CVSS: 7.5EPSS: 13%CPEs: 22EXPL: 0CVE-2010-4180 – openssl: NETSCAPE_REUSE_CIPHER_CHANGE_BUG ciphersuite downgrade attack
https://notcve.org/view.php?id=CVE-2010-4180
06 Dec 2010 — OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier. OpenSSL en versiones anteriores a 0.9.8q y 1.0.x en versiones anteriores a 1.0.0c, cuando SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG está habilitado, no previene adecuadame... • http://cvs.openssl.org/chngview?cn=20131 •
CVSS: 9.8EPSS: 4%CPEs: 76EXPL: 1CVE-2010-4252
https://notcve.org/view.php?id=CVE-2010-4252
06 Dec 2010 — OpenSSL before 1.0.0c, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol. OpenSSL en versiones anteriores a la 1.0.0c, si J-PAKE está activado, no valida apropiadamente los parámetros públicos en el protocolo J-PAKE, lo que permite a atacantes remotos evitar la necesidad de saber el secreto c... • http://cvs.openssl.org/chngview?cn=20098 • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 45%CPEs: 12EXPL: 0CVE-2010-3864 – OpenSSL TLS extension parsing race condition
https://notcve.org/view.php?id=CVE-2010-3864
17 Nov 2010 — Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi-threading and internal caching are enabled on a TLS server, might allow remote attackers to execute arbitrary code via client data that triggers a heap-based buffer overflow, related to (1) the TLS server name extension and (2) elliptic curve cryptography. Múltiples vulnerabilidades de condición de carrera en ssl/t1_lib.c en OpenSSL v0.9.8f a la v0.9.8o, v1.0.0, y v1.0.0a, cuando la multi-hilo la caché i... • http://blogs.sun.com/security/entry/cve_2010_3864_race_condition • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.8EPSS: 94%CPEs: 3EXPL: 1CVE-2010-2939 – OpenSSL - 'ssl3_get_key_exchange()' Use-After-Free Memory Corruption
https://notcve.org/view.php?id=CVE-2010-2939
17 Aug 2010 — Double free vulnerability in the ssl3_get_key_exchange function in the OpenSSL client (ssl/s3_clnt.c) in OpenSSL 1.0.0a, 0.9.8, 0.9.7, and possibly other versions, when using ECDH, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted private key with an invalid prime. NOTE: some sources refer to this as a use-after-free issue. Vulnerabilidad de doble liberación en la función ssl3_get_key_exchange en el cliente OpenSSL (ssl/s3_clnt.c) de Op... • https://www.exploit-db.com/exploits/34427 • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 18%CPEs: 72EXPL: 0CVE-2010-0742
https://notcve.org/view.php?id=CVE-2010-0742
03 Jun 2010 — The Cryptographic Message Syntax (CMS) implementation in crypto/cms/cms_asn1.c in OpenSSL before 0.9.8o and 1.x before 1.0.0a does not properly handle structures that contain OriginatorInfo, which allows context-dependent attackers to modify invalid memory locations or conduct double-free attacks, and possibly execute arbitrary code, via unspecified vectors. Vulnerabilidad en la implemtanción "Cryptographic Message Syntax" (CMS) en "crypto/cms/cms_asn1.c" en OpenSSL anterior a v0.9.8o y v1.x anterior a v1.0... • http://cvs.openssl.org/chngview?cn=19693 • CWE-310: Cryptographic Issues •
CVSS: 7.5EPSS: 87%CPEs: 8EXPL: 1CVE-2010-0740 – OpenSSL - Remote Denial of Service
https://notcve.org/view.php?id=CVE-2010-0740
26 Mar 2010 — The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection that triggers a NULL pointer dereference, related to the minor version number. NOTE: some of these details are obtained from third party information. La función ssl3_get_record en ssl/s3_pkt.c en OpenSSL v0.9.8f hasta v0.9.8m permite a atacantes remotos provocar una denegación de servicio (caída) a través de un registro mal form... • https://www.exploit-db.com/exploits/12334 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 1%CPEs: 13EXPL: 0CVE-2009-3245 – openssl: missing bn_wexpand return value checks
https://notcve.org/view.php?id=CVE-2009-3245
05 Mar 2010 — OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, and (4) engines/e_ubsec.c, which has unspecified impact and context-dependent attack vectors. OpenSSL en versiones anterioes a v0.9.8m cuando recibe un valor de retorno NULL de la funcion bn_wexpand hace una llamada a (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, y (4) engines/e_ubsec.c, lo que tiene un impacto ... • http://aix.software.ibm.com/aix/efixes/security/openssl_advisory.asc • CWE-20: Improper Input Validation CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 8%CPEs: 14EXPL: 0CVE-2010-0433 – openssl: crash caused by a missing krb5_sname_to_principal() return value check
https://notcve.org/view.php?id=CVE-2010-0433
05 Mar 2010 — The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot. La funcion kssl_keytab_is_available en ssl/kssl.c en OpenSSL before v... • http://aix.software.ibm.com/aix/efixes/security/openssl_advisory.asc • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 18%CPEs: 71EXPL: 0CVE-2009-4355 – openssl significant memory leak in certain SSLv3 requests (DoS)
https://notcve.org/view.php?id=CVE-2009-4355
14 Jan 2010 — Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678. Fuga de memoria en la función zlib_stateful_finish en crypto/comp/c_zlib.c en OpenSSL v0.9.8l y anteriores, y v1.0.0 ... • http://cvs.openssl.org/chngview?cn=19068 • CWE-399: Resource Management Errors CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 9.8EPSS: 3%CPEs: 21EXPL: 6CVE-2009-3555 – Mozilla NSS - NULL Character CA SSL Certificate Validation Security Bypass
https://notcve.org/view.php?id=CVE-2009-3555
09 Nov 2009 — The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other... • https://www.exploit-db.com/exploits/10071 • CWE-295: Improper Certificate Validation CWE-300: Channel Accessible by Non-Endpoint •