Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2009-3245

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-05 Mar, 2010 | 19:00
Updated At-07 Aug, 2024 | 06:22
Rejected At-
Credits

OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, and (4) engines/e_ubsec.c, which has unspecified impact and context-dependent attack vectors.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:05 Mar, 2010 | 19:00
Updated At:07 Aug, 2024 | 06:22
Rejected At:
▼CVE Numbering Authority (CNA)

OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, and (4) engines/e_ubsec.c, which has unspecified impact and context-dependent attack vectors.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.vupen.com/english/advisories/2010/0916
vdb-entry
x_refsource_VUPEN
http://secunia.com/advisories/42724
third-party-advisory
x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11738
vdb-entry
signature
x_refsource_OVAL
http://secunia.com/advisories/39461
third-party-advisory
x_refsource_SECUNIA
http://marc.info/?l=openssl-cvs&m=126692159706582&w=2
mailing-list
x_refsource_MLIST
http://support.apple.com/kb/HT4723
x_refsource_CONFIRM
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html
vendor-advisory
x_refsource_FEDORA
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.663049
vendor-advisory
x_refsource_SLACKWARE
http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html
vendor-advisory
x_refsource_APPLE
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6640
vdb-entry
signature
x_refsource_OVAL
http://marc.info/?l=bugtraq&m=127678688104458&w=2
vendor-advisory
x_refsource_HP
http://marc.info/?l=openssl-cvs&m=126692170906712&w=2
mailing-list
x_refsource_MLIST
http://secunia.com/advisories/38761
third-party-advisory
x_refsource_SECUNIA
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
vendor-advisory
x_refsource_SUSE
http://www.securityfocus.com/bid/38562
vdb-entry
x_refsource_BID
https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html
mailing-list
x_refsource_MLIST
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9790
vdb-entry
signature
x_refsource_OVAL
http://marc.info/?l=openssl-cvs&m=126692180606861&w=2
mailing-list
x_refsource_MLIST
http://www.redhat.com/support/errata/RHSA-2010-0977.html
vendor-advisory
x_refsource_REDHAT
http://www.vupen.com/english/advisories/2010/0839
vdb-entry
x_refsource_VUPEN
http://www.mandriva.com/security/advisories?name=MDVSA-2010:076
vendor-advisory
x_refsource_MANDRIVA
http://marc.info/?l=bugtraq&m=127128920008563&w=2
vendor-advisory
x_refsource_HP
https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html
mailing-list
x_refsource_MLIST
http://www.ubuntu.com/usn/USN-1003-1
vendor-advisory
x_refsource_UBUNTU
http://secunia.com/advisories/39932
third-party-advisory
x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2010/0933
vdb-entry
x_refsource_VUPEN
http://www.redhat.com/support/errata/RHSA-2011-0896.html
vendor-advisory
x_refsource_REDHAT
http://marc.info/?l=bugtraq&m=127128920008563&w=2
vendor-advisory
x_refsource_HP
https://kb.bluecoat.com/index?page=content&id=SA50
x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2010/1216
vdb-entry
x_refsource_VUPEN
http://secunia.com/advisories/42733
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/37291
third-party-advisory
x_refsource_SECUNIA
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038587.html
vendor-advisory
x_refsource_FEDORA
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory.asc
x_refsource_CONFIRM
http://packetstormsecurity.com/files/153392/ABB-HMI-Outdated-Software-Components.html
x_refsource_MISC
Hyperlink: http://www.vupen.com/english/advisories/2010/0916
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://secunia.com/advisories/42724
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11738
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://secunia.com/advisories/39461
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://marc.info/?l=openssl-cvs&m=126692159706582&w=2
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://support.apple.com/kb/HT4723
Resource:
x_refsource_CONFIRM
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.663049
Resource:
vendor-advisory
x_refsource_SLACKWARE
Hyperlink: http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html
Resource:
vendor-advisory
x_refsource_APPLE
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6640
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://marc.info/?l=bugtraq&m=127678688104458&w=2
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://marc.info/?l=openssl-cvs&m=126692170906712&w=2
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://secunia.com/advisories/38761
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://www.securityfocus.com/bid/38562
Resource:
vdb-entry
x_refsource_BID
Hyperlink: https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9790
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://marc.info/?l=openssl-cvs&m=126692180606861&w=2
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://www.redhat.com/support/errata/RHSA-2010-0977.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.vupen.com/english/advisories/2010/0839
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2010:076
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: http://marc.info/?l=bugtraq&m=127128920008563&w=2
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://www.ubuntu.com/usn/USN-1003-1
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://secunia.com/advisories/39932
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.vupen.com/english/advisories/2010/0933
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.redhat.com/support/errata/RHSA-2011-0896.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://marc.info/?l=bugtraq&m=127128920008563&w=2
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: https://kb.bluecoat.com/index?page=content&id=SA50
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.vupen.com/english/advisories/2010/1216
