Lucene search
K

159 matches found

seebug.org
seebug.org
added 2014/07/01 12:0 a.m.74 views

OpenSSL ASN1 BIO Memory Corruption Vulnerability

No description provided by source. Incorrect integer conversions in OpenSSL can result in memory corruption. -------------------------------------------------------------------------- CVE-2012-2110 This advisory is intended for system administrators and developers exposing OpenSSL in production...

7.5CVSS0.2AI score0.48298EPSS
Exploits8
OSV
OSV
added 2014/06/05 12:0 p.m.5 views

UBUNTU-CVE-2014-0195

The dtls1reassemblefragment function in d1both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service buffer overflow a...

6.8CVSS7.3AI score0.99977EPSS
Exploits4References4
OSV
OSV
added 2014/01/01 4:5 p.m.3 views

DEBIAN-CVE-2013-6450

The DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l and 1.0.1 before 1.0.1f does not properly maintain data structures for digest and encryption contexts, which might allow man-in-the-middle attackers to trigger the use of a different context and cause a denial of service...

5.8CVSS9.1AI score0.14542EPSS
Exploits1References1
OSV
OSV
added 2013/02/08 7:55 p.m.7 views

CVE-2013-0166

OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service NULL pointer dereference and application crash via an invalid key...

7.3AI score
Exploits0References27
RedHat Linux
RedHat Linux
added 2012/09/24 3:52 p.m.3 views

openssl: asn1_d2i_read_bio integer errors leading to buffer overflow

The asn1d2ireadbio function in crypto/asn1/ad2ifp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service memory corruption or possibly have...

7.5CVSS7.2AI score0.48298EPSS
Exploits8References5
RedHat Linux
RedHat Linux
added 2012/01/24 8:59 p.m.7 views

openssl: SGC restart DoS attack

The Server Gated Cryptography SGC implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service CPU consumption via unspecified vectors...

5CVSS7.3AI score0.16645EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2010/03/05 12:0 a.m.9 views

PT-2010-1086 · Openssl +2 · Openssl +2

Name of the Vulnerable Software and Affected Versions: OpenSSL versions prior to 0.9.8n OpenSSL versions prior to 1.0.0e Description: The issue is related to the kssl keytab is available function in OpenSSL, which, when Kerberos is enabled but Kerberos configuration files cannot be opened, does n...

10CVSS7.8AI score0.87264EPSS
Exploits23References92
RedHat Linux
RedHat Linux
added 2009/09/02 8:0 a.m.4 views

openssl: mime_hdr_cmp NULL dereference crash

The mimehdrcmp function in crypto/asn1/asnmime.c in OpenSSL 0.9.8t and earlier allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted S/MIME message...

5CVSS7.2AI score0.06989EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2009/07/31 2:26 p.m.7 views

deprecate MD2 in SSL cert validation (Kaminsky)

The Network Security Services NSS library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash...

5.1CVSS6.6AI score0.04506EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2008/08/13 2:16 p.m.6 views

openssl public key DoS

OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service CPU consumption via parasitic public keys with large 1 "public exponent" or 2 "public modulus" values in X.509 certificates that require extra time to process when using RSA...

7.8CVSS6.9AI score0.04903EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2008/05/13 12:0 a.m.3 views

PT-2008-1041 · Openssl · Openssl

Name of the Vulnerable Software and Affected Versions: OpenSSL versions 0.9.8c-1 through 0.9.8g-9 Description: The issue concerns a random number generator in OpenSSL that generates predictable numbers, making it easier for remote attackers to conduct brute force guessing attacks against...

7.8CVSS6.2AI score0.70721EPSS
Exploits7References43
RedHat Linux
RedHat Linux
added 2006/09/28 11:46 p.m.5 views

openssl get_shared_ciphers overflow

Buffer overflow in the SSLgetsharedciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers...

10CVSS7AI score0.48575EPSS
Exploits1References4
Cisco
Cisco
added 2006/09/05 5:39 p.m.35 views

OpenSSL RSA Signature Forgery Vulnerability

OpenSSL versions 0.9.7j and prior and 0.9.8b and prior contain a vulnerability that could allow an unauthenticated, remote attacker to successfully pass a forged X.509 certificate. The vulnerability could allow an unauthenticated, remote attacker to pass a forged Public-Key Cryptography Standards...

6.4CVSS7AI score0.00781EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2005/12/19 5:29 p.m.4 views

openssl mitm downgrade attack

The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSLOPMSIESSLV2RSAPADDING option, disables a verification step that is required for preventing protocol version rollback attacks, which allows remote attackers to force a client and server to u...

5CVSS6.6AI score0.04866EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2004/03/17 5:20 p.m.5 views

security flaw

The dochangecipherspec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service crash via a crafted SSL/TLS handshake that triggers a null dereference...

7.5CVSS7.4AI score0.09537EPSS
Exploits0References4
OSV
OSV
added 2003/11/17 5:0 a.m.2 views

DEBIAN-CVE-2003-0543

Integer overflow in OpenSSL 0.9.6 and 0.9.7 allows remote attackers to cause a denial of service crash via an SSL client certificate with certain ASN.1 tag values...

5CVSS7.1AI score0.24647EPSS
Exploits0References1
securityvulns
securityvulns
added 2003/10/03 12:0 a.m.52 views

CERT Advisory CA-2003-26 Multiple Vulnerabilities in SSL/TLS Implementations

-----BEGIN PGP SIGNED MESSAGE----- CERT Advisory CA-2003-26 Multiple Vulnerabilities in SSL/TLS Implementations Original issue date: October 1, 2003 Last revised: -- Source: CERT/CC A complete revision history is at the end of this file. Systems Affected OpenSSL versions prior to 0.9.7c and 0.9.6...

10CVSS0.7AI score0.85449EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2002/08/08 9:20 a.m.5 views

security flaw

Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allow remote attackers to execute arbitrary code via 1 a large client master key in SSL2 or 2 a large session ID in SSL3...

7.5CVSS6.2AI score0.8982EPSS
Exploits2References4
Positive Technologies
Positive Technologies
added 1970/01/01 12:0 a.m.8 views

PT-2009-6750 · Openssl +3 · Openssl +4

Name of the Vulnerable Software and Affected Versions: OpenSSL versions prior to 0.9.8q OpenSSL versions 1.0.x prior to 1.0.0c openssl-devel-0.9.7a openssl-0.9.7a compat-openssl097g compat-openssl097g-32bit openssl prior to version 1.0.0e Description: The issue involves multiple vulnerabilities i...

10CVSS7.4AI score0.99999EPSS
Exploits36References244
Rows per page
Query Builder