Search CVE reports


Toggle filters

111 – 120 of 279 results


CVE-2016-2182

Low priority

Some fixes available 9 of 10

The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly...

2 affected packages

openssl, openssl098

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
openssl Fixed
openssl098 Not in release
Show less packages

CVE-2016-2181

Low priority

Some fixes available 9 of 10

The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number, which allows remote attackers to cause a denial of...

2 affected packages

openssl, openssl098

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
openssl Fixed
openssl098 Not in release
Show less packages

CVE-2016-2180

Low priority

Some fixes available 9 of 11

The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation in OpenSSL through 1.0.2h allows remote attackers to cause a denial of service (out-of-bounds read...

2 affected packages

openssl, openssl098

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
openssl Fixed
openssl098 Not in release
Show less packages

CVE-2016-2179

Low priority

Some fixes available 9 of 10

The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service (memory consumption)...

2 affected packages

openssl, openssl098

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
openssl Fixed
openssl098 Not in release
Show less packages

CVE-2016-2178

Low priority

Some fixes available 9 of 11

The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a...

2 affected packages

openssl, openssl098

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
openssl Fixed
openssl098 Not in release
Show less packages

CVE-2016-2177

Low priority

Some fixes available 9 of 11

OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified...

2 affected packages

openssl, openssl098

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
openssl Fixed
openssl098 Not in release
Show less packages

CVE-2016-2176

Negligible priority
Not affected

The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to obtain sensitive information from process stack memory or cause a denial of service...

2 affected packages

openssl, openssl098

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
openssl
openssl098
Show less packages

CVE-2016-2109

Medium priority

Some fixes available 10 of 11

The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short...

2 affected packages

openssl098, openssl

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
openssl098 Not in release
openssl Fixed
Show less packages

CVE-2016-2108

High priority

Some fixes available 10 of 11

The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted...

2 affected packages

openssl, openssl098

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
openssl Fixed
openssl098 Not in release
Show less packages

CVE-2016-2107

High priority

Some fixes available 10 of 11

The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via...

2 affected packages

openssl, openssl098

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
openssl Fixed
openssl098 Not in release
Show less packages