CVE-2005-1797
- EPSS 0.74%
- Veröffentlicht 26.05.2005 04:00:00
- Zuletzt bearbeitet 16.06.2026 22:13:42
The design of Advanced Encryption Standard (AES), aka Rijndael, allows remote attackers to recover AES keys via timing attacks on S-box lookups, which are difficult to perform in constant time in AES implementations.
CVE-2004-0975
- EPSS 0.42%
- Veröffentlicht 09.02.2005 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:06:46
The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files.
CVE-2004-0079
- EPSS 9.54%
- Veröffentlicht 23.11.2004 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:04:53
The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.
- EPSS 7.23%
- Veröffentlicht 23.11.2004 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:04:53
OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.
- EPSS 10.42%
- Veröffentlicht 23.11.2004 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:04:57
The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a ...
- EPSS 5.41%
- Veröffentlicht 01.12.2003 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:03:04
OpenSSL 0.9.6k allows remote attackers to cause a denial of service (crash via large recursion) via malformed ASN.1 sequences.
- EPSS 2.73%
- Veröffentlicht 17.11.2003 05:00:00
- Zuletzt bearbeitet 16.06.2026 21:59:34
OpenSSL 0.9.6e uses assertions when detecting buffer overflow attacks instead of less severe mechanisms, which allows remote attackers to cause a denial of service (crash) via certain messages that cause OpenSSL to abort from a failed assertion, as d...
- EPSS 24.65%
- Veröffentlicht 17.11.2003 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:02:24
Integer overflow in OpenSSL 0.9.6 and 0.9.7 allows remote attackers to cause a denial of service (crash) via an SSL client certificate with certain ASN.1 tag values.
- EPSS 6.17%
- Veröffentlicht 17.11.2003 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:02:24
OpenSSL 0.9.6 and 0.9.7 does not properly track the number of characters in certain ASN.1 inputs, which allows remote attackers to cause a denial of service (crash) via an SSL client certificate that causes OpenSSL to read past the end of a buffer wh...
- EPSS 85.45%
- Veröffentlicht 17.11.2003 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:02:24
Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an SSL client certificate with a certain invalid ASN.1 encoding.