Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:rpm/redhat/openssl@1.0.1e-42.el6_7?arch=5
Typerpm
Namespaceredhat
Nameopenssl
Version1.0.1e-42.el6_7
Qualifiers
arch 5
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-41jv-azph-dyat
vulnerability_id VCID-41jv-azph-dyat
summary The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0799.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0799.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-0799
reference_id
reference_type
scores
0
value 0.43537
scoring_system epss
scoring_elements 0.97583
published_at 2026-06-04T12:55:00Z
1
value 0.43537
scoring_system epss
scoring_elements 0.97588
published_at 2026-06-05T12:55:00Z
2
value 0.43537
scoring_system epss
scoring_elements 0.9759
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-0799
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0702
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0702
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0705
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0705
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0797
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0797
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0798
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0798
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0799
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0799
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2842
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2842
8
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 2.6
scoring_system cvssv2
scoring_elements AV:N/AC:H/Au:N/C:N/I:N/A:P
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1312219
reference_id 1312219
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1312219
10
reference_url https://security.gentoo.org/glsa/201603-15
reference_id GLSA-201603-15
reference_type
scores
url https://security.gentoo.org/glsa/201603-15
11
reference_url https://access.redhat.com/errata/RHSA-2016:0722
reference_id RHSA-2016:0722
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:0722
12
reference_url https://access.redhat.com/errata/RHSA-2016:0996
reference_id RHSA-2016:0996
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:0996
13
reference_url https://access.redhat.com/errata/RHSA-2016:2073
reference_id RHSA-2016:2073
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:2073
14
reference_url https://access.redhat.com/errata/RHSA-2016:2957
reference_id RHSA-2016:2957
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:2957
15
reference_url https://usn.ubuntu.com/2914-1/
reference_id USN-2914-1
reference_type
scores
url https://usn.ubuntu.com/2914-1/
fixed_packages
aliases CVE-2016-0799
risk_score 0.7
exploitability 0.5
weighted_severity 1.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-41jv-azph-dyat
1
url VCID-6ckn-3rv4-abhh
vulnerability_id VCID-6ckn-3rv4-abhh
summary The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-0799.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2842.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2842.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-2842
reference_id
reference_type
scores
0
value 0.54295
scoring_system epss
scoring_elements 0.98066
published_at 2026-06-04T12:55:00Z
1
value 0.54295
scoring_system epss
scoring_elements 0.98068
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-2842
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0702
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0702
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0705
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0705
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0797
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0797
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0798
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0798
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0799
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0799
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2842
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2842
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1314757
reference_id 1314757
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1314757
9
reference_url https://access.redhat.com/errata/RHSA-2016:0722
reference_id RHSA-2016:0722
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:0722
10
reference_url https://access.redhat.com/errata/RHSA-2016:0996
reference_id RHSA-2016:0996
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:0996
11
reference_url https://access.redhat.com/errata/RHSA-2016:2073
reference_id RHSA-2016:2073
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:2073
12
reference_url https://access.redhat.com/errata/RHSA-2016:2957
reference_id RHSA-2016:2957
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:2957
fixed_packages
aliases CVE-2016-2842
risk_score 0.2
exploitability 0.5
weighted_severity 0.5
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6ckn-3rv4-abhh
2
url VCID-7a92-nbqm-2fgb
vulnerability_id VCID-7a92-nbqm-2fgb
summary The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2107.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2107.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-2107
reference_id
reference_type
scores
0
value 0.79963
scoring_system epss
scoring_elements 0.9913
published_at 2026-06-05T12:55:00Z
1
value 0.79963
scoring_system epss
scoring_elements 0.99132
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-2107
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2105
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2105
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2106
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2106
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2107
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2107
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2108
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2108
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2109
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2109
7
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:C/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1331426
reference_id 1331426
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1331426
9
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/39768.txt
reference_id CVE-2016-2107
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/39768.txt
10
reference_url http://web-in-security.blogspot.ca/2016/05/curious-padding-oracle-in-openssl-cve.html
reference_id CVE-2016-2107