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://secunia.com/advisories/42733
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/37291
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038587.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://aix.software.ibm.com/aix/efixes/security/openssl_advisory.asc
Resource:
x_refsource_CONFIRM
Hyperlink: http://packetstormsecurity.com/files/153392/ABB-HMI-Outdated-Software-Components.html
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.vupen.com/english/advisories/2010/0916
vdb-entry
x_refsource_VUPEN
x_transferred
http://secunia.com/advisories/42724
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11738
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://secunia.com/advisories/39461
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://marc.info/?l=openssl-cvs&m=126692159706582&w=2
mailing-list
x_refsource_MLIST
x_transferred
http://support.apple.com/kb/HT4723
x_refsource_CONFIRM
x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.663049
vendor-advisory
x_refsource_SLACKWARE
x_transferred
http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html
vendor-advisory
x_refsource_APPLE
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6640
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://marc.info/?l=bugtraq&m=127678688104458&w=2
vendor-advisory
x_refsource_HP
x_transferred
http://marc.info/?l=openssl-cvs&m=126692170906712&w=2
mailing-list
x_refsource_MLIST
x_transferred
http://secunia.com/advisories/38761
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://www.securityfocus.com/bid/38562
vdb-entry
x_refsource_BID
x_transferred
https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html
mailing-list
x_refsource_MLIST
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9790
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://marc.info/?l=openssl-cvs&m=126692180606861&w=2
mailing-list
x_refsource_MLIST
x_transferred
http://www.redhat.com/support/errata/RHSA-2010-0977.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.vupen.com/english/advisories/2010/0839
vdb-entry
x_refsource_VUPEN
x_transferred
http://www.mandriva.com/security/advisories?name=MDVSA-2010:076
vendor-advisory
x_refsource_MANDRIVA
x_transferred
http://marc.info/?l=bugtraq&m=127128920008563&w=2
vendor-advisory
x_refsource_HP
x_transferred
https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html
mailing-list
x_refsource_MLIST
x_transferred
http://www.ubuntu.com/usn/USN-1003-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://secunia.com/advisories/39932
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.vupen.com/english/advisories/2010/0933
vdb-entry
x_refsource_VUPEN
x_transferred
http://www.redhat.com/support/errata/RHSA-2011-0896.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://marc.info/?l=bugtraq&m=127128920008563&w=2
vendor-advisory
x_refsource_HP
x_transferred
https://kb.bluecoat.com/index?page=content&id=SA50
x_refsource_CONFIRM
x_transferred
http://www.vupen.com/english/advisories/2010/1216
vdb-entry
x_refsource_VUPEN
x_transferred
http://secunia.com/advisories/42733
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/37291
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038587.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory.asc
x_refsource_CONFIRM
x_transferred
http://packetstormsecurity.com/files/153392/ABB-HMI-Outdated-Software-Components.html
x_refsource_MISC
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2010/0916
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://secunia.com/advisories/42724
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11738
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://secunia.com/advisories/39461
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://marc.info/?l=openssl-cvs&m=126692159706582&w=2
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://support.apple.com/kb/HT4723
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.663049
Resource:
vendor-advisory
x_refsource_SLACKWARE
x_transferred
Hyperlink: http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html
Resource:
vendor-advisory
x_refsource_APPLE
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6640
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=127678688104458&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://marc.info/?l=openssl-cvs&m=126692170906712&w=2
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://secunia.com/advisories/38761
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://www.securityfocus.com/bid/38562
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9790
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://marc.info/?l=openssl-cvs&m=126692180606861&w=2
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2010-0977.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2010/0839
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2010:076
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=127128920008563&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://www.ubuntu.com/usn/USN-1003-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://secunia.com/advisories/39932
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2010/0933
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2011-0896.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=127128920008563&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: https://kb.bluecoat.com/index?page=content&id=SA50
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2010/1216
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://secunia.com/advisories/42733
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/37291
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038587.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://aix.software.ibm.com/aix/efixes/security/openssl_advisory.asc
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://packetstormsecurity.com/files/153392/ABB-HMI-Outdated-Software-Components.html
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:05 Mar, 2010 | 19:30
Updated At:11 Apr, 2025 | 00:51

OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, and (4) engines/e_ubsec.c, which has unspecified impact and context-dependent attack vectors.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.010.0HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
Type: Primary
Version: 2.0
Base score: 10.0
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
CPE Matches
OpenSSL
openssl
>>openssl>>Versions up to 0.9.8l(inclusive)
cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.8
cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.8a
cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.8b
cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.8c
cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.8d
cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.8e
cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.8f
cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.8g
cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.8h
cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.8i
cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.8j
cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.8k
cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-20Primarynvd@nist.gov
CWE ID: CWE-20
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
Organization : Red Hat
Last Modified : 2010-03-25T00:00:00

Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2009-3245 This issue was fixed in openssl packages in Red Hat Enterprise Linux 5 via: https://rhn.redhat.com/errata/RHSA-2010-0162.html This issue was fixed in openssl096b packages in Red Hat Enterprise Linux 3 and 4 via: https://rhn.redhat.com/errata/RHSA-2010-0173.html The Red Hat Security Response Team has rated this issue as having low security impact on openssl packages in Red Hat Enterprise Linux 3 and 4, a future update may address this flaw.

References
HyperlinkSourceResource
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory.asccve@mitre.org
N/A
http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.htmlcve@mitre.org
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038587.htmlcve@mitre.org
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.htmlcve@mitre.org
N/A
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.htmlcve@mitre.org
N/A
http://marc.info/?l=bugtraq&m=127128920008563&w=2cve@mitre.org
N/A
http://marc.info/?l=bugtraq&m=127128920008563&w=2cve@mitre.org
N/A
http://marc.info/?l=bugtraq&m=127678688104458&w=2cve@mitre.org
N/A
http://marc.info/?l=openssl-cvs&m=126692159706582&w=2cve@mitre.org
Patch
http://marc.info/?l=openssl-cvs&m=126692170906712&w=2cve@mitre.org
Patch
http://marc.info/?l=openssl-cvs&m=126692180606861&w=2cve@mitre.org
Patch
http://packetstormsecurity.com/files/153392/ABB-HMI-Outdated-Software-Components.htmlcve@mitre.org
N/A
http://secunia.com/advisories/37291cve@mitre.org
N/A
http://secunia.com/advisories/38761cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/39461cve@mitre.org
N/A
http://secunia.com/advisories/39932cve@mitre.org
N/A
http://secunia.com/advisories/42724cve@mitre.org
N/A
http://secunia.com/advisories/42733cve@mitre.org
N/A
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.663049cve@mitre.org
N/A
http://support.apple.com/kb/HT4723cve@mitre.org
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2010:076cve@mitre.org
N/A
http://www.redhat.com/support/errata/RHSA-2010-0977.htmlcve@mitre.org
N/A
http://www.redhat.com/support/errata/RHSA-2011-0896.htmlcve@mitre.org
N/A
http://www.securityfocus.com/bid/38562cve@mitre.org
N/A
http://www.ubuntu.com/usn/USN-1003-1cve@mitre.org
N/A
http://www.vupen.com/english/advisories/2010/0839cve@mitre.org
N/A
http://www.vupen.com/english/advisories/2010/0916cve@mitre.org
N/A
http://www.vupen.com/english/advisories/2010/0933cve@mitre.org
N/A
http://www.vupen.com/english/advisories/2010/1216cve@mitre.org
N/A
https://kb.bluecoat.com/index?page=content&id=SA50cve@mitre.org
N/A
https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.htmlcve@mitre.org
N/A
https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.htmlcve@mitre.org
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11738cve@mitre.org
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6640cve@mitre.org
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9790cve@mitre.org
N/A
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory.ascaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038587.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://marc.info/?l=bugtraq&m=127128920008563&w=2af854a3a-2127-422b-91ae-364da2661108
N/A
http://marc.info/?l=bugtraq&m=127128920008563&w=2af854a3a-2127-422b-91ae-364da2661108
N/A
http://marc.info/?l=bugtraq&m=127678688104458&w=2af854a3a-2127-422b-91ae-364da2661108
N/A
http://marc.info/?l=openssl-cvs&m=126692159706582&w=2af854a3a-2127-422b-91ae-364da2661108
Patch
http://marc.info/?l=openssl-cvs&m=126692170906712&w=2af854a3a-2127-422b-91ae-364da2661108
Patch
http://marc.info/?l=openssl-cvs&m=126692180606861&w=2af854a3a-2127-422b-91ae-364da2661108
Patch
http://packetstormsecurity.com/files/153392/ABB-HMI-Outdated-Software-Components.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/37291af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/38761af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/39461af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/39932af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/42724af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/42733af854a3a-2127-422b-91ae-364da2661108
N/A
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.663049af854a3a-2127-422b-91ae-364da2661108
N/A
http://support.apple.com/kb/HT4723af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2010:076af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.redhat.com/support/errata/RHSA-2010-0977.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.redhat.com/support/errata/RHSA-2011-0896.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/38562af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.ubuntu.com/usn/USN-1003-1af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vupen.com/english/advisories/2010/0839af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vupen.com/english/advisories/2010/0916af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vupen.com/english/advisories/2010/0933af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vupen.com/english/advisories/2010/1216af854a3a-2127-422b-91ae-364da2661108
N/A
https://kb.bluecoat.com/index?page=content&id=SA50af854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11738af854a3a-2127-422b-91ae-364da2661108
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6640af854a3a-2127-422b-91ae-364da2661108
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9790af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://aix.software.ibm.com/aix/efixes/security/openssl_advisory.asc
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038587.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=127128920008563&w=2
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=127128920008563&w=2
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=127678688104458&w=2
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://marc.info/?l=openssl-cvs&m=126692159706582&w=2
Source: cve@mitre.org
Resource:
Patch
Hyperlink: http://marc.info/?l=openssl-cvs&m=126692170906712&w=2
Source: cve@mitre.org
Resource:
Patch
Hyperlink: http://marc.info/?l=openssl-cvs&m=126692180606861&w=2
Source: cve@mitre.org
Resource:
Patch
Hyperlink: http://packetstormsecurity.com/files/153392/ABB-HMI-Outdated-Software-Components.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/37291
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/38761
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/39461
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/39932
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/42724
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/42733
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.663049
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://support.apple.com/kb/HT4723
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2010:076
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2010-0977.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2011-0896.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/38562
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-1003-1
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2010/0839
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2010/0916
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2010/0933
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2010/1216
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://kb.bluecoat.com/index?page=content&id=SA50
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11738
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6640
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9790
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://aix.software.ibm.com/aix/efixes/security/openssl_advisory.asc
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038587.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=127128920008563&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=127128920008563&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=127678688104458&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://marc.info/?l=openssl-cvs&m=126692159706582&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://marc.info/?l=openssl-cvs&m=126692170906712&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://marc.info/?l=openssl-cvs&m=126692180606861&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://packetstormsecurity.com/files/153392/ABB-HMI-Outdated-Software-Components.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/37291
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/38761
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/39461
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/39932
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/42724
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/42733
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.663049
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://support.apple.com/kb/HT4723
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2010:076
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2010-0977.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2011-0896.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/38562
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-1003-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2010/0839
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2010/0916
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2010/0933
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2010/1216
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://kb.bluecoat.com/index?page=content&id=SA50
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11738
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6640
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9790
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

