Operations in the DSA signing algorithm should run in constant time in order to avoid side channel attacks. A flaw in the OpenSSL DSA implementation means that a non-constant time codepath is followed for certain operations. This has been demonstrated through a cache-timing attack to be sufficient for an attacker to recover the private DSA key.

altlinux 5

nessus 45

f5 1

prion 1

ubuntucve 1

cve 1

freebsd 2

debiancve 1

osv 4

veracode 1

alpinelinux 1

ibm 69

openvas 30

redhat 5

oraclelinux 2

suse 11

amazon 1

centos 1

fedora 3

cloudfoundry 1

freebsd_advisory 1

archlinux 2

ubuntu 2

debian 2

mageia 1

aix 1

arista 1

gentoo 1

fortinet 1

slackware 1

altlinux

Security fix for the ALT Linux 9 package openssl10 version 1.0.2h-alt2

2016-06-08 00:00:00

Security fix for the ALT Linux 9 package openssl1.1 version 1.0.2h-alt2

2016-06-08 00:00:00

Security fix for the ALT Linux 10 package openssl1.1 version 1.0.2h-alt2

2016-06-08 00:00:00

nessus

F5 Networks BIG-IP : OpenSSL vulnerability (K53084033)

2017-06-09 00:00:00

FreeBSD : OpenSSL -- vulnerability in DSA signing (6f0529e2-2e82-11e6-b2ec-b499baebfeaf)

2016-06-10 00:00:00

Arista Networks EOS Multiple Vulnerabilities (SA0024) (SWEET32)

2018-02-28 00:00:00

K53084033 : OpenSSL vulnerability CVE-2016-2178

2016-07-14 00:00:00

prion

Crlf injection

2016-06-20 01:59:00

ubuntucve

CVE-2016-2178

2016-06-19 00:00:00

cve

CVE-2016-2178

2016-06-20 01:59:00

freebsd

OpenSSL -- vulnerability in DSA signing

2016-06-09 00:00:00

OpenSSL -- multiple vulnerabilities

2016-09-22 00:00:00

debiancve

CVE-2016-2178

2016-06-20 01:59:00

osv

CVE-2016-2178

2016-06-20 01:59:00

openssl - regression update

2016-09-22 00:00:00

openssl - security update

2016-09-25 00:00:00

veracode

Timing Attacks

2017-01-26 07:29:41

alpinelinux

CVE-2016-2178

2016-06-20 01:59:00

ibm

Security Bulletin: Vulnerabilitiy in OpenSSL affect IBM Storwize V7000 Unified

2018-06-18 00:28:35

Security Bulletin: IBM b-type SAN switches and directors affected by Open Source OpenSSL Vulnerabilities (CVE-2016-2177, CVE-2016-2178).

2023-02-28 01:48:51

Security Bulletin: Vulnerabilities in OpenSSL affect IBM Integrated Management Module (IMM) for System x & BladeCenter (CVE-2016-2177, CVE-2016-2178)

2023-04-14 14:32:25

openvas

OpenSSL Multiple Vulnerabilities - 19 (Jun 2016) - Windows

2016-06-29 00:00:00

OpenSSL Multiple Vulnerabilities -19 (Jun 2016) - Linux

2016-06-29 00:00:00

SUSE: Security Advisory (SUSE-SU-2016:2470-1)

2021-06-09 00:00:00

redhat

(RHSA-2017:1658) Important: Red Hat JBoss Enterprise Application Platform 6.4.16 natives update

2017-06-28 19:58:57

(RHSA-2017:1659) Important: Red Hat JBoss Enterprise Application Platform 6.4.16 natives update

2017-06-28 19:59:12

(RHSA-2017:0194) Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Release on RHEL 7

2017-01-25 19:53:20

oraclelinux

openssl security update

2016-10-13 00:00:00

openssl security update

2016-09-27 00:00:00

suse

Security update for nodejs4 (important)

2016-10-06 20:14:21

Security update for nodejs4 (important)

2016-11-01 16:19:35

Security update for nodejs (important)

2016-10-11 19:20:03

amazon

Medium: openssl

2016-10-12 17:00:00

centos

openssl security update

2016-09-28 14:48:04

fedora

[SECURITY] Fedora 23 Update: openssl-1.0.2j-1.fc23

2016-10-11 23:24:05

[SECURITY] Fedora 24 Update: openssl-1.0.2j-1.fc24

2016-09-28 01:57:16

[SECURITY] Fedora 25 Update: openssl-1.0.2j-1.fc25

2016-10-09 03:28:42

cloudfoundry

USN-3087-2 OpenSSL Regression | Cloud Foundry

2016-09-28 00:00:00

freebsd_advisory

FreeBSD-SA-16:26.openssl

2016-09-23 00:00:00

archlinux

[ASA-201609-23] openssl: multiple issues

2016-09-26 00:00:00

[ASA-201609-24] lib32-openssl: multiple issues

2016-09-26 00:00:00

ubuntu

OpenSSL vulnerabilities

2016-09-22 00:00:00

OpenSSL regression

2016-09-23 00:00:00

debian

[SECURITY] [DLA 637-1] openssl security update

2016-09-25 11:55:01

[SECURITY] [DSA 3673-1] openssl security update

2016-09-22 16:50:14

mageia

Updated openssl packages fix security vulnerabilities

2016-10-12 01:12:20

aix

Vulnerabilities in OpenSSL affect AIX

2016-11-14 13:29:26

arista

Security Advisory 0024

2016-10-04 00:00:00

gentoo

OpenSSL: Multiple vulnerabilities

2016-12-07 00:00:00

fortinet

OpenSSL Security Advisory [22 Sept 2016]

2017-04-03 00:00:00

slackware

[slackware-security] openssl

2016-09-22 18:53:12

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

7.4 High

AI Score

Confidence

High

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

48.4%

JSON

Related for OPENSSL:CVE-2016-2178