|
191
|
-
2.6
|
LOW
|
The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirem…
|
CWE-310
Cryptographic Issues
|
CVE-2013-0169
|
cpe:2.3:a:openssl:openssl:*:*
|
1.0.0 0.9.8 1.0.1
|
1.0.0j 0.9.8x 1.0.1d
|
|
|
2024-11-21 10:46
2013-02-9
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
192
|
-
5.0
|
MEDIUM
|
OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service …
|
CWE-310
Cryptographic Issues
|
CVE-2013-0166
|
cpe:2.3:a:openssl:openssl:1.0.1c:* cpe:2.3:a:openssl:openssl:1.0.1b:* cpe:2.3:a:openssl:openssl:1.0.1a:* cpe:2…
|
|
|
|
|
2024-11-21 10:46
2013-02-9
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
193
|
-
5.0
|
MEDIUM
|
crypto/evp/e_aes_cbc_hmac_sha1.c in the AES-NI functionality in the TLS 1.1 and 1.2 implementations in OpenSSL 1.0.1 before 1.0.1d allows remote attackers to cause a denial of service (application cr…
|
CWE-310
Cryptographic Issues
|
CVE-2012-2686
|
cpe:2.3:a:openssl:openssl:1.0.1c:* cpe:2.3:a:openssl:openssl:1.0.1b:* cpe:2.3:a:openssl:openssl:1.0.1a:* cpe:2…
|
|
|
|
|
2024-11-21 10:39
2013-02-9
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194
|
-
4.0
|
MEDIUM
|
The Diffie-Hellman key-exchange implementation in OpenSSL 0.9.8, when FIPS mode is enabled, does not properly validate a public parameter, which makes it easier for man-in-the-middle attackers to obt…
|
CWE-310
Cryptographic Issues
|
CVE-2011-5095
|
cpe:2.3:a:openssl:openssl:0.9.8:*
|
|
|
|
|
2024-11-21 10:33
2012-06-21
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195
|
-
5.0
|
MEDIUM
|
OpenSSL before 0.9.8l, and 0.9.8m through 1.x, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a d…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-1473
|
cpe:2.3:a:openssl:openssl:0.9.8x:* cpe:2.3:a:openssl:openssl:0.9.8w:* cpe:2.3:a:openssl:openssl:0.9.8v:* cpe:2…
|
|
0.9.8k
|
|
|
2024-11-21 10:26
2012-06-17
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196
|
-
6.8
|
MEDIUM
|
Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of serv…
|
CWE-189
Numeric Errors
|
CVE-2012-2333
|
cpe:2.3:a:openssl:openssl:1.0.1b:* cpe:2.3:a:openssl:openssl:1.0.1a:* cpe:2.3:a:openssl:openssl:1.0.1:beta3 cp…
|
|
0.9.8w
|
|
|
2024-11-21 10:38
2012-05-15
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197
|
-
7.5
|
HIGH
|
Multiple integer signedness errors in crypto/buffer/buffer.c in OpenSSL 0.9.8v allow remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly…
|
CWE-189
Numeric Errors
|
CVE-2012-2131
|
cpe:2.3:a:openssl:openssl:0.9.8v:*
|
|
|
|
|
2024-11-21 10:38
2012-04-25
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198
|
-
7.5
|
HIGH
|
The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2012-2110
|
cpe:2.3:a:openssl:openssl:1.0.1:beta2 cpe:2.3:a:openssl:openssl:1.0.1:beta1 cpe:2.3:a:openssl:openssl:1.0.0g:*
|
|
0.9.8u
|
|
|
2024-11-21 10:38
2012-04-20
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199
|
-
5.0
|
MEDIUM
|
The mime_param_cmp function in crypto/asn1/asn_mime.c in OpenSSL before 0.9.8u and 1.x before 1.0.0h allows remote attackers to cause a denial of service (NULL pointer dereference and application cra…
|
CWE-399
Resource Management Errors
|
CVE-2012-1165
|
cpe:2.3:a:openssl:openssl:1.0.0g:* cpe:2.3:a:openssl:openssl:1.0.0f:* cpe:2.3:a:openssl:openssl:1.0.0e:* cpe:2…
|
|
0.9.8t
|
|
|
2024-11-21 10:36
2012-03-16
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200
|
-
5.0
|
MEDIUM
|
The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for conte…
|
CWE-310
Cryptographic Issues
|
CVE-2012-0884
|
cpe:2.3:a:openssl:openssl:1.0.0g:* cpe:2.3:a:openssl:openssl:1.0.0f:* cpe:2.3:a:openssl:openssl:1.0.0e:* cpe:2…
|
|
0.9.8t
|
|
|
2024-11-21 10:35
2012-03-13
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|