CVE Daily
← All tags

Tag: TLS

All CVEs associated with "TLS". Page 13/13 • 1449 CVEs.

Subscribe CVEs: RSS for “TLS”  ·  RSS (High+Critical only)

About “TLS”

A curated feed of “TLS”-related CVEs appears below. We currently track 1449 CVEs for this tag (all time). In the last 365 days, 338 were published. Average CVSS is 6.7 (all time; 6.9 over 365d), and 48% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-295 - Improper Certificate Validation, CWE-400 - Uncontrolled Resource Consumption, CWE-20 - Improper Input Validation.

In our taxonomy this topic maps to a MODERATE impact class. Crypto or TLS libraries have ecosystem wide impact. Upgrade, restart dependents, disable legacy protocols, and consider key rotation. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2005-08-24
Medium

CVE-2005-2531

OpenVPN before 2.0.1, when running with "verb 0" and without TLS authentication, does not properly flush the OpenSSL error queue when a client fails certificate authentication to the server and cause…

CVSS: 5.0 CWE: N/A View on NVD
2005-06-30
Medium

CVE-2005-2069

pam_ldap and nss_ldap, when used with OpenLDAP and connecting to a slave using TLS, does not use TLS for the subsequent connection if the client is referred to a master, which may cause a password to…

CVSS: 5.0 CWE: CWE-319 - Cleartext Transmission of Sensitive Information View on NVD
2005-01-10
Critical

CVE-2004-1099

Cisco Secure Access Control Server for Windows (ACS Windows) and Cisco Secure Access Control Server Solution Engine (ACS Solution Engine) 3.3.1, when the EAP-TLS protocol is enabled, does not properl…

CVSS: 10.0 CWE: N/A View on NVD
2004-12-31
High

CVE-2004-2393

Java Secure Socket Extension (JSSE) 1.0.3 through 1.0.3_2 does not properly validate the certificate chain of a client or server, which allows remote attackers to falsely authenticate peers for SSL/T…

CVSS: 7.5 CWE: N/A View on NVD
2004-11-23
High

CVE-2004-0079

The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null…

CVSS: 7.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
Medium

CVE-2004-0081

OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2004-0112

The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote at…

CVSS: 5.0 CWE: CWE-125 - Out-of-bounds Read View on NVD
2003-03-24
High

CVE-2003-0131

The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses…

CVSS: 7.5 CWE: N/A View on NVD
2002-12-31
Medium

CVE-2002-1824

Microsoft Internet Explorer 6.0, when handling an expired CA-CERT in a webserver's certificate chain during a SSL/TLS handshake, does not prompt the user before searching for and finding a newer cert…

CVSS: 5.0 CWE: N/A View on NVD