Max CVSS 10.0 Min CVSS 4.3 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2015-4000 4.3
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a Clie
09-10-2019 - 23:14 21-05-2015 - 00:59
CVE-2015-3195 5.0
The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to ob
14-06-2019 - 14:44 06-12-2015 - 20:59
CVE-2016-3110 5.0
mod_cluster, as used in Red Hat JBoss Web Server 2.1, allows remote attackers to cause a denial of service (Apache http server crash) via an MCMP message containing a series of = (equals) characters after a legitimate element.
10-05-2019 - 15:34 26-09-2016 - 14:59
CVE-2016-4459 7.8
Stack-based buffer overflow in native/mod_manager/node.c in mod_cluster 1.2.9.
22-04-2019 - 17:48 12-04-2017 - 20:59
CVE-2016-2105 5.0
Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data.
21-02-2019 - 15:09 05-05-2016 - 01:59
CVE-2016-2109 7.8
The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding.
19-07-2018 - 01:29 05-05-2016 - 01:59
CVE-2016-2106 5.0
Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data.
19-07-2018 - 01:29 05-05-2016 - 01:59
CVE-2016-2108 10.0
The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the "ne
05-01-2018 - 02:30 05-05-2016 - 01:59
CVE-2015-3183 5.0
The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large c
05-01-2018 - 02:30 20-07-2015 - 23:59
Back to Top Mark selected
Back to Top