CVSS: 6.1EPSS: 9%CPEs: 59EXPL: 0CVE-2008-5077 – OpenSSL Incorrect checks for malformed signatures
https://notcve.org/view.php?id=CVE-2008-5077
07 Jan 2009 — OpenSSL 0.9.8i and earlier does not properly check the return value from the EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys. OpenSSL 0.9.8i y versiones anteriores no comprueba correctamente el valor de retorno de la función EVP_VerifyFinal, lo que permite a atacantes remotos evitar la validación de la cadena del certificado a través de una firma SSL/TLS mal formada para las claves DSA y ECDSA. • http://lists.apple.com/archives/security-announce/2009/May/msg00002.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 14%CPEs: 3EXPL: 2CVE-2008-1678 – httpd: mod_ssl per-connection memory leak for connections with zlib compression
https://notcve.org/view.php?id=CVE-2008-1678
10 Jul 2008 — Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm. Fuga de memoria en la Función zlib_stateful_init en crypto/comp/c_zlib.c en libssl en OpenSSL v0.9.8f a la 0.9.8h, permite a atacantes remotos causar una denegación de servicio (consu... • http://bugs.gentoo.org/show_bug.cgi?id=222643 • CWE-399: Resource Management Errors CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.5EPSS: 12%CPEs: 3EXPL: 0CVE-2008-1672
https://notcve.org/view.php?id=CVE-2008-1672
29 May 2008 — OpenSSL 0.9.8f and 0.9.8g allows remote attackers to cause a denial of service (crash) via a TLS handshake that omits the Server Key Exchange message and uses "particular cipher suites," which triggers a NULL pointer dereference. OpenSSL 0.9.8f y 0.9.8g permite a atacantes remotos provocar una denegación de servicio (caída) mediante una negociación TLS que omite el Server Key Excahnge y usa "particular cipher suites." • http://cert.fi/haavoittuvuudet/2008/advisory-openssl.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 12%CPEs: 2EXPL: 0CVE-2008-0891
https://notcve.org/view.php?id=CVE-2008-0891
29 May 2008 — Double free vulnerability in OpenSSL 0.9.8f and 0.9.8g, when the TLS server name extensions are enabled, allows remote attackers to cause a denial of service (crash) via a malformed Client Hello packet. NOTE: some of these details are obtained from third party information. Vulnerabilidad de doble liberación en OpenSSL 0.9.8f y 0.9.8g, cuando las extensiones de nombre de servidor TLS están habilitadas, permite a atacantes remotos provocar una denegación de servicio (caída) a través de un paquete manipulado. ... • http://cert.fi/haavoittuvuudet/2008/advisory-openssl.html • CWE-189: Numeric Errors •
CVSS: 7.8EPSS: 20%CPEs: 6EXPL: 8CVE-2008-0166 – OpenSSL 0.9.8c-1 < 0.9.8g-9 (Debian and Derivatives) - Predictable PRNG Brute Force SSH
https://notcve.org/view.php?id=CVE-2008-0166
13 May 2008 — OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptographic keys. OpenSSL versión 0.9.8c-1 hasta versiones anteriores a 0.9.8g-9, sobre sistemas operativos basados en Debian usa un generador de números aleatorios que genera números predecibles, lo que facilita a atacantes remotos la conducción de ataques de adivinaci... • https://www.exploit-db.com/exploits/5622 • CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2007-5536
https://notcve.org/view.php?id=CVE-2007-5536
18 Oct 2007 — Unspecified vulnerability in OpenSSL before A.00.09.07l on HP-UX B.11.11, B.11.23, and B.11.31 allows local users to cause a denial of service via unspecified vectors. Vulnerabilidad sin especificar en el OpenSSL anterior al A.00.09.07l en el HP-UX B.11.11, B.11.23 y B.11.31 permite a usuarios locales provocar una denegación de servicio a través de vectores sin especificar. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01203958 •
CVSS: 9.8EPSS: 36%CPEs: 6EXPL: 0CVE-2007-4995 – openssl dtls out of order vulnerabilitiy
https://notcve.org/view.php?id=CVE-2007-4995
13 Oct 2007 — Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f allows remote attackers to execute arbitrary code via unspecified vectors. Un error por un paso en la implementación de DTLS en OpenSSL versiones 0.9.8 anteriores a 0.9.8f, permite a atacantes remotos ejecutar código arbitrario por medio de vectores no especificados. Multiple vulnerabilities have been found in AMD64 x86 emulation base libraries, the worst of which may allow remote execution of arbitrary code. Versions prior to 201404... • http://bugs.gentoo.org/show_bug.cgi?id=195634 • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 75%CPEs: 26EXPL: 0CVE-2007-5135 – openssl: SSL_get_shared_ciphers() off-by-one
https://notcve.org/view.php?id=CVE-2007-5135
27 Sep 2007 — Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a fix for CVE-2006-3738. As of 20071012, it is unknown whether code execution is possible. Un error por un paso en la función SSL_get_shared_ciphers en OpenSSL versiones 0.9.7 hasta 0.9.7l, y versiones 0.9.8 hasta 0.9.8f, podría permit... • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc • CWE-189: Numeric Errors CWE-193: Off-by-one Error •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2007-3108 – openssl: RSA side-channel attack
https://notcve.org/view.php?id=CVE-2007-3108
08 Aug 2007 — The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and earlier does not properly perform Montgomery multiplication, which might allow local users to conduct a side-channel attack and retrieve RSA private keys. La función BN_from_montgomery en el crypto/bn/bn_mont.c del OpenSSL 0.9.8e y anteriores, no interpreta adecuadamente la multiplicación Montgomery, lo que permite a usuarios locales llevar a cabo ataques por canal colateral (side-channel) y recuperar claves privadas RSA. Multiple ... • http://cvs.openssl.org/chngview?cn=16275 •
CVSS: 10.0EPSS: 96%CPEs: 16EXPL: 0CVE-2006-3738 – openssl get_shared_ciphers overflow
https://notcve.org/view.php?id=CVE-2006-3738
28 Sep 2006 — Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers. Desbordamiento de búfer en la función SSL_get_shared_ciphers en OpenSSL 0.9.7 anterior a 0.9.7l, 0.9.8 anterior a 0.9.8d, y versiones anteriores tiene impacto y vectores de ataque no especificados implicando una lista de cifras larga. • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •