Vulnerabilities (CVE)

Vendor filter

Openssl Subscribe

Filter

32 total CVE
CVE Vendors Products Updated CVSS
CVE-2016-0705 5 Google, Openssl, Oracle and 2 more 5 Mysql, Android, Openssl and 2 more 2019-02-20 10.0
Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other...
CVE-2003-0131 1 Openssl 1 Openssl 2018-10-19 7.5
The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using...
CVE-2006-2940 1 Openssl 1 Openssl 2018-10-18 7.8
OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2) "public modulus" values in X.509 certificates...
CVE-2006-2937 1 Openssl 1 Openssl 2018-10-18 7.8
OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition.
CVE-2006-3738 1 Openssl 1 Openssl 2018-10-17 10.0
Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers.
CVE-2007-4995 1 Openssl 1 Openssl 2018-10-15 9.3
Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2010-3864 1 Openssl 1 Openssl 2018-10-10 7.6
Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi-threading and internal caching are enabled on a TLS server, might allow remote attackers to execute arbitrary code via client data that...
CVE-2016-2109 2 Openssl, Redhat 8 Openssl, Enterprise Linux Desktop, Enterprise Linux Server Aus and 5 more 2018-07-19 7.8
The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding.
CVE-2016-2182 3 Hp, Openssl, Oracle 6 Linux, Icewall Sso, Openssl and 3 more 2018-07-14 7.5
The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have...
CVE-2016-6309 1 Openssl 1 Openssl 2018-07-12 10.0
statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc call, which allows remote attackers to cause a denial of service (use-after-free) or possibly execute arbitrary code via a crafted TLS session.
CVE-2016-2177 3 Hp, Openssl, Oracle 6 Linux, Icewall Sso, Openssl and 3 more 2018-07-12 7.5
OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by...
CVE-2003-0545 1 Openssl 1 Openssl 2018-05-03 10.0
Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an SSL client certificate with a certain invalid ASN.1 encoding.
CVE-2016-6304 3 Openssl, Novell, Nodejs 3 Node.js, Suse Linux Enterprise Module For Web Scripting, Openssl 2018-04-20 7.8
Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions.
CVE-2016-6303 2 Openssl, Nodejs 2 Node.js, Openssl 2018-04-20 7.5
Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.
CVE-2016-2842 1 Openssl 1 Openssl 2018-01-05 10.0
The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or...
CVE-2016-2108 3 Google, Openssl, Redhat 9 Openssl, Enterprise Linux Desktop, Enterprise Linux Server Aus and 6 more 2018-01-05 10.0
The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the...
CVE-2016-0799 2 Openssl, Pulsesecure 3 Client, Steel Belted Radius, Openssl 2018-01-05 10.0
The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have...
CVE-2014-8176 1 Openssl 1 Openssl 2018-01-05 7.5
The dtls1_clear_queues function in ssl/d1_lib.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h frees data structures without considering that application data can arrive between a ChangeCipherSpec message and a Finished...
CVE-2012-2131 1 Openssl 1 Openssl 2018-01-05 7.5
Multiple integer signedness errors in crypto/buffer/buffer.c in OpenSSL 0.9.8v allow remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER...
CVE-2012-2110 2 Openssl, Redhat 2 Openssl, Openssl 2018-01-05 7.5
The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause...