CVSS: 5.9EPSS: 7%CPEs: 31EXPL: 0CVE-2014-3511 – openssl: TLS protocol downgrade attack
https://notcve.org/view.php?id=CVE-2014-3511
06 Aug 2014 — The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 1.0.1 before 1.0.1i allows man-in-the-middle attackers to force the use of TLS 1.0 by triggering ClientHello message fragmentation in communication between a client and server that both support later TLS versions, related to a "protocol downgrade" issue. La función ssl23_get_client_hello en s23_srvr.c en OpenSSL 1.0.1 anterior a 1.0.1i permite a atacantes man-in-the-middle forzar el uso de TLS 1.0 mediante la provocación de la fragmentación de men... • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.asc • CWE-390: Detection of Error Condition Without Action •
CVSS: 7.5EPSS: 74%CPEs: 31EXPL: 0CVE-2014-3512 – FreeBSD Security Advisory - OpenSSL Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-3512
06 Aug 2014 — Multiple buffer overflows in crypto/srp/srp_lib.c in the SRP implementation in OpenSSL 1.0.1 before 1.0.1i allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an invalid SRP (1) g, (2) A, or (3) B parameter. Múltiples desbordamientos de buffer en crypto/srp/srp_lib.c en la implementación SRP en OpenSSL 1.0.1 anterior a 1.0.1i permiten a atacantes remotos causar una denegación de servicio (caída de aplicación) o posiblemente tener otro impacto... • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.asc • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 21%CPEs: 12EXPL: 1CVE-2014-5139 – FreeBSD Security Advisory - OpenSSL Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-5139
06 Aug 2014 — The ssl_set_client_disabled function in t1_lib.c in OpenSSL 1.0.1 before 1.0.1i allows remote SSL servers to cause a denial of service (NULL pointer dereference and client application crash) via a ServerHello message that includes an SRP ciphersuite without the required negotiation of that ciphersuite with the client. La función ssl_set_client_disabled en t1_lib.c en OpenSSL 1.0.1 anterior a 1.0.1i permite a servidores SSL remotos causar una denegación de servicio (referencia a puntero nulo y caída de la ap... • https://github.com/uthrasri/CVE-2014-5139 •
CVSS: 7.5EPSS: 92%CPEs: 16EXPL: 0CVE-2014-3470 – openssl: client-side denial of service when using anonymous ECDH
https://notcve.org/view.php?id=CVE-2014-3470
05 Jun 2014 — The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value. La función ssl3_send_client_key_exchange en s3_clnt.c en OpenSSL anterior a 0.9.8za, 1.0.0 anterior a 1.0.0m y 1.0.1 anterior a 1.0.1h, cuando un suite de cifrado ECDH anónimo está utilizado, permite a... • http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 90%CPEs: 8EXPL: 3CVE-2014-0195 – OpenSSL DTLS Fragment Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-0195
05 Jun 2014 — The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment. La función dtls1_reassemble_fragment en d1_both.c en OpenSSL anterior a 0.9.8za, 1.0.0 anterior a 1.0.0m y 1.0.1 anterior a 1.0.1h no valida debidamente lon... • https://packetstorm.news/files/id/180495 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 79%CPEs: 16EXPL: 3CVE-2014-0221 – openssl: DoS when sending invalid DTLS handshake
https://notcve.org/view.php?id=CVE-2014-0221
05 Jun 2014 — The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake. La función dtls1_get_message_fragment en d1_both.c en OpenSSL anterior a 0.9.8za, 1.0.0 anterior a 1.0.0m y 1.0.1 anterior a 1.0.1h permite a atacantes remotos causar una denegación de servicio (recursión y caída de cliente) a través de un mensaje DT... • https://github.com/chihyeonwon/OpenSSL_DTLS_CVE_2014_0221 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.4EPSS: 92%CPEs: 28EXPL: 7CVE-2014-0224 – openssl: SSL/TLS MITM vulnerability
https://notcve.org/view.php?id=CVE-2014-0224
05 Jun 2014 — OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability. OpenSSL anterior a 0.9.8za, 1.0.0 anterior a 1.0.0m y 1.0.1 anterior a 1.0.1h no restringe debidamente el proce... • https://packetstorm.news/files/id/180961 • CWE-326: Inadequate Encryption Strength CWE-841: Improper Enforcement of Behavioral Workflow •
CVSS: 7.5EPSS: 30%CPEs: 13EXPL: 0CVE-2014-0198 – openssl: SSL_MODE_RELEASE_BUFFERS NULL pointer dereference in do_ssl3_write()
https://notcve.org/view.php?id=CVE-2014-0198
05 May 2014 — The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition. La función do_ssl3_write en s3_pkt.c en OpenSSL 1.x hasta 1.0.1g, cuando SSL_MODE_RELEASE_BUFFERS está habilitado, no maneja debidamente un puntero de buffer durante ciertas... • http://advisories.mageia.org/MGASA-2014-0204.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 14%CPEs: 8EXPL: 0CVE-2010-5298 – openssl: freelist misuse causing a possible use-after-free
https://notcve.org/view.php?id=CVE-2010-5298
14 Apr 2014 — Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment. Condición de carrera en la función ssl3_read_bytes en s3_pkt.c en OpenSSL hasta 1.0.1g, cuando SSL_MODE_RELEASE_BUFFERS está habilitado, permite a atacantes remotos inyectar datos a través de sesiones o causar u... • http://advisories.mageia.org/MGASA-2014-0187.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 7.5EPSS: 94%CPEs: 54EXPL: 84CVE-2014-0160 – OpenSSL Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2014-0160
07 Apr 2014 — The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug. Las implementaciones de (1) TLS y (2) DTLS en OpenSSL 1.0.1 en versiones anteriores a 1.0.1g no manejan adecuadamente paquetes Heartbeat Extension, lo qu... • https://packetstorm.news/files/id/180746 • CWE-125: Out-of-bounds Read CWE-201: Insertion of Sensitive Information Into Sent Data •