openssl

298 tracked vulnerabilities.

CVE-2022-3358 HIGH
OpenSSL 3.0.0-3.0.5 - NULL Pointer Dereference via Legacy Custom Cipher Handling
Oct 11, 2022
CVSS 7.5
EPSS 0.03
CVE-2022-2097 MEDIUM
OpenSSL 1.1.1-1.1.1p and 3.0.0-3.0.4 - Data Exposure via AES OCB Mode on 32-bit x86 Platforms
Jul 05, 2022
CVSS 5.3
EPSS 0.04
CVE-2022-2274 CRITICAL
OpenSSL 3.0.4 - Remote Code Execution via RSA AVX512IFMA Memory Corruption
Jul 01, 2022
CVSS 9.8
EPSS 0.45
CVE-2022-2068 HIGH
OpenSSL 1.0.2-1.0.2ze, 1.1.1-1.1.1o, 3.0.0-3.0.3 - OS Command Injection via c_rehash Script
Jun 21, 2022
CVSS 7.3
EPSS 0.96
CVE-2022-1473 HIGH
OpenSSL 3.0.0-3.0.2 - Denial of Service via OPENSSL_LH_flush Memory Leak
May 03, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-1434 MEDIUM
OpenSSL 3.0.0-3.0.2 - Predictable MAC Key in RC4-MD5 Ciphersuite
May 03, 2022
CVSS 5.9
EPSS 0.01
CVE-2022-1343 MEDIUM
OpenSSL 3.0.0-3.0.2 - Improper Certificate Validation in OCSP_basic_verify
May 03, 2022
CVSS 5.3
EPSS 0.01
CVE-2022-1292 HIGH
Siemens Brownfield Connectivity Gateway < 2.15 - OS Command Injection
May 03, 2022
CVSS 7.3
EPSS 0.83
CVE-2022-0778 HIGH
OpenSSL 1.0.2-1.0.2zc, 1.1.1-1.1.1m, 3.0.0-3.0.1 - Denial of Service via BN_mod_sqrt Infinite Loop
Mar 15, 2022
CVSS 7.5
EPSS 0.71
CVE-2021-4160 MEDIUM
OpenSSL 1.0.2-1.0.2zb, 1.1.1-1.1.1l, 3.0.0 - Carry Propagation Bug in MIPS32/MIPS64 Squaring Procedure
Jan 28, 2022
CVSS 5.9
EPSS 0.04
CVE-2021-4044 HIGH
OpenSSL 3.0.0 - Infinite Loop via Certificate Verification Error Handling
Dec 14, 2021
CVSS 7.5
EPSS 0.50
CVE-2021-3712 HIGH
OpenSSL 1.0.2-1.0.2y 1.1.1-1.1.1k - Out-of-bounds Read in ASN.1 String Processing
Aug 24, 2021
CVSS 7.4
EPSS 0.50
CVE-2021-3711 CRITICAL
OpenSSL 1.1.1-1.1.1k - Buffer Overflow in SM2 Decryption
Aug 24, 2021
CVSS 9.8
EPSS 0.88
CVE-2021-3450 HIGH
OpenSSL 1.1.1h-1.1.1j - Certificate Chain Validation Bypass via X509_V_FLAG_X509_STRICT
Mar 25, 2021
CVSS 7.4
EPSS 0.18
CVE-2021-3449 MEDIUM
Openssl < 1.1.1k - NULL Pointer Dereference
Mar 25, 2021
CVSS 5.9
EPSS 0.63
CVE-2021-23841 MEDIUM
OpenSSL 1.0.2-1.0.2x and 1.1.1-1.1.1i - Denial of Service via X509_issuer_and_serial_hash NULL Pointer Dereference
Feb 16, 2021
CVSS 5.9
EPSS 0.07
CVE-2021-23840 HIGH
OpenSSL 1.0.2-1.0.2x and 1.1.1-1.1.1i - Integer Overflow in EVP_CipherUpdate
Feb 16, 2021
CVSS 7.5
EPSS 0.51
CVE-2021-23839 LOW
OpenSSL 1.0.2s-1.0.2x - Version Rollback Attack via RSA Padding Check Inversion
Feb 16, 2021
CVSS 3.7
EPSS 0.03
CVE-2020-1971 MEDIUM
OpenSSL 1.0.2-1.0.2w and 1.1.1-1.1.1h - Denial of Service via EDIPARTYNAME NULL Pointer Dereference
Dec 08, 2020
CVSS 5.9
EPSS 0.07
CVE-2020-1968 LOW
OpenSSL 1.0.2-1.0.2v - Pre-Master Secret Disclosure via Raccoon Attack
Sep 09, 2020
CVSS 3.7
EPSS 0.05
CVE-2020-1967 HIGH
OpenSSL 1.1.1d-1.1.1f - Denial of Service via Invalid Signature Algorithm in TLS 1.3 Handshake
Apr 21, 2020
CVSS 7.5
EPSS 0.53
CVE-2019-1551 MEDIUM
x64_64 Montgomery squaring procedure - Buffer Overflow
Dec 06, 2019
CVSS 5.3
EPSS 0.14
CVE-2019-1563 LOW
OpenSSL 1.0.2-1.0.2s - Bleichenbacher Padding Oracle Attack via CMS/PKCS7 Decryption
Sep 10, 2019
CVSS 3.7
EPSS 0.04
CVE-2019-1549 MEDIUM
OpenSSL 1.1.1-1.1.1c - Use of Insufficiently Random Values
Sep 10, 2019
CVSS 5.3
EPSS 0.06
CVE-2019-1547 MEDIUM
OpenSSL 1.0.2-1.0.2s - Side Channel Attack via EC Group Explicit Parameters
Sep 10, 2019
CVSS 4.7
EPSS 0.01