National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:openssl:openssl:1.0.0e
There are 64 matching records.
Displaying matches 61 through 64.
Vuln ID Summary CVSS Severity
CVE-2011-4619

The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors.

Published: January 05, 2012; 08:55:01 PM -05:00
V2: 5.0 MEDIUM
CVE-2011-4577

OpenSSL before 0.9.8s and 1.x before 1.0.0f, when RFC 3779 support is enabled, allows remote attackers to cause a denial of service (assertion failure) via an X.509 certificate containing certificate-extension data associated with (1) IP address blocks or (2) Autonomous System (AS) identifiers.

Published: January 05, 2012; 08:55:00 PM -05:00
V2: 4.3 MEDIUM
CVE-2011-4576

The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer.

Published: January 05, 2012; 08:55:00 PM -05:00
V2: 5.0 MEDIUM
CVE-2011-4108

The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack.

Published: January 05, 2012; 08:55:00 PM -05:00
V2: 4.3 MEDIUM