CVSS: 4.7EPSS: 0%CPEs: 96EXPL: 0CVE-2014-0076 – Slackware Security Advisory - openssl Updates
https://notcve.org/view.php?id=CVE-2014-0076
25 Mar 2014 — The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack. La implementación de la escala Montgomery en OpenSSL hasta la versión 1.0.0l no asegura que ciertas operaciones de intercambio tengan un comportamiento constante en el tiempo, lo que facilita a usuarios locales obtener nonces ECDSA a través de un ataque de caché de ... • http://advisories.mageia.org/MGASA-2014-0165.html • CWE-310: Cryptographic Issues •
CVSS: 7.5EPSS: 60%CPEs: 25EXPL: 0CVE-2013-6449 – openssl: crash when using TLS 1.2 caused by use of incorrect hash algorithm
https://notcve.org/view.php?id=CVE-2013-6449
23 Dec 2013 — The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2 obtains a certain version number from an incorrect data structure, which allows remote attackers to cause a denial of service (daemon crash) via crafted traffic from a TLS 1.2 client. La función ssl_get_algorithm2 en ssl/s3_lib.c en OpenSSL anterior a v1.0.2 obtiene un cierto número de versión de una estructura de datos incorrectos, lo que permite a atacantes remotos provocar una denegación de servicio (caída del demonio) a través de tr... • http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=ca989269a2876bae79393bd54c3e72d49975fc75 • CWE-310: Cryptographic Issues •
CVSS: 7.5EPSS: 5%CPEs: 95EXPL: 0CVE-2013-0166 – openssl: DoS due to improper handling of OCSP response verification
https://notcve.org/view.php?id=CVE-2013-0166
08 Feb 2013 — OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key. OpenSSL antes de v0.9.8y, v1.0.0 antes de v1.0.0k y v1.0.1 antes de v1.0.1d no realizar correctamente la verificación de firmas para las respuestas OCSP, permite a atacantes remotos provocar una denegación de servicio (desreferencia puntero NUL... • http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=62e4506a7d4cec1c8e1ff687f6b220f6a62a57c7 • CWE-310: Cryptographic Issues •
CVSS: 9.8EPSS: 92%CPEs: 13EXPL: 2CVE-2011-1473 – RSA BSAFE SSL-J DoS / Disclosure
https://notcve.org/view.php?id=CVE-2011-1473
16 Jun 2012 — OpenSSL before 0.9.8l, and 0.9.8m through 1.x, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection, a different vulnerability than CVE-2011-5094. NOTE: it can also be argued that it is the responsibility of server deployments, not a security library, to prevent or limit renegotiation when it is inappropriate within... • https://github.com/zjt674449039/cve-2011-1473 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 5%CPEs: 99EXPL: 0CVE-2012-2333 – openssl: record length handling integer underflow
https://notcve.org/view.php?id=CVE-2012-2333
14 May 2012 — Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation. Desbordamiento de entero en OpenSSL anteriores a v0.9.8x, v1.0.0 anteriores a v1.0.0j, y v1.0.1 anteriores a v1.0.1c, cuando TLS v1.1, TLS v1.2, o DTLS ... • http://cvs.openssl.org/chngview?cn=22538 • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 6%CPEs: 91EXPL: 3CVE-2012-2110 – OpenSSL - ASN1 BIO Memory Corruption
https://notcve.org/view.php?id=CVE-2012-2110
19 Apr 2012 — The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. La función asn1_d2i_read_bio en OpenSSL antes de v0.9.8v, en v1.0.0 antes de v1.0.0i y en v1.0.1 an... • https://www.exploit-db.com/exploits/18756 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 9%CPEs: 86EXPL: 0CVE-2012-1165 – openssl: mime_param_cmp NULL dereference crash
https://notcve.org/view.php?id=CVE-2012-1165
15 Mar 2012 — The mime_param_cmp function in crypto/asn1/asn_mime.c in OpenSSL before 0.9.8u and 1.x before 1.0.0h allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message, a different vulnerability than CVE-2006-7250. La función mime_param_cmp en crypto/asn1/asn_mime.c en OpenSSL anteriores v0.9.8u y v1.x v1.0.0h permite atacantes remotos provocar una denegación de servicio (desreferenciación de punterio NULL y caída de aplicación) a través de men... • http://cvs.openssl.org/chngview?cn=22252 • CWE-399: Resource Management Errors CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 3%CPEs: 66EXPL: 0CVE-2012-0884 – openssl: CMS and PKCS#7 Bleichenbacher attack
https://notcve.org/view.php?id=CVE-2012-0884
13 Mar 2012 — The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Million Message Attack (MMA) adaptive chosen ciphertext attack. La implementación de Cryptographic Message Syntax (CMS) y PKCS #7 de OpenSSL anteriores a 0.9.8u y 1.x anteriores a 1.0.0h no restringe apropiadamente un determinado uso de información posterior ("oracle ... • http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077086.html • CWE-310: Cryptographic Issues •
CVSS: 6.5EPSS: 4%CPEs: 73EXPL: 0CVE-2006-7250 – openssl: mime_hdr_cmp NULL dereference crash
https://notcve.org/view.php?id=CVE-2006-7250
29 Feb 2012 — The mime_hdr_cmp function in crypto/asn1/asn_mime.c in OpenSSL 0.9.8t and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message. La función mime_hdr_cmp en crypto/asn1/asn_mime.c en OpenSSL v0.9.8t y anteriores permite a atacantes remotos causar una denegación de servicio (desreferencia a puntero nulo y caída de la aplicación) a través de un mensaje S/MIME modificado para tal fin. Multiple vulnerabilities have been found in... • http://cvs.openssl.org/chngview?cn=22144 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 59EXPL: 0CVE-2011-4354
https://notcve.org/view.php?id=CVE-2011-4354
27 Jan 2012 — crypto/bn/bn_nist.c in OpenSSL before 0.9.8h on 32-bit platforms, as used in stunnel and other products, in certain circumstances involving ECDH or ECDHE cipher suites, uses an incorrect modular reduction algorithm in its implementation of the P-256 and P-384 NIST elliptic curves, which allows remote attackers to obtain the private key of a TLS server via multiple handshake attempts. crypto/bn/bn_nist.c en OpenSSL anterior a v0.9.8h en plataformas de 32 bits, como se utiliza en stunnel y otros productos, en... • http://crypto.di.uminho.pt/CACE/CT-RSA2012-openssl-src.zip • CWE-310: Cryptographic Issues •