|
151
|
-
5.0
|
MEDIUM
|
The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly handle a lack of outer ContentInfo, which allows attackers to …
|
NVD-CWE-Other
|
CVE-2015-0289
|
cpe:2.3:a:openssl:openssl:1.0.2:* cpe:2.3:a:openssl:openssl:1.0.1l:* cpe:2.3:a:openssl:openssl:1.0.1k:* cpe:2.…
|
|
0.9.8ze
|
|
|
2024-11-21 11:22
2015-03-20
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
152
|
-
5.0
|
MEDIUM
|
The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow attackers to cause a denial of service…
|
NVD-CWE-Other
|
CVE-2015-0288
|
cpe:2.3:a:openssl:openssl:1.0.2:* cpe:2.3:a:openssl:openssl:1.0.1l:* cpe:2.3:a:openssl:openssl:1.0.1k:* cpe:2.…
|
|
0.9.8ze
|
|
|
2024-11-21 11:22
2015-03-20
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
153
|
-
5.0
|
MEDIUM
|
The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not reinitialize CHOICE and ADB data structur…
|
CWE-17
Code
|
CVE-2015-0287
|
cpe:2.3:a:openssl:openssl:1.0.2:* cpe:2.3:a:openssl:openssl:1.0.1l:* cpe:2.3:a:openssl:openssl:1.0.1k:* cpe:2.…
|
|
0.9.8ze
|
|
|
2024-11-21 11:22
2015-03-20
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
154
|
-
5.0
|
MEDIUM
|
The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly perform boolean-type comparisons, whi…
|
CWE-17
Code
|
CVE-2015-0286
|
cpe:2.3:a:openssl:openssl:1.0.2:* cpe:2.3:a:openssl:openssl:1.0.1l:* cpe:2.3:a:openssl:openssl:1.0.1k:* cpe:2.…
|
|
0.9.8ze
|
|
|
2024-11-21 11:22
2015-03-20
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
155
|
-
4.3
|
MEDIUM
|
The ssl3_client_hello function in s3_clnt.c in OpenSSL 1.0.2 before 1.0.2a does not ensure that the PRNG is seeded before proceeding with a handshake, which makes it easier for remote attackers to de…
|
CWE-310
Cryptographic Issues
|
CVE-2015-0285
|
cpe:2.3:a:openssl:openssl:1.0.2:beta3 cpe:2.3:a:openssl:openssl:1.0.2:beta2 cpe:2.3:a:openssl:openssl:1.0.2:beta1…
|
|
|
|
|
2024-11-21 11:22
2015-03-20
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
156
|
-
6.8
|
MEDIUM
|
Use-after-free vulnerability in the d2i_ECPrivateKey function in crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote at…
|
NVD-CWE-Other
|
CVE-2015-0209
|
cpe:2.3:a:openssl:openssl:1.0.2:* cpe:2.3:a:openssl:openssl:1.0.1l:* cpe:2.3:a:openssl:openssl:1.0.1k:* cpe:2.…
|
|
0.9.8ze
|
|
|
2024-11-21 11:22
2015-03-20
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
157
|
-
4.3
|
MEDIUM
|
The ASN.1 signature-verification implementation in the rsa_item_verify function in crypto/rsa/rsa_ameth.c in OpenSSL 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (NULL poi…
|
NVD-CWE-Other
|
CVE-2015-0208
|
cpe:2.3:a:openssl:openssl:1.0.2:beta3 cpe:2.3:a:openssl:openssl:1.0.2:beta2 cpe:2.3:a:openssl:openssl:1.0.2:beta1…
|
|
|
|
|
2024-11-21 11:22
2015-03-20
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
158
|
-
5.0
|
MEDIUM
|
The dtls1_listen function in d1_lib.c in OpenSSL 1.0.2 before 1.0.2a does not properly isolate the state information of independent data streams, which allows remote attackers to cause a denial of se…
|
NVD-CWE-Other
|
CVE-2015-0207
|
cpe:2.3:a:openssl:openssl:1.0.2:beta3 cpe:2.3:a:openssl:openssl:1.0.2:beta2 cpe:2.3:a:openssl:openssl:1.0.2:beta1…
|
|
|
|
|
2024-11-21 11:22
2015-03-20
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
159
|
-
5.0
|
MEDIUM
|
Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (memory consumption) by sending…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2015-0206
|
cpe:2.3:a:openssl:openssl:1.0.1j:* cpe:2.3:a:openssl:openssl:1.0.1i:* cpe:2.3:a:openssl:openssl:1.0.1h:* cpe:2…
|
|
|
|
|
2024-11-21 11:22
2015-01-9
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
160
|
-
5.0
|
MEDIUM
|
The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a Certific…
|
CWE-310
Cryptographic Issues
|
CVE-2015-0205
|
cpe:2.3:a:openssl:openssl:1.0.1j:* cpe:2.3:a:openssl:openssl:1.0.1i:* cpe:2.3:a:openssl:openssl:1.0.1h:* cpe:2…
|
|
|
|
|
2024-11-21 11:22
2015-01-9
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|