Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2016-2181

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-16 Sep, 2016 | 00:00
Updated At-05 Aug, 2024 | 23:17
Rejected At-
Credits

The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number, which allows remote attackers to cause a denial of service (false-positive packet drops) via spoofed DTLS records, related to rec_layer_d1.c and ssl3_record.c.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:16 Sep, 2016 | 00:00
Updated At:05 Aug, 2024 | 23:17
Rejected At:
▼CVE Numbering Authority (CNA)

The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number, which allows remote attackers to cause a denial of service (false-positive packet drops) via spoofed DTLS records, related to rec_layer_d1.c and ssl3_record.c.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/bid/92982
vdb-entry
https://www.tenable.com/security/tns-2016-20
N/A
http://www.splunk.com/view/SP-CAAAPUE
N/A
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
N/A
http://rhn.redhat.com/errata/RHSA-2016-1940.html
vendor-advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
N/A
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312
N/A
http://www.splunk.com/view/SP-CAAAPSV
N/A
http://www-01.ibm.com/support/docview.wss?uid=swg21995039
N/A
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
N/A
https://www.tenable.com/security/tns-2016-16
N/A
https://www.tenable.com/security/tns-2016-21
N/A
http://www.securitytracker.com/id/1036690
vdb-entry
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
N/A
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
N/A
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=1fb9fdc3027b27d8eb6a1e6a846435b070980770
N/A
http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
N/A
https://bto.bluecoat.com/security-advisory/sa132
N/A
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
N/A
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc
vendor-advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
N/A
https://kc.mcafee.com/corporate/index?page=content&id=SB10215
N/A
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html
vendor-advisory
http://www.ubuntu.com/usn/USN-3087-1
vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html
vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html
vendor-advisory
http://www.ubuntu.com/usn/USN-3087-2
vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html
vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html
vendor-advisory
http://seclists.org/fulldisclosure/2017/Jul/31
mailing-list
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html
vendor-advisory
https://support.f5.com/csp/article/K59298921
N/A
http://www.debian.org/security/2016/dsa-3673
vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html
vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html
vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html
vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html
vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html
vendor-advisory
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en
N/A
https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24
N/A
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
N/A
Hyperlink: http://www.securityfocus.com/bid/92982
Resource:
vdb-entry
Hyperlink: https://www.tenable.com/security/tns-2016-20
Resource: N/A
Hyperlink: http://www.splunk.com/view/SP-CAAAPUE
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-1940.html
Resource:
vendor-advisory
Hyperlink: http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
Resource: N/A
Hyperlink: https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312
Resource: N/A
Hyperlink: http://www.splunk.com/view/SP-CAAAPSV
Resource: N/A
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21995039
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
Resource: N/A
Hyperlink: https://www.tenable.com/security/tns-2016-16
Resource: N/A
Hyperlink: https://www.tenable.com/security/tns-2016-21
Resource: N/A
Hyperlink: http://www.securitytracker.com/id/1036690
Resource:
vdb-entry
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
Resource: N/A
Hyperlink: https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=1fb9fdc3027b27d8eb6a1e6a846435b070980770
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
Resource: N/A
Hyperlink: https://bto.bluecoat.com/security-advisory/sa132
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
Resource: N/A
Hyperlink: https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc
Resource:
vendor-advisory
Hyperlink: http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
Resource: N/A
Hyperlink: https://kc.mcafee.com/corporate/index?page=content&id=SB10215
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html
Resource:
vendor-advisory
Hyperlink: http://www.ubuntu.com/usn/USN-3087-1
Resource:
vendor-advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html
Resource:
vendor-advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html
Resource:
vendor-advisory
Hyperlink: http://www.ubuntu.com/usn/USN-3087-2
Resource:
vendor-advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html
Resource:
vendor-advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html
Resource:
vendor-advisory
Hyperlink: http://seclists.org/fulldisclosure/2017/Jul/31
Resource:
mailing-list
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html
Resource:
vendor-advisory
Hyperlink: https://support.f5.com/csp/article/K59298921
Resource: N/A
Hyperlink: http://www.debian.org/security/2016/dsa-3673
Resource:
vendor-advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html
Resource:
vendor-advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html
Resource:
vendor-advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html
Resource:
vendor-advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html
Resource:
vendor-advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html
Resource:
vendor-advisory
Hyperlink: http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en
Resource: N/A
Hyperlink: https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24
Resource: N/A
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
Resource: N/A
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/bid/92982
vdb-entry
x_transferred
https://www.tenable.com/security/tns-2016-20
x_transferred
http://www.splunk.com/view/SP-CAAAPUE
