Lucene search

K
OpensslOpenssl

5 matches found

CVE
CVE
added 2013/02/08 7:55 p.m.12928 views

CVE-2013-0169

The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct disting...

2.6CVSS6.8AI score0.01291EPSS
CVE
CVE
added 2015/03/19 10:59 p.m.104 views

CVE-2015-1787

The ssl3_get_client_key_exchange function in s3_srvr.c in OpenSSL 1.0.2 before 1.0.2a, when client authentication and an ephemeral Diffie-Hellman ciphersuite are enabled, allows remote attackers to cause a denial of service (daemon crash) via a ClientKeyExchange message with a length of zero.

2.6CVSS6.1AI score0.16748EPSS
CVE
CVE
added 2005/02/09 5:0 a.m.92 views

CVE-2004-0975

The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files.

2.1CVSS5.4AI score0.00077EPSS
CVE
CVE
added 2011/05/31 8:55 p.m.80 views

CVE-2011-1945

The elliptic curve cryptography (ECC) subsystem in OpenSSL 1.0.0d and earlier, when the Elliptic Curve Digital Signature Algorithm (ECDSA) is used for the ECDHE_ECDSA cipher suite, does not properly implement curves over binary fields, which makes it easier for context-dependent attackers to determ...

2.6CVSS6AI score0.04848EPSS
CVE
CVE
added 2009/03/27 4:30 p.m.52 views

CVE-2009-0591

The CMS_verify function in OpenSSL 0.9.8h through 0.9.8j, when CMS is enabled, does not properly handle errors associated with malformed signed attributes, which allows remote attackers to repudiate a signature that originally appeared to be valid but was actually invalid.

2.6CVSS6.3AI score0.01797EPSS