CVSS: 5.5EPSS: 0%CPEs: 45EXPL: 0CVE-2016-2178 – openssl: Non-constant time codepath followed for certain operations in DSA implementation
https://notcve.org/view.php?id=CVE-2016-2178
20 Jun 2016 — The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack. La función dsa_sign_setup en crypto/dsa/dsa_ossl.c en OpenSSL hasta la versión 1.0.2h no asegura correctamente la utilización de operaciones de tiempo constante, lo que facilita a usuarios locales descubrir una clave privada DSA a través de un ataque de sincronización ... • http://eprint.iacr.org/2016/594.pdf • CWE-203: Observable Discrepancy CWE-385: Covert Timing Channel •
CVSS: 9.3EPSS: 5%CPEs: 13EXPL: 0CVE-2016-1669 – V8: integer overflow leading to buffer overflow in Zone::New
https://notcve.org/view.php?id=CVE-2016-1669
13 May 2016 — The Zone::New function in zone.cc in Google V8 before 5.0.71.47, as used in Google Chrome before 50.0.2661.102, does not properly determine when to expand certain memory allocations, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted JavaScript code. La función Zone::New en zone.cc en Google V8 en versiones anteriores a 5.0.71.47, tal como se utiliza en Google Chrome en versiones anteriores a 50.0.2661.102, no determina correcta... • http://googlechromereleases.blogspot.com/2016/05/stable-channel-update.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 48%CPEs: 61EXPL: 0CVE-2016-2105 – openssl: EVP_EncodeUpdate overflow
https://notcve.org/view.php?id=CVE-2016-2105
03 May 2016 — Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data. Desbordamiento de entero en la función EVP_EncodeUpdate en crypto/evp/encode.c en OpenSSL en versiones anteriores a 1.0.1t y 1.0.2 en versiones anteriores a 1.0.2h permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria dinámica) a través de una ... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVSS: 5.9EPSS: 82%CPEs: 60EXPL: 3CVE-2016-2107 – OpenSSL - Padding Oracle in AES-NI CBC MAC Check
https://notcve.org/view.php?id=CVE-2016-2107
03 May 2016 — The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169. La implementación de AES-NI en OpenSSL en versiones anteriores a 1.0.1t y 1.0.2 en versiones anteriores a 1.0.2h no considera la asignación de memoria durante una... • https://www.exploit-db.com/exploits/39768 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-310: Cryptographic Issues •