381Records found
CVE-2022-2274
Matching Score-8
Assigner-OpenSSL Software Foundation
ShareView Details
Matching Score-8
Assigner-OpenSSL Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-56.50% / 98.02%
||
7 Day CHG~0.00%
Published-01 Jul, 2022 | 07:30
Updated-17 Sep, 2024 | 00:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
RSA implementation bug in AVX512IFMA instructions

The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will happen during the computation. As a consequence of the memory corruption an attacker may be able to trigger a remote code execution on the machine performing the computation. SSL/TLS servers or other servers using 2048 bit RSA private keys running on machines supporting AVX512IFMA instructions of the X86_64 architecture are affected by this issue.

Action-Not Available
Vendor-OpenSSLNetApp, Inc.
Product-opensslh500sh410s_firmwareh700s_firmwareh410c_firmwareh300s_firmwareh500s_firmwareh410sh410ch300sh700ssnapcenterOpenSSL
CWE ID-CWE-787
Out-of-bounds Write
CVE-2006-3738
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-10||HIGH
EPSS-67.23% / 98.50%
||
7 Day CHG~0.00%
Published-28 Sep, 2006 | 18:00
Updated-07 Aug, 2024 | 18:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers.

Action-Not Available
Vendor-n/aOpenSSL
Product-openssln/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-6309
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-44.97% / 97.50%
||
7 Day CHG~0.00%
Published-26 Sep, 2016 | 19:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc call, which allows remote attackers to cause a denial of service (use-after-free) or possibly execute arbitrary code via a crafted TLS session.

Action-Not Available
Vendor-n/aOpenSSL
Product-openssln/a
CWE ID-CWE-416
Use After Free
CVE-2016-2842
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-77.28% / 98.93%
||
7 Day CHG~0.00%
Published-03 Mar, 2016 | 20:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-0799.

Action-Not Available
Vendor-n/aOpenSSL
Product-openssln/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-2108
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-65.50% / 98.43%
||
7 Day CHG~0.00%
Published-05 May, 2016 | 00:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the "negative zero" issue.

Action-Not Available
Vendor-n/aRed Hat, Inc.Google LLCOpenSSL
Product-enterprise_linux_serverenterprise_linux_server_ausenterprise_linux_hpc_nodeenterprise_linux_hpc_node_eusenterprise_linux_desktopenterprise_linux_server_eusenterprise_linux_workstationopensslandroidn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-0799
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-53.85% / 97.91%
||
7 Day CHG~0.00%
Published-03 Mar, 2016 | 00:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842.

Action-Not Available
Vendor-n/aPulse SecureOpenSSL
Product-steel_belted_radiusopensslclientn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-0705
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-38.43% / 97.14%
||
7 Day CHG-5.90%
Published-03 Mar, 2016 | 00:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key.

Action-Not Available
Vendor-n/aGoogle LLCOpenSSLDebian GNU/LinuxOracle CorporationCanonical Ltd.
Product-mysqlubuntu_linuxopenssldebian_linuxandroidn/a
CVE-2003-0545
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-71.74% / 98.67%
||
7 Day CHG~0.00%
Published-01 Oct, 2003 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an SSL client certificate with a certain invalid ASN.1 encoding.

