Max CVSS 7.5 Min CVSS 2.6 Total Count9
IDCVSSSummaryLast (major) updatePublished
CVE-2013-0169 2.6
The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding,
02-12-2016 - 22:00 08-02-2013 - 14:55
CVE-2013-0166 5.0
OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) vi
02-12-2016 - 22:00 08-02-2013 - 14:55
CVE-2012-2333 6.8
Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified
22-08-2016 - 22:05 14-05-2012 - 18:55
CVE-2012-2110 7.5
The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a de
22-08-2016 - 22:05 19-04-2012 - 13:55
CVE-2012-1165 5.0
The mime_param_cmp function in crypto/asn1/asn_mime.c in OpenSSL before 0.9.8u and 1.x before 1.0.0h allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message, a different vulne
22-08-2016 - 22:05 15-03-2012 - 13:55
CVE-2012-0884 5.0
The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Millio
22-08-2016 - 22:05 12-03-2012 - 23:12
CVE-2006-7250 5.0
The mime_hdr_cmp function in crypto/asn1/asn_mime.c in OpenSSL 0.9.8t and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message.
22-08-2016 - 21:59 29-02-2012 - 06:55
CVE-2012-2686 5.0
crypto/evp/e_aes_cbc_hmac_sha1.c in the AES-NI functionality in the TLS 1.1 and 1.2 implementations in OpenSSL 1.0.1 before 1.0.1d allows remote attackers to cause a denial of service (application crash) via crafted CBC data.
17-01-2014 - 00:06 08-02-2013 - 14:55
CVE-2011-1945 2.6
The elliptic curve cryptography (ECC) subsystem in OpenSSL 1.0.0d and earlier, when the Elliptic Curve Digital Signature Algorithm (ECDSA) is used for the ECDHE_ECDSA cipher suite, does not properly implement curves over binary fields, which makes it
05-06-2013 - 23:10 31-05-2011 - 16:55
Back to Top Mark selected
Back to Top