Filtered by vendor Openssl
Subscribe
Total
255 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-0891 | 1 Openssl | 1 Openssl | 2024-11-21 | 4.3 MEDIUM | N/A |
Double free vulnerability in OpenSSL 0.9.8f and 0.9.8g, when the TLS server name extensions are enabled, allows remote attackers to cause a denial of service (crash) via a malformed Client Hello packet. NOTE: some of these details are obtained from third party information. | |||||
CVE-2008-0166 | 3 Canonical, Debian, Openssl | 3 Ubuntu Linux, Debian Linux, Openssl | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptographic keys. | |||||
CVE-2007-5502 | 1 Openssl | 1 Fips Object Module | 2024-11-21 | 6.4 MEDIUM | N/A |
The PRNG implementation for the OpenSSL FIPS Object Module 1.1.1 does not perform auto-seeding during the FIPS self-test, which generates random data that is more predictable than expected and makes it easier for attackers to bypass protection mechanisms that rely on the randomness. | |||||
CVE-2007-5135 | 1 Openssl | 1 Openssl | 2024-11-21 | 6.8 MEDIUM | N/A |
Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a fix for CVE-2006-3738. As of 20071012, it is unknown whether code execution is possible. | |||||
CVE-2007-4995 | 1 Openssl | 1 Openssl | 2024-11-21 | 9.3 HIGH | N/A |
Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
CVE-2007-3108 | 1 Openssl | 1 Openssl | 2024-11-21 | 1.2 LOW | N/A |
The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and earlier does not properly perform Montgomery multiplication, which might allow local users to conduct a side-channel attack and retrieve RSA private keys. | |||||
CVE-2006-7250 | 1 Openssl | 1 Openssl | 2024-11-21 | 5.0 MEDIUM | N/A |
The mime_hdr_cmp function in crypto/asn1/asn_mime.c in OpenSSL 0.9.8t and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message. | |||||
CVE-2006-4343 | 3 Canonical, Debian, Openssl | 3 Ubuntu Linux, Debian Linux, Openssl | 2024-11-21 | 4.3 MEDIUM | N/A |
The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference. | |||||
CVE-2006-4339 | 1 Openssl | 1 Openssl | 2024-11-21 | 4.3 MEDIUM | N/A |
OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1. | |||||
CVE-2006-3738 | 1 Openssl | 1 Openssl | 2024-11-21 | 10.0 HIGH | N/A |
Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers. | |||||
CVE-2006-2940 | 1 Openssl | 1 Openssl | 2024-11-21 | 7.8 HIGH | N/A |
OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2) "public modulus" values in X.509 certificates that require extra time to process when using RSA signature verification. | |||||
CVE-2006-2937 | 1 Openssl | 1 Openssl | 2024-11-21 | 7.8 HIGH | N/A |
OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition. | |||||
CVE-2005-2969 | 1 Openssl | 1 Openssl | 2024-11-21 | 5.0 MEDIUM | N/A |
The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSL_OP_MSIE_SSLV2_RSA_PADDING option, disables a verification step that is required for preventing protocol version rollback attacks, which allows remote attackers to force a client and server to use a weaker protocol than needed via a man-in-the-middle attack. | |||||
CVE-2005-2946 | 2 Canonical, Openssl | 2 Ubuntu Linux, Openssl | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
The default configuration on OpenSSL before 0.9.8 uses MD5 for creating message digests instead of a more cryptographically strong algorithm, which makes it easier for remote attackers to forge certificates with a valid certificate authority signature. | |||||
CVE-2005-1797 | 1 Openssl | 1 Openssl | 2024-11-20 | 5.1 MEDIUM | N/A |
The design of Advanced Encryption Standard (AES), aka Rijndael, allows remote attackers to recover AES keys via timing attacks on S-box lookups, which are difficult to perform in constant time in AES implementations. | |||||
CVE-2004-0975 | 3 Gentoo, Mandrakesoft, Openssl | 5 Linux, Mandrake Linux, Mandrake Linux Corporate Server and 2 more | 2024-11-20 | 2.1 LOW | N/A |
The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files. | |||||
CVE-2004-0112 | 24 4d, Apple, Avaya and 21 more | 65 Webstar, Mac Os X, Mac Os X Server and 62 more | 2024-11-20 | 5.0 MEDIUM | N/A |
The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read. | |||||
CVE-2004-0081 | 23 4d, Apple, Avaya and 20 more | 66 Webstar, Mac Os X, Mac Os X Server and 63 more | 2024-11-20 | 5.0 MEDIUM | N/A |
OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool. | |||||
CVE-2004-0079 | 23 4d, Apple, Avaya and 20 more | 66 Webstar, Mac Os X, Mac Os X Server and 63 more | 2024-11-20 | 5.0 MEDIUM | 7.5 HIGH |
The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference. | |||||
CVE-2003-0851 | 2 Cisco, Openssl | 5 Css11000 Content Services Switch, Ios, Pix Firewall and 2 more | 2024-11-20 | 5.0 MEDIUM | N/A |
OpenSSL 0.9.6k allows remote attackers to cause a denial of service (crash via large recursion) via malformed ASN.1 sequences. |