CVE-2016-2178
- EPSS 1.17%
- Veröffentlicht 20.06.2016 01:59:03
- Zuletzt bearbeitet 06.05.2026 22:30:45
The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack.
CVE-2016-2177
- EPSS 44.51%
- Veröffentlicht 20.06.2016 01:59:02
- Zuletzt bearbeitet 06.05.2026 22:30:45
OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveragi...
CVE-2016-2176
- EPSS 22.84%
- Veröffentlicht 05.05.2016 01:59:06
- Zuletzt bearbeitet 06.05.2026 22:30:45
The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to obtain sensitive information from process stack memory or cause a denial of service (buffer over-read) via crafted EB...
CVE-2016-2109
- EPSS 29.21%
- Veröffentlicht 05.05.2016 01:59:05
- Zuletzt bearbeitet 06.05.2026 22:30:45
The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding.
- EPSS 77.91%
- Veröffentlicht 05.05.2016 01:59:04
- Zuletzt bearbeitet 06.05.2026 22:30:45
The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the "ne...
CVE-2016-2107
- EPSS 89.06%
- Veröffentlicht 05.05.2016 01:59:03
- Zuletzt bearbeitet 06.05.2026 22:30:45
The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against...
CVE-2016-2106
- EPSS 27.26%
- Veröffentlicht 05.05.2016 01:59:02
- Zuletzt bearbeitet 06.05.2026 22:30:45
Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data.
CVE-2016-2105
- EPSS 39.65%
- Veröffentlicht 05.05.2016 01:59:01
- Zuletzt bearbeitet 06.05.2026 22:30:45
Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data.
CVE-2000-1254
- EPSS 3.14%
- Veröffentlicht 05.05.2016 01:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
crypto/rsa/rsa_gen.c in OpenSSL before 0.9.6 mishandles C bitwise-shift operations that exceed the size of an expression, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging improper RSA key generati...
- EPSS 53.66%
- Veröffentlicht 03.03.2016 20:59:04
- Zuletzt bearbeitet 06.05.2026 22:30:45
The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memo...