| CVE |
Vendors |
Products |
Updated |
CVSS |
| CVE-2015-3194 |
4 Openssl, Oracle, Canonical and 1 more |
4 Mysql, Openssl, Ubuntu Linux and 1 more |
2019-02-07 |
5.0 |
| crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation... |
| CVE-2016-0800 |
2 Openssl, Pulsesecure |
3 Client, Steel Belted Radius, Openssl |
2018-11-30 |
4.3 |
| The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for... |
| CVE-2015-1793 |
2 Openssl, Oracle |
4 Jd Edwards Enterpriseone Tools, Opus 10g Ethernet Switch Family, Supply Chain Products Suite and 1 more |
2018-11-30 |
6.4 |
| The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA values during identification of alternative certificate chains, which allows remote... |
| CVE-2015-1787 |
1 Openssl |
1 Openssl |
2018-11-29 |
2.6 |
| The ssl3_get_client_key_exchange function in s3_srvr.c in OpenSSL 1.0.2 before 1.0.2a, when client authentication and an ephemeral Diffie-Hellman ciphersuite are enabled, allows remote attackers to cause a denial of service (daemon crash) via a... |
| CVE-2015-0291 |
1 Openssl |
1 Openssl |
2018-11-29 |
5.0 |
| The sigalgs implementation in t1_lib.c in OpenSSL 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) by using an invalid signature_algorithms extension in the ClientHello message... |
| CVE-2015-0290 |
1 Openssl |
1 Openssl |
2018-11-29 |
5.0 |
| The multi-block feature in the ssl3_write_bytes function in s3_pkt.c in OpenSSL 1.0.2 before 1.0.2a on 64-bit x86 platforms with AES NI support does not properly handle certain non-blocking I/O cases, which allows remote attackers to cause a... |
| CVE-2015-0285 |
1 Openssl |
1 Openssl |
2018-11-29 |
4.3 |
| The ssl3_client_hello function in s3_clnt.c in OpenSSL 1.0.2 before 1.0.2a does not ensure that the PRNG is seeded before proceeding with a handshake, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by... |
| CVE-2015-0208 |
1 Openssl |
1 Openssl |
2018-11-29 |
4.3 |
| The ASN.1 signature-verification implementation in the rsa_item_verify function in crypto/rsa/rsa_ameth.c in OpenSSL 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via... |
| CVE-2015-0207 |
1 Openssl |
1 Openssl |
2018-11-29 |
5.0 |
| The dtls1_listen function in d1_lib.c in OpenSSL 1.0.2 before 1.0.2a does not properly isolate the state information of independent data streams, which allows remote attackers to cause a denial of service (application crash) via crafted DTLS... |
| CVE-2016-2107 |
6 Hp, Openssl, Google and 3 more |
14 Leap, Openssl, Enterprise Linux Desktop and 11 more |
2018-10-30 |
2.6 |
| The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack... |
| CVE-2003-0851 |
2 Cisco, Openssl |
5 Css11000 Content Services Switch, Ios, Pix Firewall and 2 more |
2018-10-30 |
5.0 |
| OpenSSL 0.9.6k allows remote attackers to cause a denial of service (crash via large recursion) via malformed ASN.1 sequences. |
| CVE-2004-0079 |
23 Openssl, Bluecoat, Lite and 20 more |
66 Vsu, Okena Stormwatch, Openssl and 63 more |
2018-10-30 |
5.0 |
| The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference. |
| CVE-2004-0112 |
23 Openssl, Bluecoat, Lite and 20 more |
65 Vsu, Okena Stormwatch, Openssl and 62 more |
2018-10-30 |
5.0 |
| The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash)... |
| CVE-2004-0081 |
23 Openssl, Bluecoat, Lite and 20 more |
66 Vsu, Okena Stormwatch, Openssl and 63 more |
2018-10-30 |
5.0 |
| OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool. |
| CVE-2003-0147 |
3 Stunnel, Openssl, Openpkg |
3 Stunnel, Openpkg, Openssl |
2018-10-19 |
5.0 |
| OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2)... |
| CVE-2003-0131 |
1 Openssl |
1 Openssl |
2018-10-19 |
7.5 |
| The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using... |
| CVE-2006-2940 |
1 Openssl |
1 Openssl |
2018-10-18 |
7.8 |
| OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2) "public modulus" values in X.509 certificates... |
| CVE-2006-2937 |
1 Openssl |
1 Openssl |
2018-10-18 |
7.8 |
| OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition. |
| CVE-2006-4343 |
3 Openssl, Canonical, Debian |
3 Openssl, Ubuntu Linux, Debian Linux |
2018-10-17 |
4.3 |
| The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference. |
| CVE-2006-4339 |
1 Openssl |
1 Openssl |
2018-10-17 |
4.3 |
| OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA... |
