) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- CPE Product Version: cpe:/a:openssl:openssl:0.9.8zg
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2011-4108 |
The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack. Published: January 05, 2012; 8:55:00 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
| CVE-2011-1945 |
The elliptic curve cryptography (ECC) subsystem in OpenSSL 1.0.0d and earlier, when the Elliptic Curve Digital Signature Algorithm (ECDSA) is used for the ECDHE_ECDSA cipher suite, does not properly implement curves over binary fields, which makes it easier for context-dependent attackers to determine private keys via a timing attack and a lattice calculation. Published: May 31, 2011; 4:55:05 PM -0400 |
V3.x:(not available) V2.0: 2.6 LOW |
| CVE-2010-4252 |
OpenSSL before 1.0.0c, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol. Published: December 06, 2010; 4:05:49 PM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |