CVE-2011-1945
- EPSS 3.43%
- Veröffentlicht 31.05.2011 20:55:05
- Zuletzt bearbeitet 16.06.2026 23:30:26
The elliptic curve cryptography (ECC) subsystem in OpenSSL 1.0.0d and earlier, when the Elliptic Curve Digital Signature Algorithm (ECDSA) is used for the ECDHE_ECDSA cipher suite, does not properly implement curves over binary fields, which makes it...
- EPSS 9.85%
- Veröffentlicht 19.02.2011 01:00:01
- Zuletzt bearbeitet 16.06.2026 23:26:37
ssl/t1_lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c allows remote attackers to cause a denial of service (crash), and possibly obtain sensitive information in applications that use OpenSSL, via a malformed ClientHello handshake mes...
CVE-2008-7270
- EPSS 3.43%
- Veröffentlicht 06.12.2010 22:30:31
- Zuletzt bearbeitet 16.06.2026 23:03:57
OpenSSL before 0.9.8j, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the use of a disabled cipher via vectors involving sniffing ...
CVE-2010-4252
- EPSS 8.08%
- Veröffentlicht 06.12.2010 21:05:49
- Zuletzt bearbeitet 16.06.2026 23:24:26
OpenSSL before 1.0.0c, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending cra...
CVE-2010-4180
- EPSS 9.5%
- Veröffentlicht 06.12.2010 21:05:48
- Zuletzt bearbeitet 16.06.2026 23:24:18
OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an uninte...
CVE-2010-3864
- EPSS 22.15%
- Veröffentlicht 17.11.2010 16:00:01
- Zuletzt bearbeitet 16.06.2026 23:23:42
Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi-threading and internal caching are enabled on a TLS server, might allow remote attackers to execute arbitrary code via client data that triggers ...
CVE-2010-2939
- EPSS 9.98%
- Veröffentlicht 17.08.2010 20:00:03
- Zuletzt bearbeitet 16.06.2026 23:21:47
Double free vulnerability in the ssl3_get_key_exchange function in the OpenSSL client (ssl/s3_clnt.c) in OpenSSL 1.0.0a, 0.9.8, 0.9.7, and possibly other versions, when using ECDH, allows context-dependent attackers to cause a denial of service (cras...
CVE-2010-0742
- EPSS 7.83%
- Veröffentlicht 03.06.2010 14:30:01
- Zuletzt bearbeitet 16.06.2026 23:16:45
The Cryptographic Message Syntax (CMS) implementation in crypto/cms/cms_asn1.c in OpenSSL before 0.9.8o and 1.x before 1.0.0a does not properly handle structures that contain OriginatorInfo, which allows context-dependent attackers to modify invalid ...
CVE-2010-1633
- EPSS 2.39%
- Veröffentlicht 03.06.2010 14:30:01
- Zuletzt bearbeitet 16.06.2026 23:18:45
RSA verification recovery in the EVP_PKEY_verify_recover function in OpenSSL 1.x before 1.0.0a, as used by pkeyutl and possibly other applications, returns uninitialized memory upon failure, which might allow context-dependent attackers to bypass int...
- EPSS 20.35%
- Veröffentlicht 26.03.2010 18:30:00
- Zuletzt bearbeitet 16.06.2026 23:16:45
The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection that triggers a NULL pointer dereference, related to the minor versi...