Vulnerabilities (CVE)

Vendor filter

Openssl Subscribe

Filter

204 total CVE
CVE Vendors Products Updated CVSS
CVE-2006-3738 1 Openssl 1 Openssl 2018-10-17 10.0
Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers.
CVE-2007-3108 1 Openssl 1 Openssl 2018-10-16 1.2
The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and earlier does not properly perform Montgomery multiplication, which might allow local users to conduct a side-channel attack and retrieve RSA private keys.
CVE-2007-5135 1 Openssl 1 Openssl 2018-10-15 6.8
Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this...
CVE-2007-4995 1 Openssl 1 Openssl 2018-10-15 9.3
Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2008-5077 1 Openssl 1 Openssl 2018-10-11 5.8
OpenSSL 0.9.8i and earlier does not properly check the return value from the EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys.
CVE-2010-5298 1 Openssl 1 Openssl 2018-10-10 4.0
Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error)...
CVE-2010-3864 1 Openssl 1 Openssl 2018-10-10 7.6
Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi-threading and internal caching are enabled on a TLS server, might allow remote attackers to execute arbitrary code via client data that...
CVE-2010-2939 1 Openssl 1 Openssl 2018-10-10 4.3
Double free vulnerability in the ssl3_get_key_exchange function in the OpenSSL client (ssl/s3_clnt.c) in OpenSSL 1.0.0a, 0.9.8, 0.9.7, and possibly other versions, when using ECDH, allows context-dependent attackers to cause a denial of service...
CVE-2010-0740 1 Openssl 1 Openssl 2018-10-10 5.0
The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection that triggers a NULL pointer dereference, related to the minor...
CVE-2010-0433 1 Openssl 1 Openssl 2018-10-10 4.3
The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of...
CVE-2009-2409 3 Mozilla, Openssl, Gnu 4 Openssl, Nss, Firefox and 1 more 2018-10-10 5.1
The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof...
CVE-2009-0590 1 Openssl 1 Openssl 2018-10-10 5.0
The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an...
CVE-2014-0198 1 Openssl 1 Openssl 2018-10-09 4.3
The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service...
CVE-2013-6450 1 Openssl 1 Openssl 2018-10-09 5.8
The DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l and 1.0.1 before 1.0.1f does not properly maintain data structures for digest and encryption contexts, which might allow man-in-the-middle attackers to trigger the use of a...
CVE-2013-6449 1 Openssl 1 Openssl 2018-10-09 4.3
The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2 obtains a certain version number from an incorrect data structure, which allows remote attackers to cause a denial of service (daemon crash) via crafted traffic from a TLS 1.2 client.
CVE-2018-12433 11 Botan Project, Cryptlib, Gnupg and 8 more 11 Botan, Cryptlib, Libgcrypt and 8 more 2018-08-09 1.9
** DISPUTED ** cryptlib through 3.4.4 allows a memory-cache side-channel attack on DSA and ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover a key, the attacker needs access to either the local machine or a...
CVE-2018-12437 11 Botan Project, Cryptlib, Gnupg and 8 more 11 Botan, Cryptlib, Libgcrypt and 8 more 2018-08-09 1.9
LibTomCrypt through 1.18.1 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual...
CVE-2018-12438 11 Botan Project, Cryptlib, Gnupg and 8 more 11 Botan, Cryptlib, Libgcrypt and 8 more 2018-08-09 1.9
The Elliptic Curve Cryptography library (aka sunec or libsunec) allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the...
CVE-2013-0166 2 Openssl, Redhat 2 Openssl, Openssl 2018-08-09 5.0
OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application...
CVE-2012-2686 1 Openssl 1 Openssl 2018-08-09 5.0
crypto/evp/e_aes_cbc_hmac_sha1.c in the AES-NI functionality in the TLS 1.1 and 1.2 implementations in OpenSSL 1.0.1 before 1.0.1d allows remote attackers to cause a denial of service (application crash) via crafted CBC data.