openssl

280 tracked vulnerabilities.

CVE-2023-0215 HIGH
OpenSSL 1.0.2-1.0.2zg - Use-After-Free in BIO_new_NDEF
Feb 08, 2023
CVSS 7.5
EPSS 0.00
CVE-2022-4203 MEDIUM
OpenSSL 3.0.0-3.0.7 - Out-of-bounds Read in X.509 Name Constraint Checking
Feb 24, 2023
CVSS 4.9
EPSS 0.00
CVE-2022-4450 HIGH
OpenSSL 1.1.1-1.1.1s - Double Free in PEM_read_bio_ex
Feb 08, 2023
CVSS 7.5
EPSS 0.00
CVE-2022-4304 MEDIUM
OpenSSL - Timing Side-Channel Attack in RSA Decryption
Feb 08, 2023
CVSS 5.9
EPSS 0.00
CVE-2022-3996 HIGH
OpenSSL 3.0.0-3.0.6 - Denial of Service via Malformed X.509 Policy Constraint
Dec 13, 2022
CVSS 7.5
EPSS 0.00
CVE-2022-3786 HIGH
OpenSSL 3.0.0-3.0.7 - Buffer Overflow in X.509 Certificate Name Constraint Checking
Nov 01, 2022
CVSS 7.5
EPSS 0.27
CVE-2022-3602 HIGH
OpenSSL 3.0.0-3.0.6 - Buffer Overflow in X.509 Certificate Name Constraint Checking
Nov 01, 2022
CVSS 7.5
EPSS 0.84
CVE-2022-3358 HIGH
OpenSSL 3.0.0-3.0.5 - NULL Pointer Dereference via Legacy Custom Cipher Handling
Oct 11, 2022
CVSS 7.5
EPSS 0.19
CVE-2022-2097 MEDIUM
OpenSSL 1.1.1-1.1.1p and 3.0.0-3.0.4 - Data Exposure via AES OCB Mode on 32-bit x86 Platforms
Jul 05, 2022
CVSS 5.3
EPSS 0.01
CVE-2022-2274 CRITICAL
OpenSSL 3.0.4 - Remote Code Execution via RSA AVX512IFMA Memory Corruption
Jul 01, 2022
CVSS 9.8
EPSS 0.40
CVE-2022-2068 HIGH
OpenSSL 1.0.2-1.0.2ze, 1.1.1-1.1.1o, 3.0.0-3.0.3 - OS Command Injection via c_rehash Script
Jun 21, 2022
CVSS 7.3
EPSS 0.20
CVE-2022-1473 HIGH
OpenSSL 3.0.0-3.0.2 - Denial of Service via OPENSSL_LH_flush Memory Leak
May 03, 2022
CVSS 7.5
EPSS 0.00
CVE-2022-1434 MEDIUM
OpenSSL 3.0.0-3.0.2 - Predictable MAC Key in RC4-MD5 Ciphersuite
May 03, 2022
CVSS 5.9
EPSS 0.00
CVE-2022-1343 MEDIUM
OpenSSL 3.0.0-3.0.2 - Improper Certificate Validation in OCSP_basic_verify
May 03, 2022
CVSS 5.3
EPSS 0.00
CVE-2022-1292 HIGH
Siemens Brownfield Connectivity Gateway < 2.15 - OS Command Injection
May 03, 2022
CVSS 7.3
EPSS 0.41
CVE-2022-0778 HIGH
OpenSSL 1.0.2-1.0.2zc, 1.1.1-1.1.1m, 3.0.0-3.0.1 - Denial of Service via BN_mod_sqrt Infinite Loop
Mar 15, 2022
CVSS 7.5
EPSS 0.07
CVE-2021-4160 MEDIUM
OpenSSL 1.0.2-1.0.2zb, 1.1.1-1.1.1l, 3.0.0 - Carry Propagation Bug in MIPS32/MIPS64 Squaring Procedure
Jan 28, 2022
CVSS 5.9
EPSS 0.00
CVE-2021-4044 HIGH
OpenSSL 3.0.0 - Infinite Loop via Certificate Verification Error Handling
Dec 14, 2021
CVSS 7.5
EPSS 0.33
CVE-2021-3712 HIGH
OpenSSL 1.0.2-1.0.2y 1.1.1-1.1.1k - Out-of-bounds Read in ASN.1 String Processing
Aug 24, 2021
CVSS 7.4
EPSS 0.00
CVE-2021-3711 CRITICAL
OpenSSL 1.1.1-1.1.1k - Buffer Overflow in SM2 Decryption
Aug 24, 2021
CVSS 9.8
EPSS 0.03
CVE-2021-3450 HIGH
OpenSSL 1.1.1h-1.1.1j - Certificate Chain Validation Bypass via X509_V_FLAG_X509_STRICT
Mar 25, 2021
CVSS 7.4
EPSS 0.01
CVE-2021-3449 MEDIUM
Openssl < 1.1.1k - NULL Pointer Dereference
Mar 25, 2021
CVSS 5.9
EPSS 0.10
CVE-2021-23841 MEDIUM
OpenSSL 1.0.2-1.0.2x and 1.1.1-1.1.1i - Denial of Service via X509_issuer_and_serial_hash NULL Pointer Dereference
Feb 16, 2021
CVSS 5.9
EPSS 0.01
CVE-2021-23840 HIGH
OpenSSL 1.0.2-1.0.2x and 1.1.1-1.1.1i - Integer Overflow in EVP_CipherUpdate
Feb 16, 2021
CVSS 7.5
EPSS 0.01
CVE-2021-23839 LOW
OpenSSL 1.0.2s-1.0.2x - Version Rollback Attack via RSA Padding Check Inversion
Feb 16, 2021
CVSS 3.7
EPSS 0.00
Products
openssl 267 OpenSSL 46 fips_object_module 1
Quick Filters
Critical CVEs With Exploits In CISA KEV