OpenSSL

OpenSSL

262 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5

CVE-2005-2969

  • EPSS 9.39%
  • Veröffentlicht 18.10.2005 21:02:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSL_OP_MSIE_SSLV2_RSA_PADDING option, disables a verification step that is required for preventing protocol version rollback attacks, which allow...

7.5

CVE-2005-2946

  • EPSS 0.19%
  • Veröffentlicht 16.09.2005 22:03:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

The default configuration on OpenSSL before 0.9.8 uses MD5 for creating message digests instead of a more cryptographically strong algorithm, which makes it easier for remote attackers to forge certificates with a valid certificate authority signatur...

5.1

CVE-2005-1797

  • EPSS 0.43%
  • Veröffentlicht 26.05.2005 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

The design of Advanced Encryption Standard (AES), aka Rijndael, allows remote attackers to recover AES keys via timing attacks on S-box lookups, which are difficult to perform in constant time in AES implementations.

2.1

CVE-2004-0975

  • EPSS 0.08%
  • Veröffentlicht 09.02.2005 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files.

7.5

CVE-2004-0079

  • EPSS 2.06%
  • Veröffentlicht 23.11.2004 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.

5

CVE-2004-0081

  • EPSS 2.27%
  • Veröffentlicht 23.11.2004 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.

5

CVE-2004-0112

  • EPSS 0.67%
  • Veröffentlicht 23.11.2004 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a ...

5

CVE-2003-0851

  • EPSS 7.2%
  • Veröffentlicht 01.12.2003 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

OpenSSL 0.9.6k allows remote attackers to cause a denial of service (crash via large recursion) via malformed ASN.1 sequences.

5

CVE-2002-1568

  • EPSS 1.1%
  • Veröffentlicht 17.11.2003 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

OpenSSL 0.9.6e uses assertions when detecting buffer overflow attacks instead of less severe mechanisms, which allows remote attackers to cause a denial of service (crash) via certain messages that cause OpenSSL to abort from a failed assertion, as d...

5

CVE-2003-0543

  • EPSS 43.2%
  • Veröffentlicht 17.11.2003 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Integer overflow in OpenSSL 0.9.6 and 0.9.7 allows remote attackers to cause a denial of service (crash) via an SSL client certificate with certain ASN.1 tag values.