Vulnerabilities > Openssl
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-06-16 | CVE-2009-1390 | Improper Authentication vulnerability in Mutt 1.5.19 Mutt 1.5.19, when linked against (1) OpenSSL (mutt_ssl.c) or (2) GnuTLS (mutt_ssl_gnutls.c), allows connections when only one TLS certificate in the chain is accepted instead of verifying the entire chain, which allows remote attackers to spoof trusted servers via a man-in-the-middle attack. | 6.8 |
2009-03-27 | CVE-2009-0789 | Numeric Errors vulnerability in Openssl OpenSSL before 0.9.8k on WIN64 and certain other platforms does not properly handle a malformed ASN.1 structure, which allows remote attackers to cause a denial of service (invalid memory access and application crash) by placing this structure in the public key of a certificate, as demonstrated by an RSA public key. | 5.0 |
2009-03-27 | CVE-2009-0591 | Improper Authentication vulnerability in Openssl 0.9.8H/0.9.8I/0.9.8J The CMS_verify function in OpenSSL 0.9.8h through 0.9.8j, when CMS is enabled, does not properly handle errors associated with malformed signed attributes, which allows remote attackers to repudiate a signature that originally appeared to be valid but was actually invalid. | 2.6 |
2009-03-27 | CVE-2009-0590 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length. | 5.0 |
2009-02-20 | CVE-2009-0653 | Improper Authentication vulnerability in Openssl 0.9.6 OpenSSL, probably 0.9.6, does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack, a related issue to CVE-2002-0970. | 7.5 |
2009-01-07 | CVE-2008-5077 | Improper Input Validation vulnerability in Openssl OpenSSL 0.9.8i and earlier does not properly check the return value from the EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys. | 5.8 |
2008-05-29 | CVE-2008-1672 | NULL Pointer Dereference vulnerability in multiple products OpenSSL 0.9.8f and 0.9.8g allows remote attackers to cause a denial of service (crash) via a TLS handshake that omits the Server Key Exchange message and uses "particular cipher suites," which triggers a NULL pointer dereference. | 4.3 |
2008-05-13 | CVE-2008-0166 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in multiple products OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptographic keys. | 7.5 |
2007-12-01 | CVE-2007-5502 | Cryptographic Issues vulnerability in Openssl Fips Object Module 1.1.1 The PRNG implementation for the OpenSSL FIPS Object Module 1.1.1 does not perform auto-seeding during the FIPS self-test, which generates random data that is more predictable than expected and makes it easier for attackers to bypass protection mechanisms that rely on the randomness. | 6.4 |
2007-10-13 | CVE-2007-4995 | Numeric Errors vulnerability in Openssl Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f allows remote attackers to execute arbitrary code via unspecified vectors. | 9.3 |