CVSS: 7.5EPSS: 88%CPEs: 3EXPL: 1CVE-2016-7054 – ChaCha20/Poly1305 heap-buffer-overflow
https://notcve.org/view.php?id=CVE-2016-7054
In OpenSSL 1.1.0 before 1.1.0c, TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads. This can result in an OpenSSL crash. This issue is not considered to be exploitable beyond a DoS. En OpenSSL 1.1.0 anterior a 1.1.0c, las conexiones TLS que utilizan *-CHACHA20-POLY1305 ciphersuites pueden ser víctimas de una denegación de servicio si se corrompe el payload. Esto puede derivar la caída de OpenSSL. • https://www.exploit-db.com/exploits/40899 http://www.securityfocus.com/bid/94238 http://www.securitytracker.com/id/1037261 https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03744en_us https://www.openssl.org/news/secadv/20161110.txt • CWE-284: Improper Access Control •
CVSS: 10.0EPSS: 91%CPEs: 1EXPL: 0CVE-2016-6309
https://notcve.org/view.php?id=CVE-2016-6309
statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc call, which allows remote attackers to cause a denial of service (use-after-free) or possibly execute arbitrary code via a crafted TLS session. statem/statem.c en OpenSSL 1.1.0a no considera el movimiento de bloque de memoria después de una llamada realloc, lo que permite a atacantes remotos provocar una denegación de servicio (uso después de liberación de memoria) o posiblemente ejecutar código arbitrario a través de una sesión TLS manipulada. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 http://www-01.ibm.com/support/docview.wss?uid=swg21995039 http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html http://www.securityfocus.com/bid/93177 http://www.securitytracker.com/id/1036885 https • CWE-416: Use After Free •
CVSS: 7.5EPSS: 42%CPEs: 5EXPL: 0CVE-2016-7052
https://notcve.org/view.php?id=CVE-2016-7052
crypto/x509/x509_vfy.c in OpenSSL 1.0.2i allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by triggering a CRL operation. crypto/x509/x509_vfy.c en OpenSSL 1.0.2i permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL y caída de aplicación) desencadenando una operación CRL. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html http://www-01.ibm.com/support/docview.wss?uid=swg21995039 http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html http://www&# • CWE-476: NULL Pointer Dereference •
CVSS: 5.9EPSS: 19%CPEs: 51EXPL: 0CVE-2016-6306 – openssl: certificate message OOB reads
https://notcve.org/view.php?id=CVE-2016-6306
The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c. El analizador certificado en OpenSSL en versiones anteriores a 1.0.1u y 1.0.2 en versiones anteriores a 1.0.2i podría permitir a atacantes remotos provocar una denegación de servicio (lectura fuera de rango) a través de operaciones certificadas manipuladas, relacionado con s3_clnt.c y s3_srvr.c. Multiple out of bounds read flaws were found in the way OpenSSL handled certain TLS/SSL protocol handshake messages. A remote attacker could possibly use these flaws to crash a TLS/SSL server or client using OpenSSL. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.h • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 57%CPEs: 1EXPL: 1CVE-2016-6305
https://notcve.org/view.php?id=CVE-2016-6305
The ssl3_read_bytes function in record/rec_layer_s3.c in OpenSSL 1.1.0 before 1.1.0a allows remote attackers to cause a denial of service (infinite loop) by triggering a zero-length record in an SSL_peek call. La función ssl3_read_bytes en record/rec_layer_s3.c en OpenSSL 1.1.0 en versiones anteriores a 1.1.0a permite a atacantes remotos provocar una denegación de servicio (bucle infinito) desencadenando un registro de longitud cero en una llamada SSL_peek. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 http://www-01.ibm.com/support/docview.wss?uid=swg21995039 http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www. • CWE-20: Improper Input Validation •