reference_type exploit
scores
url http://web-in-security.blogspot.ca/2016/05/curious-padding-oracle-in-openssl-cve.html
11
reference_url https://security.gentoo.org/glsa/201612-16
reference_id GLSA-201612-16
reference_type
scores
url https://security.gentoo.org/glsa/201612-16
12
reference_url https://access.redhat.com/errata/RHSA-2016:0722
reference_id RHSA-2016:0722
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:0722
13
reference_url https://access.redhat.com/errata/RHSA-2016:0996
reference_id RHSA-2016:0996
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:0996
14
reference_url https://access.redhat.com/errata/RHSA-2016:2073
reference_id RHSA-2016:2073
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:2073
15
reference_url https://access.redhat.com/errata/RHSA-2016:2957
reference_id RHSA-2016:2957
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:2957
16
reference_url https://usn.ubuntu.com/2959-1/
reference_id USN-2959-1
reference_type
scores
url https://usn.ubuntu.com/2959-1/
fixed_packages
aliases CVE-2016-2107
risk_score 7.0
exploitability 2.0
weighted_severity 3.5
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7a92-nbqm-2fgb
3
url VCID-bsb3-4ph2-1bhg
vulnerability_id VCID-bsb3-4ph2-1bhg
summary Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2106.json
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2106.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-2106
reference_id
reference_type
scores
0
value 0.67349
scoring_system epss
scoring_elements 0.98582
published_at 2026-06-04T12:55:00Z
1
value 0.67349
scoring_system epss
scoring_elements 0.98584
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-2106
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2105
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2105
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2106
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2106
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2107
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2107
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2108
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2108
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2109
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2109
7
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv2
scoring_elements AV:N/AC:H/Au:N/C:P/I:P/A:P
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1331536
reference_id 1331536
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1331536
9
reference_url https://security.gentoo.org/glsa/201612-16
reference_id GLSA-201612-16
reference_type
scores
url https://security.gentoo.org/glsa/201612-16
10
reference_url https://access.redhat.com/errata/RHSA-2016:0722
reference_id RHSA-2016:0722
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:0722
11
reference_url https://access.redhat.com/errata/RHSA-2016:0996
reference_id RHSA-2016:0996
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:0996
12
reference_url https://access.redhat.com/errata/RHSA-2016:1648
reference_id RHSA-2016:1648
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:1648
13
reference_url https://access.redhat.com/errata/RHSA-2016:1649
reference_id RHSA-2016:1649
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:1649
14
reference_url https://access.redhat.com/errata/RHSA-2016:1650
reference_id RHSA-2016:1650
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:1650
15
reference_url https://access.redhat.com/errata/RHSA-2016:2056
reference_id RHSA-2016:2056
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:2056
16
reference_url https://access.redhat.com/errata/RHSA-2016:2073
reference_id RHSA-2016:2073
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:2073
17
reference_url https://access.redhat.com/errata/RHSA-2016:2957
reference_id RHSA-2016:2957
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:2957
18
reference_url https://usn.ubuntu.com/2959-1/
reference_id USN-2959-1
reference_type
scores
url https://usn.ubuntu.com/2959-1/
fixed_packages
aliases CVE-2016-2106
risk_score 2.5
exploitability 0.5
weighted_severity 5.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bsb3-4ph2-1bhg
4
url VCID-sq4p-ecxr-2qc8
vulnerability_id VCID-sq4p-ecxr-2qc8
summary The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2109.json
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2109.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-2109
reference_id
reference_type
scores
0
value 0.57944
scoring_system epss
scoring_elements 0.98213
published_at 2026-06-04T12:55:00Z
1
value 0.57944
scoring_system epss
scoring_elements 0.98216
published_at 2026-06-05T12:55:00Z
2
value 0.57944
scoring_system epss
scoring_elements 0.98217
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-2109
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2105
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2105
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2106
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2106
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2107
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2107
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2108
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2108
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2109
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2109
7
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:N/I:N/A:P
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1330101
reference_id 1330101
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1330101
9
reference_url https://security.gentoo.org/glsa/201612-16
reference_id GLSA-201612-16
reference_type
scores
url https://security.gentoo.org/glsa/201612-16
10
reference_url https://access.redhat.com/errata/RHSA-2016:0722
reference_id RHSA-2016:0722
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:0722
11
reference_url https://access.redhat.com/errata/RHSA-2016:0996
reference_id RHSA-2016:0996
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:0996
12
reference_url https://access.redhat.com/errata/RHSA-2016:2056
reference_id RHSA-2016:2056
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:2056
13
reference_url https://access.redhat.com/errata/RHSA-2016:2073
reference_id RHSA-2016:2073
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:2073
14
reference_url https://access.redhat.com/errata/RHSA-2016:2957
reference_id RHSA-2016:2957
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:2957
15
reference_url https://usn.ubuntu.com/2959-1/
reference_id USN-2959-1
reference_type
scores
