Search for packages
| purl | pkg:openssl/openssl@0.9.6 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-3j45-cwzm-aaam
Aliases: CVE-2006-3738 VC-OPENSSL-20060928-CVE-2006-3738 |
A buffer overflow was discovered in the SSL_get_shared_ciphers() utility function. An attacker could send a list of ciphers to an application that uses this function and overrun a buffer. |
Affected by 0 other vulnerabilities. Affected by 56 other vulnerabilities. |
|
VCID-42ew-ga1t-aaaq
Aliases: CVE-2002-0656 VC-OPENSSL-20020730-CVE-2002-0656 |
A buffer overflow allowed remote attackers to execute arbitrary code by sending a large client master key in SSL2 or a large session ID in SSL3. |
Affected by 13 other vulnerabilities. |
|
VCID-cs8h-mu82-aaaj
Aliases: CVE-2004-0081 VC-OPENSSL-20040317-CVE-2004-0081 |
The Codenomicon TLS Test Tool found that some unknown message types were handled incorrectly, allowing a remote attacker to cause a denial of service (infinite loop). |
Affected by 15 other vulnerabilities. |
|
VCID-dfg7-5zwk-aaan
Aliases: CVE-2003-0131 VC-OPENSSL-20030319-CVE-2003-0131 |
The SSL and TLS components allowed remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using PKCS #1 v1.5 padding that caused OpenSSL to leak information regarding the relationship between ciphertext and the associated plaintext, aka the "Klima-Pokorny-Rosa attack" |
Affected by 9 other vulnerabilities. Affected by 12 other vulnerabilities. |
|
VCID-fq9y-x2ae-aaac
Aliases: CVE-2003-0147 VC-OPENSSL-20030314-CVE-2003-0147 |
RSA blinding was not enabled by default, which could allow local and remote attackers to obtain a server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal). |
Affected by 9 other vulnerabilities. Affected by 12 other vulnerabilities. |
|
VCID-jpd6-6mb9-aaam
Aliases: CVE-2006-2940 VC-OPENSSL-20060928-CVE-2006-2940 |
Certain types of public key can take disproportionate amounts of time to process. This could be used by an attacker in a denial of service attack. |
Affected by 0 other vulnerabilities. Affected by 56 other vulnerabilities. |
|
VCID-kpn3-up1t-aaar
Aliases: CVE-2002-0655 VC-OPENSSL-20020730-CVE-2002-0655 |
Inproper handling of ASCII representations of integers on 64 bit platforms allowed remote attackers to cause a denial of service or possibly execute arbitrary code. |
Affected by 13 other vulnerabilities. |
|
VCID-p6x2-eazm-aaae
Aliases: CVE-2004-0975 VC-OPENSSL-20040930-CVE-2004-0975 |
The der_chop script created temporary files insecurely which could allow local users to overwrite files via a symlink attack on temporary files. Note that it is quite unlikely that a user would be using the redundant der_chop script, and this script was removed from the OpenSSL distribution. |
Affected by 0 other vulnerabilities. Affected by 6 other vulnerabilities. |
|
VCID-rbtq-713d-aaap
Aliases: CVE-2006-4343 VC-OPENSSL-20060928-CVE-2006-4343 |
A flaw in the SSLv2 client code was discovered. When a client application used OpenSSL to create an SSLv2 connection to a malicious server, that server could cause the client to crash. |
Affected by 0 other vulnerabilities. Affected by 56 other vulnerabilities. |
|
VCID-sff8-8d57-aaac
Aliases: CVE-2003-0543 VC-OPENSSL-20030930-CVE-2003-0543 |
An integer overflow could allow remote attackers to cause a denial of service (crash) via an SSL client certificate with certain ASN.1 tag values. |
Affected by 8 other vulnerabilities. Affected by 9 other vulnerabilities. |
|
VCID-vkat-mpxv-aaad
Aliases: CVE-2006-4339 VC-OPENSSL-20060905-CVE-2006-4339 |
Daniel Bleichenbacher discovered an attack on PKCS #1 v1.5 signatures where under certain circumstances it may be possible for an attacker to forge a PKCS #1 v1.5 signature that would be incorrectly verified by OpenSSL. |
