Total
254 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2001-1141 | 2 Openssl, Ssleay | 2 Openssl, Ssleay | 2023-12-10 | 5.0 MEDIUM | N/A |
The Pseudo-Random Number Generator (PRNG) in SSLeay and OpenSSL before 0.9.6b allows attackers to use the output of small PRNG requests to determine the internal state information, which could be used by attackers to predict future pseudo-random numbers. | |||||
CVE-2002-0657 | 1 Openssl | 1 Openssl | 2023-12-10 | 7.5 HIGH | N/A |
Buffer overflow in OpenSSL 0.9.7 before 0.9.7-beta3, with Kerberos enabled, allows attackers to execute arbitrary code via a long master key. | |||||
CVE-2003-0543 | 1 Openssl | 1 Openssl | 2023-12-10 | 5.0 MEDIUM | N/A |
Integer overflow in OpenSSL 0.9.6 and 0.9.7 allows remote attackers to cause a denial of service (crash) via an SSL client certificate with certain ASN.1 tag values. | |||||
CVE-2002-0659 | 3 Apple, Openssl, Oracle | 5 Mac Os X, Openssl, Application Server and 2 more | 2023-12-10 | 5.0 MEDIUM | N/A |
The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allows remote attackers to cause a denial of service via invalid encodings. | |||||
CVE-2003-0131 | 1 Openssl | 1 Openssl | 2023-12-10 | 7.5 HIGH | N/A |
The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using PKCS #1 v1.5 padding that cause OpenSSL to leak information regarding the relationship between ciphertext and the associated plaintext, aka the "Klima-Pokorny-Rosa attack." | |||||
CVE-2002-1568 | 1 Openssl | 1 Openssl | 2023-12-10 | 5.0 MEDIUM | N/A |
OpenSSL 0.9.6e uses assertions when detecting buffer overflow attacks instead of less severe mechanisms, which allows remote attackers to cause a denial of service (crash) via certain messages that cause OpenSSL to abort from a failed assertion, as demonstrated using SSLv2 CLIENT_MASTER_KEY messages, which are not properly handled in s2_srvr.c. | |||||
CVE-2000-0535 | 2 Freebsd, Openssl | 2 Freebsd, Openssl | 2023-12-10 | 5.0 MEDIUM | N/A |
OpenSSL 0.9.4 and OpenSSH for FreeBSD do not properly check for the existence of the /dev/random or /dev/urandom devices, which are absent on FreeBSD Alpha systems, which causes them to produce weak keys which may be more easily broken. | |||||
CVE-1999-0428 | 1 Openssl | 1 Openssl | 2023-12-10 | 7.5 HIGH | N/A |
OpenSSL and SSLeay allow remote attackers to reuse SSL sessions and bypass access controls. | |||||
CVE-2003-0147 | 3 Openpkg, Openssl, Stunnel | 3 Openpkg, Openssl, Stunnel | 2023-12-10 | 5.0 MEDIUM | N/A |
OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal). | |||||
CVE-2004-0081 | 23 4d, Apple, Avaya and 20 more | 66 Webstar, Mac Os X, Mac Os X Server and 63 more | 2023-12-10 | 5.0 MEDIUM | N/A |
OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool. | |||||
CVE-2002-0656 | 3 Apple, Openssl, Oracle | 5 Mac Os X, Openssl, Application Server and 2 more | 2023-12-10 | 7.5 HIGH | N/A |
Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allow remote attackers to execute arbitrary code via (1) a large client master key in SSL2 or (2) a large session ID in SSL3. | |||||
CVE-2003-0544 | 1 Openssl | 1 Openssl | 2023-12-10 | 5.0 MEDIUM | N/A |
OpenSSL 0.9.6 and 0.9.7 does not properly track the number of characters in certain ASN.1 inputs, which allows remote attackers to cause a denial of service (crash) via an SSL client certificate that causes OpenSSL to read past the end of a buffer when the long form is used. | |||||
CVE-2003-0851 | 2 Cisco, Openssl | 5 Css11000 Content Services Switch, Ios, Pix Firewall and 2 more | 2023-12-10 | 5.0 MEDIUM | N/A |
OpenSSL 0.9.6k allows remote attackers to cause a denial of service (crash via large recursion) via malformed ASN.1 sequences. | |||||
CVE-2002-0655 | 3 Apple, Openssl, Oracle | 5 Mac Os X, Openssl, Application Server and 2 more | 2023-12-10 | 7.5 HIGH | N/A |
OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, does not properly handle ASCII representations of integers on 64 bit platforms, which could allow attackers to cause a denial of service and possibly execute arbitrary code. |