RSS   Vulnerabilities for 'Openssl'   RSS

2013-02-08
 
CVE-2013-0166

CWE-310
 

 
OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key.

 
2012-05-14
 
CVE-2012-2333

CWE-189
 

 
Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation.

 
2012-04-19
 
CVE-2012-2110

CWE-119
 

 
The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key.

 
2010-01-14
 
CVE-2009-4355

 

 
Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.

 
2009-06-04
 
CVE-2009-1387

 

 
The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence DTLS handshake message, related to a "fragment bug."

 
 
CVE-2009-1386

 

 
ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello.

 
2004-11-23
 
CVE-2004-0112

CWE-Other
 

 
The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.

 
 
CVE-2004-0081

CWE-Other
 

 
OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.

 
 
CVE-2004-0079

CWE-Other
 

 
The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.

 

 >>> Vendor: Redhat 271 Products
Linux
Enterprise linux
Enterprise linux desktop
Linux powertools
Tmpwatch
Stronghold
Redhat package manager
Docbook stylesheets
Docbook utils
Pre-execution environment
Interchange
Linux advanced workstation
Rhmask
LV
Tcpdump
Analog real-time synthesizer
Kdebase
Kdelibs
Kdelibs devel
Kdelibs sound
Kdelibs sound devel
Wu ftpd
Daredevil skk
Ddskk-xemacs
Up2date
Pam smb
Sendmail
Kernel
Rsync
Bigmem kernel
Kernel doc
Kernel source
Openssl
Sysstat
Gdk pixbuf
LHA
Fedora core
Libpng
Sysreport
Open iscsi
Cluster suite
Network satelite server
Fedora
Conga
Mcstrans
Certificate server
Cairo
Network satellite server
Cygwin
Directory server
Fedora directory server
Nfs utils
Desktop
Enterprise linux desktop workstation
Desktop workstation
Fedora 8
Certificate system
Vsftpd
Adminutil
Enterprise ipa
Freeipa
Jboss enterprise application platform
Initscripts
CMAN
dogtag certificate system
Cluster project
Gfs2-utils
Rgmanager
Dogtag certificate system
Enterprise mrg
Spacewalk-java
Enterprise virtualization
Qspice
KVM
Network satellite
Yum-rhn-plugin
Enterprise virtualization hypervisor
Enterprise virtualization manager
Jboss enterprise service bus
Jboss enterprise soa platform
Evince
Spice-xpi
Spice-activex
LUCI
Icedtea
Jboss enterprise web platform
Jboss remoting
Icedtea-web
Policycoreutils
Libvirt
Jboss seam 2 framework
Policykit
System-config-firewall
System-config-printer
Jboss operations network
Automatic bug reporting tool
SOS
Dtach
Jboss community application server
Mod cluster
See all Products for Vendor Redhat


Copyright 2019, cxsecurity.com

 

Back to Top