CVSS: 5.9EPSS: 82%CPEs: 60EXPL: 3CVE-2016-2107 – OpenSSL - Padding Oracle in AES-NI CBC MAC Check
https://notcve.org/view.php?id=CVE-2016-2107
03 May 2016 — The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169. La implementación de AES-NI en OpenSSL en versiones anteriores a 1.0.1t y 1.0.2 en versiones anteriores a 1.0.2h no considera la asignación de memoria durante una... • https://www.exploit-db.com/exploits/39768 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-310: Cryptographic Issues •
CVSS: 7.5EPSS: 48%CPEs: 61EXPL: 0CVE-2016-2105 – openssl: EVP_EncodeUpdate overflow
https://notcve.org/view.php?id=CVE-2016-2105
03 May 2016 — Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data. Desbordamiento de entero en la función EVP_EncodeUpdate en crypto/evp/encode.c en OpenSSL en versiones anteriores a 1.0.1t y 1.0.2 en versiones anteriores a 1.0.2h permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria dinámica) a través de una ... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 0%CPEs: 74EXPL: 0CVE-2016-2086 – Gentoo Linux Security Advisory 201612-43
https://notcve.org/view.php?id=CVE-2016-2086
07 Apr 2016 — Node.js 0.10.x before 0.10.42, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allow remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header. Node.js 0.10.x en versiones anteriores a 0.10.42, 0.12.x en versiones anteriores a 0.12.10, 4.x en versiones anteriores a 4.3.0 y 5.x en versiones anteriores a 5.6.0 permite a atacantes remotos llevar a cabo ataques de contrabando de peticiones HTTP a través de una cabecera Content-Length HTTP. Multiple vulnera... • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177184.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 2%CPEs: 85EXPL: 1CVE-2016-2216 – Gentoo Linux Security Advisory 201612-43
https://notcve.org/view.php?id=CVE-2016-2216
11 Feb 2016 — The HTTP header parsing code in Node.js 0.10.x before 0.10.42, 0.11.6 through 0.11.16, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allows remote attackers to bypass an HTTP response-splitting protection mechanism via UTF-8 encoded Unicode characters in the HTTP header, as demonstrated by %c4%8d%c4%8a. El código de interpretacción de cabecera HTTP en Node.js 0.10.x en versiones anteriores a 0.10.42, 0.11.6 hasta la versión 0.11.16, 0.12.x en versiones anteriores a 0.12.10, 4.x en versiones ... • https://packetstorm.news/files/id/135711 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 1%CPEs: 14EXPL: 0CVE-2015-8027 – Gentoo Linux Security Advisory 201612-43
https://notcve.org/view.php?id=CVE-2015-8027
02 Jan 2016 — Node.js 0.12.x before 0.12.9, 4.x before 4.2.3, and 5.x before 5.1.1 does not ensure the availability of a parser for each HTTP socket, which allows remote attackers to cause a denial of service (uncaughtException and service outage) via a pipelined HTTP request. Node.js 0.12.x en versiones anteriores a 0.12.9, 4.x en versiones anteriores a 4.2.3 y 5.x en versiones anteriores a 5.1.1 no asegura la disponibilidad de un analizador para cada socket HTTP, lo que permite a atacantes remotos provocar una denegaci... • http://lists.opensuse.org/opensuse-updates/2016-01/msg00045.html • CWE-17: DEPRECATED: Code •
CVSS: 7.5EPSS: 58%CPEs: 32EXPL: 1CVE-2015-3194 – OpenSSL: Certificate verify crash with missing PSS parameter
https://notcve.org/view.php?id=CVE-2015-3194
03 Dec 2015 — crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation function parameter. crypto/rsa/rsa_ameth.c en OpenSSL 1.0.1 en versiones anteriores a 1.0.1q y 1.0.2 en versiones anteriores a 1.0.2e permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL y caída de aplicación) a través de una firma RS... • https://github.com/Trinadh465/OpenSSL-1_0_1g_CVE-2015-3194 • CWE-476: NULL Pointer Dereference •