|
181
|
7.4
5.8
|
HIGH
Network
|
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a z…
|
CWE-326
Inadequate Encryption Strength
|
CVE-2014-0224
|
cpe:2.3:a:openssl:openssl:*:*
|
1.0.0 1.0.1
|
|
|
1.0.0m 1.0.1h 0.9.8za
|
2024-11-21 11:01
2014-06-6
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
182
|
-
4.3
|
MEDIUM
|
The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client…
|
NVD-CWE-noinfo
|
CVE-2014-0221
|
cpe:2.3:a:openssl:openssl:*:*
|
1.0.0 1.0.1 0.9.8
|
|
|
1.0.0m 1.0.1h 0.9.8za
|
2024-11-21 11:01
2014-06-6
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
183
|
-
6.8
|
MEDIUM
|
The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, w…
|
CWE-120
Classic Buffer Overflow
|
CVE-2014-0195
|
cpe:2.3:a:openssl:openssl:*:*
|
1.0.0 1.0.1 0.9.8
|
|
|
1.0.0m 1.0.1h 0.9.8za
|
2024-11-21 11:01
2014-06-6
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
184
|
-
4.3
|
MEDIUM
|
The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows …
|
CWE-476
NULL Pointer Dereference
|
CVE-2014-0198
|
cpe:2.3:a:openssl:openssl:*:*
|
1.0.0
|
1.0.1g
|
|
|
2024-11-21 11:01
2014-05-6
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
185
|
-
4.0
|
MEDIUM
|
Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denia…
|
CWE-362
Race Condition
|
CVE-2010-5298
|
cpe:2.3:a:openssl:openssl:*:*
|
|
1.0.1g
|
|
|
2024-11-21 10:22
2014-04-15
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
186
|
7.5
5.0
|
HIGH
Network
|
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process …
|
CWE-125
Out-of-bounds Read
|
CVE-2014-0160
|
cpe:2.3:a:openssl:openssl:*:*
|
1.0.1
|
|
|
1.0.1g
|
2026-04-22 05:07
2014-04-8
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
187
|
-
1.9
|
LOW
|
The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces…
|
CWE-310
Cryptographic Issues
|
CVE-2014-0076
|
cpe:2.3:a:openssl:openssl:1.0.0k:* cpe:2.3:a:openssl:openssl:1.0.0j:* cpe:2.3:a:openssl:openssl:1.0.0i:* cpe:2…
|
|
1.0.0l
|
|
|
2024-11-21 11:01
2014-03-25
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
188
|
-
4.3
|
MEDIUM
|
The ssl3_take_mac function in ssl/s3_both.c in OpenSSL 1.0.1 before 1.0.1f allows remote TLS servers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Next P…
|
CWE-20
Improper Input Validation
|
CVE-2013-4353
|
cpe:2.3:a:openssl:openssl:1.0.1e:* cpe:2.3:a:openssl:openssl:1.0.1d:* cpe:2.3:a:openssl:openssl:1.0.1c:* cpe:2…
|
|
|
|
|
2024-11-21 10:55
2014-01-9
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
189
|
-
5.8
|
MEDIUM
|
The DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l and 1.0.1 before 1.0.1f does not properly maintain data structures for digest and encryption contexts, which might allow man-in-t…
|
CWE-310
Cryptographic Issues
|
CVE-2013-6450
|
cpe:2.3:a:openssl:openssl:1.0.1e:* cpe:2.3:a:openssl:openssl:1.0.1d:* cpe:2.3:a:openssl:openssl:1.0.1c:* cpe:2…
|
|
|
|
|
2024-11-21 10:59
2014-01-2
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
190
|
-
4.3
|
MEDIUM
|
The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2 obtains a certain version number from an incorrect data structure, which allows remote attackers to cause a denial of service (…
|
CWE-310
Cryptographic Issues
|
CVE-2013-6449
|
cpe:2.3:a:openssl:openssl:1.0.1d:* cpe:2.3:a:openssl:openssl:1.0.1c:* cpe:2.3:a:openssl:openssl:1.0.1b:* cpe:2…
|
|
1.0.1e
|
|
|
2024-11-21 10:59
2013-12-24
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|