CVSS: 7.5EPSS: 6%CPEs: 5EXPL: 0CVE-2016-7052 – Gentoo Linux Security Advisory 201612-16
https://notcve.org/view.php?id=CVE-2016-7052
26 Sep 2016 — crypto/x509/x509_vfy.c in OpenSSL 1.0.2i allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by triggering a CRL operation. crypto/x509/x509_vfy.c en OpenSSL 1.0.2i permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL y caída de aplicación) desencadenando una operación CRL. Multiple vulnerabilities have been found in OpenSSL, the worst of which allows attackers to conduct a time based side-channel attack. Versions less t... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 20%CPEs: 41EXPL: 1CVE-2016-6304 – openssl: OCSP Status Request extension unbounded memory growth
https://notcve.org/view.php?id=CVE-2016-6304
22 Sep 2016 — Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions. Múltiples fugas de memoria en t1_lib.c en OpenSSL en versiones anteriores a 1.0.1u, 1.0.2 en versiones anteriores a 1.0.2i y 1.1.0 en versiones anteriores a 1.1.0a permiten a atacantes remotos provocar una denegación de servicio (consumo de memoria) a través de grandes extensiones OCSP Statu... • https://packetstorm.news/files/id/139091 • CWE-400: Uncontrolled Resource Consumption CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.9EPSS: 9%CPEs: 51EXPL: 0CVE-2016-6306 – openssl: certificate message OOB reads
https://notcve.org/view.php?id=CVE-2016-6306
22 Sep 2016 — The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c. El analizador certificado en OpenSSL en versiones anteriores a 1.0.1u y 1.0.2 en versiones anteriores a 1.0.2i podría permitir a atacantes remotos provocar una denegación de servicio (lectura fuera de rango) a través de operaciones certificadas manipuladas, relacionado con s3_clnt.c y s3_... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 • CWE-125: Out-of-bounds Read •