x_transferred
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
x_transferred
http://rhn.redhat.com/errata/RHSA-2016-1940.html
vendor-advisory
x_transferred
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
x_transferred
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312
x_transferred
http://www.splunk.com/view/SP-CAAAPSV
x_transferred
http://www-01.ibm.com/support/docview.wss?uid=swg21995039
x_transferred
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
x_transferred
https://www.tenable.com/security/tns-2016-16
x_transferred
https://www.tenable.com/security/tns-2016-21
x_transferred
http://www.securitytracker.com/id/1036690
vdb-entry
x_transferred
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
x_transferred
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
x_transferred
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=1fb9fdc3027b27d8eb6a1e6a846435b070980770
x_transferred
http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
x_transferred
https://bto.bluecoat.com/security-advisory/sa132
x_transferred
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
x_transferred
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc
vendor-advisory
x_transferred
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
x_transferred
https://kc.mcafee.com/corporate/index?page=content&id=SB10215
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html
vendor-advisory
x_transferred
http://www.ubuntu.com/usn/USN-3087-1
vendor-advisory
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html
vendor-advisory
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html
vendor-advisory
x_transferred
http://www.ubuntu.com/usn/USN-3087-2
vendor-advisory
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html
vendor-advisory
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html
vendor-advisory
x_transferred
http://seclists.org/fulldisclosure/2017/Jul/31
mailing-list
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html
vendor-advisory
x_transferred
https://support.f5.com/csp/article/K59298921
x_transferred
http://www.debian.org/security/2016/dsa-3673
vendor-advisory
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html
vendor-advisory
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html
vendor-advisory
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html
vendor-advisory
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html
vendor-advisory
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html
vendor-advisory
x_transferred
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en
x_transferred
https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24
x_transferred
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
x_transferred
Hyperlink: http://www.securityfocus.com/bid/92982
Resource:
vdb-entry
x_transferred
Hyperlink: https://www.tenable.com/security/tns-2016-20
Resource:
x_transferred
Hyperlink: http://www.splunk.com/view/SP-CAAAPUE
Resource:
x_transferred
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
Resource:
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-1940.html
Resource:
vendor-advisory
x_transferred
Hyperlink: http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
Resource:
x_transferred
Hyperlink: https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312
Resource:
x_transferred
Hyperlink: http://www.splunk.com/view/SP-CAAAPSV
Resource:
x_transferred
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21995039
Resource:
x_transferred
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
Resource:
x_transferred
Hyperlink: https://www.tenable.com/security/tns-2016-16
Resource:
x_transferred
Hyperlink: https://www.tenable.com/security/tns-2016-21
Resource:
x_transferred
Hyperlink: http://www.securitytracker.com/id/1036690
Resource:
vdb-entry
x_transferred
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
Resource:
x_transferred
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
Resource:
x_transferred
Hyperlink: https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=1fb9fdc3027b27d8eb6a1e6a846435b070980770
Resource:
x_transferred
Hyperlink: http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
Resource:
x_transferred
Hyperlink: https://bto.bluecoat.com/security-advisory/sa132
Resource:
x_transferred
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
Resource:
x_transferred
Hyperlink: https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc
Resource:
vendor-advisory
x_transferred
Hyperlink: http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
Resource:
x_transferred
Hyperlink: https://kc.mcafee.com/corporate/index?page=content&id=SB10215
Resource:
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html
Resource:
vendor-advisory
x_transferred
Hyperlink: http://www.ubuntu.com/usn/USN-3087-1
Resource:
vendor-advisory
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html
Resource:
vendor-advisory
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html
Resource:
vendor-advisory
x_transferred
Hyperlink: http://www.ubuntu.com/usn/USN-3087-2
Resource:
vendor-advisory
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html
Resource:
vendor-advisory
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html
Resource:
vendor-advisory
x_transferred
Hyperlink: http://seclists.org/fulldisclosure/2017/Jul/31
Resource:
mailing-list
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html
Resource:
vendor-advisory
x_transferred
Hyperlink: https://support.f5.com/csp/article/K59298921
Resource:
x_transferred
Hyperlink: http://www.debian.org/security/2016/dsa-3673
Resource:
vendor-advisory
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html
Resource:
vendor-advisory
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html
Resource:
vendor-advisory
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html
Resource:
vendor-advisory
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html
Resource:
vendor-advisory
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html
Resource:
vendor-advisory
x_transferred
Hyperlink: http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en
Resource:
x_transferred
Hyperlink: https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24
Resource:
x_transferred
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
Resource:
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:16 Sep, 2016 | 05:59
Updated At:12 Apr, 2025 | 10:46

