4.3.2

DATE	CVE	VULNERABILITY TITLE	RISK
2016-05-14	CVE-2016-1669	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The Zone::New function in zone.cc in Google V8 before 5.0.71.47, as used in Google Chrome before 50.0.2661.102, does not properly determine when to expand certain memory allocations, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted JavaScript code. network low complexity debian google opensuse nodejs canonical CWE-119	8.8
2016-05-05	CVE-2016-2107	Information Exposure vulnerability in multiple products The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. network high complexity redhat opensuse openssl google hp nodejs debian canonical CWE-200	5.9
2016-05-05	CVE-2016-2105	Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data. network low complexity redhat opensuse oracle apple openssl debian canonical nodejs CWE-190	7.5