CVSS: 10.0EPSS: 32%CPEs: 35EXPL: 0CVE-2016-0799 – OpenSSL: Fix memory issues in BIO_*printf functions
https://notcve.org/view.php?id=CVE-2016-0799
01 Mar 2016 — The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842. La función fmtstr en crypto/bio/b_print.c en OpenSSL 1.0.1 en versiones anteriores a 1.0.1s y 1.0.2 en versiones anteriores a ... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.9EPSS: 89%CPEs: 34EXPL: 1CVE-2016-0800 – SSL/TLS: Cross-protocol attack on TLS using SSLv2 (DROWN)
https://notcve.org/view.php?id=CVE-2016-0800
01 Mar 2016 — The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a "DROWN" attack. El protocolo SSLv2, como se utiliza en OpenSSL en versiones anteriores a 1.0.1s y 1.0.2 en versiones anteriores a 1.0.2g y otros productos requiere... • https://github.com/anthophilee/A2SV--SSL-VUL-Scan • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-310: Cryptographic Issues •