The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number, which allows remote attackers to cause a denial of service (false-positive packet drops) via spoofed DTLS records, related to rec_layer_d1.c and ssl3_record.c.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.07.5HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 3.0
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CPE Matches
OpenSSL
openssl
>>openssl>>1.0.1
cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>1.0.1a
cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>1.0.1b
cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>1.0.1c
cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>1.0.1d
cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>1.0.1e
cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>1.0.1f
cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>1.0.1g
cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>1.0.1h
cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>1.0.1i
cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>1.0.1j
cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>1.0.1k
cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>1.0.1l
cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>1.0.1m
cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>1.0.1n
cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>1.0.1o
cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>1.0.1p
cpe:2.3:a:openssl:openssl:1.0.1p:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>1.0.1q
cpe:2.3:a:openssl:openssl:1.0.1q:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>1.0.1r
cpe:2.3:a:openssl:openssl:1.0.1r:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>1.0.1s
cpe:2.3:a:openssl:openssl:1.0.1s:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>1.0.1t
cpe:2.3:a:openssl:openssl:1.0.1t:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>1.0.2
cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>1.0.2a
cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>1.0.2b
cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>1.0.2c
cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>1.0.2d
cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>1.0.2e
cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>1.0.2f
cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>1.0.2g
cpe:2.3:a:openssl:openssl:1.0.2g:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>1.0.2h
cpe:2.3:a:openssl:openssl:1.0.2h:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>linux>>6
cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>linux>>7
cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-189Primarynvd@nist.gov
CWE ID: CWE-189
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759secalert@redhat.com
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.htmlsecalert@redhat.com
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.htmlsecalert@redhat.com
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.htmlsecalert@redhat.com
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.htmlsecalert@redhat.com
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.htmlsecalert@redhat.com
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.htmlsecalert@redhat.com
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.htmlsecalert@redhat.com
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.htmlsecalert@redhat.com
N/A
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.htmlsecalert@redhat.com
N/A
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.htmlsecalert@redhat.com
N/A
http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.htmlsecalert@redhat.com
N/A
http://rhn.redhat.com/errata/RHSA-2016-1940.htmlsecalert@redhat.com
N/A
http://seclists.org/fulldisclosure/2017/Jul/31secalert@redhat.com
N/A
http://www-01.ibm.com/support/docview.wss?uid=swg21995039secalert@redhat.com
Third Party Advisory
http://www.debian.org/security/2016/dsa-3673secalert@redhat.com
N/A
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-ensecalert@redhat.com
N/A
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlsecalert@redhat.com
N/A
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlsecalert@redhat.com
N/A
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlsecalert@redhat.com
N/A
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.htmlsecalert@redhat.com
Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlsecalert@redhat.com
N/A
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.htmlsecalert@redhat.com
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.htmlsecalert@redhat.com
Third Party Advisory
http://www.securityfocus.com/bid/92982secalert@redhat.com
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1036690secalert@redhat.com
N/A
http://www.splunk.com/view/SP-CAAAPSVsecalert@redhat.com
Third Party Advisory
http://www.splunk.com/view/SP-CAAAPUEsecalert@redhat.com
Third Party Advisory
http://www.ubuntu.com/usn/USN-3087-1secalert@redhat.com
N/A
http://www.ubuntu.com/usn/USN-3087-2secalert@redhat.com
N/A
https://bto.bluecoat.com/security-advisory/sa132secalert@redhat.com
Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdfsecalert@redhat.com
N/A
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=1fb9fdc3027b27d8eb6a1e6a846435b070980770secalert@redhat.com
N/A
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312secalert@redhat.com
Third Party Advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10215secalert@redhat.com
N/A
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.ascsecalert@redhat.com
N/A
https://support.f5.com/csp/article/K59298921secalert@redhat.com
N/A
https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24secalert@redhat.com
N/A
https://www.tenable.com/security/tns-2016-16secalert@redhat.com
Third Party Advisory
https://www.tenable.com/security/tns-2016-20secalert@redhat.com
N/A
https://www.tenable.com/security/tns-2016-21secalert@redhat.com
N/A
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://rhn.redhat.com/errata/RHSA-2016-1940.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://seclists.org/fulldisclosure/2017/Jul/31af854a3a-2127-422b-91ae-364da2661108
N/A
http://www-01.ibm.com/support/docview.wss?uid=swg21995039af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.debian.org/security/2016/dsa-3673af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-enaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.securityfocus.com/bid/92982af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1036690af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.splunk.com/view/SP-CAAAPSVaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.splunk.com/view/SP-CAAAPUEaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.ubuntu.com/usn/USN-3087-1af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.ubuntu.com/usn/USN-3087-2af854a3a-2127-422b-91ae-364da2661108
N/A
https://bto.bluecoat.com/security-advisory/sa132af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdfaf854a3a-2127-422b-91ae-364da2661108
N/A
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=1fb9fdc3027b27d8eb6a1e6a846435b070980770af854a3a-2127-422b-91ae-364da2661108
N/A
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10215af854a3a-2127-422b-91ae-364da2661108
N/A
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.ascaf854a3a-2127-422b-91ae-364da2661108
N/A
https://support.f5.com/csp/article/K59298921af854a3a-2127-422b-91ae-364da2661108
N/A
https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24af854a3a-2127-422b-91ae-364da2661108
N/A
https://www.tenable.com/security/tns-2016-16af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://www.tenable.com/security/tns-2016-20af854a3a-2127-422b-91ae-364da2661108
N/A
https://www.tenable.com/security/tns-2016-21af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-1940.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://seclists.org/fulldisclosure/2017/Jul/31
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21995039
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://www.debian.org/security/2016/dsa-3673
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://www.securityfocus.com/bid/92982
Source: secalert@redhat.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitytracker.com/id/1036690
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.splunk.com/view/SP-CAAAPSV
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://www.splunk.com/view/SP-CAAAPUE
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://www.ubuntu.com/usn/USN-3087-1
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-3087-2
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://bto.bluecoat.com/security-advisory/sa132
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=1fb9fdc3027b27d8eb6a1e6a846435b070980770
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: https://kc.mcafee.com/corporate/index?page=content&id=SB10215
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://support.f5.com/csp/article/K59298921
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://www.tenable.com/security/tns-2016-16
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: https://www.tenable.com/security/tns-2016-20
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://www.tenable.com/security/tns-2016-21
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-1940.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://seclists.org/fulldisclosure/2017/Jul/31
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21995039
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.debian.org/security/2016/dsa-3673
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.securityfocus.com/bid/92982
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitytracker.com/id/1036690
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.splunk.com/view/SP-CAAAPSV
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.splunk.com/view/SP-CAAAPUE
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.ubuntu.com/usn/USN-3087-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-3087-2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://bto.bluecoat.com/security-advisory/sa132
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=1fb9fdc3027b27d8eb6a1e6a846435b070980770
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://kc.mcafee.com/corporate/index?page=content&id=SB10215
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://support.f5.com/csp/article/K59298921
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://www.tenable.com/security/tns-2016-16
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://www.tenable.com/security/tns-2016-20
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://www.tenable.com/security/tns-2016-21
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

