Vulnerabilities (CVE)

Vendor filter

Openssl Subscribe

Filter

200 total CVE
CVE Vendors Products Updated CVSS
CVE-2014-0160 1 Openssl 1 Openssl 2019-03-25 5.0
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a...
CVE-2009-3555 8 Mozilla, Openssl, Microsoft and 5 more 8 Openssl, Nss, Iis and 5 more 2019-03-25 5.8
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network...
CVE-2019-1559 4 Openssl, Canonical, Debian and 1 more 13 Openssl, Ubuntu Linux, Debian Linux and 10 more 2019-03-21 4.3
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with...
CVE-2019-1543 1 Openssl 1 Openssl 2019-03-15 5.8
ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value (IV) should be 96 bits (12 bytes). OpenSSL allows a variable nonce length and front pads the nonce with...
CVE-2018-5407 6 Nodejs, Openssl, Canonical and 3 more 6 Node.js, Openssl, Ubuntu Linux and 3 more 2019-03-14 1.9
Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.
CVE-2016-2105 8 Openssl, Apple, Oracle and 5 more 16 Leap, Openssl, Enterprise Linux Desktop and 13 more 2019-02-21 5.0
Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data.
CVE-2016-0705 5 Google, Openssl, Oracle and 2 more 5 Mysql, Android, Openssl and 2 more 2019-02-20 10.0
Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other...
CVE-2018-0739 3 Openssl, Canonical, Debian 3 Openssl, Ubuntu Linux, Debian Linux 2019-02-19 4.3
Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures...
CVE-2019-0190 3 Apache, Netapp, Openssl 3 Http Server, Santricity Cloud Connector, Openssl 2019-02-15 5.0
A bug exists in the way mod_ssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause mod_ssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP...
CVE-2015-4000 12 Google, Openssl, Apple and 9 more 25 Safari, Network Security Services, Ie and 22 more 2019-02-12 4.3
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a...
CVE-2015-3194 4 Openssl, Oracle, Canonical and 1 more 4 Mysql, Openssl, Ubuntu Linux and 1 more 2019-02-07 5.0
crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation...
CVE-2018-0734 4 Netapp, Openssl, Canonical and 1 more 8 Cloud Backup, Oncommand Unified Manager, Santricity Smi-s Provider and 5 more 2019-01-29 4.3
The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL...
CVE-2018-0735 4 Netapp, Openssl, Canonical and 1 more 8 Cloud Backup, Oncommand Unified Manager, Santricity Smi-s Provider and 5 more 2019-01-29 4.3
The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in...
CVE-2018-0732 3 Openssl, Canonical, Debian 3 Openssl, Ubuntu Linux, Debian Linux 2019-01-19 5.0
During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime...
CVE-2016-7056 4 Openssl, Canonical, Debian and 1 more 4 Openssl, Ubuntu Linux, Debian Linux and 1 more 2019-01-17 2.1
A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys.
CVE-2018-0737 2 Openssl, Canonical 2 Openssl, Ubuntu Linux 2019-01-16 4.3
The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key....
CVE-2018-0733 1 Openssl 1 Openssl 2019-01-16 4.3
Because of an implementation bug the PA-RISC CRYPTO_memcmp function is effectively reduced to only comparing the least significant bit of each byte. This allows an attacker to forge messages that would be considered as authenticated in an amount...
CVE-2017-3738 2 Openssl, Debian 2 Openssl, Debian Linux 2019-01-16 4.3
There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very...
CVE-2017-3736 1 Openssl 1 Openssl 2019-01-16 4.0
There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be...
CVE-2017-3735 2 Openssl, Debian 2 Openssl, Debian Linux 2019-01-16 5.0
While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions...