Lucene search
+L

89 matches found

OSV
OSV
added 2010/12/06 9:5 p.m.2 views

DEBIAN-CVE-2010-4180

OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSLOPNETSCAPEREUSECIPHERCHANGEBUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network...

4.3CVSS8.6AI score0.09497EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2010/11/15 12:0 a.m.6 views

PT-2010-3075 · Openssl +1 · Openssl +1

Name of the Vulnerable Software and Affected Versions: Apple Mac OS X versions 10.6.x through 10.6.4 Description: The issue is related to improper arithmetic performance in OpenSSL, which can be exploited by remote attackers to bypass X.509 certificate authentication. This can be achieved via an...

9.8CVSS8.8AI score0.01269EPSS
Exploits0References3
OSV
OSV
added 2010/03/26 6:30 p.m.2 views

DEBIAN-CVE-2010-0740

The ssl3getrecord function in ssl/s3pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service crash via a malformed record in a TLS connection that triggers a NULL pointer dereference, related to the minor version number. NOTE: some of these details are obtained...

5CVSS8.8AI score0.2035EPSS
Exploits5References1
OSV
OSV
added 2009/05/19 7:30 p.m.2 views

DEBIAN-CVE-2009-1378

Multiple memory leaks in the dtls1processoutofseqmessage function in ssl/d1both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service memory consumption via DTLS records that 1 are duplicates or 2 have sequence numbers much greater than current sequenc...

5CVSS7.6AI score0.12746EPSS
Exploits12References1
RedHat Linux
RedHat Linux
added 2008/05/20 2:15 p.m.7 views

openssl signature forgery

OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS 1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying...

4.3CVSS7AI score0.04894EPSS
Exploits1References4
OSV
OSV
added 2006/09/28 6:7 p.m.4 views

DEBIAN-CVE-2006-2940

OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service CPU consumption via parasitic public keys with large 1 "public exponent" or 2 "public modulus" values in X.509 certificates that require extra time to process when using RSA...

7.8CVSS9.1AI score0.04903EPSS
Exploits1References1
Opera Security Advisories
Opera Security Advisories
added 2006/09/21 12:0 a.m.9 views

A forged SSL server certificate can be accepted by Opera as a valid certificate – Opera Security Advisories

A forged SSL server certificate can be accepted by Opera as a valid certificate – Opera Security Advisories OPCOM Team | September 21, 2006 Summary: A forged SSL server certificate can be accepted by Opera as a valid certificate. Severity: Highly critical Vulnerable versions: Opera for desktop...

5.7AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2004/03/17 1:58 p.m.7 views

security flaw

OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service infinite loop, as demonstrated using the Codenomicon TLS Test Tool...

5CVSS5.8AI score0.07229EPSS
Exploits0References4
FreeBSD Advisory
FreeBSD Advisory
added 2001/07/30 12:0 a.m.7 views

FreeBSD-SA-01:51.openssl

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-01:51 Security Advisory FreeBSD, Inc. Topic: OpenSSL 0.9.6a and earlier contain flaw in PRNG REVISED Category: core Module: openssl Announced: 2001-07-30 Revised: 2001-07-31...

5.8AI score
Exploits0
Rows per page
Query Builder