582Records found
CVE-2015-0253
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-6.62% / 90.81%
||
7 Day CHG~0.00%
Published-20 Jul, 2015 | 23:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The read_request_line function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) by sending a request that lacks a method to an installation that enables the INCLUDES filter and has an ErrorDocument 400 directive specifying a local URI.

Action-Not Available
Vendor-n/aThe Apache Software FoundationApple Inc.Oracle Corporation
Product-mac_os_x_serversolarishttp_serverlinuxmac_os_xn/a
CVE-2002-0856
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.74% / 71.91%
||
7 Day CHG~0.00%
Published-02 Apr, 2003 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL*NET listener for Oracle Net Oracle9i 9.0.x and 9.2 allows remote attackers to cause a denial of service (crash) via certain debug requests that are not properly handled by the debugging feature.

Action-Not Available
Vendor-n/aOracle Corporation
Product-database_serveroracle9in/a
CVE-2002-0102
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.56% / 67.36%
||
7 Day CHG~0.00%
Published-15 Mar, 2002 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Oracle9iAS Web Cache 2.0.0.x allows remote attackers to cause a denial of service via (1) a request to TCP ports 1100, 4000, 4001, and 4002 with a large number of null characters, and (2) a request to TCP port 4000 with a large number of "." characters.

Action-Not Available
Vendor-n/aOracle Corporation
Product-application_server_web_cachen/a
CVE-2002-0509
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.86% / 74.16%
||
7 Day CHG~0.00%
Published-11 Jun, 2002 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Transparent Network Substrate (TNS) Listener in Oracle 9i 9.0.1.1 allows remote attackers to cause a denial of service (CPU consumption) via a single malformed TCP packet to port 1521.

Action-Not Available
Vendor-n/aOracle Corporation
Product-oracle9in/a
CVE-2002-0566
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.55% / 80.64%
||
7 Day CHG~0.00%
Published-11 Jun, 2002 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to cause a denial of service (crash) via an HTTP Authorization header without an authentication type.

Action-Not Available
Vendor-n/aOracle Corporation
Product-oracle8iapplication_serverapplication_server_web_cacheoracle9in/a
CVE-2011-4461
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-4.50% / 88.68%
||
7 Day CHG~0.00%
Published-30 Dec, 2011 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jetty 8.1.0.RC2 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

Action-Not Available
Vendor-mortbayn/aOracle Corporation
Product-sun_storage_common_array_managerjettyn/a
CVE-2002-0386
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-44.08% / 97.45%
||
7 Day CHG~0.00%
Published-29 Oct, 2002 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The administration module for Oracle Web Cache in Oracle9iAS (9i Application Suite) 9.0.2 allows remote attackers to cause a denial of service (crash) via (1) an HTTP GET request containing a ".." (dot dot) sequence, or (2) a malformed HTTP GET request with a chunked Transfer-Encoding with missing data.

Action-Not Available
Vendor-n/aOracle Corporation
Product-application_servern/a
CVE-2001-0517
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.72% / 71.62%
||
7 Day CHG~0.00%
Published-09 Mar, 2002 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Oracle listener in Oracle 8i on Solaris allows remote attackers to cause a denial of service via a malformed connection packet with a maximum transport data size that is set to 0.

Action-Not Available
Vendor-n/aOracle Corporation
Product-oracle8in/a
CVE-2019-0233
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-7.78% / 91.58%
||
7 Day CHG~0.00%
Published-14 Sep, 2020 | 16:50
Updated-04 Aug, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An access permission override in Apache Struts 2.0.0 to 2.5.20 may cause a Denial of Service when performing a file upload.

Action-Not Available
Vendor-n/aThe Apache Software FoundationOracle Corporation
Product-financial_services_data_integration_hubstrutsmysql_enterprise_monitorfinancial_services_market_risk_measurement_and_managementcommunications_policy_managementApache Struts
CWE ID-CWE-281
Improper Preservation of Permissions
CVE-2001-0513
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.90% / 74.73%
||
7 Day CHG~0.00%
Published-09 Mar, 2002 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Oracle listener process on Windows NT redirects connection requests to another port and creates a separate thread to process the request, which allows remote attackers to cause a denial of service by repeatedly connecting to the Oracle listener but not connecting to the redirected port.

Action-Not Available
Vendor-n/aOracle Corporation
Product-oracle9in/a
CVE-2019-0210
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-0.30% / 52.58%
||
7 Day CHG~0.00%
Published-28 Oct, 2019 | 22:22
Updated-04 Aug, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid input data.

Action-Not Available
Vendor-Red Hat, Inc.The Apache Software FoundationOracle Corporation
Product-thriftjboss_enterprise_application_platformcommunications_cloud_native_core_network_slice_selection_functionenterprise_linux_serverApache Thrift
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-0222
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-10.30% / 92.87%
||
7 Day CHG~0.00%
Published-28 Mar, 2019 | 21:16
Updated-04 Aug, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive.

Action-Not Available
Vendor-The Apache Software FoundationNetApp, Inc.Debian GNU/LinuxOracle Corporation
Product-communications_diameter_signaling_routerdebian_linuxenterprise_repositoryidentity_manager_connectorgoldengate_stream_analyticsactivemqe-series_santricity_web_servicesenterprise_manager_base_platformApache ActiveMQ
CVE-2001-0515
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.54% / 66.67%
||
7 Day CHG~0.00%
Published-27 Jul, 2001 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Oracle Listener in Oracle 7.3 and 8i allows remote attackers to cause a denial of service via a malformed connection packet with a large offset_to_data value.

Action-Not Available
Vendor-n/aOracle Corporation
Product-oracle8idatabase_servern/a
CVE-2011-3566
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-0.65% / 69.88%
||
7 Day CHG~0.00%
Published-18 Jan, 2012 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 9.2.4, 10.0.2, 10.3.3, 10.3.4, and 10.3.5 allows remote attackers to affect availability via unknown vectors related to Web Container.

Action-Not Available
Vendor-n/aOracle Corporation
Product-fusion_middlewaren/a
CVE-2011-2241
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-0.68% / 70.58%
||
7 Day CHG~0.00%
Published-20 Jul, 2011 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Business Intelligence Enterprise Edition component in Oracle Fusion Middleware 10.1.3.4.1 and 11.1.1.3 allows remote attackers to affect availability via unknown vectors related to Analytics Server.

Action-Not Available
Vendor-n/aOracle Corporation
Product-fusion_middlewaren/a
CVE-2011-1473
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-88.68% / 99.48%
||
7 Day CHG~0.00%
Published-16 Jun, 2012 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OpenSSL before 0.9.8l, and 0.9.8m through 1.x, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection, a different vulnerability than CVE-2011-5094. NOTE: it can also be argued that it is the responsibility of server deployments, not a security library, to prevent or limit renegotiation when it is inappropriate within a specific environment

Action-Not Available
Vendor-n/aOpenSSL
Product-openssln/a
CVE-2016-4556
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-39.41% / 97.19%
||
7 Day CHG~0.00%
Published-10 May, 2016 | 19:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Double free vulnerability in Esi.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via a crafted Edge Side Includes (ESI) response.

Action-Not Available
Vendor-n/aSquid CacheOracle CorporationCanonical Ltd.
Product-squidlinuxubuntu_linuxn/a
CVE-1999-1068
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.42% / 61.17%
||
7 Day CHG~0.00%
Published-12 Sep, 2001 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Oracle Webserver 2.1, when serving PL/SQL stored procedures, allows remote attackers to cause a denial of service via a long HTTP GET request.

Action-Not Available
Vendor-n/aOracle Corporation
Product-http_servern/a
CVE-2016-2105
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-62.17% / 98.29%
||
7 Day CHG~0.00%
Published-05 May, 2016 | 00:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data.

Action-Not Available
Vendor-n/aNode.js (OpenJS Foundation)openSUSERed Hat, Inc.Apple Inc.OpenSSLDebian GNU/LinuxOracle CorporationCanonical Ltd.
Product-enterprise_linux_serverenterprise_linux_server_ausdebian_linuxenterprise_linux_hpc_nodeleapopensusemysqlenterprise_linux_desktopubuntu_linuxenterprise_linux_server_eusenterprise_linux_workstationopensslenterprise_linux_hpc_node_eusmac_os_xnode.jsn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2016-3445
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.3||MEDIUM
EPSS-1.55% / 80.65%
||
7 Day CHG~0.00%
Published-21 Jul, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0 and 12.1.3.0 allows remote attackers to affect availability via vectors related to Web Container, a different vulnerability than CVE-2016-5488.

Action-Not Available
Vendor-n/aOracle Corporation
Product-weblogic_servern/a
CVE-2017-10347
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.3||MEDIUM
EPSS-0.51% / 65.22%
||
7 Day CHG~0.00%
Published-19 Oct, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

Action-Not Available
Vendor-Debian GNU/LinuxRed Hat, Inc.Oracle CorporationNetApp, Inc.
Product-enterprise_linux_desktoponcommand_unified_manageroncommand_balanceplug-in_for_symantec_netbackupenterprise_linux_server_tusenterprise_linux_eusenterprise_linux_workstatione-series_santricity_web_servicesjdke-series_santricity_management_plug-insactive_iq_unified_managersatellitesteelstore_cloud_integrated_storagedebian_linuxenterprise_linux_servercloud_backupenterprise_linux_server_ausoncommand_insightvasa_provider_for_clustered_data_ontapjreoncommand_performance_managerelement_softwaresnapmanagervirtual_storage_consoleoncommand_shifte-series_santricity_storage_manageroncommand_workflow_automationstorage_replication_adapter_for_clustered_data_ontape-series_santricity_os_controllerJava
CVE-2010-0910
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-0.70% / 71.19%
||
7 Day CHG~0.00%
Published-13 Jul, 2010 | 22:07
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Data Server component in Oracle TimesTen In-Memory Database 7.0.6.0 and 11.2.1.4.1 allows remote attackers to affect availability via unknown vectors.

Action-Not Available
Vendor-n/aOracle Corporation
Product-timesten_in-memory_databasen/a
CVE-2010-0856
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-1.14% / 77.50%
||
7 Day CHG~0.00%
Published-13 Apr, 2010 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Portal component in Oracle Fusion Middleware 10.1.2.3 and 10.1.4.2 allows remote attackers to affect availability via unknown vectors.

Action-Not Available
Vendor-n/aOracle Corporation
Product-fusion_middlewaren/a
CVE-2016-3627
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.26% / 49.46%
||
7 Day CHG~0.00%
Published-17 May, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document.

Action-Not Available
Vendor-n/aOracle CorporationCanonical Ltd.HP Inc.libxml2 (XMLSoft)Debian GNU/LinuxopenSUSERed Hat, Inc.
Product-icewall_file_managerenterprise_linux_serverenterprise_linux_server_aussolarislibxml2enterprise_linux_eusleapicewall_federation_agentubuntu_linuxenterprise_linux_desktopjboss_core_servicesvm_serverenterprise_linux_workstationdebian_linuxn/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2010-0740
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-17.44% / 94.81%
||
7 Day CHG~0.00%
Published-26 Mar, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection that triggers a NULL pointer dereference, related to the minor version number. NOTE: some of these details are obtained from third party information.

Action-Not Available
Vendor-n/aOpenSSL
Product-openssln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-35620
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-2.53% / 84.83%
||
7 Day CHG~0.00%
Published-20 Oct, 2021 | 10:50
Updated-25 Sep, 2024 | 19:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-weblogic_serverWebLogic Server
CVE-2011-0846
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-0.65% / 69.88%
||
7 Day CHG~0.00%
Published-20 Apr, 2011 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Sun Java System Access Manager Policy Agent 2.2 allows remote attackers to affect availability via unknown vectors related to Web Proxy Agent.

Action-Not Available
Vendor-n/aOracle Corporation
Product-sun_java_system_access_manager_policy_agentn/a
CVE-2016-2179
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-18.40% / 94.98%
||
7 Day CHG~0.00%
Published-16 Sep, 2016 | 00:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service (memory consumption) by maintaining many crafted DTLS sessions simultaneously, related to d1_lib.c, statem_dtls.c, statem_lib.c, and statem_srvr.c.

Action-Not Available
Vendor-n/aOracle CorporationOpenSSL
Product-openssllinuxn/a
CVE-2010-0074
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-0.68% / 70.58%
||
7 Day CHG~0.00%
Published-13 Jan, 2010 | 01:00
Updated-07 Aug, 2024 | 00:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 7.0SP7, 8.1SP6, 9.0, 9.1, 9.2MP3, 10.0MP2, and 10.3.1 allows remote attackers to affect availability via unknown vectors.

Action-Not Available
Vendor-n/aOracle Corporation
Product-bea_product_suiten/a
CVE-2018-7185
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-12.47% / 93.65%
||
7 Day CHG~0.00%
Published-06 Mar, 2018 | 20:00
Updated-14 Jan, 2025 | 19:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved association causing the victim ntpd to reset its association.

Action-Not Available
Vendor-ntpn/aCanonical Ltd.Synology, Inc.Hewlett Packard Enterprise (HPE)NetApp, Inc.Oracle Corporation
Product-fujitsu_m12-2vs960hd_firmwarefujitsu_m12-2_firmwarefujitsu_m10-4fujitsu_m10-1_firmwarediskstation_managerfujitsu_m12-2subuntu_linuxntpfujitsu_m10-1fujitsu_m10-4_firmwarefujitsu_m10-4svs960hdhpux-ntpfujitsu_m12-1virtual_diskstation_managerfujitsu_m12-2s_firmwarefujitsu_m12-1_firmwarefujitsu_m10-4s_firmwaresolidfirerouter_managerskynashcin/a
CVE-2019-0190
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-24.87% / 95.94%
||
7 Day CHG+1.85%
Published-30 Jan, 2019 | 22:00
Updated-16 Sep, 2024 | 23:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A bug exists in the way mod_ssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause mod_ssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using OpenSSL version 1.1.1 or later, due to an interaction in changes to handling of renegotiation attempts.

Action-Not Available
Vendor-OpenSSLThe Apache Software FoundationOracle Corporation
Product-http_serveropensslinstantis_enterprisetrackretail_xstore_point_of_servicehospitality_guest_accessenterprise_manager_ops_centerApache HTTP Server
CVE-2011-0806
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-0.70% / 71.19%
||
7 Day CHG~0.00%
Published-20 Apr, 2011 | 03:09
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Network Foundation component in Oracle Database Server 10.1.0.5, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2, when running on Windows, allows remote attackers to affect availability via unknown vectors.

Action-Not Available
Vendor-n/aOracle CorporationMicrosoft Corporation
Product-windowsdatabase_servern/a
CVE-2011-0014
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-1.73% / 81.65%
||
7 Day CHG~0.00%
Published-18 Feb, 2011 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ssl/t1_lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c allows remote attackers to cause a denial of service (crash), and possibly obtain sensitive information in applications that use OpenSSL, via a malformed ClientHello handshake message that triggers an out-of-bounds memory access, aka "OCSP stapling vulnerability."

Action-Not Available
Vendor-n/aOpenSSL
Product-openssln/a
CVE-2016-2106
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-64.19% / 98.36%
||
7 Day CHG~0.00%
Published-05 May, 2016 | 00:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data.

Action-Not Available
Vendor-n/aRed Hat, Inc.OpenSSL
Product-enterprise_linux_serverenterprise_linux_server_ausenterprise_linux_hpc_nodeenterprise_linux_hpc_node_eusenterprise_linux_desktopenterprise_linux_server_eusenterprise_linux_workstationopenssln/a
CVE-2016-2109
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-57.62% / 98.08%
||
7 Day CHG~0.00%
Published-05 May, 2016 | 00:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding.

Action-Not Available
Vendor-n/aRed Hat, Inc.OpenSSL
Product-enterprise_linux_serverenterprise_linux_server_ausenterprise_linux_hpc_nodeenterprise_linux_hpc_node_eusenterprise_linux_desktopenterprise_linux_server_eusenterprise_linux_workstationopenssln/a
CVE-2016-2180
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-4.38% / 88.52%
||
7 Day CHG~0.00%
Published-01 Aug, 2016 | 00:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation in OpenSSL through 1.0.2h allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted time-stamp file that is mishandled by the "openssl ts" command.

Action-Not Available
Vendor-n/aOracle CorporationOpenSSL
Product-openssllinuxn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2010-4416
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-2.08% / 83.27%
||
7 Day CHG~0.00%
Published-19 Jan, 2011 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle GoldenGate Veridata component in Oracle Fusion Middleware 3.0.0.4 allows remote attackers to affect availability via unknown vectors related to Server. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable third party researcher that this is a buffer overflow via a crafted XML soap request and a value that does not contain the expected 0x20 terminator character.

Action-Not Available
Vendor-n/aOracle Corporation
Product-fusion_middlewaren/a
CVE-2009-4355
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-13.72% / 94.01%
||
7 Day CHG~0.00%
Published-14 Jan, 2010 | 19:00
Updated-07 Aug, 2024 | 07:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.

Action-Not Available
Vendor-n/aOpenSSLRed Hat, Inc.
Product-openssln/a
CWE ID-CWE-399
Not Available
CVE-2010-4424
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-1.11% / 77.21%
||
7 Day CHG~0.00%
Published-19 Jan, 2011 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft and JDEdwards Suite 8.49.0 through 8.49.29, 8.50.0 through 8.50.14, and 8.51.0 through 8.51.04 allows remote attackers to affect availability via unknown vectors related to the Security sub-component.

Action-Not Available
Vendor-n/aOracle Corporation
Product-peoplesoft_enterprisepeoplesoft_and_jdedwards_product_suiten/a
CVE-2010-3833
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-7.28% / 91.27%
||
7 Day CHG~0.00%
Published-14 Jan, 2011 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 does not properly propagate type errors, which allows remote attackers to cause a denial of service (server crash) via crafted arguments to extreme-value functions such as (1) LEAST and (2) GREATEST, related to KILL_BAD_DATA and a "CREATE TABLE ... SELECT."

Action-Not Available
Vendor-mysqln/aOracle Corporation
Product-mysqln/a
CVE-2017-3295
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-2.88% / 85.76%
||
7 Day CHG~0.00%
Published-27 Jan, 2017 | 22:01
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters ). Supported versions that are affected are 8.5.2 and 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS v3.0 Base Score 7.5 (Availability impacts).

Action-Not Available
Vendor-Oracle Corporation
Product-outside_in_technologyOutside In Technology
CVE-2012-0072
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-0.87% / 74.32%
||
7 Day CHG~0.00%
Published-18 Jan, 2012 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Listener component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.2 allows remote attackers to affect availability via unknown vectors.

Action-Not Available
Vendor-n/aOracle Corporation
Product-database_servern/a
CVE-2016-0797
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-37.66% / 97.08%
||
7 Day CHG~0.00%
Published-03 Mar, 2016 | 00:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c.

Action-Not Available
Vendor-n/aNode.js (OpenJS Foundation)OpenSSLDebian GNU/LinuxCanonical Ltd.
Product-openssldebian_linuxnode.jsubuntu_linuxn/a
CVE-2016-0677
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.9||MEDIUM
EPSS-1.04% / 76.57%
||
7 Day CHG~0.00%
Published-21 Apr, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the RDBMS Security component in Oracle Database Server 12.1.0.1 and 12.1.0.2 allows remote attackers to affect availability via unknown vectors.

Action-Not Available
Vendor-n/aOracle Corporation
Product-databasen/a
CVE-2016-0501
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-0.70% / 71.19%
||
7 Day CHG~0.00%
Published-21 Jan, 2016 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 5.2 allows remote attackers to affect availability via vectors related to SGD Core.

Action-Not Available
Vendor-n/aOracle Corporation
Product-secure_global_desktopn/a
CVE-2010-1849
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.06% / 83.16%
||
7 Day CHG~0.00%
Published-07 Jun, 2010 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The my_net_skip_rest function in sql/net_serv.cc in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by sending a large number of packets that exceed the maximum length.

Action-Not Available
Vendor-mysqln/aOracle Corporation
Product-mysqln/a
CVE-2010-0872
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-3.67% / 87.42%
||
7 Day CHG~0.00%
Published-13 Apr, 2010 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Internet Directory component in Oracle Fusion Middleware 10.1.2.3 and 10.1.4.3 allows remote attackers to affect availability via unknown vectors.

Action-Not Available
Vendor-n/aOracle Corporation
Product-fusion_middlewaren/a
CVE-2009-2625
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-5||MEDIUM
EPSS-0.43% / 61.79%
||
7 Day CHG~0.00%
Published-06 Aug, 2009 | 15:00
Updated-07 Aug, 2024 | 05:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.

Action-Not Available
Vendor-n/aSUSEDebian GNU/LinuxFedora ProjectThe Apache Software FoundationopenSUSEOracle CorporationCanonical Ltd.
Product-ubuntu_linuxprimavera_p6_enterprise_project_portfolio_managementlinux_enterprise_serverdebian_linuxxerces2_javaopensusefedoraprimavera_web_servicesjdkn/a
CVE-2009-1377
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-3.51% / 87.14%
||
7 Day CHG~0.00%
Published-19 May, 2009 | 19:00
Updated-07 Aug, 2024 | 05:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service (memory consumption) via a large series of "future epoch" DTLS records that are buffered in a queue, aka "DTLS record buffer limitation bug."

Action-Not Available
Vendor-n/aOpenSSL
Product-openssln/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2009-1378
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-12.39% / 93.63%
||
7 Day CHG~0.00%
Published-19 May, 2009 | 19:00
Updated-07 Aug, 2024 | 05:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka "DTLS fragment handling memory leak."

Action-Not Available
Vendor-n/aCanonical Ltd.OpenSSL
Product-ubuntu_linuxopenssln/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 11
  • 12
  • Next
Details not found