VYPR

Vendor CVEs

OpenSSL Project

All CVEs

379 total · sorted by risk
  • CVE-2006-2940Sep 28, 2006
    risk 0.00cvss epss 0.05

    OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2) "public modulus" values in X.509 certificates that require extra time to…

  • CVE-2006-5052Sep 27, 2006
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in portable OpenSSH before 4.4, when running on some platforms, allows remote attackers to determine the validity of usernames via unknown vectors involving a GSSAPI "authentication abort."

  • CVE-2006-4339Sep 5, 2006
    risk 0.00cvss epss 0.05

    OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from…

  • CVE-2006-0883Mar 7, 2006
    risk 0.00cvss epss 0.02

    OpenSSH on FreeBSD 5.3 and 5.4, when used with OpenPAM, does not properly handle when a forked child process terminates during PAM authentication, which allows remote attackers to cause a denial of service (client connection refusal) by connecting multiple times to the SSH…

  • CVE-2005-1730Dec 31, 2005
    risk 0.00cvss epss 0.05

    Multiple vulnerabilities in the OpenSSL ASN.1 parser, as used in Novell iManager 2.0.2, allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted packets, as demonstrated by "OpenSSL ASN.1 brute forcer." NOTE: this issue might overlap…

  • CVE-2005-2969Oct 18, 2005
    risk 0.00cvss epss 0.05

    The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSL_OP_MSIE_SSLV2_RSA_PADDING option, disables a verification step that is required for preventing protocol version rollback attacks, which allows remote attackers to force a…

  • CVE-2005-2797Sep 6, 2005
    risk 0.00cvss epss 0.02

    OpenSSH 4.0, and other versions before 4.2, does not properly handle dynamic port forwarding ("-D" option) when a listen address is not provided, which may cause OpenSSH to enable the GatewayPorts functionality.

  • CVE-2005-2666Aug 23, 2005
    risk 0.00cvss epss 0.01

    SSH, as implemented in OpenSSH before 4.0 and possibly other implementations, stores hostnames, IP addresses, and keys in plaintext in the known_hosts file, which makes it easier for an attacker that has compromised an SSH user's account to generate a list of additional targets…

  • CVE-2005-1797May 26, 2005
    risk 0.00cvss epss 0.01

    The design of Advanced Encryption Standard (AES), aka Rijndael, allows remote attackers to recover AES keys via timing attacks on S-box lookups, which are difficult to perform in constant time in AES implementations.

  • CVE-2004-0975Feb 9, 2005
    risk 0.00cvss epss 0.00

    The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files.

  • CVE-2004-2069Dec 31, 2004
    risk 0.00cvss epss 0.03

    sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly other versions, when using privilege separation, does not properly signal the non-privileged process when a session has been terminated after exceeding the LoginGraceTime setting, which leaves the connection open and allows…

  • CVE-2004-0175Aug 18, 2004
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in scp for OpenSSH before 3.4p1 allows remote malicious servers to overwrite arbitrary files. NOTE: this may be a rediscovery of CVE-2000-0992.

  • CVE-2003-1562Dec 31, 2003
    risk 0.00cvss epss 0.06

    sshd in OpenSSH 3.6.1p2 and earlier, when PermitRootLogin is disabled and using PAM keyboard-interactive authentication, does not insert a delay after a root login attempt with the correct password, which makes it easier for remote attackers to use timing differences to…

  • CVE-2003-0851Dec 1, 2003
    risk 0.00cvss epss 0.05

    OpenSSL 0.9.6k allows remote attackers to cause a denial of service (crash via large recursion) via malformed ASN.1 sequences.

  • CVE-2003-0544Nov 17, 2003
    risk 0.00cvss epss 0.06

    OpenSSL 0.9.6 and 0.9.7 does not properly track the number of characters in certain ASN.1 inputs, which allows remote attackers to cause a denial of service (crash) via an SSL client certificate that causes OpenSSL to read past the end of a buffer when the long form is used.

