Lucene search
K

159 matches found

Positive Technologies
Positive Technologies
added 2020/01/24 12:0 a.m.7 views

PT-2021-3610

Name of the Vulnerable Software and Affected Versions OpenSSL versions 1.1.1i and below OpenSSL versions 1.0.2x and below Description The issue is related to the functions EVP CipherUpdate, EVP EncryptUpdate, and EVP DecryptUpdate in OpenSSL, which may overflow the output length argument when the...

7.5CVSS6.4AI score0.50732EPSS
Exploits0References322
OSV
OSV
added 2019/09/10 5:15 p.m.2 views

ALPINE-CVE-2019-1547

Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters instead of using a named curve. In those cases it is possible that such a group does not have...

4.7CVSS7AI score0.01188EPSS
Exploits0References1
OSV
OSV
added 2019/04/23 4:29 p.m.9 views

CVE-2019-0223

While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 C library and its language bindings can connect to a peer anonymously using TLS even when configured to verify the peer certificate while used with OpenSSL versions before...

7.4CVSS7AI score
Exploits0References18
OSV
OSV
added 2019/04/23 4:29 p.m.2 views

UBUNTU-CVE-2019-0223

While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 C library and its language bindings can connect to a peer anonymously using TLS even when configured to verify the peer certificate while used with OpenSSL versions before...

7.4CVSS5.8AI score0.06201EPSS
Exploits0References15
OSV
OSV
added 2019/03/06 9:29 p.m.4 views

UBUNTU-CVE-2019-1543

ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value IV should be 96 bits 12 bytes. OpenSSL allows a variable nonce length and front pads the nonce with 0 bytes if it is less than 12 bytes. However it also...

7.4CVSS6.5AI score0.05701EPSS
Exploits0References3
ArchLinux
ArchLinux
added 2018/12/08 12:0 a.m.54 views

[ASA-201812-6] lib32-openssl: private key recovery

Arch Linux Security Advisory ASA-201812-6 ========================================= Severity: Low Date : 2018-12-08 CVE-ID : CVE-2018-0734 CVE-2018-0735 Package : lib32-openssl Type : private key recovery Remote : Yes Link : https://security.archlinux.org/AVG-793 Summary ======= The package...

5.9CVSS1.5AI score0.12154EPSS
Exploits0References8
Kitploit
Kitploit
added 2018/10/27 12:28 p.m.225 views

testssl.sh - Testing TLS/SSL Encryption Anywhere On Any Port

testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as some cryptographic flaws. Key features Clear output: you can tell easily whether anything is good or bad Ease of installation: It works for Linux, OSX/Darwin...

7.2AI score
Exploits0References6
OSV
OSV
added 2018/03/27 9:29 p.m.5 views

ALPINE-CVE-2018-0733

Because of an implementation bug the PA-RISC CRYPTOmemcmp function is effectively reduced to only comparing the least significant bit of each byte. This allows an attacker to forge messages that would be considered as authenticated in an amount of tries lower than that guaranteed by the security...

5.9CVSS6.7AI score0.08606EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2018/01/11 12:0 a.m.8 views

PT-2018-3641 · Openssl +11 · Openssl +11

Name of the Vulnerable Software and Affected Versions: OpenSSL versions 1.1.1 through 1.1.1j MySQL Server versions 5.7.33 and earlier, 8.0.23 and earlier Description: The issue is related to a NULL pointer dereference in OpenSSL TLS servers when a maliciously crafted renegotiation ClientHello...

10CVSS6.2AI score0.99999EPSS
Exploits227References883
OSV
OSV
added 2017/05/04 7:29 p.m.3 views

ALPINE-CVE-2017-3732

There is a carry propagating bug in the x8664 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed...

5.9CVSS8.5AI score0.15934EPSS
Exploits1References1
OSV
OSV
added 2016/05/05 1:59 a.m.4 views

ALPINE-CVE-2016-2106

Integer overflow in the EVPEncryptUpdate function in crypto/evp/evpenc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service heap memory corruption via a large amount of data...

7.5CVSS7.1AI score0.27261EPSS
Exploits1References1
CNVD
CNVD
added 2016/03/02 12:0 a.m.3 views

OpenSSL Cross-Protocol Attack Vulnerability

OpenSSL is a general-purpose open source cryptographic library that implements Secure Sockets Layer and Secure Transport Layer protocols and can support a variety of cryptographic algorithms, including symmetric ciphers, hashing algorithms, secure hashing algorithms, and so on. Cross-protocol...

5.9CVSS7.7AI score0.82112EPSS
Exploits2References1
OSV
OSV
added 2015/06/02 12:0 a.m.5 views

UBUNTU-CVE-2015-1791

Race condition in the ssl3getnewsessionticket function in ssl/s3clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threaded client, allows remote attackers to cause a denial of service double free and application crash or...

6.8CVSS7.2AI score0.15968EPSS
Exploits0References4
OSV
OSV
added 2015/03/19 10:59 p.m.3 views

DEBIAN-CVE-2015-0293

The SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service s2lib.c assertion failure and daemon exit via a crafted CLIENT-MASTER-KEY message...

5CVSS8.9AI score0.21247EPSS
Exploits0References1
OSV
OSV
added 2015/03/19 10:59 p.m.10 views

CVE-2015-0289

The PKCS7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly handle a lack of outer ContentInfo, which allows attackers to cause a denial of service NULL pointer dereference and application crash by leveraging an applicati...

6.4AI score
Exploits0References44
Positive Technologies
Positive Technologies
added 2015/03/19 12:0 a.m.3 views

PT-2015-1686 · Openssl +1 · Openssl +3

Name of the Vulnerable Software and Affected Versions: OpenSSL versions 1.0.2 through 1.0.2a Description: The issue is related to the multi-block feature in the ssl3 write bytes function, which does not properly handle certain non-blocking I/O cases. This can allow remote attackers to cause a...

5CVSS6.7AI score0.07295EPSS
Exploits0References22
Prion
Prion
added 2015/01/09 2:59 a.m.25 views

Null pointer dereference

OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted DTLS message that is processed with a different read operation for the handshake header than for the handshake bod...

5CVSS6.9AI score0.22964EPSS
Exploits0References37Affected Software1
Debian CVE
Debian CVE
added 2015/01/09 2:0 a.m.45 views

CVE-2014-3570

The BNsqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to...

5CVSS7.2AI score0.2132EPSS
Exploits0
OSV
OSV
added 2015/01/08 12:0 a.m.5 views

UBUNTU-CVE-2014-8275

OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion,...

5CVSS6.8AI score0.1653EPSS
Exploits0References3
OSV
OSV
added 2014/10/19 1:55 a.m.2 views

DEBIAN-CVE-2014-3568

OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j does not properly enforce the no-ssl3 build option, which allows remote attackers to bypass intended access restrictions via an SSL 3.0 handshake, related to s23clnt.c and s23srvr.c...

4.3CVSS9.4AI score0.13976EPSS
Exploits0References1
Rows per page
Query Builder