Vulnerabilities > Openssl > Openssl > 1.0.2g
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2016-06-20 | CVE-2016-2178 | Information Exposure Through Discrepancy vulnerability in multiple products The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack. | 5.5 |
2016-06-20 | CVE-2016-2177 | Integer Overflow or Wraparound vulnerability in multiple products OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c. | 9.8 |
2016-05-05 | CVE-2016-2176 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Openssl The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to obtain sensitive information from process stack memory or cause a denial of service (buffer over-read) via crafted EBCDIC ASN.1 data. | 8.2 |
2016-05-05 | CVE-2016-2109 | Resource Management Errors vulnerability in multiple products The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding. | 7.5 |
2016-05-05 | CVE-2016-2107 | Information Exposure vulnerability in multiple products The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. | 5.9 |
2016-05-05 | CVE-2016-2106 | Numeric Errors vulnerability in multiple products Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data. | 7.5 |
2016-05-05 | CVE-2016-2105 | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data. | 7.5 |