Affected by 4 other vulnerabilities. Affected by 60 other vulnerabilities. |
|
VCID-w4ca-z9kb-aaae
Aliases: CVE-2003-0078 VC-OPENSSL-20030219-CVE-2003-0078 |
sl3_get_record in s3_pkt.c did not perform a MAC computation if an incorrect block cipher padding was used, causing an information leak (timing discrepancy) that may make it easier to launch cryptographic attacks that rely on distinguishing between padding and MAC verification errors, possibly leading to extraction of the original plaintext, aka the "Vaudenay timing attack." |
Affected by 11 other vulnerabilities. Affected by 14 other vulnerabilities. |
|
VCID-ye43-arpb-aaab
Aliases: CVE-2005-2969 VC-OPENSSL-20051011-CVE-2005-2969 |
A deprecated option, SSL_OP_MISE_SSLV2_RSA_PADDING, could allow an attacker acting as a "man in the middle" to force a connection to downgrade to SSL 2.0 even if both parties support better protocols. |
Affected by 5 other vulnerabilities. Affected by 61 other vulnerabilities. |
|
VCID-zufg-a7kh-aaak
Aliases: CVE-2003-0544 VC-OPENSSL-20030930-CVE-2003-0544 |
Incorrect tracking of the number of characters in certain ASN.1 inputs could allow remote attackers to cause a denial of service (crash) by sending an SSL client certificate that causes OpenSSL to read past the end of a buffer when the long form is used. |
Affected by 8 other vulnerabilities. Affected by 9 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2024-01-03T20:01:48.779321+00:00 | OpenSSL Importer | Affected by | VCID-rbtq-713d-aaap | https://www.openssl.org/news/secadv/20060928.txt | 34.0.0rc1 |
| 2024-01-03T20:01:48.595381+00:00 | OpenSSL Importer | Affected by | VCID-3j45-cwzm-aaam | https://www.openssl.org/news/secadv/20060928.txt | 34.0.0rc1 |
| 2024-01-03T20:01:48.410742+00:00 | OpenSSL Importer | Affected by | VCID-jpd6-6mb9-aaam | https://www.openssl.org/news/secadv/20060928.txt | 34.0.0rc1 |
| 2024-01-03T20:01:48.122092+00:00 | OpenSSL Importer | Affected by | VCID-vkat-mpxv-aaad | https://www.openssl.org/news/secadv/20060905.txt | 34.0.0rc1 |
| 2024-01-03T20:01:47.948837+00:00 | OpenSSL Importer | Affected by | VCID-ye43-arpb-aaab | https://www.openssl.org/news/secadv/20051011.txt | 34.0.0rc1 |
| 2024-01-03T20:01:47.796389+00:00 | OpenSSL Importer | Affected by | VCID-p6x2-eazm-aaae | https://www.openssl.org/news/vulnerabilities.xml | 34.0.0rc1 |
| 2024-01-03T20:01:47.679249+00:00 | OpenSSL Importer | Affected by | VCID-cs8h-mu82-aaaj | https://www.openssl.org/news/secadv/20030317.txt | 34.0.0rc1 |
| 2024-01-03T20:01:47.448882+00:00 | OpenSSL Importer | Affected by | VCID-zufg-a7kh-aaak | https://www.openssl.org/news/secadv/20030930.txt | 34.0.0rc1 |
| 2024-01-03T20:01:47.327483+00:00 | OpenSSL Importer | Affected by | VCID-sff8-8d57-aaac | https://www.openssl.org/news/secadv/20030930.txt | 34.0.0rc1 |
| 2024-01-03T20:01:47.241078+00:00 | OpenSSL Importer | Affected by | VCID-fq9y-x2ae-aaac | https://www.openssl.org/news/secadv/20030317.txt | 34.0.0rc1 |
| 2024-01-03T20:01:47.152270+00:00 | OpenSSL Importer | Affected by | VCID-dfg7-5zwk-aaan | https://www.openssl.org/news/secadv/20030319.txt | 34.0.0rc1 |
| 2024-01-03T20:01:47.089323+00:00 | OpenSSL Importer | Affected by | VCID-w4ca-z9kb-aaae | https://www.openssl.org/news/secadv/20030219.txt | 34.0.0rc1 |
| 2024-01-03T20:01:46.945287+00:00 | OpenSSL Importer | Affected by | VCID-42ew-ga1t-aaaq | https://www.openssl.org/news/secadv/20020730.txt | 34.0.0rc1 |
| 2024-01-03T20:01:46.900524+00:00 | OpenSSL Importer | Affected by | VCID-kpn3-up1t-aaar | https://www.openssl.org/news/secadv/20020730.txt | 34.0.0rc1 |