0.9.6h

DATE	CVE	VULNERABILITY TITLE	RISK
2006-09-05	CVE-2006-4339	Cryptographic Issues vulnerability in Openssl OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1. network openssl CWE-310	4.3
2005-09-16	CVE-2005-2946	Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products The default configuration on OpenSSL before 0.9.8 uses MD5 for creating message digests instead of a more cryptographically strong algorithm, which makes it easier for remote attackers to forge certificates with a valid certificate authority signature. network low complexity openssl canonical CWE-327	7.5
2005-05-26	CVE-2005-1797	Unspecified vulnerability in Openssl The design of Advanced Encryption Standard (AES), aka Rijndael, allows remote attackers to recover AES keys via timing attacks on S-box lookups, which are difficult to perform in constant time in AES implementations. network high complexity openssl	5.1
2005-02-09	CVE-2004-0975	The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files. local low complexity mandrakesoft openssl gentoo	2.1
2004-11-23	CVE-2004-0081	OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool. network low complexity cisco symantec hp avaya freebsd openbsd redhat sco apple 4d checkpoint lite neoteris novell openssl sgi stonesoft vmware bluecoat securecomputing dell tarantella sun	5.0
2004-11-23	CVE-2004-0079	NULL Pointer Dereference vulnerability in multiple products The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference. network low complexity cisco symantec hp avaya redhat freebsd openbsd apple sco 4d checkpoint dell lite neoteris novell openssl sgi stonesoft tarantella vmware bluecoat securecomputing sun CWE-476	7.5
2003-12-01	CVE-2003-0851	Remote Denial Of Service vulnerability in OpenSSL ASN.1 Large Recursion OpenSSL 0.9.6k allows remote attackers to cause a denial of service (crash via large recursion) via malformed ASN.1 sequences. network low complexity cisco openssl	5.0
2003-03-31	CVE-2003-0147	OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal). network low complexity openpkg openssl stunnel	5.0
2003-03-24	CVE-2003-0131	Unspecified vulnerability in Openssl The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using PKCS #1 v1.5 padding that cause OpenSSL to leak information regarding the relationship between ciphertext and the associated plaintext, aka the "Klima-Pokorny-Rosa attack." network low complexity openssl	7.5