Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Openssl
(Openssl)| Repositories |
• https://github.com/openssl/openssl
• git://git.openssl.org/openssl.git |
| #Vulnerabilities | 246 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2003-03-31 | CVE-2003-0147 | OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal). | Openpkg, Openssl, Stunnel | N/A | ||
| 2003-03-24 | CVE-2003-0131 | The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using PKCS #1 v1.5 padding that cause OpenSSL to leak information regarding the relationship between ciphertext and the associated plaintext, aka the "Klima-Pokorny-Rosa attack." | Openssl | N/A | ||
| 2003-11-17 | CVE-2002-1568 | OpenSSL 0.9.6e uses assertions when detecting buffer overflow attacks instead of less severe mechanisms, which allows remote attackers to cause a denial of service (crash) via certain messages that cause OpenSSL to abort from a failed assertion, as demonstrated using SSLv2 CLIENT_MASTER_KEY messages, which are not properly handled in s2_srvr.c. | Openssl | N/A | ||
| 2002-08-12 | CVE-2002-0659 | The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allows remote attackers to cause a denial of service via invalid encodings. | Mac_os_x, Openssl, Application_server, Corporate_time_outlook_connector, Http_server | N/A | ||
| 2002-08-12 | CVE-2002-0657 | Buffer overflow in OpenSSL 0.9.7 before 0.9.7-beta3, with Kerberos enabled, allows attackers to execute arbitrary code via a long master key. | Openssl | N/A | ||
| 2002-08-12 | CVE-2002-0656 | Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allow remote attackers to execute arbitrary code via (1) a large client master key in SSL2 or (2) a large session ID in SSL3. | Mac_os_x, Openssl, Application_server, Corporate_time_outlook_connector, Http_server | N/A | ||
| 2002-08-12 | CVE-2002-0655 | OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, does not properly handle ASCII representations of integers on 64 bit platforms, which could allow attackers to cause a denial of service and possibly execute arbitrary code. | Mac_os_x, Openssl, Application_server, Corporate_time_outlook_connector, Http_server | N/A | ||
| 2001-07-10 | CVE-2001-1141 | The Pseudo-Random Number Generator (PRNG) in SSLeay and OpenSSL before 0.9.6b allows attackers to use the output of small PRNG requests to determine the internal state information, which could be used by attackers to predict future pseudo-random numbers. | Openssl, Ssleay | N/A | ||
| 2000-06-12 | CVE-2000-0535 | OpenSSL 0.9.4 and OpenSSH for FreeBSD do not properly check for the existence of the /dev/random or /dev/urandom devices, which are absent on FreeBSD Alpha systems, which causes them to produce weak keys which may be more easily broken. | Freebsd, Openssl | N/A | ||
| 2017-05-04 | CVE-2017-3730 | In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. This could be exploited in a Denial of Service attack. | Openssl, Agile_engineering_data_management, Communications_application_session_controller, Communications_eagle_lnp_application_processor, Communications_operations_monitor, Jd_edwards_enterpriseone_tools, Jd_edwards_world_security | 7.5 |