CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2005-2946
https://notcve.org/view.php?id=CVE-2005-2946
16 Sep 2005 — The default configuration on OpenSSL before 0.9.8 uses MD5 for creating message digests instead of a more cryptographically strong algorithm, which makes it easier for remote attackers to forge certificates with a valid certificate authority signature. • http://www.cits.rub.de/MD5Collisions • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 7.5EPSS: 0%CPEs: 28EXPL: 0CVE-2005-1797
https://notcve.org/view.php?id=CVE-2005-1797
26 May 2005 — The design of Advanced Encryption Standard (AES), aka Rijndael, allows remote attackers to recover AES keys via timing attacks on S-box lookups, which are difficult to perform in constant time in AES implementations. • http://cr.yp.to/antiforgery/cachetiming-20050414.pdf •
CVSS: 5.5EPSS: 0%CPEs: 26EXPL: 0CVE-2004-0975
https://notcve.org/view.php?id=CVE-2004-0975
20 Oct 2004 — The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files. • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136302 •
CVSS: 7.5EPSS: 5%CPEs: 252EXPL: 0CVE-2004-0079
https://notcve.org/view.php?id=CVE-2004-0079
18 Mar 2004 — The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference. La función do_change_cipher_spec en OpenSSL 0.9.6c hasta 0.9.6.k y 0.9.7a hasta 0.9.7c permite que atacantes remotos provoquen una denegación de servicio (caída) mediante una hábil unión SSL/TLS que provoca un puntero nulo. • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:05.openssl.asc • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 3%CPEs: 252EXPL: 0CVE-2004-0081
https://notcve.org/view.php?id=CVE-2004-0081
18 Mar 2004 — OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool. OpenSSL 0.9.6 anteriores a la 0.9.6d no manejan adecuadamente los tipos de mensajes desconocidos, lo que permite a atacantes remotos causar una denegación de servicios (por bucle infinito), como se demuestra utilizando la herramienta de testeo Codenomicon TLS. • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt •
CVSS: 7.5EPSS: 0%CPEs: 245EXPL: 0CVE-2004-0112
https://notcve.org/view.php?id=CVE-2004-0112
18 Mar 2004 — The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read. El código que une SSL/TLS en OpenSSL 0.9.7a, 0.9.7b y 0.9.7c, usando Kerberos, no comprueba adecuadamente la longitud de los tickets de Kerberos, lo que permite que atacantes remotos provoquen una dene... • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 6%CPEs: 39EXPL: 0CVE-2003-0851
https://notcve.org/view.php?id=CVE-2003-0851
06 Nov 2003 — OpenSSL 0.9.6k allows remote attackers to cause a denial of service (crash via large recursion) via malformed ASN.1 sequences. OpenSSL 0.9.6k, cuando se ejecuta en Windows, permite a atacantes remotos causar una denegación de servicio (caída por recursión excesiva) mediante secuencias ASN.1 malformadas. • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-003.txt.asc •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2002-1568
https://notcve.org/view.php?id=CVE-2002-1568
08 Oct 2003 — OpenSSL 0.9.6e uses assertions when detecting buffer overflow attacks instead of less severe mechanisms, which allows remote attackers to cause a denial of service (crash) via certain messages that cause OpenSSL to abort from a failed assertion, as demonstrated using SSLv2 CLIENT_MASTER_KEY messages, which are not properly handled in s2_srvr.c. OpenSSL 0.96e usa aserciones cuando detecta ataques de desbordamineto de búfer en vez de mencanismos menos severos,lo que permite a atacantes remotos causar una dene... • http://cvs.openssl.org/chngview?cn=7659 •
CVSS: 7.5EPSS: 44%CPEs: 2EXPL: 1CVE-2003-0543 – OpenSSL ASN.1 < 0.9.6j/0.9.7b - Brute Forcer for Parsing Bugs
https://notcve.org/view.php?id=CVE-2003-0543
01 Oct 2003 — Integer overflow in OpenSSL 0.9.6 and 0.9.7 allows remote attackers to cause a denial of service (crash) via an SSL client certificate with certain ASN.1 tag values. Desbordamiento de enteros en OpenSSL 0.9.6 y 0.9.7 permite a atacantes remotos causar una denegación de servicio (caída) mediante un certificado SSL de cliente con ciertos valores en la etiqueta ASN.1. • https://www.exploit-db.com/exploits/146 •
CVSS: 7.5EPSS: 25%CPEs: 2EXPL: 0CVE-2003-0544 – CAN-2003-0543/0544 OpenSSL ASN.1 protocol crashes
https://notcve.org/view.php?id=CVE-2003-0544
01 Oct 2003 — OpenSSL 0.9.6 and 0.9.7 does not properly track the number of characters in certain ASN.1 inputs, which allows remote attackers to cause a denial of service (crash) via an SSL client certificate that causes OpenSSL to read past the end of a buffer when the long form is used. OpenSSL 0.9.6 y 0.9.7no lleva bien la cuenta del número de caractéres de ciertas entradas ASN.1, lo que permite a atacantes remotos causar una denegación de servicio (caída) mediante un certifiucado que hace que OpenSSL lea más allá del... • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=104893 •