CVE-2019-1559
- EPSS 5.05%
- Veröffentlicht 27.02.2019 23:29:00
- Zuletzt bearbeitet 21.11.2024 04:36:48
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid...
CVE-2016-8610
- EPSS 69.1%
- Veröffentlicht 13.11.2017 22:29:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL ser...
CVE-2015-8960
- EPSS 0.36%
- Veröffentlicht 21.09.2016 02:59:00
- Zuletzt bearbeitet 12.04.2025 10:46:40
The TLS protocol 1.2 and earlier supports the rsa_fixed_dh, dss_fixed_dh, rsa_fixed_ecdh, and ecdsa_fixed_ecdh values for ClientCertificateType but does not directly document the ability to compute the master secret in certain situations with a clien...