Shodan
Vulnerabilities
Vulnerable Software
Openssl:  >> Openssl  Security Vulnerabilities
CVE-2003-0078
ssl3_get_record in s3_pkt.c for OpenSSL before 0.9.7a and 0.9.6 before 0.9.6i does not perform a MAC computation if an incorrect block cipher padding is used, which causes an information leak (timing discrepancy) that may make it easier to launch cryptographic attacks that rely on distinguishing between padding and MAC verification errors, possibly leading to extraction of the original plaintext, aka the "Vaudenay timing attack."
CVSS Score
5.0
EPSS Score
0.131
Published
2003-03-03
CVE-2002-0655
OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, does not properly handle ASCII representations of integers on 64 bit platforms, which could allow attackers to cause a denial of service and possibly execute arbitrary code.
CVSS Score
7.5
EPSS Score
0.009
Published
2002-08-12
CVE-2002-0656
Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allow remote attackers to execute arbitrary code via (1) a large client master key in SSL2 or (2) a large session ID in SSL3.
CVSS Score
7.5
EPSS Score
0.878
Published
2002-08-12
CVE-2002-0657
Buffer overflow in OpenSSL 0.9.7 before 0.9.7-beta3, with Kerberos enabled, allows attackers to execute arbitrary code via a long master key.
CVSS Score
7.5
EPSS Score
0.037
Published
2002-08-12
CVE-2002-0659
The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allows remote attackers to cause a denial of service via invalid encodings.
CVSS Score
5.0
EPSS Score
0.079
Published
2002-08-12
CVE-2001-1141
The Pseudo-Random Number Generator (PRNG) in SSLeay and OpenSSL before 0.9.6b allows attackers to use the output of small PRNG requests to determine the internal state information, which could be used by attackers to predict future pseudo-random numbers.
CVSS Score
5.0
EPSS Score
0.014
Published
2001-07-10
CVE-2000-0535
OpenSSL 0.9.4 and OpenSSH for FreeBSD do not properly check for the existence of the /dev/random or /dev/urandom devices, which are absent on FreeBSD Alpha systems, which causes them to produce weak keys which may be more easily broken.
CVSS Score
5.0
EPSS Score
0.006
Published
2000-06-12
CVE-1999-0428
OpenSSL and SSLeay allow remote attackers to reuse SSL sessions and bypass access controls.
CVSS Score
7.5
EPSS Score
0.003
Published
1999-03-22


Products
Pricing
Contact Us

Shodan ® - All rights reserved