CVSS: 5.9EPSS: 23%CPEs: 4EXPL: 0CVE-2015-0208 – HP Security Bulletin HPSBMU03380 1
https://notcve.org/view.php?id=CVE-2015-0208
19 Mar 2015 — The ASN.1 signature-verification implementation in the rsa_item_verify function in crypto/rsa/rsa_ameth.c in OpenSSL 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted RSA PSS parameters to an endpoint that uses the certificate-verification feature. La implementación de verificación de firma ASN.1 en la función rsa_item_verify en crypto/rsa/rsa_ameth.c en OpenSSL 1.0.2 anterior a 1.0.2a permite a atacantes remotos causar una ... • http://marc.info/?l=bugtraq&m=143748090628601&w=2 •
CVSS: 5.9EPSS: 6%CPEs: 4EXPL: 0CVE-2015-0285 – HP Security Bulletin HPSBMU03380 1
https://notcve.org/view.php?id=CVE-2015-0285
19 Mar 2015 — The ssl3_client_hello function in s3_clnt.c in OpenSSL 1.0.2 before 1.0.2a does not ensure that the PRNG is seeded before proceeding with a handshake, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and then conducting a brute-force attack. La función ssl3_client_hello en s3_clnt.c en OpenSSL 1.0.2 anterior a 1.0.2a no asegura que el PRNG está sembrado antes de proceder con una negociación, lo que facilita a atacantes remotos superar los mecan... • http://marc.info/?l=bugtraq&m=143748090628601&w=2 • CWE-310: Cryptographic Issues •
CVSS: 7.5EPSS: 8%CPEs: 33EXPL: 0CVE-2015-0289 – openssl: PKCS7 NULL pointer dereference
https://notcve.org/view.php?id=CVE-2015-0289
19 Mar 2015 — The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly handle a lack of outer ContentInfo, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, related to crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c. La implementación PKCS#7 en OpenSSL anterior a 0.9.8zf, 1.0... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10680 • CWE-476: NULL Pointer Dereference •
CVSS: 5.9EPSS: 19%CPEs: 4EXPL: 0CVE-2015-0290 – HP Security Bulletin HPSBMU03380 1
https://notcve.org/view.php?id=CVE-2015-0290
19 Mar 2015 — The multi-block feature in the ssl3_write_bytes function in s3_pkt.c in OpenSSL 1.0.2 before 1.0.2a on 64-bit x86 platforms with AES NI support does not properly handle certain non-blocking I/O cases, which allows remote attackers to cause a denial of service (pointer corruption and application crash) via unspecified vectors. La característica multi-block en la función ssl3_write_bytes en s3_pkt.c en OpenSSL 1.0.2 anterior a 1.0.2a en las plataformas x86 de 64 bits con soporte AES NI no maneja correctamente... • http://marc.info/?l=bugtraq&m=143748090628601&w=2 • CWE-17: DEPRECATED: Code •
CVSS: 5.9EPSS: 16%CPEs: 4EXPL: 0CVE-2015-1787 – HP Security Bulletin HPSBMU03380 1
https://notcve.org/view.php?id=CVE-2015-1787
19 Mar 2015 — The ssl3_get_client_key_exchange function in s3_srvr.c in OpenSSL 1.0.2 before 1.0.2a, when client authentication and an ephemeral Diffie-Hellman ciphersuite are enabled, allows remote attackers to cause a denial of service (daemon crash) via a ClientKeyExchange message with a length of zero. La función ssl3_get_client_key_exchange en s3_srvr.c en OpenSSL 1.0.2 anterior a 1.0.2a, cuando la autenticación del cliente y un suite de cifrado Diffie-Hellman efímero están habilitados, permite a atacantes remotos c... • http://marc.info/?l=bugtraq&m=143748090628601&w=2 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 2%CPEs: 33EXPL: 0CVE-2015-0209 – openssl: use-after-free on invalid EC private key import
https://notcve.org/view.php?id=CVE-2015-0209
19 Mar 2015 — Use-after-free vulnerability in the d2i_ECPrivateKey function in crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed Elliptic Curve (EC) private-key file that is improperly handled during import. Vulnerabilidad de uso después de liberación en la función d2i_ECPrivateKey en crypto/ec/ec_asn1.c... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10680 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 25%CPEs: 33EXPL: 0CVE-2015-0286 – openssl: invalid pointer use in ASN1_TYPE_cmp()
https://notcve.org/view.php?id=CVE-2015-0286
19 Mar 2015 — The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly perform boolean-type comparisons, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature. La función ASN1_TYPE_cmp en crypto/asn1/a_type.c en OpenSSL anterior a 0.9.8zf, 1.0.0 anterior a 1.0.0r, 1.0.1 ante... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10680 • CWE-17: DEPRECATED: Code CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 5%CPEs: 33EXPL: 0CVE-2015-0288 – openssl: X509_to_X509_REQ NULL pointer dereference
https://notcve.org/view.php?id=CVE-2015-0288
19 Mar 2015 — The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow attackers to cause a denial of service (NULL pointer dereference and application crash) via an invalid certificate key. La función X509_to_X509_REQ en crypto/x509/x509_req.c en OpenSSL anterior a 0.9.8zf, 1.0.0 anterior a 1.0.0r, 1.0.1 anterior a 1.0.1m, y 1.0.2 anterior a 1.0.2a podría permitir a atacantes causar una denegación de servicio (referen... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10680 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 15%CPEs: 4EXPL: 0CVE-2015-0291 – HP Security Bulletin HPSBMU03380 1
https://notcve.org/view.php?id=CVE-2015-0291
19 Mar 2015 — The sigalgs implementation in t1_lib.c in OpenSSL 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) by using an invalid signature_algorithms extension in the ClientHello message during a renegotiation. La implementación sigalgs en t1_lib.c en OpenSSL 1.0.2 anterior a 1.0.2a permite a atacantes remotos causar una denegación de servicio (referencia a puntero nulo y caída del demonio) mediante el uso de una extensión signature_algorithms inváli... • http://marc.info/?l=bugtraq&m=143748090628601&w=2 •
CVSS: 7.5EPSS: 5%CPEs: 33EXPL: 0CVE-2015-0293 – openssl: assertion failure in SSLv2 servers
https://notcve.org/view.php?id=CVE-2015-0293
19 Mar 2015 — The SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (s2_lib.c assertion failure and daemon exit) via a crafted CLIENT-MASTER-KEY message. La implementación SSLv2 en OpenSSL anterior a 0.9.8zf, 1.0.0 anterior a 1.0.0r, 1.0.1 anterior a 1.0.1m, y 1.0.2 anterior a 1.0.2a permite a atacantes remotos causar una denegación de servicio (fallo de aserción s2_lib.c y salida del demonio) a través de ... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10680 • CWE-20: Improper Input Validation CWE-617: Reachable Assertion •