Lucene search
K

195 matches found

OpenSSL
OpenSSL
added 2013/02/04 12:0 a.m.74 views

Vulnerability in OpenSSL - SSL, TLS and DTLS Plaintext Recovery Attack

A weakness in the handling of CBC ciphersuites in SSL, TLS and DTLS which could lead to plaintext recovery by exploiting timing differences arising during MAC processing. Found by Nadhem J. AlFardan and Kenneth G. Paterson of the Information Security Group Royal Holloway, University of London...

6.7AI score0.35584EPSS
Exploits1Affected Software1
OpenVAS
OpenVAS
added 2012/08/03 12:0 a.m.31 views

Mandriva Update for openssl MDVSA-2012:073 (openssl)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

6.8CVSS8.2AI score0.28154EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2011/09/22 12:0 a.m.24 views

CVE-2011-3210

The ephemeral ECDH ciphersuite functionality in OpenSSL 0.9.8 through 0.9.8r and 1.0.x before 1.0.0e does not ensure thread safety during processing of handshake messages from clients, which allows remote attackers to cause a denial of service daemon crash via out-of-order messages that violate t...

5CVSS7.1AI score0.04561EPSS
Exploits0References2
OSV
OSV
added 2004/11/23 5:0 a.m.2 views

DEBIAN-CVE-2004-0112

The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service crash via a crafted SSL/TLS handshake that causes an...

5CVSS7AI score0.10424EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2004/08/30 12:0 a.m.41 views

GLSA-200403-03 : Multiple OpenSSL Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200403-03 Multiple OpenSSL Vulnerabilities Testing performed by the OpenSSL group using the Codenomicon TLS Test Tool uncovered a NULL pointer assignment in the dochangecipherspec function. A remote attacker could perform a...

7.5CVSS8.1AI score0.10424EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2004/07/31 12:0 a.m.40 views

Mandrake Linux Security Advisory : openssl (MDKSA-2004:023)

A vulnerability was discovered by the OpenSSL group using the Codenomicon TLS Test Tool. The test uncovered a NULL pointer assignment in the dochangecipherspec function whih could be abused by a remote attacker crafting a special SSL/TLS handshake against a server that used the OpenSSL library in...

7.5CVSS8.1AI score0.10424EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2004/07/06 12:0 a.m.46 views

RHEL 3 : openssl (RHSA-2004:120)

Updated OpenSSL packages that fix several remote denial of service vulnerabilities are available for Red Hat Enterprise Linux 3. The OpenSSL toolkit implements Secure Sockets Layer SSL v2/v3, Transport Layer Security TLS v1 protocols, and serves as a full-strength general purpose cryptography...

7.5CVSS8.1AI score0.10424EPSS
Exploits0References9
securityvulns
securityvulns
added 2004/04/22 12:0 a.m.28 views

NetBSD Security Advisory 2004-005: Denial of service vulnerabilities in OpenSSL

-----BEGIN PGP SIGNED MESSAGE----- NetBSD Security Advisory 2004-005 ================================= Topic: Denial of service vulnerabilities in OpenSSL Version: NetBSD-current: source prior to March 22, 2004 NetBSD 2.0: branch unaffected, release will include the fix NetBSD 1.6.2: affected...

0.2AI score
Exploits0
Debian CVE
Debian CVE
added 2004/03/18 5:0 a.m.56 views

CVE-2004-0112

The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service crash via a crafted SSL/TLS handshake that causes an...

5CVSS8.5AI score0.10424EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2004/03/17 10:23 p.m.4 views

Important: Red Hat Security Advisory: : Updated OpenSSL packages fix vulnerabilities

Updated OpenSSL packages that fix several remote denial of service vulnerabilities are now available. OpenSSL is a toolkit that implements Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 protocols as well as a full-strength general purpose cryptography library. Testing performe...

7.5CVSS7.5AI score0.10424EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2004/03/17 1:58 p.m.47 views

Important: Red Hat Security Advisory: openssl security update

Updated OpenSSL packages that fix several remote denial of service vulnerabilities are available for Red Hat Enterprise Linux 3. The OpenSSL toolkit implements Secure Sockets Layer SSL v2/v3, Transport Layer Security TLS v1 protocols, and serves as a full-strength general purpose cryptography...

7.5CVSS7.4AI score0.10424EPSS
Exploits0References4
securityvulns
securityvulns
added 2004/03/17 12:0 a.m.61 views

OpenSSL Security Advisory [17 March 2004]

OpenSSL Security Advisory 17 March 2004 Updated versions of OpenSSL are now available which correct two security issues: 1. Null-pointer assignment during SSL handshake =============================================== Testing performed by the OpenSSL group using the Codenomicon TLS Test Tool...

5CVSS0.5AI score0.10424EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/03/17 12:0 a.m.50 views

Multiple OpenSSL Vulnerabilities

Background The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 protocols as well as a full-strength general purpose cryptography library...

7.5CVSS7.6AI score0.10424EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2004/03/17 12:0 a.m.3 views

PT-2004-1088 · Openssl · Openssl

Name of the Vulnerable Software and Affected Versions: OpenSSL versions 0.9.7a through 0.9.7c Description: The issue is related to the SSL/TLS handshaking code in OpenSSL, which does not properly check the length of Kerberos tickets during a handshake when using Kerberos ciphersuites. This allows...

10CVSS8.1AI score0.10424EPSS
Exploits0References49
RedHat Linux
RedHat Linux
added 2003/03/10 3:18 p.m.33 views

Moderate: Red Hat Security Advisory: openssl security update

Updated OpenSSL packages are available that fix a potential timing-based attack. Updated 12 March 2003 Added packages for Red Hat Enterprise Linux ES and Red Hat Enterprise Linux WS OpenSSL is a commercial-grade, full-featured, open source toolkit which implements the Secure Sockets Layer SSL v2/...

5CVSS7.2AI score0.13718EPSS
Exploits0References3
Rows per page
Query Builder