Max CVSS | 10.0 | Min CVSS | 1.9 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2013-0169 | 2.6 |
The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding,
|
12-05-2023 - 12:58 | 08-02-2013 - 19:55 | |
CVE-2010-3864 | 7.6 |
Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi-threading and internal caching are enabled on a TLS server, might allow remote attackers to execute arbitrary code via client data that triggers
|
13-02-2023 - 04:27 | 17-11-2010 - 16:00 | |
CVE-2016-7056 | 2.1 |
A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys.
|
12-02-2023 - 23:25 | 10-09-2018 - 16:29 | |
CVE-2014-0160 | 5.0 |
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer ov
|
10-02-2023 - 16:58 | 07-04-2014 - 22:55 | |
CVE-2015-4000 | 4.3 |
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a Clie
|
09-02-2023 - 16:15 | 21-05-2015 - 00:59 | |
CVE-2016-6306 | 4.3 |
The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c.
|
13-12-2022 - 12:15 | 26-09-2016 - 19:59 | |
CVE-2015-3196 | 4.3 |
ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service (
|
13-12-2022 - 12:15 | 06-12-2015 - 20:59 | |
CVE-2016-0800 | 4.3 |
The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote
|
13-12-2022 - 12:15 | 01-03-2016 - 20:59 | |
CVE-2016-0704 | 4.3 |
An oracle protection mechanism in the get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a overwrites incorrect MASTER-KEY bytes during us
|
13-12-2022 - 12:15 | 02-03-2016 - 11:59 | |
CVE-2014-3470 | 4.3 |
The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereferen
|
16-09-2022 - 19:54 | 05-06-2014 - 21:55 | |
CVE-2020-1971 | 4.3 |
The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they
|
29-08-2022 - 20:27 | 08-12-2020 - 16:15 | |
CVE-2017-3738 | 4.3 |
There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult
|
19-08-2022 - 11:49 | 07-12-2017 - 16:29 | |
CVE-2019-1559 | 4.3 |
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid
|
19-08-2022 - 11:14 | 27-02-2019 - 23:29 | |
CVE-2017-3731 | 5.0 |
If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can
|
16-08-2022 - 13:16 | 04-05-2017 - 19:29 | |
CVE-2010-4180 | 4.3 |
OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an uninte
|
04-08-2022 - 19:59 | 06-12-2010 - 21:05 | |
CVE-2019-1551 | 5.0 |
There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this d
|
19-04-2022 - 15:36 | 06-12-2019 - 18:15 | |
CVE-2019-1543 | 5.8 |
ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value (IV) should be 96 bits (12 bytes). OpenSSL allows a variable nonce length and front pads the nonce with 0 b
|
31-07-2021 - 08:15 | 06-03-2019 - 21:29 | |
CVE-2019-1563 | 4.3 |
In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decryp
|
31-07-2021 - 08:15 | 10-09-2019 - 17:15 | |
CVE-2018-0739 | 4.3 |
Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used w
|
20-07-2021 - 23:15 | 27-03-2018 - 21:29 | |
CVE-2017-1000061 | 5.8 |
xmlsec 1.2.23 and before is vulnerable to XML External Entity Expansion when parsing crafted input documents, resulting in possible information disclosure or denial of service
|
14-06-2021 - 18:15 | 17-07-2017 - 13:18 | |
CVE-2015-8631 | 4.0 |
Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL pr
|
02-02-2021 - 19:15 | 13-02-2016 - 02:59 | |
CVE-2002-2443 | 5.0 |
schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a for
|
02-02-2021 - 18:44 | 29-05-2013 - 14:29 | |
CVE-2013-1416 | 4.0 |
The prep_reprocess_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.5 does not properly perform service-principal realm referral, which allows remote authenticated users to cause a denial of s
|
02-02-2021 - 18:40 | 19-04-2013 - 11:44 | |
CVE-2013-1415 | 5.0 |
The pkinit_check_kdc_pkid function in plugins/preauth/pkinit/pkinit_crypto_openssl.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 and 1.11.x before 1.11.1 does not properly handle errors
|
02-02-2021 - 18:39 | 05-03-2013 - 05:05 | |
CVE-2018-5407 | 1.9 |
Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.
|
18-09-2020 - 16:58 | 15-11-2018 - 21:29 | |
CVE-2019-8324 | 6.8 |
An issue was discovered in RubyGems 2.6 and later through 3.0.2. A crafted gem with a multi-line name is not handled correctly. Therefore, an attacker could inject arbitrary code to the stub line of gemspec, which is eval-ed by code in ensure_loadabl
|
24-08-2020 - 17:37 | 17-06-2019 - 19:15 | |
CVE-2019-8325 | 5.0 |
An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::CommandManager#run calls alert_error without escaping, escape sequence injection is possible. (There are many ways to cause an error.)
|
19-08-2020 - 19:01 | 17-06-2019 - 19:15 | |
CVE-2014-9422 | 6.1 |
The check_rpcsec_auth function in kadmin/server/kadm_rpc_svc.c in kadmind in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 allows remote authenticated users to bypass a kadmin/* authorization check and obta
|
21-01-2020 - 15:46 | 19-02-2015 - 11:59 | |
CVE-2014-4345 | 8.5 |
Off-by-one error in the krb5_encode_krbsecretkey function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) 1.6.x through 1.11.x before 1.11.6 and 1.12.x before 1.12.2 allows remote authe
|
21-01-2020 - 15:46 | 14-08-2014 - 05:01 | |
CVE-2010-4020 | 3.5 |
MIT Kerberos 5 (aka krb5) 1.8.x through 1.8.3 does not reject RC4 key-derivation checksums, which might allow remote authenticated users to forge a (1) AD-SIGNEDPATH or (2) AD-KDC-ISSUED signature, and possibly gain privileges, by leveraging the smal
|
21-01-2020 - 15:46 | 02-12-2010 - 16:22 | |
CVE-2010-1322 | 6.5 |
The merge_authdata function in kdc_authdata.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8.x before 1.8.4 does not properly manage an index into an authorization-data list, which allows remote attackers to cause a denial of s
|
21-01-2020 - 15:46 | 07-10-2010 - 21:00 | |
CVE-2011-1529 | 7.8 |
The lookup_lockout_policy function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4 and 1.9 through 1.9.1, when the db2 (aka Berkeley DB) or LDAP back end is used, allows remote attackers to cause a denial of servic
|
21-01-2020 - 15:46 | 20-10-2011 - 21:55 | |
CVE-2011-0285 | 10.0 |
The process_chpw_request function in schpw.c in the password-changing functionality in kadmind in MIT Kerberos 5 (aka krb5) 1.7 through 1.9 frees an invalid pointer, which allows remote attackers to execute arbitrary code or cause a denial of service
|
21-01-2020 - 15:46 | 15-04-2011 - 00:55 | |
CVE-2012-1015 | 9.3 |
The kdc_handle_protected_negotiation function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8.x, 1.9.x before 1.9.5, and 1.10.x before 1.10.3 attempts to calculate a checksum before verifying that the key type is appropriate for
|
21-01-2020 - 15:46 | 06-08-2012 - 16:55 | |
CVE-2011-0282 | 5.0 |
The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (NULL pointer dereference or buffer over-read, and daemon crash) via a crafted princi
|
21-01-2020 - 15:46 | 10-02-2011 - 18:00 | |
CVE-2011-0284 | 7.6 |
Double free vulnerability in the prepare_error_as function in do_as_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 through 1.9, when the PKINIT feature is enabled, allows remote attackers to cause a denial of service (dae
|
21-01-2020 - 15:46 | 20-03-2011 - 02:00 | |
CVE-2015-7575 | 4.3 |
Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it e
|
30-10-2018 - 16:27 | 09-01-2016 - 02:59 | |
CVE-2013-6450 | 5.8 |
The DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l and 1.0.1 before 1.0.1f does not properly maintain data structures for digest and encryption contexts, which might allow man-in-the-middle attackers to trigger the use of a differe
|
09-10-2018 - 19:34 | 01-01-2014 - 16:05 | |
CVE-2011-1530 | 6.8 |
The process_tgs_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 through 1.9.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted
|
09-10-2018 - 19:31 | 08-12-2011 - 20:55 | |
CVE-2012-1165 | 5.0 |
The mime_param_cmp function in crypto/asn1/asn_mime.c in OpenSSL before 0.9.8u and 1.x before 1.0.0h allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message, a different vulne
|
13-01-2018 - 02:29 | 15-03-2012 - 17:55 | |
CVE-2016-2842 | 10.0 |
The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memo
|
05-01-2018 - 02:30 | 03-03-2016 - 20:59 | |
CVE-2015-3216 | 4.3 |
Race condition in a certain Red Hat patch to the PRNG lock implementation in the ssleay_rand_bytes function in OpenSSL, as distributed in openssl-1.0.1e-25.el7 in Red Hat Enterprise Linux (RHEL) 7 and other products, allows remote attackers to cause
|
05-01-2018 - 02:30 | 07-07-2015 - 10:59 | |
CVE-2012-2110 | 7.5 |
The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a de
|
05-01-2018 - 02:29 | 19-04-2012 - 17:55 | |
CVE-2012-2333 | 6.8 |
Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified
|
05-01-2018 - 02:29 | 14-05-2012 - 22:55 | |
CVE-2014-3511 | 4.3 |
The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 1.0.1 before 1.0.1i allows man-in-the-middle attackers to force the use of TLS 1.0 by triggering ClientHello message fragmentation in communication between a client and server that both sup
|
15-11-2017 - 02:29 | 13-08-2014 - 23:55 | |
CVE-2014-3567 | 7.1 |
Memory leak in the tls_decrypt_ticket function in t1_lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted session ticket that triggers an
|
15-11-2017 - 02:29 | 19-10-2014 - 01:55 | |
CVE-2015-0206 | 5.0 |
Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate records for the next epoch, leading
|
20-10-2017 - 01:29 | 09-01-2015 - 02:59 | |
CVE-2011-0014 | 5.0 |
ssl/t1_lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c allows remote attackers to cause a denial of service (crash), and possibly obtain sensitive information in applications that use OpenSSL, via a malformed ClientHello handshake mes
|
19-09-2017 - 01:31 | 19-02-2011 - 01:00 | |
CVE-2011-4619 | 5.0 |
The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors.
|
23-08-2016 - 02:04 | 06-01-2012 - 01:55 | |
CVE-2011-3207 | 5.0 |
crypto/x509/x509_vfy.c in OpenSSL 1.0.x before 1.0.0e does not initialize certain structure members, which makes it easier for remote attackers to bypass CRL validation by using a nextUpdate value corresponding to a time in the past.
|
26-03-2014 - 04:22 | 22-09-2011 - 10:55 |