Lucene search
K

15 matches found

Tenable Nessus
Tenable Nessus
added 2025/03/13 12:0 a.m.9 views

Siemens SCALANCE X-200RNA Switch Devices Uncontrolled Resource Consumption (CVE-2016-6307)

The state-machine implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service memory consumption via crafted TLS messages, related to statem/statem.c and statem/statemlib.c. This plugin onl...

5.9CVSS7.3AI score0.13837EPSS
Exploits0References4
F5 Networks
F5 Networks
added 2023/02/21 7:56 p.m.59 views

K09422508: OpenSSL vulnerabilities CVE-2016-6307 and CVE-2016-6308

Security Advisory Description CVE-2016-6307 The state-machine implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service memory consumption via crafted TLS messages, related to...

7.1CVSS7.5AI score0.14067EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2019/10/18 3:10 a.m.30 views

Security Bulletin: Multiple Vulnerabilities in Glibc, GNU C and OpenSSL affect IBM Netezza Firmware Diagnostics

Summary Glibc, GNU C and OpenSSL are used by IBM Netezza Firmware Diagnostics. IBM Netezza Firmware Diagnostics Support Tools has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-1234 DESCRIPTION: glibc is vulnerable to a denial of service, caused by a stack-based buffer...

7.5CVSS1.2AI score0.41683EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/08/08 4:13 a.m.38 views

Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Cloud Manager

Summary OpenSSL vulnerabilities were disclosed on September 22 and 26, 2016 by the OpenSSL Project. OpenSSL is used by IBM Cloud Manager. IBM Cloud Manager has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-2177 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caus...

9.8CVSS1AI score0.95707EPSS
Exploits10Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 3:32 p.m.47 views

Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Workload Scheduler

Summary OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by IBM Workload Manager. IBM Workload Manager has addressed the applicable CVEs Vulnerability Details CVEID: CVE-2016-6302 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by the failure to...

10CVSS0.8AI score0.70223EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 8:6 p.m.42 views

Security Bulletin: Vulnerabilities in OpenSSL affect IBM Tealeaf Customer Experience

Summary OpenSSL vulnerabilities were disclosed on September 22 and 26, 2016 by the OpenSSL Project. OpenSSL is used by IBM Tealeaf Customer Experience. IBM Tealeaf Customer Experience has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-6304 DESCRIPTION: OpenSSL is vulnerable ...

9.8CVSS0.7AI score0.63029EPSS
Exploits3Affected Software1
Hacker One
Hacker One
added 2017/04/18 7:41 a.m.90 views

Internet Bug Bounty: Excessive allocation of memory in tls_get_message_header() (CVE-2016-6307)

A TLS message includes 3 bytes for its length in the header for the message. This would allow for messages up to 16Mb in length. Messages of this length are excessive and OpenSSL includes a check to ensure that a peer is sending reasonably sized messages in order to avoid too much memory being...

4.3CVSS7.6AI score0.13837EPSS
Exploits0
F5 Networks
F5 Networks
added 2016/10/19 12:0 a.m.66 views

SOL09422508 - OpenSSL vulnerabilities CVE-2016-6302, CVE-2016-6307, and CVE-2016-6308

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

7.5CVSS2.6AI score0.26441EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2016/10/06 12:0 a.m.44 views

OpenSSL < 1.1.0a Multiple Vulnerabilities

Binary data 9626.prm...

7.8CVSS8.1AI score0.63029EPSS
Exploits3References5
Tenable Nessus
Tenable Nessus
added 2016/09/30 12:0 a.m.78 views

OpenSSL 1.1.0 < 1.1.0a Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 1.1.0a. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.1.0a advisory. - The ssl3readbytes function in record/reclayers3.c in OpenSSL 1.1.0 before 1.1.0a allows remote attackers to cause a denial of...

7.8CVSS7.7AI score0.63029EPSS
Exploits3References13
UbuntuCve
UbuntuCve
added 2016/09/26 7:59 p.m.47 views

CVE-2016-6307

The state-machine implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service memory consumption via crafted TLS messages, related to statem/statem.c and statem/statemlib.c...

5.9CVSS6.9AI score0.13837EPSS
Exploits0References2
OpenSSL
OpenSSL
added 2016/09/26 12:0 a.m.47 views

Vulnerability in OpenSSL - Fix Use After Free for large message sizes

This issue only affects OpenSSL 1.1.0a, released on 22nd September 2016. The patch applied to address CVE-2016-6307 resulted in an issue where if a message larger than approx 16k is received then the underlying buffer to store the incoming message is reallocated and moved. Unfortunately a danglin...

7.9AI score0.70223EPSS
Exploits0Affected Software1
CVE
CVE
added 2016/09/26 12:0 a.m.96 views

CVE-2016-6307

OpenSSL CVE-2016-6307 (and related CVE-2016-6308) describe a memory-allocation flaw in the 1.1.0 series: the state-machine/dtls1 preprocessing paths allocate memory before checking excessive message length in TLS/DTLS messages, enabling potential denial-of-service via memory consumption. Details ...

5.9CVSS6.9AI score0.13837EPSS
Exploits0References16Affected Software1
OpenVAS
OpenVAS
added 2016/09/26 12:0 a.m.27 views

OpenSSL SSL_peek hang on empty record DoS Vulnerability - Linux

OpenSSL is prone to a Denial of Service DoS vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:openssl:openssl";...

7.5CVSS7.8AI score0.15997EPSS
Exploits1References1
Slackware Linux
Slackware Linux
added 2016/09/22 6:53 p.m.62 views

[slackware-security] openssl

New openssl packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/openssl-1.0.2i-i586-1slack14.2.txz: Upgraded. This update fixes denial-of-service and other security issues. For more...

9.8CVSS8.2AI score0.95707EPSS
Exploits9
Rows per page
Query Builder