Action-Not Available
Vendor-n/aOpenSSL
Product-openssln/a
CWE ID-CWE-415
Double Free
CVE-2022-2068
Matching Score-8
Assigner-OpenSSL Software Foundation
ShareView Details
Matching Score-8
Assigner-OpenSSL Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-69.30% / 98.58%
||
7 Day CHG~0.00%
Published-21 Jun, 2022 | 14:45
Updated-05 May, 2025 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
The c_rehash script allows command injection

In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).

Action-Not Available
Vendor-OpenSSLSiemens AGBroadcom Inc.NetApp, Inc.Debian GNU/LinuxFedora Project
Product-h410saff_8700_firmwarefas_8300_firmwaredebian_linuxh500s_firmwareaff_a400h610ssinec_insbootstrap_osh410c_firmwaresannavh410csantricity_smi-s_provideropensslh700sh500sfas_8700_firmwareaff_8700h610contap_select_deploy_administration_utilityh615c_firmwareaff_a400_firmwarehci_management_nodeaff_8300fas_a400h610c_firmwarehci_compute_nodeh700s_firmwaresmi-s_providerfedorasolidfirefas_8700h410s_firmwaresnapmanagerh615ch300s_firmwarefas_8300element_softwareh610s_firmwarefas_a400_firmwareaff_8300_firmwareh300sontap_antivirus_connectorOpenSSL
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-1292
Matching Score-8
Assigner-OpenSSL Software Foundation
ShareView Details
Matching Score-8
Assigner-OpenSSL Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-49.69% / 97.73%
||
7 Day CHG~0.00%
Published-03 May, 2022 | 15:15
Updated-13 Aug, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
The c_rehash script allows command injection

The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n). Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd).

Action-Not Available
Vendor-Oracle CorporationFedora ProjectDebian GNU/LinuxOpenSSLSiemens AGNetApp, Inc.
Product-clustered_data_ontapopensslsolidfire_\&_hci_management_nodemysql_workbenchenterprise_manager_ops_centera700s_firmwaresolidfire\,_enterprise_sds_\&_hci_storage_nodeaff_500f_firmwarebrownfield_connectivity_gatewayh300e_firmwarefas_8300_firmwareaff_500ffedoraa250_firmwareh700eh500e_firmwarea250snapcenteraff_a400active_iq_unified_manageraff_8700fabric-attached_storage_a400_firmwaredebian_linuxh300ea700sfas_500f_firmwarefas_8700aff_8300h300s_firmwareaff_a400_firmwarefabric-attached_storage_a400oncommand_insightfas_8300fas_8700_firmwarefas_500fh410s_firmwaresnapmanagerh300sh700e_firmwareaff_8700_firmwareclustered_data_ontap_antivirus_connectorsantricity_smi-s_providerh700saff_8300_firmwareh500eh700s_firmwareoncommand_workflow_automationh410sh500s_firmwaresmi-s_providerh500smysql_serverOpenSSL
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2010-0433
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-10.53% / 92.96%
||
7 Day CHG~0.00%
Published-05 Mar, 2010 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot.

Action-Not Available
Vendor-n/aOpenSSL
Product-openssln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-5077
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5.8||MEDIUM
EPSS-1.21% / 78.19%
||
7 Day CHG~0.00%
Published-07 Jan, 2009 | 17:00
Updated-07 Aug, 2024 | 10:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OpenSSL 0.9.8i and earlier does not properly check the return value from the EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys.

Action-Not Available
Vendor-n/aOpenSSL
Product-openssln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-6305
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-33.47% / 96.78%
||
7 Day CHG~0.00%
Published-26 Sep, 2016 | 00:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ssl3_read_bytes function in record/rec_layer_s3.c in OpenSSL 1.1.0 before 1.1.0a allows remote attackers to cause a denial of service (infinite loop) by triggering a zero-length record in an SSL_peek call.

Action-Not Available
Vendor-n/aOpenSSL
Product-openssln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-6302
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-14.26% / 94.13%
||
7 Day CHG~0.00%
Published-16 Sep, 2016 | 00:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of service via a ticket that is too short.

Action-Not Available
Vendor-n/aOracle CorporationOpenSSL
Product-openssllinuxsolarisn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-1787
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-2.6||LOW
EPSS-10.31% / 92.88%
||
7 Day CHG~0.00%
Published-19 Mar, 2015 | 00:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ssl3_get_client_key_exchange function in s3_srvr.c in OpenSSL 1.0.2 before 1.0.2a, when client authentication and an ephemeral Diffie-Hellman ciphersuite are enabled, allows remote attackers to cause a denial of service (daemon crash) via a ClientKeyExchange message with a length of zero.

Action-Not Available
Vendor-n/aOpenSSL
Product-openssln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-0293
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-7.48% / 91.40%
||
7 Day CHG~0.00%
Published-19 Mar, 2015 | 00:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (s2_lib.c assertion failure and daemon exit) via a crafted CLIENT-MASTER-KEY message.

Action-Not Available
Vendor-n/aOpenSSL
Product-openssln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-3567
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.1||HIGH
EPSS-24.09% / 95.84%
||
7 Day CHG~0.00%
Published-19 Oct, 2014 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory leak in the tls_decrypt_ticket function in t1_lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted session ticket that triggers an integrity-check failure.

Action-Not Available
Vendor-n/aOpenSSL
Product-openssln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-4353
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-36.88% / 97.02%
||
7 Day CHG~0.00%
Published-09 Jan, 2014 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ssl3_take_mac function in ssl/s3_both.c in OpenSSL 1.0.1 before 1.0.1f allows remote TLS servers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Next Protocol Negotiation record in a TLS handshake.

Action-Not Available
Vendor-n/aOpenSSL
Product-openssln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-3513
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.1||HIGH
EPSS-35.95% / 96.96%
||
7 Day CHG~0.00%
Published-19 Oct, 2014 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory leak in d1_srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted handshake message.

Action-Not Available
Vendor-n/aOpenSSL
Product-openssln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-0740
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-17.44% / 94.81%
||
7 Day CHG~0.00%
Published-26 Mar, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection that triggers a NULL pointer dereference, related to the minor version number. NOTE: some of these details are obtained from third party information.

Action-Not Available
Vendor-n/aOpenSSL
Product-openssln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-3733
Matching Score-6
Assigner-OpenSSL Software Foundation
ShareView Details
Matching Score-6
Assigner-OpenSSL Software Foundation
CVSS Score-7.5||HIGH
EPSS-5.78% / 90.14%
||
7 Day CHG~0.00%
Published-04 May, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Encrypt-Then-Mac renegotiation crash

During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL 1.1.0 before 1.1.0e to crash (dependent on ciphersuite). Both clients and servers are affected.

Action-Not Available
Vendor-OpenSSLHP Inc.
Product-openssloperations_agentOpenSSL
CWE ID-CWE-20
Improper Input Validation
CVE-2011-0647
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-10||HIGH
EPSS-72.63% / 98.72%
||
7 Day CHG~0.00%
Published-10 Feb, 2011 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The irccd.exe service in EMC Replication Manager Client before 5.3 and NetWorker Module for Microsoft Applications 2.1.x and 2.2.x allows remote attackers to execute arbitrary commands via the RunProgram function to TCP port 6542.

Action-Not Available
Vendor-n/aELAN Microelectronics Corporation
Product-replication_managernetworker_modulen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-0924
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-13.35% / 93.91%
||
7 Day CHG~0.00%
Published-09 Feb, 2011 | 00:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The client in HP Data Protector does not verify the contents of files associated with the EXEC_CMD command, which allows remote attackers to execute arbitrary script code by providing this code with a trusted filename, as demonstrated by omni_chk_ds.sh.

Action-Not Available
Vendor-n/aHP Inc.
Product-data_protectorn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-1395
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.21% / 78.13%
||
7 Day CHG-0.36%
Published-19 Jun, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote attackers to execute arbitrary code as root via a crafted HTTP request, aka Bug ID CSCux82428.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-rv130w_wireless-n_multifunction_vpn_router_firmwarerv215w_wireless-n_vpn_router_firmwarerv215w_wireless-n_vpn_routerrv110w_wireless-n_vpn_firewall_firmwarerv130w_wireless-n_multifunction_vpn_routerrv110w_wireless-n_vpn_firewalln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-1018
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-10||HIGH
EPSS-22.71% / 95.65%
||
7 Day CHG~0.00%
Published-25 Feb, 2011 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

logwatch.pl in Logwatch 7.3.6 allows remote attackers to execute arbitrary commands via shell metacharacters in a log file name, as demonstrated via a crafted username to a Samba server.

Action-Not Available
Vendor-logwatchn/a
Product-logwatchn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2022-23992
Matching Score-4
Assigner-CA Technologies - A Broadcom Company
ShareView Details
Matching Score-4
Assigner-CA Technologies - A Broadcom Company
CVSS Score-9.8||CRITICAL
EPSS-1.69% / 81.50%
||
7 Day CHG~0.00%
Published-14 Feb, 2022 | 21:04
Updated-03 Aug, 2024 | 03:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

XCOM Data Transport for Windows, Linux, and UNIX 11.6 releases contain a vulnerability due to insufficient input validation that could potentially allow remote attackers to execute arbitrary commands with elevated privileges.

Action-Not Available
Vendor-n/aBroadcom Inc.
Product-xcom_data_transportXCOM Data Transport for Windows, Linux, and UNIX
CWE ID-CWE-20
Improper Input Validation
CVE-2011-0923
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-89.89% / 99.55%
||
7 Day CHG~0.00%
Published-09 Feb, 2011 | 00:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The client in HP Data Protector does not properly validate EXEC_CMD arguments, which allows remote attackers to execute arbitrary Perl code via a crafted command, related to the "local bin directory."

