CVSS: 5.3EPSS: 94%CPEs: 26EXPL: 5CVE-2015-0204 – openssl: only allow ephemeral RSA keys in export ciphersuites (FREAK)
https://notcve.org/view.php?id=CVE-2015-0204
09 Jan 2015 — The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the "FREAK" issue. NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations. La función ssl3_get_key_exchange en s3_clnt.c en... • https://github.com/AbhishekGhosh/FREAK-Attack-CVE-2015-0204-Testing-Script • CWE-310: Cryptographic Issues CWE-757: Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') •
CVSS: 5.9EPSS: 1%CPEs: 25EXPL: 1CVE-2015-0205 – openssl: DH client certificates accepted without verification
https://notcve.org/view.php?id=CVE-2015-0205
09 Jan 2015 — The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support. La función ssl3_get_cert_verify en s3_srvr.c en OpenSSL 1.0.0 anterior a 1.0.0p y 1.0.1 anterior a... • https://github.com/saurabh2088/OpenSSL_1_0_1g_CVE-2015-0205 • CWE-310: Cryptographic Issues •
CVSS: 5.9EPSS: 9%CPEs: 26EXPL: 1CVE-2014-8275 – openssl: Fix various certificate fingerprint issues
https://notcve.org/view.php?id=CVE-2014-8275
09 Jan 2015 — OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c. OpenSSL anterior a 0.9.8zd, 1.0.0 anterior a 1.0.0p, y 1.0.1 anterior a 1.0.1k no fuerza ciertas limitacione... • https://github.com/uthrasri/Openssl_G2.5_CVE-2014-8275 • CWE-310: Cryptographic Issues •
CVSS: 7.5EPSS: 78%CPEs: 1EXPL: 0CVE-2014-3569 – FreeBSD Security Advisory - OpenSSL Updates
https://notcve.org/view.php?id=CVE-2014-3569
24 Dec 2014 — The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc, 1.0.0o, and 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unexpected handshake, as demonstrated by an SSLv3 handshake to a no-ssl3 application with certain error handling. NOTE: this issue became relevant after the CVE-2014-3568 fix. La función ssl23_get_client_hello en s23_srvr.c en OpenSSL 0.9.8zc, 1.0.0... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10679 •
CVSS: 7.5EPSS: 0%CPEs: 34EXPL: 0CVE-2014-3568 – HP Security Bulletin HPSBOV03227
https://notcve.org/view.php?id=CVE-2014-3568
15 Oct 2014 — OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j does not properly enforce the no-ssl3 build option, which allows remote attackers to bypass intended access restrictions via an SSL 3.0 handshake, related to s23_clnt.c and s23_srvr.c. OpenSSL anterior a 0.9.8zc, 1.0.0 anterior a 1.0.0o, y 1.0.1 anterior a 1.0.1j no fuerza correctamente la opción build no-ssl3, lo que permite a atacantes remotos evadir las restricciones de acceso a través de una negociación SSL 3.0, relacionado con s23_cln... • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.asc • CWE-310: Cryptographic Issues •
CVSS: 7.5EPSS: 51%CPEs: 13EXPL: 0CVE-2014-3513 – openssl: SRTP memory leak causes crash when using specially-crafted handshake message
https://notcve.org/view.php?id=CVE-2014-3513
15 Oct 2014 — Memory leak in d1_srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted handshake message. Fuga de memoria en d1_srtp.c en la extensión DTLS SRTP en OpenSSL 1.0.1 anterior a 1.0.1j permite a atacantes remotos causar una denegación de servicio (consumo de memoria) a través de un mensaje de negociación manipulado. A memory leak flaw was found in the way OpenSSL parsed the DTLS Secure Real-time Transport Protocol... • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.asc • CWE-20: Improper Input Validation CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 9.8EPSS: 85%CPEs: 34EXPL: 0CVE-2014-3567 – openssl: Invalid TLS/SSL session tickets could cause memory leak leading to server crash
https://notcve.org/view.php?id=CVE-2014-3567
15 Oct 2014 — Memory leak in the tls_decrypt_ticket function in t1_lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted session ticket that triggers an integrity-check failure. Fuga de memoria en la función tls_decrypt_ticket en t1_lib.c en OpenSSL anterior a 0.9.8zc, 1.0.0 anterior a 1.0.0o, y 1.0.1 anterior a 1.0.1j permite a atacantes remotos causar una denegación de servicio (consumo de memoria) a través d... • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.asc • CWE-20: Improper Input Validation CWE-399: Resource Management Errors CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.0EPSS: 97%CPEs: 147EXPL: 6CVE-2014-3566 – SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack
https://notcve.org/view.php?id=CVE-2014-3566
15 Oct 2014 — The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. El protocolo SSL 3.0, utilizado en OpenSSL hasta 1.0.1i y otros productos, utiliza relleno (padding) CBC no determinístico, lo que facilita a los atacantes man-in-the-middle obtener datos de texto plano a través de un ataque de relleno (padding) oracle, también conocid... • https://github.com/mikesplain/CVE-2014-3566-poodle-cookbook • CWE-310: Cryptographic Issues CWE-757: Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') •
CVSS: 7.5EPSS: 5%CPEs: 12EXPL: 1CVE-2014-5139 – FreeBSD Security Advisory - OpenSSL Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-5139
06 Aug 2014 — The ssl_set_client_disabled function in t1_lib.c in OpenSSL 1.0.1 before 1.0.1i allows remote SSL servers to cause a denial of service (NULL pointer dereference and client application crash) via a ServerHello message that includes an SRP ciphersuite without the required negotiation of that ciphersuite with the client. La función ssl_set_client_disabled en t1_lib.c en OpenSSL 1.0.1 anterior a 1.0.1i permite a servidores SSL remotos causar una denegación de servicio (referencia a puntero nulo y caída de la ap... • https://github.com/uthrasri/CVE-2014-5139 •
CVSS: 7.5EPSS: 85%CPEs: 59EXPL: 0CVE-2014-3505 – openssl: DTLS packet processing double free
https://notcve.org/view.php?id=CVE-2014-3505
06 Aug 2014 — Double free vulnerability in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (application crash) via crafted DTLS packets that trigger an error condition. Vulnerabilidad de doble liberación en d1_both.c en la implementación DTLS en OpenSSL 0.9.8 anterior a 0.9.8zb, 1.0.0 anterior a 1.0.0n, y 1.0.1 anterior a 1.0.1i permite a atacantes remotos causar una denegación de servicio (caída de apl... • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.asc • CWE-672: Operation on a Resource after Expiration or Release •