[Forgot Password]
Login  Register Subscribe

23631

 
 

126995

 
 

100182

 
 

909

 
 

80198

 
 

109

Paid content will be excluded from the download.


Download | Alert*


CVE-2015-0292
Integer underflow in the EVP_DecodeUpdate function in crypto/evp/encode.c in the base64-decoding implementation in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact v ...

CVE-2014-3566
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.

CVE-2014-8176
The dtls1_clear_queues function in ssl/d1_lib.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h frees data structures without considering that application data can arrive between a ChangeCipherSpec message and a Finished message, which allows remote DTLS peers to cause a deni ...

CVE-2017-3735
While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g.

*CPE
cpe:/a:openssl:openssl:0.9.8z
OVAL    106
oval:org.secpod.oval:def:23957
oval:org.secpod.oval:def:1600028
oval:org.secpod.oval:def:108125
oval:org.secpod.oval:def:1600161
...

© 2013 SecPod Technologies