Action-Not Available
Vendor-n/aHP Inc.
Product-data_protectorn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-0922
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-82.01% / 99.16%
||
7 Day CHG~0.00%
Published-09 Feb, 2011 | 00:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The client in HP Data Protector allows remote attackers to execute arbitrary programs via an EXEC_SETUP command that references a UNC share pathname.

Action-Not Available
Vendor-n/aHP Inc.
Product-data_protectorn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2022-24086
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-90.15% / 99.57%
||
7 Day CHG~0.00%
Published-16 Feb, 2022 | 16:38
Updated-30 Jul, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-03-01||Apply updates per vendor instructions.
Adobe Commerce checkout improper input validation leads to remote code execution

Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability during the checkout process. Exploitation of this issue does not require user interaction and could result in arbitrary code execution.

Action-Not Available
Vendor-magentoAdobe Inc.
Product-magentocommerceMagento CommerceCommerce and Magento Open Source
CWE ID-CWE-20
Improper Input Validation
CVE-2011-0921
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-4.71% / 88.96%
||
7 Day CHG~0.00%
Published-09 Feb, 2011 | 00:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

crs.exe in the Cell Manager Service in the client in HP Data Protector does not properly validate credentials associated with the hostname, domain, and username, which allows remote attackers to execute arbitrary code by sending unspecified data over TCP, related to the webreporting client, the applet domain, and the java username.

Action-Not Available
Vendor-n/aHP Inc.
Product-data_protectorn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-1268
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-10||HIGH
EPSS-37.09% / 97.04%
||
7 Day CHG~0.00%
Published-16 Jun, 2011 | 20:21
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SMB client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote SMB servers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Response Parsing Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_7windows_xpwindows_server_2008windows_server_2003windows_2003_serverwindows_vistan/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-5185
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-0.18% / 39.62%
||
7 Day CHG~0.00%
Published-26 Aug, 2012 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Antivirus component in Comodo Internet Security before 5.3.174622.1216 does not check whether X.509 certificates in signed executable files have been revoked, which has unknown impact and remote attack vectors.

Action-Not Available
Vendor-comodon/a
Product-comodo_internet_securityn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-0073
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-81.16% / 99.12%
||
7 Day CHG~0.00%
Published-07 May, 2011 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, does not properly use nsTreeRange data structures, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a "dangling pointer."

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxseamonkeyn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-0471
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-2.88% / 85.78%
||
7 Day CHG~0.00%
Published-14 Jan, 2011 | 16:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The node-iteration implementation in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 does not properly handle pointers, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chrome_oschromen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-0485
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-6.78% / 90.93%
||
7 Day CHG~0.00%
Published-14 Jan, 2011 | 16:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle speech data, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a "stale pointer."

Action-Not Available
Vendor-n/aGoogle LLC
Product-chrome_oschromen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-0285
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-51.67% / 97.81%
||
7 Day CHG~0.00%
Published-15 Apr, 2011 | 00:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The process_chpw_request function in schpw.c in the password-changing functionality in kadmind in MIT Kerberos 5 (aka krb5) 1.7 through 1.9 frees an invalid pointer, which allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted request that triggers an error condition.

Action-Not Available
Vendor-n/aMIT (Massachusetts Institute of Technology)
Product-kerberos_5n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-0478
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-2.51% / 84.80%
||
7 Day CHG~0.00%
Published-14 Jan, 2011 | 16:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle SVG use elements, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."

Action-Not Available
Vendor-n/aGoogle LLC
Product-chrome_oschromen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-4727
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-0.43% / 61.82%
||
7 Day CHG~0.00%
Published-03 Feb, 2011 | 16:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Smarty before 3.0.0 beta 7 does not properly handle the <?php and ?> tags, which has unspecified impact and remote attack vectors.

Action-Not Available
Vendor-smartyn/a
Product-smartyn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2020-24647
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-0.80% / 73.13%
||
7 Day CHG~0.00%
Published-19 Oct, 2020 | 17:34
Updated-04 Aug, 2024 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote accessmgrservlet classname input validation code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

Action-Not Available
Vendor-n/aHP Inc.
Product-intelligent_management_centerHPE Intelligent Management Center (iMC)
CWE ID-CWE-20
Improper Input Validation
CVE-2010-4803
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-0.46% / 63.08%
||
7 Day CHG~0.00%
Published-03 May, 2011 | 00:03
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mojolicious before 0.999927 does not properly implement HMAC-MD5 checksums, which has unspecified impact and remote attack vectors.

Action-Not Available
Vendor-mojoliciousn/a
Product-mojoliciousn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-4802
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-0.51% / 65.28%
||
7 Day CHG~0.00%
Published-03 May, 2011 | 00:03
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Commands.pm in Mojolicious before 0.999928 does not properly perform CGI environment detection, which has unspecified impact and remote attack vectors.

