Page 22 of 138 results (0.011 seconds)

CVSS: 4.3EPSS: 13%CPEs: 2EXPL: 0

CVE-2008-0891

https://notcve.org/view.php?id=CVE-2008-0891

Double free vulnerability in OpenSSL 0.9.8f and 0.9.8g, when the TLS server name extensions are enabled, allows remote attackers to cause a denial of service (crash) via a malformed Client Hello packet. NOTE: some of these details are obtained from third party information. Vulnerabilidad de doble liberación en OpenSSL 0.9.8f y 0.9.8g, cuando las extensiones de nombre de servidor TLS están habilitadas, permite a atacantes remotos provocar una denegación de servicio (caída) a través de un paquete manipulado. NOTA: Algunos de estos detalles se han obtenido de fuentes de terceros. • http://cert.fi/haavoittuvuudet/2008/advisory-openssl.html http://secunia.com/advisories/30405 http://secunia.com/advisories/30460 http://secunia.com/advisories/30825 http://secunia.com/advisories/30852 http://secunia.com/advisories/30868 http://secunia.com/advisories/31228 http://secunia.com/advisories/31288 http://security.gentoo.org/glsa/glsa-200806-08.xml http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.562004 http://sourceforge.net/project • CWE-189: Numeric Errors •

CVSS: 7.8EPSS: 9%CPEs: 6EXPL: 5

CVE-2008-0166 – OpenSSL 0.9.8c-1 < 0.9.8g-9 (Debian and Derivatives) - Predictable PRNG Brute Force SSH

https://notcve.org/view.php?id=CVE-2008-0166

OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptographic keys. OpenSSL versión 0.9.8c-1 hasta versiones anteriores a 0.9.8g-9, sobre sistemas operativos basados en Debian usa un generador de números aleatorios que genera números predecibles, lo que facilita a atacantes remotos la conducción de ataques de adivinación por fuerza bruta contra claves criptográficas. • https://www.exploit-db.com/exploits/5622 https://www.exploit-db.com/exploits/5720 https://www.exploit-db.com/exploits/5632 https://github.com/demining/Vulnerable-to-Debian-OpenSSL-bug-CVE-2008-0166 http://metasploit.com/users/hdm/tools/debian-openssl http://secunia.com/advisories/30136 http://secunia.com/advisories/30220 http://secunia.com/advisories/30221 http://secunia.com/advisories/30231 http://secunia.com/advisories/30239 http://secunia.com/advisories/30249 http:/ • CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) •

CVSS: 4.9EPSS: 0%CPEs: 4EXPL: 0

CVE-2007-5536

https://notcve.org/view.php?id=CVE-2007-5536

Unspecified vulnerability in OpenSSL before A.00.09.07l on HP-UX B.11.11, B.11.23, and B.11.31 allows local users to cause a denial of service via unspecified vectors. Vulnerabilidad sin especificar en el OpenSSL anterior al A.00.09.07l en el HP-UX B.11.11, B.11.23 y B.11.31 permite a usuarios locales provocar una denegación de servicio a través de vectores sin especificar. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01203958 http://osvdb.org/37894 http://secunia.com/advisories/27265 http://www.securityfocus.com/bid/26093 http://www.vupen.com/english/advisories/2007/3526 https://exchange.xforce.ibmcloud.com/vulnerabilities/37231 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5871 •

CVSS: 9.3EPSS: 17%CPEs: 6EXPL: 0

CVE-2007-4995 – openssl dtls out of order vulnerabilitiy

https://notcve.org/view.php?id=CVE-2007-4995

Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f allows remote attackers to execute arbitrary code via unspecified vectors. Un error por un paso en la implementación de DTLS en OpenSSL versiones 0.9.8 anteriores a 0.9.8f, permite a atacantes remotos ejecutar código arbitrario por medio de vectores no especificados. • http://bugs.gentoo.org/show_bug.cgi?id=195634 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01299773 http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.html http://secunia.com/advisories/25878 http://secunia.com/advisories/27205 http://secunia.com/advisories/27217 http://secunia.com/advisories/27271 http://secunia.com/advisories/27363 http://secunia.com/advisories/27434 http://secunia.com/advisories/27933 http://secunia.com/advisories/280 • CWE-189: Numeric Errors •

CVSS: 6.8EPSS: 56%CPEs: 26EXPL: 0

CVE-2007-5135 – openssl: SSL_get_shared_ciphers() off-by-one

https://notcve.org/view.php?id=CVE-2007-5135

Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a fix for CVE-2006-3738. As of 20071012, it is unknown whether code execution is possible. Un error por un paso en la función SSL_get_shared_ciphers en OpenSSL versiones 0.9.7 hasta 0.9.7l, y versiones 0.9.8 hasta 0.9.8f, podría permitir a atacantes remotos ejecutar código arbitrario por medio de un paquete diseñado que desencadena un subdesbordamiento de búfer de un byte. NOTA: este problema fue introducido como resultado de una corrección para CVE-2006-3738. • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html http://lists.vmware.com/pipermail/security-announce/2008/000002.html http://secunia.com/advisories/22130 http://secunia.com/advisories/27012 http://secunia.com/advisories/27021 http://secunia.com/advisories/27031 http://secunia.com/advisories/27051 http://s • CWE-189: Numeric Errors CWE-193: Off-by-one Error •