Vulnerabilities (CVE)

Vendor filter

Openssl Subscribe

Filter

204 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-0734 6 Netapp, Openssl, Canonical and 3 more 19 Cloud Backup, Oncommand Unified Manager, Santricity Smi-s Provider and 16 more 2019-06-11 4.3
The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL...
CVE-2019-1543 1 Openssl 1 Openssl 2019-06-03 5.8
ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value (IV) should be 96 bits (12 bytes). OpenSSL allows a variable nonce length and front pads the nonce with...
CVE-2018-0732 3 Openssl, Canonical, Debian 3 Openssl, Ubuntu Linux, Debian Linux 2019-05-30 5.0
During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime...
CVE-2011-1473 1 Openssl 1 Openssl 2019-05-27 5.0
** DISPUTED ** OpenSSL before 0.9.8l, and 0.9.8m through 1.x, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service (CPU...
CVE-2019-1559 7 Openssl, Canonical, Debian and 4 more 18 Openssl, Ubuntu Linux, Debian Linux and 15 more 2019-05-22 4.3
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with...
CVE-2016-2183 5 Python, Openssl, Cisco and 2 more 8 Content Security Management Appliance, Openssl, Enterprise Linux and 5 more 2019-05-20 5.0
The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a...
CVE-2017-3730 2 Openssl, Oracle 7 Openssl, Agile Engineering Data Management, Communications Application Session Controller and 4 more 2019-04-25 5.0
In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. This could be exploited in a...
CVE-2018-0739 3 Openssl, Canonical, Debian 3 Openssl, Ubuntu Linux, Debian Linux 2019-04-23 4.3
Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures...
CVE-2018-0733 1 Openssl 1 Openssl 2019-04-23 4.3
Because of an implementation bug the PA-RISC CRYPTO_memcmp function is effectively reduced to only comparing the least significant bit of each byte. This allows an attacker to forge messages that would be considered as authenticated in an amount...
CVE-2017-3738 2 Openssl, Debian 2 Openssl, Debian Linux 2019-04-23 4.3
There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very...
CVE-2017-3736 1 Openssl 1 Openssl 2019-04-23 4.0
There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be...
CVE-2017-3735 2 Openssl, Debian 2 Openssl, Debian Linux 2019-04-23 5.0
While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions...
CVE-2017-3733 2 Hp, Openssl 2 Openssl, Operations Agent 2019-04-23 5.0
During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL 1.1.0 before 1.1.0e to crash (dependent on ciphersuite). Both clients and...
CVE-2017-3732 1 Openssl 1 Openssl 2019-04-23 4.3
There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect...
CVE-2017-3731 1 Openssl 1 Openssl 2019-04-23 5.0
If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash...
CVE-2014-3470 3 Openssl, Fedoraproject, Redhat 4 Storage, Enterprise Linux, Fedora and 1 more 2019-04-22 4.3
The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer...
CVE-2014-0195 3 Openssl, Fedoraproject, Redhat 4 Storage, Enterprise Linux, Fedora and 1 more 2019-04-22 6.8
The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute...
CVE-2014-0221 3 Openssl, Fedoraproject, Redhat 4 Storage, Enterprise Linux, Fedora and 1 more 2019-04-22 4.3
The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid...
CVE-2016-2105 8 Openssl, Apple, Oracle and 5 more 16 Leap, Openssl, Enterprise Linux Desktop and 13 more 2019-02-21 5.0
Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data.
CVE-2016-0705 5 Google, Openssl, Oracle and 2 more 5 Mysql, Android, Openssl and 2 more 2019-02-20 10.0
Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other...