
 - http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

2016/CVE-2016-6303.md

@@ -10,6 +10,7 @@ Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSS
 ### POC
 
 #### Reference
+- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
 - http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
 - http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
 - http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

2016/CVE-2016-6304.md

@@ -12,6 +12,7 @@ Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i,
 #### Reference
 - http://packetstormsecurity.com/files/139091/OpenSSL-x509-Parsing-Double-Free-Invalid-Free.html
 - http://seclists.org/fulldisclosure/2017/Jul/31
+- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
 - http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
 - http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
 - http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

2016/CVE-2016-6305.md

@@ -10,6 +10,7 @@ The ssl3_read_bytes function in record/rec_layer_s3.c in OpenSSL 1.1.0 before 1.
 ### POC
 
 #### Reference
+- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
 - http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
 - http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
 - http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

2016/CVE-2016-6306.md

@@ -11,6 +11,7 @@ The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might al
 
 #### Reference
 - http://seclists.org/fulldisclosure/2017/Jul/31
+- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
 - http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
 - http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
 - http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

2016/CVE-2016-6307.md

@@ -10,6 +10,7 @@ The state-machine implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory
 ### POC
 
 #### Reference
+- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
 - http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
 - http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
 - http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

2016/CVE-2016-6308.md

@@ -10,6 +10,7 @@ statem/statem_dtls.c in the DTLS implementation in OpenSSL 1.1.0 before 1.1.0a a
 ### POC
 
 #### Reference
+- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
 - http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
 - http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
 - http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

2016/CVE-2016-6309.md

@@ -10,6 +10,7 @@ statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after
 ### POC
 
 #### Reference
+- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
 - http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
 - http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html