  • CVE-2002-1568Nov 17, 2003
    risk 0.00cvss epss 0.03

    OpenSSL 0.9.6e uses assertions when detecting buffer overflow attacks instead of less severe mechanisms, which allows remote attackers to cause a denial of service (crash) via certain messages that cause OpenSSL to abort from a failed assertion, as demonstrated using SSLv2…

  • CVE-2003-0787Nov 17, 2003
    risk 0.00cvss epss 0.02

    The PAM conversation function in OpenSSH 3.7.1 and 3.7.1p1 interprets an array of structures as an array of pointers, which allows attackers to modify the stack and possibly gain privileges.

  • CVE-2003-0786Nov 17, 2003
    risk 0.00cvss epss 0.03

    The SSH1 PAM challenge response authentication in OpenSSH 3.7.1 and 3.7.1p1, when Privilege Separation is disabled, does not check the result of the authentication attempt, which can allow remote attackers to gain privileges.

  • CVE-2003-0693Sep 22, 2003
    risk 0.00cvss epss 0.10

    A "buffer management error" in buffer_append_space of buffer.c for OpenSSH before 3.7 may allow remote attackers to execute arbitrary code by causing an incorrect amount of memory to be freed and corrupting the heap, a different vulnerability than CVE-2003-0695.

  • CVE-2003-0386Jul 2, 2003
    risk 0.00cvss epss 0.06

    OpenSSH 3.6.1 and earlier, when restricting host access by numeric IP addresses and with VerifyReverseMapping disabled, allows remote attackers to bypass "from=" and "user@host" address restrictions by connecting to a host from a system whose reverse DNS hostname contains the…

  • CVE-2002-0640Jul 3, 2002
    risk 0.00cvss epss 0.27

    Buffer overflow in sshd in OpenSSH 2.3.1 through 3.3 may allow remote attackers to execute arbitrary code via a large number of responses during challenge response authentication when OpenBSD is using PAM modules with interactive keyboard authentication…

  • CVE-2001-0872Dec 21, 2001
    risk 0.00cvss epss 0.01

    OpenSSH 3.0.1 and earlier with UseLogin enabled does not properly cleanse critical environment variables such as LD_PRELOAD, which allows local users to gain root privileges.

  • CVE-2001-0816Dec 6, 2001
    risk 0.00cvss epss 0.02

    OpenSSH before 2.9.9, when running sftp using sftp-server and using restricted keypairs, allows remote authenticated users to bypass authorized_keys2 command= restrictions using sftp commands.

  • CVE-2001-1380Oct 18, 2001
    risk 0.00cvss epss 0.03

    OpenSSH before 2.9.9, while using keypairs and multiple keys of different types in the ~/.ssh/authorized_keys2 file, may not properly handle the "from" option associated with a key, which could allow remote attackers to login from unauthorized IP addresses.

  • CVE-2001-1141Jul 10, 2001
    risk 0.00cvss epss 0.05

    The Pseudo-Random Number Generator (PRNG) in SSLeay and OpenSSL before 0.9.6b allows attackers to use the output of small PRNG requests to determine the internal state information, which could be used by attackers to predict future pseudo-random numbers.

  • CVE-2001-0361Jun 27, 2001
    risk 0.00cvss epss 0.03

    Implementations of SSH version 1.5, including (1) OpenSSH up to version 2.3.0, (2) AppGate, and (3) ssh-1 up to version 1.2.31, in certain configurations, allow a remote attacker to decrypt and/or alter traffic via a "Bleichenbacher attack" on PKCS#1 version 1.5.

  • CVE-2001-1459Jun 19, 2001
    risk 0.00cvss epss 0.02

    OpenSSH 2.9 and earlier does not initiate a Pluggable Authentication Module (PAM) session if commands are executed with no pty, which allows local users to bypass resource limits (rlimits) set in pam.d.

  • CVE-2000-0535Jun 12, 2000
    risk 0.00cvss epss 0.01

    OpenSSL 0.9.4 and OpenSSH for FreeBSD do not properly check for the existence of the /dev/random or /dev/urandom devices, which are absent on FreeBSD Alpha systems, which causes them to produce weak keys which may be more easily broken.

  • CVE-1999-0428Mar 22, 1999
    risk 0.00cvss epss 0.03

    OpenSSL and SSLeay allow remote attackers to reuse SSL sessions and bypass access controls.

Page 8 of 8