Max CVSS | 7.5 | Min CVSS | 2.6 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2015-1787 | 2.6 |
The ssl3_get_client_key_exchange function in s3_srvr.c in OpenSSL 1.0.2 before 1.0.2a, when client authentication and an ephemeral Diffie-Hellman ciphersuite are enabled, allows remote attackers to cause a denial of service (daemon crash) via a Clien
|
13-12-2022 - 12:15 | 19-03-2015 - 22:59 | |
CVE-2015-0291 | 5.0 |
The sigalgs implementation in t1_lib.c in OpenSSL 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) by using an invalid signature_algorithms extension in the ClientHello message durin
|
13-12-2022 - 12:15 | 19-03-2015 - 22:59 | |
CVE-2015-0209 | 6.8 |
Use-after-free vulnerability in the d2i_ECPrivateKey function in crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote attackers to cause a denial of service (memory corrup
|
13-12-2022 - 12:15 | 19-03-2015 - 22:59 | |
CVE-2015-0208 | 4.3 |
The ASN.1 signature-verification implementation in the rsa_item_verify function in crypto/rsa/rsa_ameth.c in OpenSSL 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted
|
13-12-2022 - 12:15 | 19-03-2015 - 22:59 | |
CVE-2015-0288 | 5.0 |
The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow attackers to cause a denial of service (NULL pointer dereference and application crash) v
|
13-12-2022 - 12:15 | 19-03-2015 - 22:59 | |
CVE-2015-0290 | 5.0 |
The multi-block feature in the ssl3_write_bytes function in s3_pkt.c in OpenSSL 1.0.2 before 1.0.2a on 64-bit x86 platforms with AES NI support does not properly handle certain non-blocking I/O cases, which allows remote attackers to cause a denial o
|
13-12-2022 - 12:15 | 19-03-2015 - 22:59 | |
CVE-2015-0286 | 5.0 |
The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly perform boolean-type comparisons, which allows remote attackers to cause a denial of ser
|
13-12-2022 - 12:15 | 19-03-2015 - 22:59 | |
CVE-2015-0285 | 4.3 |
The ssl3_client_hello function in s3_clnt.c in OpenSSL 1.0.2 before 1.0.2a does not ensure that the PRNG is seeded before proceeding with a handshake, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffin
|
13-12-2022 - 12:15 | 19-03-2015 - 22:59 | |
CVE-2015-0292 | 7.5 |
Integer underflow in the EVP_DecodeUpdate function in crypto/evp/encode.c in the base64-decoding implementation in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (memory corru
|
13-12-2022 - 12:15 | 19-03-2015 - 22:59 | |
CVE-2015-0287 | 5.0 |
The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not reinitialize CHOICE and ADB data structures, which might allow attackers to cause a denial o
|
13-12-2022 - 12:15 | 19-03-2015 - 22:59 | |
CVE-2015-0207 | 5.0 |
The dtls1_listen function in d1_lib.c in OpenSSL 1.0.2 before 1.0.2a does not properly isolate the state information of independent data streams, which allows remote attackers to cause a denial of service (application crash) via crafted DTLS traffic,
|
13-12-2022 - 12:15 | 19-03-2015 - 22:59 | |
CVE-2015-0293 | 5.0 |
The SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (s2_lib.c assertion failure and daemon exit) via a crafted CLIENT-MASTER-KEY me
|
13-12-2022 - 12:15 | 19-03-2015 - 22:59 | |
CVE-2015-0289 | 5.0 |
The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly handle a lack of outer ContentInfo, which allows attackers to cause a denial of service (NULL pointer dereference
|
13-12-2022 - 12:15 | 19-03-2015 - 22:59 | |
CVE-2015-0204 | 4.3 |
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak
|
19-07-2018 - 01:29 | 09-01-2015 - 02:59 |