Max CVSS | 10.0 | Min CVSS | 2.1 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2016-6303 | 7.5 |
Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vect
|
12-02-2023 - 23:24 | 16-09-2016 - 05:59 | |
CVE-2016-2183 | 5.0 |
The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birth
|
12-02-2023 - 23:17 | 01-09-2016 - 00:59 | |
CVE-2016-6308 | 7.1 |
statem/statem_dtls.c in the DTLS implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via crafted DTLS messages.
|
13-12-2022 - 12:15 | 26-09-2016 - 19:59 | |
CVE-2016-6302 | 5.0 |
The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of service via a ticket that is too short.
|
13-12-2022 - 12:15 | 16-09-2016 - 05:59 | |
CVE-2016-6307 | 4.3 |
The state-machine implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via crafted TLS messages, related to statem
|
13-12-2022 - 12:15 | 26-09-2016 - 19:59 | |
CVE-2016-6306 | 4.3 |
The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c.
|
13-12-2022 - 12:15 | 26-09-2016 - 19:59 | |
CVE-2016-6304 | 7.8 |
Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions.
|
13-12-2022 - 12:15 | 26-09-2016 - 19:59 | |
CVE-2016-6305 | 5.0 |
The ssl3_read_bytes function in record/rec_layer_s3.c in OpenSSL 1.1.0 before 1.1.0a allows remote attackers to cause a denial of service (infinite loop) by triggering a zero-length record in an SSL_peek call.
|
13-12-2022 - 12:15 | 26-09-2016 - 19:59 | |
CVE-2016-2179 | 5.0 |
The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service (memory consumption) by maintaining many
|
13-12-2022 - 12:15 | 16-09-2016 - 05:59 | |
CVE-2016-2181 | 5.0 |
The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number, which allows remote attackers to cause a denial of service (false-positive packet drops
|
13-12-2022 - 12:15 | 16-09-2016 - 05:59 | |
CVE-2016-2182 | 7.5 |
The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified ot
|
13-12-2022 - 12:15 | 16-09-2016 - 05:59 | |
CVE-2016-2178 | 2.1 |
The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack.
|
13-12-2022 - 12:15 | 20-06-2016 - 01:59 | |
CVE-2016-2177 | 7.5 |
OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveragi
|
13-12-2022 - 12:15 | 20-06-2016 - 01:59 | |
CVE-2016-2180 | 5.0 |
The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation in OpenSSL through 1.0.2h allows remote attackers to cause a denial of service (out-of-bounds read and application cra
|
13-12-2022 - 12:15 | 01-08-2016 - 02:59 | |
CVE-2016-7052 | 5.0 |
crypto/x509/x509_vfy.c in OpenSSL 1.0.2i allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by triggering a CRL operation.
|
16-08-2022 - 13:17 | 26-09-2016 - 19:59 | |
CVE-2016-6309 | 10.0 |
statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc call, which allows remote attackers to cause a denial of service (use-after-free) or possibly execute arbitrary code via a crafted TLS session.
|
12-07-2018 - 01:29 | 26-09-2016 - 19:59 | |
CVE-2016-9260 | 3.5 |
Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to handling of .nessus files.
|
03-02-2017 - 16:12 | 31-01-2017 - 22:59 |