Action-Not Available
Vendor-mojoliciousn/a
Product-mojoliciousn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2020-24649
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-0.80% / 73.13%
||
7 Day CHG~0.00%
Published-19 Oct, 2020 | 17:36
Updated-04 Aug, 2024 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote bytemessageresource transformentity" input validation code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

Action-Not Available
Vendor-n/aHP Inc.
Product-intelligent_management_centerHPE Intelligent Management Center (iMC)
CWE ID-CWE-20
Improper Input Validation
CVE-2020-24679
Matching Score-4
Assigner-Asea Brown Boveri Ltd. (ABB)
ShareView Details
Matching Score-4
Assigner-Asea Brown Boveri Ltd. (ABB)
CVSS Score-7.5||HIGH
EPSS-0.76% / 72.44%
||
7 Day CHG~0.00%
Published-22 Dec, 2020 | 21:17
Updated-17 Sep, 2024 | 01:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial of Service attack on Symphony Plus

A S+ Operations and S+ Historian service is subject to a DoS by special crafted messages. An attacker might use this flaw to make it crash or even execute arbitrary code on the machine where the service is hosted.

Action-Not Available
Vendor-ABB
Product-symphony_\+_historiansymphony_\+_operationsABB Ability™ Symphony® Plus OperationsABB Ability™ Symphony® Plus Historian
CWE ID-CWE-20
Improper Input Validation
CVE-2010-3186
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-1.90% / 82.48%
||
7 Day CHG~0.00%
Published-30 Aug, 2010 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere Application Server (WAS) 7.x before 7.0.0.13, and WebSphere Application Server Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, when a JAX-WS application is used, does not properly handle an IncludeTimestamp setting in the WS-Security policy, which has unspecified impact and remote attack vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-websphere_application_servern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-3491
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-6.03% / 90.36%
||
7 Day CHG~0.00%
Published-26 Oct, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The (1) ActiveMatrix Runtime and (2) ActiveMatrix Administrator components in TIBCO ActiveMatrix Service Grid before 2.3.1, ActiveMatrix Service Bus before 2.3.1, ActiveMatrix BusinessWorks Service Engine before 5.8.1, and ActiveMatrix Service Performance Manager before 1.3.2 do not properly handle JMX connections, which allows remote attackers to execute arbitrary code, obtain sensitive information, or cause a denial of service via unspecified vectors.

Action-Not Available
Vendor-n/aTIBCO (Cloud Software Group, Inc.)
Product-activematrix_service_performance_manageractivematrix_businessworks_service_engineactivematrix_service_gridactivematrix_service_busn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-2550
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-10||HIGH
EPSS-81.41% / 99.13%
||
7 Day CHG~0.00%
Published-11 Aug, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SMB Server in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate fields in an SMB request, which allows remote attackers to execute arbitrary code via a crafted SMB packet, aka "SMB Pool Overflow Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_7windows_xpwindows_server_2008windows_server_2003windows_2003_serverwindows_vistan/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-2298
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-0.41% / 60.33%
||
7 Day CHG~0.00%
Published-15 Jun, 2010 | 17:48
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

browser/renderer_host/database_dispatcher_host.cc in Google Chrome before 5.0.375.70 on Linux does not properly handle ViewHostMsg_DatabaseOpenFile messages in chroot-based sandboxing, which allows remote attackers to bypass intended sandbox restrictions via vectors involving fchdir and chdir calls.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncGoogle LLC
Product-linux_kernelchromen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-2362
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-0.35% / 56.65%
||
7 Day CHG~0.00%
Published-25 Aug, 2010 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Winny 2.0b7.1 and earlier does not properly process node information, which has unspecified impact and remote attack vectors that might lead to use of the product's host for DDoS attacks.

Action-Not Available
Vendor-winnyn/a
Product-winnyn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-2193
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-14.10% / 94.09%
||
7 Day CHG~0.00%
Published-10 Jun, 2010 | 00:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the CA (1) PSFormX and (2) WebScan ActiveX controls, as distributed on the CA Global Advisor web site until May 2009, allow remote attackers to execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aCA Technologies (Broadcom Inc.)
Product-psformx_active_x_controlwebscan_active_x_controln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-1518
Matching Score-4
Assigner-Flexera Software LLC
ShareView Details
Matching Score-4
Assigner-Flexera Software LLC
CVSS Score-10||HIGH
EPSS-2.99% / 86.02%
||
7 Day CHG~0.00%
Published-02 Aug, 2010 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Array index error in the SetDLInfo method in the GIGABYTE Dldrv2 ActiveX control 1.4.206.11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via the item argument.

Action-Not Available
Vendor-gigabyten/a
Product-dldrv2_activex_controln/a
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 7
  • 8
  • Next
Details not found