Vulnerabilities > Openssl
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-03-13 | CVE-2012-0884 | Cryptographic Issues vulnerability in Openssl The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Million Message Attack (MMA) adaptive chosen ciphertext attack. | 5.0 |
| 2012-01-27 | CVE-2011-4354 | Cryptographic Issues vulnerability in Openssl crypto/bn/bn_nist.c in OpenSSL before 0.9.8h on 32-bit platforms, as used in stunnel and other products, in certain circumstances involving ECDH or ECDHE cipher suites, uses an incorrect modular reduction algorithm in its implementation of the P-256 and P-384 NIST elliptic curves, which allows remote attackers to obtain the private key of a TLS server via multiple handshake attempts. | 5.8 |
| 2012-01-06 | CVE-2012-0027 | Resource Management Errors vulnerability in Openssl The GOST ENGINE in OpenSSL before 1.0.0f does not properly handle invalid parameters for the GOST block cipher, which allows remote attackers to cause a denial of service (daemon crash) via crafted data from a TLS client. | 5.0 |
| 2012-01-06 | CVE-2011-4619 | Resource Management Errors vulnerability in Openssl The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors. | 5.0 |
| 2012-01-06 | CVE-2011-4577 | Resource Management Errors vulnerability in Openssl OpenSSL before 0.9.8s and 1.x before 1.0.0f, when RFC 3779 support is enabled, allows remote attackers to cause a denial of service (assertion failure) via an X.509 certificate containing certificate-extension data associated with (1) IP address blocks or (2) Autonomous System (AS) identifiers. | 4.3 |
| 2012-01-06 | CVE-2011-4576 | Cryptographic Issues vulnerability in Openssl The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer. | 5.0 |
| 2012-01-06 | CVE-2011-4109 | Resource Management Errors vulnerability in Openssl Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to have an unspecified impact by triggering failure of a policy check. | 9.3 |
| 2012-01-06 | CVE-2011-4108 | Cryptographic Issues vulnerability in Openssl The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack. | 4.3 |
| 2011-09-22 | CVE-2011-3210 | Resource Management Errors vulnerability in Openssl The ephemeral ECDH ciphersuite functionality in OpenSSL 0.9.8 through 0.9.8r and 1.0.x before 1.0.0e does not ensure thread safety during processing of handshake messages from clients, which allows remote attackers to cause a denial of service (daemon crash) via out-of-order messages that violate the TLS protocol. | 5.0 |
| 2011-09-22 | CVE-2011-3207 | Permissions, Privileges, and Access Controls vulnerability in Openssl crypto/x509/x509_vfy.c in OpenSSL 1.0.x before 1.0.0e does not initialize certain structure members, which makes it easier for remote attackers to bypass CRL validation by using a nextUpdate value corresponding to a time in the past. | 5.0 |