url https://usn.ubuntu.com/2959-1/
fixed_packages
aliases CVE-2016-2109
risk_score 1.8
exploitability 0.5
weighted_severity 3.6
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sq4p-ecxr-2qc8
5
url VCID-wmmk-t96u-e3cu
vulnerability_id VCID-wmmk-t96u-e3cu
summary Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2105.json
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2105.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-2105
reference_id
reference_type
scores
0
value 0.45502
scoring_system epss
scoring_elements 0.97679
published_at 2026-06-04T12:55:00Z
1
value 0.45502
scoring_system epss
scoring_elements 0.97683
published_at 2026-06-05T12:55:00Z
2
value 0.45502
scoring_system epss
scoring_elements 0.97684
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-2105
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2105
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2105
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2106
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2106
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2107
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2107
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2108
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2108
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2109
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2109
7
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv2
scoring_elements AV:L/AC:M/Au:N/C:N/I:P/A:P
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1331441
reference_id 1331441
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1331441
9
reference_url https://security.gentoo.org/glsa/201612-16
reference_id GLSA-201612-16
reference_type
scores
url https://security.gentoo.org/glsa/201612-16
10
reference_url https://access.redhat.com/errata/RHSA-2016:0722
reference_id RHSA-2016:0722
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:0722
11
reference_url https://access.redhat.com/errata/RHSA-2016:0996
reference_id RHSA-2016:0996
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:0996
12
reference_url https://access.redhat.com/errata/RHSA-2016:1648
reference_id RHSA-2016:1648
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:1648
13
reference_url https://access.redhat.com/errata/RHSA-2016:1649
reference_id RHSA-2016:1649
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:1649
14
reference_url https://access.redhat.com/errata/RHSA-2016:1650
reference_id RHSA-2016:1650
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:1650
15
reference_url https://access.redhat.com/errata/RHSA-2016:2056
reference_id RHSA-2016:2056
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:2056
16
reference_url https://access.redhat.com/errata/RHSA-2016:2073
reference_id RHSA-2016:2073
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:2073
17
reference_url https://access.redhat.com/errata/RHSA-2016:2957
reference_id RHSA-2016:2957
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:2957
18
reference_url https://usn.ubuntu.com/2959-1/
reference_id USN-2959-1
reference_type
scores
url https://usn.ubuntu.com/2959-1/
fixed_packages
aliases CVE-2016-2105
risk_score 2.5
exploitability 0.5
weighted_severity 5.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wmmk-t96u-e3cu
6
url VCID-zmk4-zgkk-7kdh
vulnerability_id VCID-zmk4-zgkk-7kdh
summary The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the "negative zero" issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2108.json
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2108.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-2108
reference_id
reference_type
scores
0
value 0.36957
scoring_system epss
scoring_elements 0.97243
published_at 2026-06-04T12:55:00Z
1
value 0.36957
scoring_system epss
scoring_elements 0.97247
published_at 2026-06-05T12:55:00Z
2
value 0.36957
scoring_system epss
scoring_elements 0.97248
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-2108
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2105
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2105
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2106
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2106
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2107
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2107
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2108
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2108
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2109
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2109
7
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.6
scoring_system cvssv2
scoring_elements AV:N/AC:H/Au:N/C:C/I:C/A:C
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1331402
reference_id 1331402
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1331402
9
reference_url https://security.gentoo.org/glsa/201612-16
reference_id GLSA-201612-16
reference_type
scores
url https://security.gentoo.org/glsa/201612-16
10
reference_url https://access.redhat.com/errata/RHSA-2016:0722
reference_id RHSA-2016:0722
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:0722
11
reference_url https://access.redhat.com/errata/RHSA-2016:0996
reference_id RHSA-2016:0996
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:0996
12
reference_url https://access.redhat.com/errata/RHSA-2016:1137
reference_id RHSA-2016:1137
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:1137
13
reference_url https://access.redhat.com/errata/RHSA-2016:2056
reference_id RHSA-2016:2056
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:2056
14
reference_url https://access.redhat.com/errata/RHSA-2016:2073
reference_id RHSA-2016:2073
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:2073
15
reference_url https://access.redhat.com/errata/RHSA-2016:2957
reference_id RHSA-2016:2957
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:2957
16
reference_url https://access.redhat.com/errata/RHSA-2017:0193
reference_id RHSA-2017:0193
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:0193
17
reference_url https://access.redhat.com/errata/RHSA-2017:0194
reference_id RHSA-2017:0194
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:0194
18
reference_url https://usn.ubuntu.com/2959-1/
reference_id USN-2959-1
reference_type
scores
url https://usn.ubuntu.com/2959-1/
fixed_packages
aliases CVE-2016-2108
risk_score 2.5
exploitability 0.5
weighted_severity 5.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zmk4-zgkk-7kdh
Fixing_vulnerabilities
Risk_score7.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openssl@1.0.1e-42.el6_7%3Farch=5