CVE search results

1 – 10 of 18 results

Detailed view

Sort by:

CVE-2010-2939

Medium priority

Some fixes available 5 of 6

Double free vulnerability in the ssl3_get_key_exchange function in the OpenSSL client (ssl/s3_clnt.c) in OpenSSL 1.0.0a, 0.9.8, 0.9.7, and possibly other versions, when using ECDH, allows context-dependent attackers to cause a...

2 affected packages

openssl, openssl097

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
openssl	—	—	—	—
openssl097	—	—	—	—

CVE-2007-5536

Low priority

Not affected

Unspecified vulnerability in OpenSSL before A.00.09.07l on HP-UX B.11.11, B.11.23, and B.11.31 allows local users to cause a denial of service via unspecified vectors.

2 affected packages

openssl, openssl097

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
openssl	—	—	—	—
openssl097	—	—	—	—

CVE-2007-5135

Medium priority

Some fixes available 8 of 11

Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. ...

2 affected packages

openssl, openssl097

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
openssl	—	—	—	—
openssl097	—	—	—	—

CVE-2007-4995

Low priority

Some fixes available 4 of 7

Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f allows remote attackers to execute arbitrary code via unspecified vectors.

2 affected packages

openssl, openssl097

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
openssl	—	—	—	—
openssl097	—	—	—	—

CVE-2007-3108

Negligible priority

Some fixes available 8 of 11

The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and earlier does not properly perform Montgomery multiplication, which might allow local users to conduct a side-channel attack and retrieve RSA private keys.

2 affected packages

openssl, openssl097

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
openssl	—	—	—	—
openssl097	—	—	—	—

CVE-2006-4343

Medium priority

Fixed

The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a...

2 affected packages

openssl, openssl097

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
openssl	—	—	—	—
openssl097	—	—	—	—

CVE-2006-4339

Medium priority

Fixed

OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is...

2 affected packages

openssl, openssl097

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
openssl	—	—	—	—
openssl097	—	—	—	—

CVE-2006-3738

Medium priority

Fixed

Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers.

2 affected packages

openssl, openssl097

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
openssl	—	—	—	—
openssl097	—	—	—	—

CVE-2006-2940

Medium priority

Fixed

OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) “public exponent” or (2) “public modulus” values in...

2 affected packages

openssl, openssl097

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
openssl	—	—	—	—
openssl097	—	—	—	—

CVE-2006-2937

Medium priority

Fixed

OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition.

2 affected packages

openssl, openssl097

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
openssl	—	—	—	—
openssl097	—	—	—	—

Export to JSON

Results by page:

Search CVE reports