CVSS: 5.9EPSS: 0%CPEs: 31EXPL: 0CVE-2014-3511 – openssl: TLS protocol downgrade attack
https://notcve.org/view.php?id=CVE-2014-3511
06 Aug 2014 — The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 1.0.1 before 1.0.1i allows man-in-the-middle attackers to force the use of TLS 1.0 by triggering ClientHello message fragmentation in communication between a client and server that both support later TLS versions, related to a "protocol downgrade" issue. La función ssl23_get_client_hello en s23_srvr.c en OpenSSL 1.0.1 anterior a 1.0.1i permite a atacantes man-in-the-middle forzar el uso de TLS 1.0 mediante la provocación de la fragmentación de men... • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.asc • CWE-390: Detection of Error Condition Without Action •
CVSS: 5.9EPSS: 1%CPEs: 59EXPL: 0CVE-2014-3508 – openssl: information leak in pretty printing functions
https://notcve.org/view.php?id=CVE-2014-3508
06 Aug 2014 — The OBJ_obj2txt function in crypto/objects/obj_dat.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, when pretty printing is used, does not ensure the presence of '\0' characters, which allows context-dependent attackers to obtain sensitive information from process stack memory by reading output from X509_name_oneline, X509_name_print_ex, and unspecified other functions. La función OBJ_obj2txt en crypto/objects/obj_dat.c en OpenSSL 0.9.8 anterior a 0.9.8zb, 1.0.0 anterior a 1.... • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.asc • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 85%CPEs: 59EXPL: 0CVE-2014-3505 – openssl: DTLS packet processing double free
https://notcve.org/view.php?id=CVE-2014-3505
06 Aug 2014 — Double free vulnerability in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (application crash) via crafted DTLS packets that trigger an error condition. Vulnerabilidad de doble liberación en d1_both.c en la implementación DTLS en OpenSSL 0.9.8 anterior a 0.9.8zb, 1.0.0 anterior a 1.0.0n, y 1.0.1 anterior a 1.0.1i permite a atacantes remotos causar una denegación de servicio (caída de apl... • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.asc • CWE-672: Operation on a Resource after Expiration or Release •
CVSS: 7.5EPSS: 85%CPEs: 31EXPL: 0CVE-2014-3512 – FreeBSD Security Advisory - OpenSSL Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-3512
06 Aug 2014 — Multiple buffer overflows in crypto/srp/srp_lib.c in the SRP implementation in OpenSSL 1.0.1 before 1.0.1i allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an invalid SRP (1) g, (2) A, or (3) B parameter. Múltiples desbordamientos de buffer en crypto/srp/srp_lib.c en la implementación SRP en OpenSSL 1.0.1 anterior a 1.0.1i permiten a atacantes remotos causar una denegación de servicio (caída de aplicación) o posiblemente tener otro impacto... • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.asc • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 96%CPEs: 16EXPL: 0CVE-2014-0221 – openssl: DoS when sending invalid DTLS handshake
https://notcve.org/view.php?id=CVE-2014-0221
05 Jun 2014 — The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake. La función dtls1_get_message_fragment en d1_both.c en OpenSSL anterior a 0.9.8za, 1.0.0 anterior a 1.0.0m y 1.0.1 anterior a 1.0.1h permite a atacantes remotos causar una denegación de servicio (recursión y caída de cliente) a través de un mensaje DT... • http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 97%CPEs: 16EXPL: 0CVE-2014-3470 – openssl: client-side denial of service when using anonymous ECDH
https://notcve.org/view.php?id=CVE-2014-3470
05 Jun 2014 — The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value. La función ssl3_send_client_key_exchange en s3_clnt.c en OpenSSL anterior a 0.9.8za, 1.0.0 anterior a 1.0.0m y 1.0.1 anterior a 1.0.1h, cuando un suite de cifrado ECDH anónimo está utilizado, permite a... • http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc • CWE-476: NULL Pointer Dereference •
CVSS: 7.4EPSS: 97%CPEs: 28EXPL: 7CVE-2014-0224 – openssl: SSL/TLS MITM vulnerability
https://notcve.org/view.php?id=CVE-2014-0224
05 Jun 2014 — OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability. OpenSSL anterior a 0.9.8za, 1.0.0 anterior a 1.0.0m y 1.0.1 anterior a 1.0.1h no restringe debidamente el proce... • https://packetstorm.news/files/id/180961 • CWE-326: Inadequate Encryption Strength CWE-841: Improper Enforcement of Behavioral Workflow •
CVSS: 7.5EPSS: 95%CPEs: 8EXPL: 3CVE-2014-0195 – OpenSSL DTLS Fragment Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-0195
05 Jun 2014 — The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment. La función dtls1_reassemble_fragment en d1_both.c en OpenSSL anterior a 0.9.8za, 1.0.0 anterior a 1.0.0m y 1.0.1 anterior a 1.0.1h no valida debidamente lon... • https://packetstorm.news/files/id/180495 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 61%CPEs: 13EXPL: 0CVE-2014-0198 – openssl: SSL_MODE_RELEASE_BUFFERS NULL pointer dereference in do_ssl3_write()
https://notcve.org/view.php?id=CVE-2014-0198
05 May 2014 — The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition. La función do_ssl3_write en s3_pkt.c en OpenSSL 1.x hasta 1.0.1g, cuando SSL_MODE_RELEASE_BUFFERS está habilitado, no maneja debidamente un puntero de buffer durante ciertas... • http://advisories.mageia.org/MGASA-2014-0204.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 32%CPEs: 8EXPL: 0CVE-2010-5298 – openssl: freelist misuse causing a possible use-after-free
https://notcve.org/view.php?id=CVE-2010-5298
14 Apr 2014 — Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment. Condición de carrera en la función ssl3_read_bytes en s3_pkt.c en OpenSSL hasta 1.0.1g, cuando SSL_MODE_RELEASE_BUFFERS está habilitado, permite a atacantes remotos inyectar datos a través de sesiones o causar u... • http://advisories.mageia.org/MGASA-2014-0187.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •