![](/assets/img/cve_300x82_sin_bg.png)
CVE-2014-0160 – OpenSSL Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2014-0160
07 Apr 2014 — The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug. Las implementaciones de (1) TLS y (2) DTLS en OpenSSL 1.0.1 en versiones anteriores a 1.0.1g no manejan adecuadamente paquetes Heartbeat Extension, lo qu... • https://packetstorm.news/files/id/180746 • CWE-125: Out-of-bounds Read CWE-201: Insertion of Sensitive Information Into Sent Data •
![](/assets/img/cve_300x82_sin_bg.png)
CVE-2013-4353 – openssl: client NULL dereference crash on malformed handshake packets
https://notcve.org/view.php?id=CVE-2013-4353
08 Jan 2014 — The ssl3_take_mac function in ssl/s3_both.c in OpenSSL 1.0.1 before 1.0.1f allows remote TLS servers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Next Protocol Negotiation record in a TLS handshake. La función ssl3_take_mac en ssl/s3_both.c en OpenSSL 1.0.1 anterior a 1.0.1f permite a los servidores TLS remotos provocar una denegación de servicio (referencia a un puntero NULL y caída de aplicación) a través de un registro Next Protocol Negotiation modificado en... • http://git.openssl.org/gitweb/?p=openssl.git%3Ba=blob_plain%3Bf=CHANGES%3Bhb=refs/heads/OpenSSL_1_0_1-stable • CWE-20: Improper Input Validation CWE-476: NULL Pointer Dereference •
![](/assets/img/cve_300x82_sin_bg.png)
CVE-2013-6450 – openssl: crash in DTLS renegotiation after packet loss
https://notcve.org/view.php?id=CVE-2013-6450
01 Jan 2014 — The DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l and 1.0.1 before 1.0.1f does not properly maintain data structures for digest and encryption contexts, which might allow man-in-the-middle attackers to trigger the use of a different context and cause a denial of service (application crash) by interfering with packet delivery, related to ssl/d1_both.c and ssl/t1_enc.c. La implementación de retransmisión DTLS en OpenSSL través 0.9.8y y 1.x través 1.0.1e no mantiene adecuadamente las estruc... • http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=34628967f1e65dc8f34e000f0f5518e21afbfc7b • CWE-310: Cryptographic Issues •
![](/assets/img/cve_300x82_sin_bg.png)
CVE-2013-6449 – openssl: crash when using TLS 1.2 caused by use of incorrect hash algorithm
https://notcve.org/view.php?id=CVE-2013-6449
23 Dec 2013 — The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2 obtains a certain version number from an incorrect data structure, which allows remote attackers to cause a denial of service (daemon crash) via crafted traffic from a TLS 1.2 client. La función ssl_get_algorithm2 en ssl/s3_lib.c en OpenSSL anterior a v1.0.2 obtiene un cierto número de versión de una estructura de datos incorrectos, lo que permite a atacantes remotos provocar una denegación de servicio (caída del demonio) a través de tr... • http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=ca989269a2876bae79393bd54c3e72d49975fc75 • CWE-310: Cryptographic Issues •
![](/assets/img/cve_300x82_sin_bg.png)
CVE-2013-0166 – openssl: DoS due to improper handling of OCSP response verification
https://notcve.org/view.php?id=CVE-2013-0166
08 Feb 2013 — OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key. OpenSSL antes de v0.9.8y, v1.0.0 antes de v1.0.0k y v1.0.1 antes de v1.0.1d no realizar correctamente la verificación de firmas para las respuestas OCSP, permite a atacantes remotos provocar una denegación de servicio (desreferencia puntero NUL... • http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=62e4506a7d4cec1c8e1ff687f6b220f6a62a57c7 • CWE-310: Cryptographic Issues •
![](/assets/img/cve_300x82_sin_bg.png)
CVE-2013-0169 – SSL/TLS: CBC padding timing attack (lucky-13)
https://notcve.org/view.php?id=CVE-2013-0169
08 Feb 2013 — The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue. El protocolo TLS v1.1 y v1.2 y el protocolo DTLS v1.0 y v1.2, tal como se... • http://blog.fuseyism.com/index.php/2013/02/20/security-icedtea-2-1-6-2-2-6-2-3-7-for-openjdk-7-released • CWE-310: Cryptographic Issues •
![](/assets/img/cve_300x82_sin_bg.png)
CVE-2012-2686 – OpenSSL TLS 1.1 and 1.2 AES-NI Denial of Service
https://notcve.org/view.php?id=CVE-2012-2686
08 Feb 2013 — crypto/evp/e_aes_cbc_hmac_sha1.c in the AES-NI functionality in the TLS 1.1 and 1.2 implementations in OpenSSL 1.0.1 before 1.0.1d allows remote attackers to cause a denial of service (application crash) via crafted CBC data. crypto/evp/e_aes_cbc_hmac_sha1.c en la funcionalidad AES-NI en el TLS v1.1 y v1.2 en las implementaciones OpenSSL v1.0.1d antes de v1.0.1 permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a través de los datos de CBC artesanales. Potential security v... • https://packetstorm.news/files/id/180493 • CWE-310: Cryptographic Issues •
![](/assets/img/cve_300x82_sin_bg.png)
CVE-2012-2333 – openssl: record length handling integer underflow
https://notcve.org/view.php?id=CVE-2012-2333
14 May 2012 — Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation. Desbordamiento de entero en OpenSSL anteriores a v0.9.8x, v1.0.0 anteriores a v1.0.0j, y v1.0.1 anteriores a v1.0.1c, cuando TLS v1.1, TLS v1.2, o DTLS ... • http://cvs.openssl.org/chngview?cn=22538 • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
![](/assets/img/cve_300x82_sin_bg.png)
CVE-2012-2110 – OpenSSL - ASN1 BIO Memory Corruption
https://notcve.org/view.php?id=CVE-2012-2110
19 Apr 2012 — The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. La función asn1_d2i_read_bio en OpenSSL antes de v0.9.8v, en v1.0.0 antes de v1.0.0i y en v1.0.1 an... • https://www.exploit-db.com/exploits/18756 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
![](/assets/img/cve_300x82_sin_bg.png)
CVE-2007-5536
https://notcve.org/view.php?id=CVE-2007-5536
18 Oct 2007 — Unspecified vulnerability in OpenSSL before A.00.09.07l on HP-UX B.11.11, B.11.23, and B.11.31 allows local users to cause a denial of service via unspecified vectors. Vulnerabilidad sin especificar en el OpenSSL anterior al A.00.09.07l en el HP-UX B.11.11, B.11.23 y B.11.31 permite a usuarios locales provocar una denegación de servicio a través de vectores sin especificar. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01203958 •