|
161
|
-
4.3
|
MEDIUM
|
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and fa…
|
CWE-310
Cryptographic Issues
|
CVE-2015-0204
|
cpe:2.3:a:openssl:openssl:1.0.1j:* cpe:2.3:a:openssl:openssl:1.0.1i:* cpe:2.3:a:openssl:openssl:1.0.1h:* cpe:2…
|
|
0.9.8zc
|
|
|
2024-11-21 11:22
2015-01-9
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
162
|
-
5.0
|
MEDIUM
|
OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-…
|
CWE-310
Cryptographic Issues
|
CVE-2014-8275
|
cpe:2.3:a:openssl:openssl:1.0.1j:* cpe:2.3:a:openssl:openssl:1.0.1i:* cpe:2.3:a:openssl:openssl:1.0.1h:* cpe:2…
|
|
0.9.8zc
|
|
|
2024-11-21 11:18
2015-01-9
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
163
|
-
5.0
|
MEDIUM
|
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigge…
|
CWE-310
Cryptographic Issues
|
CVE-2014-3572
|
cpe:2.3:a:openssl:openssl:1.0.1j:* cpe:2.3:a:openssl:openssl:1.0.1i:* cpe:2.3:a:openssl:openssl:1.0.1h:* cpe:2…
|
|
0.9.8zc
|
|
|
2024-11-21 11:08
2015-01-9
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
164
|
-
5.0
|
MEDIUM
|
OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DTLS message t…
|
NVD-CWE-Other
|
CVE-2014-3571
|
cpe:2.3:a:openssl:openssl:1.0.1j:* cpe:2.3:a:openssl:openssl:1.0.1i:* cpe:2.3:a:openssl:openssl:1.0.1h:* cpe:2…
|
|
0.9.8zc
|
|
|
2024-11-21 11:08
2015-01-9
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
165
|
-
5.0
|
MEDIUM
|
The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attac…
|
CWE-310
Cryptographic Issues
|
CVE-2014-3570
|
cpe:2.3:a:openssl:openssl:1.0.1j:* cpe:2.3:a:openssl:openssl:1.0.1i:* cpe:2.3:a:openssl:openssl:1.0.1h:* cpe:2…
|
|
0.9.8zc
|
|
|
2024-11-21 11:08
2015-01-9
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
166
|
-
5.0
|
MEDIUM
|
The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc, 1.0.0o, and 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a denia…
|
NVD-CWE-Other
|
CVE-2014-3569
|
cpe:2.3:a:openssl:openssl:1.0.1j:*
|
|
|
|
|
2024-11-21 11:08
2014-12-24
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
167
|
-
4.3
|
MEDIUM
|
OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j does not properly enforce the no-ssl3 build option, which allows remote attackers to bypass intended access restrictions via an SS…
|
CWE-310
Cryptographic Issues
|
CVE-2014-3568
|
cpe:2.3:a:openssl:openssl:1.0.1i:* cpe:2.3:a:openssl:openssl:1.0.1h:* cpe:2.3:a:openssl:openssl:1.0.1g:* cpe:2…
|
|
0.9.8zb
|
|
|
2024-11-21 11:08
2014-10-19
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
168
|
-
7.1
|
HIGH
|
Memory leak in the tls_decrypt_ticket function in t1_lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consump…
|
CWE-20 CWE-399
Improper Input Validation Resource Management Errors
|
CVE-2014-3567
|
cpe:2.3:a:openssl:openssl:1.0.1i:* cpe:2.3:a:openssl:openssl:1.0.1h:* cpe:2.3:a:openssl:openssl:1.0.1g:* cpe:2…
|
|
0.9.8zb
|
|
|
2024-11-21 11:08
2014-10-19
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
169
|
-
7.1
|
HIGH
|
Memory leak in d1_srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted handshake message.
|
CWE-20
Improper Input Validation
|
CVE-2014-3513
|
cpe:2.3:a:openssl:openssl:1.0.1i:* cpe:2.3:a:openssl:openssl:1.0.1h:* cpe:2.3:a:openssl:openssl:1.0.1g:* cpe:2…
|
|
|
|
|
2024-11-21 11:08
2014-10-19
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
170
|
3.4
4.3
|
LOW
Network
|
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a pad…
|
CWE-310
Cryptographic Issues
|
CVE-2014-3566
|
cpe:2.3:a:openssl:openssl:1.0.1i:* cpe:2.3:a:openssl:openssl:1.0.1h:* cpe:2.3:a:openssl:openssl:1.0.1g:* cpe:2…
|
|
|
|
|
2024-11-21 11:08
2014-10-15
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|