- EPSS 32.41%
- Veröffentlicht 03.03.2016 20:59:03
- Zuletzt bearbeitet 06.05.2026 22:30:45
The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have uns...
CVE-2016-0798
- EPSS 24.41%
- Veröffentlicht 03.03.2016 20:59:02
- Zuletzt bearbeitet 06.05.2026 22:30:45
Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory consumption) by providing an invalid username in a connection attempt, related...
CVE-2016-0797
- EPSS 27.02%
- Veröffentlicht 03.03.2016 20:59:01
- Zuletzt bearbeitet 06.05.2026 22:30:45
Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit stri...
CVE-2016-0702
- EPSS 1.91%
- Veröffentlicht 03.03.2016 20:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discov...
- EPSS 26.34%
- Veröffentlicht 03.03.2016 20:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other imp...
CVE-2016-0704
- EPSS 6.9%
- Veröffentlicht 02.03.2016 11:59:01
- Zuletzt bearbeitet 06.05.2026 22:30:45
An oracle protection mechanism in the get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a overwrites incorrect MASTER-KEY bytes during us...
CVE-2016-0703
- EPSS 5.4%
- Veröffentlicht 02.03.2016 11:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
The get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a accepts a nonzero CLIENT-MASTER-KEY CLEAR-KEY-LENGTH value for an arbitrary ciphe...
CVE-2016-0800
- EPSS 82.11%
- Veröffentlicht 01.03.2016 20:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote...
CVE-2016-0701
- EPSS 83.65%
- Veröffentlicht 15.02.2016 02:59:18
- Zuletzt bearbeitet 06.05.2026 22:30:45
The DH_check_pub_key function in crypto/dh/dh_check.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman (DH) key exchange, which makes it easier for remote attackers to discover a private DH exponent...
CVE-2015-3197
- EPSS 10.73%
- Veröffentlicht 15.02.2016 02:59:01
- Zuletzt bearbeitet 06.05.2026 22:30:45
ssl/s2_srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f does not prevent use of disabled ciphers, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by performing computations on SSLv2 tra...