Filtered by vendor Openssl
Subscriptions
Filtered by product Openssl
Subscriptions
Total
267 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-2182 | 4 Hp, Openssl, Oracle and 1 more | 8 Icewall Federation Agent, Icewall Mcrp, Icewall Sso and 5 more | 2025-04-12 | N/A |
| The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors. | ||||
| CVE-2014-0221 | 6 Fedoraproject, Mariadb, Openssl and 3 more | 13 Fedora, Mariadb, Openssl and 10 more | 2025-04-12 | N/A |
| The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake. | ||||
| CVE-2014-0224 | 9 Fedoraproject, Filezilla-project, Mariadb and 6 more | 23 Fedora, Filezilla Server, Mariadb and 20 more | 2025-04-12 | 7.4 High |
| OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability. | ||||
| CVE-2014-5139 | 1 Openssl | 1 Openssl | 2025-04-12 | N/A |
| The ssl_set_client_disabled function in t1_lib.c in OpenSSL 1.0.1 before 1.0.1i allows remote SSL servers to cause a denial of service (NULL pointer dereference and client application crash) via a ServerHello message that includes an SRP ciphersuite without the required negotiation of that ciphersuite with the client. | ||||
| CVE-2015-0204 | 2 Openssl, Redhat | 4 Openssl, Enterprise Linux, Jboss Enterprise Application Platform and 1 more | 2025-04-12 | N/A |
| The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the "FREAK" issue. NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations. | ||||
| CVE-2015-0209 | 2 Openssl, Redhat | 5 Openssl, Enterprise Linux, Jboss Core Services and 2 more | 2025-04-12 | N/A |
| Use-after-free vulnerability in the d2i_ECPrivateKey function in crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed Elliptic Curve (EC) private-key file that is improperly handled during import. | ||||
| CVE-2015-0286 | 2 Openssl, Redhat | 4 Openssl, Enterprise Linux, Jboss Core Services and 1 more | 2025-04-12 | N/A |
| The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly perform boolean-type comparisons, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature. | ||||
| CVE-2015-0289 | 2 Openssl, Redhat | 3 Openssl, Enterprise Linux, Storage | 2025-04-12 | N/A |
| The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly handle a lack of outer ContentInfo, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, related to crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c. | ||||
| CVE-2015-0292 | 2 Openssl, Redhat | 3 Openssl, Enterprise Linux, Storage | 2025-04-12 | N/A |
| Integer underflow in the EVP_DecodeUpdate function in crypto/evp/encode.c in the base64-decoding implementation in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted base64 data that triggers a buffer overflow. | ||||
| CVE-2014-0195 | 5 Fedoraproject, Mariadb, Openssl and 2 more | 7 Fedora, Mariadb, Openssl and 4 more | 2025-04-12 | N/A |
| The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment. | ||||
| CVE-2015-0290 | 1 Openssl | 1 Openssl | 2025-04-12 | N/A |
| The multi-block feature in the ssl3_write_bytes function in s3_pkt.c in OpenSSL 1.0.2 before 1.0.2a on 64-bit x86 platforms with AES NI support does not properly handle certain non-blocking I/O cases, which allows remote attackers to cause a denial of service (pointer corruption and application crash) via unspecified vectors. | ||||
| CVE-2015-0293 | 2 Openssl, Redhat | 8 Openssl, Enterprise Linux, Jboss Enterprise Application Platform and 5 more | 2025-04-12 | N/A |
| The SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (s2_lib.c assertion failure and daemon exit) via a crafted CLIENT-MASTER-KEY message. | ||||
| CVE-2015-3196 | 7 Canonical, Debian, Fedoraproject and 4 more | 15 Ubuntu Linux, Debian Linux, Fedora and 12 more | 2025-04-12 | N/A |
| ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service (race condition and double free) via a crafted ServerKeyExchange message. | ||||
| CVE-2015-4000 | 13 Apple, Canonical, Debian and 10 more | 31 Iphone Os, Mac Os X, Safari and 28 more | 2025-04-12 | N/A |
| The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue. | ||||
| CVE-2016-0800 | 3 Openssl, Pulsesecure, Redhat | 11 Openssl, Client, Steel Belted Radius and 8 more | 2025-04-12 | N/A |
| The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a "DROWN" attack. | ||||
| CVE-2016-2183 | 6 Cisco, Nodejs, Openssl and 3 more | 14 Content Security Management Appliance, Node.js, Openssl and 11 more | 2025-04-12 | 7.5 High |
| The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack. | ||||
| CVE-2011-4109 | 2 Openssl, Redhat | 4 Openssl, Enterprise Linux, Jboss Enterprise Application Platform and 1 more | 2025-04-11 | N/A |
| Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to have an unspecified impact by triggering failure of a policy check. | ||||
| CVE-2012-2131 | 1 Openssl | 1 Openssl | 2025-04-11 | N/A |
| Multiple integer signedness errors in crypto/buffer/buffer.c in OpenSSL 0.9.8v allow remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2110. | ||||
| CVE-2013-6449 | 2 Openssl, Redhat | 2 Openssl, Enterprise Linux | 2025-04-11 | N/A |
| The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2 obtains a certain version number from an incorrect data structure, which allows remote attackers to cause a denial of service (daemon crash) via crafted traffic from a TLS 1.2 client. | ||||
| CVE-2013-4353 | 2 Openssl, Redhat | 3 Openssl, Enterprise Linux, Rhev Manager | 2025-04-11 | N/A |
| The ssl3_take_mac function in ssl/s3_both.c in OpenSSL 1.0.1 before 1.0.1f allows remote TLS servers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Next Protocol Negotiation record in a TLS handshake. | ||||