Vulnerabilities (CVE)

Vendor filter

Openssl Subscribe

Filter

204 total CVE
CVE Vendors Products Updated CVSS
CVE-2015-3194 4 Openssl, Oracle, Canonical and 1 more 4 Mysql, Openssl, Ubuntu Linux and 1 more 2019-02-07 5.0
crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation...
CVE-2016-0800 2 Openssl, Pulsesecure 3 Client, Steel Belted Radius, Openssl 2018-11-30 4.3
The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for...
CVE-2015-1793 2 Openssl, Oracle 4 Jd Edwards Enterpriseone Tools, Opus 10g Ethernet Switch Family, Supply Chain Products Suite and 1 more 2018-11-30 6.4
The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA values during identification of alternative certificate chains, which allows remote...
CVE-2015-1787 1 Openssl 1 Openssl 2018-11-29 2.6
The ssl3_get_client_key_exchange function in s3_srvr.c in OpenSSL 1.0.2 before 1.0.2a, when client authentication and an ephemeral Diffie-Hellman ciphersuite are enabled, allows remote attackers to cause a denial of service (daemon crash) via a...
CVE-2015-0291 1 Openssl 1 Openssl 2018-11-29 5.0
The sigalgs implementation in t1_lib.c in OpenSSL 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) by using an invalid signature_algorithms extension in the ClientHello message...
CVE-2015-0290 1 Openssl 1 Openssl 2018-11-29 5.0
The multi-block feature in the ssl3_write_bytes function in s3_pkt.c in OpenSSL 1.0.2 before 1.0.2a on 64-bit x86 platforms with AES NI support does not properly handle certain non-blocking I/O cases, which allows remote attackers to cause a...
CVE-2015-0285 1 Openssl 1 Openssl 2018-11-29 4.3
The ssl3_client_hello function in s3_clnt.c in OpenSSL 1.0.2 before 1.0.2a does not ensure that the PRNG is seeded before proceeding with a handshake, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by...
CVE-2015-0208 1 Openssl 1 Openssl 2018-11-29 4.3
The ASN.1 signature-verification implementation in the rsa_item_verify function in crypto/rsa/rsa_ameth.c in OpenSSL 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via...
CVE-2015-0207 1 Openssl 1 Openssl 2018-11-29 5.0
The dtls1_listen function in d1_lib.c in OpenSSL 1.0.2 before 1.0.2a does not properly isolate the state information of independent data streams, which allows remote attackers to cause a denial of service (application crash) via crafted DTLS...
CVE-2016-2107 6 Hp, Openssl, Google and 3 more 14 Leap, Openssl, Enterprise Linux Desktop and 11 more 2018-10-30 2.6
The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack...
CVE-2003-0851 2 Cisco, Openssl 5 Css11000 Content Services Switch, Ios, Pix Firewall and 2 more 2018-10-30 5.0
OpenSSL 0.9.6k allows remote attackers to cause a denial of service (crash via large recursion) via malformed ASN.1 sequences.
CVE-2004-0079 23 Openssl, Bluecoat, Lite and 20 more 66 Vsu, Okena Stormwatch, Openssl and 63 more 2018-10-30 5.0
The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.
CVE-2004-0112 23 Openssl, Bluecoat, Lite and 20 more 65 Vsu, Okena Stormwatch, Openssl and 62 more 2018-10-30 5.0
The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash)...
CVE-2004-0081 23 Openssl, Bluecoat, Lite and 20 more 66 Vsu, Okena Stormwatch, Openssl and 63 more 2018-10-30 5.0
OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.
CVE-2003-0147 3 Stunnel, Openssl, Openpkg 3 Stunnel, Openpkg, Openssl 2018-10-19 5.0
OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2)...
CVE-2003-0131 1 Openssl 1 Openssl 2018-10-19 7.5
The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using...
CVE-2006-2940 1 Openssl 1 Openssl 2018-10-18 7.8
OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2) "public modulus" values in X.509 certificates...
CVE-2006-2937 1 Openssl 1 Openssl 2018-10-18 7.8
OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition.
CVE-2006-4343 3 Openssl, Canonical, Debian 3 Openssl, Ubuntu Linux, Debian Linux 2018-10-17 4.3
The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference.
CVE-2006-4339 1 Openssl 1 Openssl 2018-10-17 4.3
OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA...