CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2007-5536
https://notcve.org/view.php?id=CVE-2007-5536
18 Oct 2007 — Unspecified vulnerability in OpenSSL before A.00.09.07l on HP-UX B.11.11, B.11.23, and B.11.31 allows local users to cause a denial of service via unspecified vectors. Vulnerabilidad sin especificar en el OpenSSL anterior al A.00.09.07l en el HP-UX B.11.11, B.11.23 y B.11.31 permite a usuarios locales provocar una denegación de servicio a través de vectores sin especificar. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01203958 •
CVSS: 9.8EPSS: 9%CPEs: 6EXPL: 0CVE-2007-4995 – openssl dtls out of order vulnerabilitiy
https://notcve.org/view.php?id=CVE-2007-4995
13 Oct 2007 — Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f allows remote attackers to execute arbitrary code via unspecified vectors. Un error por un paso en la implementación de DTLS en OpenSSL versiones 0.9.8 anteriores a 0.9.8f, permite a atacantes remotos ejecutar código arbitrario por medio de vectores no especificados. Multiple vulnerabilities have been found in AMD64 x86 emulation base libraries, the worst of which may allow remote execution of arbitrary code. Versions prior to 201404... • http://bugs.gentoo.org/show_bug.cgi?id=195634 • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 51%CPEs: 26EXPL: 0CVE-2007-5135 – openssl: SSL_get_shared_ciphers() off-by-one
https://notcve.org/view.php?id=CVE-2007-5135
27 Sep 2007 — Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a fix for CVE-2006-3738. As of 20071012, it is unknown whether code execution is possible. Un error por un paso en la función SSL_get_shared_ciphers en OpenSSL versiones 0.9.7 hasta 0.9.7l, y versiones 0.9.8 hasta 0.9.8f, podría permit... • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc • CWE-189: Numeric Errors CWE-193: Off-by-one Error •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2007-3108 – openssl: RSA side-channel attack
https://notcve.org/view.php?id=CVE-2007-3108
08 Aug 2007 — The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and earlier does not properly perform Montgomery multiplication, which might allow local users to conduct a side-channel attack and retrieve RSA private keys. La función BN_from_montgomery en el crypto/bn/bn_mont.c del OpenSSL 0.9.8e y anteriores, no interpreta adecuadamente la multiplicación Montgomery, lo que permite a usuarios locales llevar a cabo ataques por canal colateral (side-channel) y recuperar claves privadas RSA. Multiple ... • http://cvs.openssl.org/chngview?cn=16275 •
CVSS: 10.0EPSS: 73%CPEs: 16EXPL: 0CVE-2006-3738 – openssl get_shared_ciphers overflow
https://notcve.org/view.php?id=CVE-2006-3738
28 Sep 2006 — Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers. Desbordamiento de búfer en la función SSL_get_shared_ciphers en OpenSSL 0.9.7 anterior a 0.9.7l, 0.9.8 anterior a 0.9.8d, y versiones anteriores tiene impacto y vectores de ataque no especificados implicando una lista de cifras larga. • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 7%CPEs: 16EXPL: 0CVE-2006-2937 – openssl ASN.1 DoS
https://notcve.org/view.php?id=CVE-2006-2937
28 Sep 2006 — OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition. OpenSSL 0.9.7 en versiones anteriores a 0.9.7l y 0.9.8 en versiones anteriores a 0.9.8d permite a atacantes remotos provocar una denegación de servicio (bucle infinito y consumo de memoria) a través de estructuras ASN.1 mal formadas que desencadenan una condición de error manejada inc... • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 16%CPEs: 47EXPL: 0CVE-2006-2940 – openssl public key DoS
https://notcve.org/view.php?id=CVE-2006-2940
28 Sep 2006 — OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2) "public modulus" values in X.509 certificates that require extra time to process when using RSA signature verification. OpenSSL 0.9.7 en versiones anteriores a 0.9.7l, 0.9.8 en versiones anteriores a 0.9.8d y versiones anteriores permite a atacantes provocar una denegación de servicio (consumo de CPU) a través... • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 25%CPEs: 20EXPL: 2CVE-2006-4343 – OpenSSL SSLv2 - Null Pointer Dereference Client Denial of Service
https://notcve.org/view.php?id=CVE-2006-4343
28 Sep 2006 — The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference. La función get_server_hello código del cliente SSLv2 en OpenSSL 0.9.7 anterior a 0.9.7l, 0.9.8 anterior a 0.9.8d, y versiones anteriores permite a servidores remotos provocar una denegación de servicio (caída del cliente) mediante vectores desconocidos que... • https://www.exploit-db.com/exploits/28726 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 3%CPEs: 45EXPL: 0CVE-2006-4339 – openssl signature forgery
https://notcve.org/view.php?id=CVE-2006-4339
05 Sep 2006 — OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1. OpenSSL en versiones anteriores a 0.9.7, 0.9.7 en versiones anteriores a 0.9.7k y 0.9.8 en versiones anteriores a 0.9.8c, cuando usa una clave RSA con exponente 3, elim... • ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc • CWE-310: Cryptographic Issues •
CVSS: 5.3EPSS: 8%CPEs: 9EXPL: 0CVE-2005-2969 – openssl mitm downgrade attack
https://notcve.org/view.php?id=CVE-2005-2969
18 Oct 2005 — The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSL_OP_MSIE_SSLV2_RSA_PADDING option, disables a verification step that is required for preventing protocol version rollback attacks, which allows remote attackers to force a client and server to use a weaker protocol than needed via a man-in-the-middle attack. • ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers/dir5.10.3_docs_relnotes.pdf •