Vulnerability & Exploit Database

Displaying entries 1 - 10 of 55 in total

Results for: CVE-2016-0800 Back to search

FreeBSD: FreeBSD -- Multiple OpenSSL vulnerabilities (FreeBSD-SA-16:12.openssl) (Multiple CVEs) Vulnerability

  • Severity: 10
  • Published: March 03, 2016

The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data,...

Amazon Linux AMI: Security patch for openssl (ALAS-2016-661) (multiple CVEs) Vulnerability

  • Severity: 10
  • Published: March 03, 2016

The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data,...

Alpine Linux: CVE-2016-0800: openssl Multiple vulnerabilities Vulnerability

  • Severity: 4
  • Published: March 03, 2016

The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding orac...

SUSE: CVE-2016-0800: SUSE Linux Security Advisory Vulnerability

  • Severity: 4
  • Published: March 01, 2016

The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding orac...

Cross-protocol attack on TLS using SSLv2 (DROWN) (CVE-2016-0800) Vulnerability

  • Severity: 4
  • Published: March 01, 2016

The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA paddi...

Palo Alto Networks PAN-SA-2016-0030 (CVE-2016-0800): OpenSSL Vulnerabilities Vulnerability

  • Severity: 4
  • Published: March 01, 2016

The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding orac...

Oracle Linux: CVE-2016-0800: ELSA-2016-0372 - openssl098e security update Vulnerability

  • Severity: 4
  • Published: March 01, 2016

The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding orac...

RHSA-2016:0302: openssl security update Vulnerability

  • Severity: 5
  • Published: March 01, 2016

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)and Transport Layer Security (TLS v1) protocols, as well as afull-strength, general purpose cryptography library.A padding oracle flaw was found in the Secure Sockets Layer version 2.0(SSLv2) protocol. An attacker can potentially use this flaw to decryptRSA-encrypte...