EUVD-2006-5639

Malware in sbrugna...

SUSE CVE-2002-2227

Buffer underflow in ssldump 0.9b2 and earlier allows remote attackers to cause a denial of service memory corruption via a crafted SSLv2 challenge value...

SUSE CVE-2006-4343

The getserverhello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service client crash via unknown vectors that trigger a null pointer dereference...

SUSE CVE-2007-0009

Stack-based buffer overflow in the SSLv2 support in Mozilla Network Security Services NSS before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, SeaMonkey before 1.0.8, and certain Sun Java System server products before 20070611, allows remote...

SUSE CVE-2007-0008

Integer underflow in the SSLv2 support in Mozilla Network Security Services NSS before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, SeaMonkey before 1.0.8, Thunderbird before 1.5.0.10, and certain Sun Java System server products before 20070611, allows remote attackers to...

ALPINE-CVE-2021-23839

OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and more recent SSL and TLS versions then a check is made for a version rollback attack when unpadding an RSA signature. Clients that support SSL or TLS versions greater th...

nss: ServerHello.random is all zeros when handling a v2-compatible ClientHello

A flaw was found in the way NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. A man-in-the-middle attacker could use this flaw in a passive replay attack...

Kraftway 24F2XG Router Information Disclosure Vulnerability

The Kraftway 24F2XG Router is a wireless router product from the Russian company Kraftway. A security vulnerability exists in the Kraftway 24F2XG Router using firmware version 3.5.30.1118, which originates from the program's use of SSLv2 and SSLv3. A remote attacker could use this vulnerability t...

CVE-2018-15355

Usage of SSLv2 and SSLv3 leads to transmitted data decryption in Kraftway 24F2XG Router firmware 3.5.30.1118...

nss: Null pointer dereference when handling empty SSLv2 messages

A null pointer dereference flaw was found in the way NSS handled empty SSLv2 messages. An attacker could use this flaw to crash a server application compiled against the NSS library...

SSL/TLS: Cross-protocol attack on TLS using SSLv2 (DROWN)

A padding oracle flaw was found in the Secure Sockets Layer version 2.0 SSLv2 protocol. An attacker could potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack ...

The vulnerability of the WebSphere Application Server software allows a malicious attacker to compromise the accessibility of protected information.

The vulnerability in the IBM Global Security Kit GSKit allows malicious actors to induce a service failure by using a specially crafted handshake during the reestablishment of an SSLv2 session...

The vulnerability of the OpenSSL library, which allows a hacker to decrypt data

The vulnerability in the getclientmasterkey function of the s2srvr.c file, within the SSLv2 implementation using the OpenSSL library, is related to the improper operation of the protection mechanism against prediction attacks. This mechanism incorrectly re-saves the key data before exporting the...

The vulnerability of the OpenSSL library, which allows a hacker to decrypt the transmitted data

The vulnerability of the OpenSSL library lies in the fact that the SSLv2 protocol requires the server to send a message called ServerVerify before establishing a connection. As a result, the client possesses a portion of the RSA public key. Exploiting this vulnerability allows a remote attacker t...

openssl: assertion failure in SSLv2 servers

A denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled...

OpenSSL: SSLv2 doesn't block disabled ciphers

A flaw was found in the way malicious SSLv2 clients could negotiate SSLv2 ciphers that were disabled on the server. This could result in weak SSLv2 ciphers being used for SSLv2 connections, making them vulnerable to man-in-the-middle attacks...

openssl: assertion failure in SSLv2 servers

A denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled...

openssl: SSLv2 Bleichenbacher protection overwrites wrong bytes for export ciphers

It was discovered that the SSLv2 protocol implementation in OpenSSL did not properly implement the Bleichenbacher protection for export cipher suites. An attacker could use a SSLv2 server using OpenSSL as a Bleichenbacher oracle...

openssl: Divide-and-conquer session key recovery in SSLv2

It was discovered that the SSLv2 servers using OpenSSL accepted SSLv2 connection handshakes that indicated non-zero clear key length for non-export cipher suites. An attacker could use this flaw to decrypt recorded SSLv2 sessions with the server by using it as a decryption oracle...

DEBIAN-CVE-2016-0703

The getclientmasterkey function in s2srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a accepts a nonzero CLIENT-MASTER-KEY CLEAR-KEY-LENGTH value for an arbitrary cipher, which allows man-in-the-middle attackers to...