|
251
|
7.5
5.0
|
HIGH
Network
|
The default configuration on OpenSSL before 0.9.8 uses MD5 for creating message digests instead of a more cryptographically strong algorithm, which makes it easier for remote attackers to forge certi…
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2005-2946
|
cpe:2.3:a:openssl:openssl:*:*
|
|
|
|
0.9.8
|
2024-02-9 12:13
2005-09-17
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252
|
-
5.1
|
MEDIUM
|
The design of Advanced Encryption Standard (AES), aka Rijndael, allows remote attackers to recover AES keys via timing attacks on S-box lookups, which are difficult to perform in constant time in AES…
|
NVD-CWE-Other
|
CVE-2005-1797
|
cpe:2.3:a:openssl:openssl:0.9.7d:* cpe:2.3:a:openssl:openssl:0.9.7c:* cpe:2.3:a:openssl:openssl:0.9.7b:* cpe:2…
|
|
|
|
|
2008-09-6 05:50
2005-05-26
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253
|
-
2.1
|
LOW
|
The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files.
|
NVD-CWE-Other
|
CVE-2004-0975
|
cpe:2.3:a:openssl:openssl:0.9.7d:* cpe:2.3:a:openssl:openssl:0.9.7c:* cpe:2.3:a:openssl:openssl:0.9.6m:* cpe:2…
|
|
|
|
|
2017-10-11 10:29
2005-02-9
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254
|
-
5.0
|
MEDIUM
|
OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test …
|
NVD-CWE-Other
|
CVE-2004-0081
|
cpe:2.3:a:openssl:openssl:0.9.7c:* cpe:2.3:a:openssl:openssl:0.9.7b:* cpe:2.3:a:openssl:openssl:0.9.7a:* cpe:2…
|
|
|
|
|
2021-11-9 00:48
2004-11-23
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255
|
7.5
5.0
|
HIGH
Network
|
The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null…
|
CWE-476
NULL Pointer Dereference
|
CVE-2004-0079
|
cpe:2.3:a:openssl:openssl:0.9.7c:* cpe:2.3:a:openssl:openssl:0.9.7b:* cpe:2.3:a:openssl:openssl:0.9.7a:* cpe:2…
|
|
|
|
|
2023-12-29 00:33
2004-11-23
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256
|
-
5.0
|
MEDIUM
|
The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote at…
|
CWE-125
Out-of-bounds Read
|
CVE-2004-0112
|
cpe:2.3:a:openssl:openssl:0.9.7c:* cpe:2.3:a:openssl:openssl:0.9.7b:* cpe:2.3:a:openssl:openssl:0.9.7a:* cpe:2…
|
|
|
|
|
2024-02-16 05:54
2004-11-23
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257
|
-
5.0
|
MEDIUM
|
OpenSSL 0.9.6k allows remote attackers to cause a denial of service (crash via large recursion) via malformed ASN.1 sequences.
|
NVD-CWE-Other
|
CVE-2003-0851
|
cpe:2.3:a:openssl:openssl:0.9.7b:* cpe:2.3:a:openssl:openssl:0.9.7a:* cpe:2.3:a:openssl:openssl:0.9.7:* cpe:2.…
|
|
|
|
|
2018-10-31 01:26
2003-12-1
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258
|
-
5.0
|
MEDIUM
|
Integer overflow in OpenSSL 0.9.6 and 0.9.7 allows remote attackers to cause a denial of service (crash) via an SSL client certificate with certain ASN.1 tag values.
|
NVD-CWE-Other
|
CVE-2003-0543
|
cpe:2.3:a:openssl:openssl:0.9.7:* cpe:2.3:a:openssl:openssl:0.9.6:*
|
|
|
|
|
2018-05-3 10:29
2003-11-17
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259
|
-
5.0
|
MEDIUM
|
OpenSSL 0.9.6 and 0.9.7 does not properly track the number of characters in certain ASN.1 inputs, which allows remote attackers to cause a denial of service (crash) via an SSL client certificate that…
|
NVD-CWE-Other
|
CVE-2003-0544
|
cpe:2.3:a:openssl:openssl:0.9.7:* cpe:2.3:a:openssl:openssl:0.9.6:*
|
|
|
|
|
2018-05-3 10:29
2003-11-17
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260
|
-
5.0
|
MEDIUM
|
OpenSSL 0.9.6e uses assertions when detecting buffer overflow attacks instead of less severe mechanisms, which allows remote attackers to cause a denial of service (crash) via certain messages that c…
|
NVD-CWE-Other
|
CVE-2002-1568
|
cpe:2.3:a:openssl:openssl:0.9.6e:*
|
|
|
|
|
2016-10-18 11:27
2003-11-17
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|