CVSS: 7.5EPSS: 21%CPEs: 3EXPL: 0CVE-2008-1672 – secadv_20080528.txt
https://notcve.org/view.php?id=CVE-2008-1672
28 May 2008 — OpenSSL 0.9.8f and 0.9.8g allows remote attackers to cause a denial of service (crash) via a TLS handshake that omits the Server Key Exchange message and uses "particular cipher suites," which triggers a NULL pointer dereference. OpenSSL 0.9.8f y 0.9.8g permite a atacantes remotos provocar una denegación de servicio (caída) mediante una negociación TLS que omite el Server Key Excahnge y usa "particular cipher suites." Testing using the Codenomicon TLS test suite discovered a flaw in the handling of server n... • http://cert.fi/haavoittuvuudet/2008/advisory-openssl.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 12%CPEs: 2EXPL: 0CVE-2008-0891 – secadv_20080528.txt
https://notcve.org/view.php?id=CVE-2008-0891
28 May 2008 — Double free vulnerability in OpenSSL 0.9.8f and 0.9.8g, when the TLS server name extensions are enabled, allows remote attackers to cause a denial of service (crash) via a malformed Client Hello packet. NOTE: some of these details are obtained from third party information. Vulnerabilidad de doble liberación en OpenSSL 0.9.8f y 0.9.8g, cuando las extensiones de nombre de servidor TLS están habilitadas, permite a atacantes remotos provocar una denegación de servicio (caída) a través de un paquete manipulado. ... • http://cert.fi/haavoittuvuudet/2008/advisory-openssl.html • CWE-189: Numeric Errors •
CVSS: 7.8EPSS: 5%CPEs: 6EXPL: 8CVE-2008-0166 – OpenSSL 0.9.8c-1 < 0.9.8g-9 (Debian and Derivatives) - Predictable PRNG Brute Force SSH
https://notcve.org/view.php?id=CVE-2008-0166
13 May 2008 — OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptographic keys. OpenSSL versión 0.9.8c-1 hasta versiones anteriores a 0.9.8g-9, sobre sistemas operativos basados en Debian usa un generador de números aleatorios que genera números predecibles, lo que facilita a atacantes remotos la conducción de ataques de adivinaci... • https://www.exploit-db.com/exploits/5622 • CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) •
CVSS: 9.8EPSS: 9%CPEs: 6EXPL: 0CVE-2007-4995 – openssl dtls out of order vulnerabilitiy
https://notcve.org/view.php?id=CVE-2007-4995
12 Oct 2007 — Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f allows remote attackers to execute arbitrary code via unspecified vectors. Un error por un paso en la implementación de DTLS en OpenSSL versiones 0.9.8 anteriores a 0.9.8f, permite a atacantes remotos ejecutar código arbitrario por medio de vectores no especificados. Andy Polyakov discovered a flaw in OpenSSL's DTLS implementation which could lead to the compromise of clients and servers with DTLS enabled. All versions of 0.9.8 prior... • http://bugs.gentoo.org/show_bug.cgi?id=195634 • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 30%CPEs: 26EXPL: 0CVE-2007-5135 – openssl: SSL_get_shared_ciphers() off-by-one
https://notcve.org/view.php?id=CVE-2007-5135
27 Sep 2007 — Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a fix for CVE-2006-3738. As of 20071012, it is unknown whether code execution is possible. Un error por un paso en la función SSL_get_shared_ciphers en OpenSSL versiones 0.9.7 hasta 0.9.7l, y versiones 0.9.8 hasta 0.9.8f, podría permit... • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc • CWE-189: Numeric Errors CWE-193: Off-by-one Error •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2007-3108 – openssl: RSA side-channel attack
https://notcve.org/view.php?id=CVE-2007-3108
08 Aug 2007 — The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and earlier does not properly perform Montgomery multiplication, which might allow local users to conduct a side-channel attack and retrieve RSA private keys. La función BN_from_montgomery en el crypto/bn/bn_mont.c del OpenSSL 0.9.8e y anteriores, no interpreta adecuadamente la multiplicación Montgomery, lo que permite a usuarios locales llevar a cabo ataques por canal colateral (side-channel) y recuperar claves privadas RSA. A flaw in... • http://cvs.openssl.org/chngview?cn=16275 •
CVSS: 7.8EPSS: 4%CPEs: 16EXPL: 0CVE-2006-2937 – openssl ASN.1 DoS
https://notcve.org/view.php?id=CVE-2006-2937
28 Sep 2006 — OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition. OpenSSL 0.9.7 en versiones anteriores a 0.9.7l y 0.9.8 en versiones anteriores a 0.9.8d permite a atacantes remotos provocar una denegación de servicio (bucle infinito y consumo de memoria) a través de estructuras ASN.1 mal formadas que desencadenan una condición de error manejada inc... • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 12%CPEs: 47EXPL: 0CVE-2006-2940 – openssl public key DoS
https://notcve.org/view.php?id=CVE-2006-2940
28 Sep 2006 — OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2) "public modulus" values in X.509 certificates that require extra time to process when using RSA signature verification. OpenSSL 0.9.7 en versiones anteriores a 0.9.7l, 0.9.8 en versiones anteriores a 0.9.8d y versiones anteriores permite a atacantes provocar una denegación de servicio (consumo de CPU) a través... • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 73%CPEs: 16EXPL: 0CVE-2006-3738 – openssl get_shared_ciphers overflow
https://notcve.org/view.php?id=CVE-2006-3738
28 Sep 2006 — Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers. Desbordamiento de búfer en la función SSL_get_shared_ciphers en OpenSSL 0.9.7 anterior a 0.9.7l, 0.9.8 anterior a 0.9.8d, y versiones anteriores tiene impacto y vectores de ataque no especificados implicando una lista de cifras larga. Potential vulnerabilities have been identified with HP Secure Web... • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 11%CPEs: 20EXPL: 3CVE-2006-4343 – OpenSSL SSLv2 - Null Pointer Dereference Client Denial of Service
https://notcve.org/view.php?id=CVE-2006-4343
28 Sep 2006 — The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference. La función get_server_hello código del cliente SSLv2 en OpenSSL 0.9.7 anterior a 0.9.7l, 0.9.8 anterior a 0.9.8d, y versiones anteriores permite a servidores remotos provocar una denegación de servicio (caída del cliente) mediante vectores desconocidos que... • https://packetstorm.news/files/id/62019 • CWE-476: NULL Pointer Dereference •