OpenSSL

OpenSSL

262 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2016-2183

Media report
  • EPSS 40.02%
  • Published 01.09.2016 00:59:00
  • Last modified 12.04.2025 10:46:40

The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birth...

7.5

CVE-2016-2180

  • EPSS 4.2%
  • Published 01.08.2016 02:59:11
  • Last modified 12.04.2025 10:46:40

The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation in OpenSSL through 1.0.2h allows remote attackers to cause a denial of service (out-of-bounds read and application cra...

5.5

CVE-2016-2178

  • EPSS 0.33%
  • Published 20.06.2016 01:59:03
  • Last modified 12.04.2025 10:46:40

The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack.

9.8

CVE-2016-2177

  • EPSS 29.84%
  • Published 20.06.2016 01:59:02
  • Last modified 12.04.2025 10:46:40

OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveragi...

8.2

CVE-2016-2176

  • EPSS 9.79%
  • Published 05.05.2016 01:59:06
  • Last modified 12.04.2025 10:46:40

The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to obtain sensitive information from process stack memory or cause a denial of service (buffer over-read) via crafted EB...

7.8

CVE-2016-2109

  • EPSS 57.94%
  • Published 05.05.2016 01:59:05
  • Last modified 12.04.2025 10:46:40

The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding.

10

CVE-2016-2108

  • EPSS 56.36%
  • Published 05.05.2016 01:59:04
  • Last modified 12.04.2025 10:46:40

The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the "ne...

5.9

CVE-2016-2107

  • EPSS 79.14%
  • Published 05.05.2016 01:59:03
  • Last modified 12.04.2025 10:46:40

The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against...

7.5

CVE-2016-2106

  • EPSS 63.02%
  • Published 05.05.2016 01:59:02
  • Last modified 12.04.2025 10:46:40

Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data.

7.5

CVE-2016-2105

  • EPSS 50.8%
  • Published 05.05.2016 01:59:01
  • Last modified 12.04.2025 10:46:40

Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data.