CVSS: 10.0EPSS: 41%CPEs: 2EXPL: 0CVE-2003-0545
https://notcve.org/view.php?id=CVE-2003-0545
01 Oct 2003 — Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an SSL client certificate with a certain invalid ASN.1 encoding. Vulnerabilidad de doble liberación (de memoria) en OpenSSL 0.9.7 permite a atacantes remotos causar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario mediante un certificado de cliente SSL con una cierta condificación ASN.1 no válida. • http://secunia.com/advisories/22249 • CWE-415: Double Free •
CVSS: 7.5EPSS: 88%CPEs: 2EXPL: 1CVE-2003-0543 – OpenSSL ASN.1 < 0.9.6j/0.9.7b - Brute Forcer for Parsing Bugs
https://notcve.org/view.php?id=CVE-2003-0543
01 Oct 2003 — Integer overflow in OpenSSL 0.9.6 and 0.9.7 allows remote attackers to cause a denial of service (crash) via an SSL client certificate with certain ASN.1 tag values. Desbordamiento de enteros en OpenSSL 0.9.6 y 0.9.7 permite a atacantes remotos causar una denegación de servicio (caída) mediante un certificado SSL de cliente con ciertos valores en la etiqueta ASN.1. • https://www.exploit-db.com/exploits/146 •
CVSS: 7.5EPSS: 23%CPEs: 11EXPL: 0CVE-2003-0131
https://notcve.org/view.php?id=CVE-2003-0131
21 Mar 2003 — The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using PKCS #1 v1.5 padding that cause OpenSSL to leak information regarding the relationship between ciphertext and the associated plaintext, aka the "Klima-Pokorny-Rosa attack." Los componentes SSL y TLS de OpenSSL 0.9.6i y anteriores, y 0.9.7a permite a atacantes remot... • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-007.txt.asc •
CVSS: 7.5EPSS: 2%CPEs: 35EXPL: 0CVE-2003-0147
https://notcve.org/view.php?id=CVE-2003-0147
18 Mar 2003 — OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal). • ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-014.0.txt •
CVSS: 5.9EPSS: 2%CPEs: 18EXPL: 1CVE-2003-0078 – OpenSSL 0.9.x - CBC Error Information Leakage
https://notcve.org/view.php?id=CVE-2003-0078
03 Mar 2003 — ssl3_get_record in s3_pkt.c for OpenSSL before 0.9.7a and 0.9.6 before 0.9.6i does not perform a MAC computation if an incorrect block cipher padding is used, which causes an information leak (timing discrepancy) that may make it easier to launch cryptographic attacks that rely on distinguishing between padding and MAC verification errors, possibly leading to extraction of the original plaintext, aka the "Vaudenay timing attack." ssl3_get_record en s3_ptk.c de OpenSSL anteriores a 0.9.7a y 0.9.6 anteriores ... • https://www.exploit-db.com/exploits/22264 • CWE-203: Observable Discrepancy •
CVSS: 9.8EPSS: 74%CPEs: 34EXPL: 1CVE-2002-0656 – Apache mod_ssl OpenSSL < 0.9.6d / < 0.9.7-beta2 - 'openssl-too-open.c' SSL2 KEY_ARG Overflow
https://notcve.org/view.php?id=CVE-2002-0656
31 Jul 2002 — Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allow remote attackers to execute arbitrary code via (1) a large client master key in SSL2 or (2) a large session ID in SSL3. Desbordamiento de búfer en OpenSSL 0.9.6d y anteriores, y 0.9.7-beta2 y anteriores, permite a atacantes remotos ejecutar código arbitrario mediante una clave maestra de cliente larga en SSL2 o un ID de sesión largo en SSL3 • https://www.exploit-db.com/exploits/40347 •
CVSS: 7.5EPSS: 12%CPEs: 34EXPL: 1CVE-2002-0659 – OpenSSL - ASN.1 Parsing
https://notcve.org/view.php?id=CVE-2002-0659
31 Jul 2002 — The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allows remote attackers to cause a denial of service via invalid encodings. La librería ASN1 de Open SSL 0.9.6d y anterior, y 0.9.7-beta2 y anterior, permite que atacantes remotos provoquen una denegación de servicio por medio de codificaciones inválidas. • https://www.exploit-db.com/exploits/23199 •
CVSS: 9.8EPSS: 1%CPEs: 34EXPL: 0CVE-2002-0655
https://notcve.org/view.php?id=CVE-2002-0655
31 Jul 2002 — OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, does not properly handle ASCII representations of integers on 64 bit platforms, which could allow attackers to cause a denial of service and possibly execute arbitrary code. OpenSSL 0.9.6.d y anteriores, y 0.9.7-beta2 y anteriores, no manejan adecuadamente las representaciones ASCII de enteros en plataformas de 64 bits, lo que podría permitir a atacantes causar una denegación de servicio y posiblemente ejecutar código arbitrario. • ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.0.txt •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2001-1141
https://notcve.org/view.php?id=CVE-2001-1141
10 Jul 2001 — The Pseudo-Random Number Generator (PRNG) in SSLeay and OpenSSL before 0.9.6b allows attackers to use the output of small PRNG requests to determine the internal state information, which could be used by attackers to predict future pseudo-random numbers. • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-013.txt.asc •