openssl

298 tracked vulnerabilities.

CVE-2019-1552 LOW
OpenSSL 1.0.2-1.0.2s - Improper Certificate Validation via OPENSSLDIR Configuration
Jul 30, 2019
CVSS 3.3
EPSS 0.01
CVE-2019-1543 HIGH
OpenSSL 1.1.0-1.1.0j - Nonce Reuse in ChaCha20-Poly1305
Mar 06, 2019
CVSS 7.4
EPSS 0.06
CVE-2019-1559 MEDIUM
OpenSSL 1.0.2-1.0.2q - Padding Oracle via SSL_shutdown Double Call
Feb 27, 2019
CVSS 5.9
EPSS 0.17
CVE-2018-5407 MEDIUM
Ubuntu Linux - Exposure of Sensitive Information via SMT Port Contention Timing Attack
Nov 15, 2018
CVSS 4.7
EPSS 0.03
CVE-2018-0734 MEDIUM
OpenSSL 1.0.2-1.0.2p 1.1.0-1.1.0i 1.1.1 - Timing Side Channel Attack via DSA Signature Algorithm
Oct 30, 2018
CVSS 5.9
EPSS 0.12
CVE-2018-0735 MEDIUM
OpenSSL 1.1.0-1.1.0i and 1.1.1 - Timing Side Channel Attack in ECDSA Signature Algorithm
Oct 29, 2018
CVSS 5.9
EPSS 0.05
CVE-2018-0732 HIGH
OpenSSL 1.0.2-1.0.2o and 1.1.0-1.1.0h - Denial of Service via Large DH Prime in TLS Handshake
Jun 12, 2018
CVSS 7.5
EPSS 0.49
CVE-2018-0737 MEDIUM
OpenSSL 1.0.2b-1.0.2o and 1.1.0-1.1.0h - Private Key Recovery via Cache Timing Side Channel
Apr 16, 2018
CVSS 5.9
EPSS 0.12
CVE-2018-0739 MEDIUM
OpenSSL 1.0.2b-1.0.2n - Denial of Service via ASN.1 Recursive Type Parsing
Mar 27, 2018
CVSS 6.5
EPSS 0.19
CVE-2018-0733 MEDIUM
OpenSSL 1.1.0-1.1.0g - Authentication Bypass via PA-RISC CRYPTO_memcmp Bit Comparison
Mar 27, 2018
CVSS 5.9
EPSS 0.09
CVE-2017-3738 MEDIUM
AVX2 Montgomery multiplication - Buffer Overflow
Dec 07, 2017
CVSS 5.9
EPSS 0.13
CVE-2017-3737 MEDIUM
OpenSSL 1.0.2b-1.0.2m - Unencrypted Data Exposure via SSL_read/SSL_write After Fatal Error
Dec 07, 2017
CVSS 5.9
EPSS 0.79
CVE-2017-3736 MEDIUM
OpenSSL <1.0.2m, 1.1.0<1.1.0g - Memory Corruption
Nov 02, 2017
CVSS 6.5
EPSS 0.10
CVE-2017-3735 MEDIUM
OpenSSL <1.0.2m, 1.1.0g - Info Disclosure
Aug 28, 2017
CVSS 5.3
EPSS 0.18
CVE-2017-3733 HIGH
OpenSSL 1.1.0-1.1.0d - Denial of Service via Encrypt-Then-Mac Renegotiation
May 04, 2017
CVSS 7.5
EPSS 0.13
CVE-2017-3732 MEDIUM
OpenSSL <1.0.2k, 1.1.0<1.1.0d - Memory Corruption
May 04, 2017
CVSS 5.9
EPSS 0.16
CVE-2017-3731 HIGH
OpenSSL <1.1.0/1.0.2 - Use After Free
May 04, 2017
CVSS 7.5
EPSS 0.58
CVE-2017-3730 HIGH
OpenSSL 1.1.0 - Denial of Service via NULL Pointer Dereference in DHE/ECDHE Key Exchange
May 04, 2017
CVSS 7.5
EPSS 0.55
CVE-2016-7056 MEDIUM
OpenSSL < 1.0.1u - Timing Attack ECDSA P-256 Private Key Recovery
Sep 10, 2018
CVSS 5.5
EPSS 0.01
CVE-2016-8610 HIGH
OpenSSL 0.9.8 1.0.1 1.0.2-1.0.2h 1.1.0 - Denial of Service via ALERT Packet Processing
Nov 13, 2017
CVSS 7.5
EPSS 0.40
CVE-2016-7055 MEDIUM
OpenSSL 1.0.2-1.1.0c - Carry Propagating Bug in Montgomery Multiplication
May 04, 2017
CVSS 5.9
EPSS 0.14
CVE-2016-7054 HIGH
OpenSSL 1.1.0-1.1.0b - Denial of Service via CHACHA20-POLY1305 Cipher Payload Corruption
May 04, 2017
CVSS 7.5
EPSS 0.32
CVE-2016-7053 HIGH
OpenSSL 1.1.0-1.1.0b - NULL Pointer Dereference in ASN.1 CHOICE Type Handling
May 04, 2017
CVSS 7.5
EPSS 0.22
CVE-2016-7052 HIGH
Novell Suse Linux Enterprise Module F... - NULL Pointer Dereference
Sep 26, 2016
CVSS 7.5
EPSS 0.30
CVE-2016-6309 CRITICAL
OpenSSL 1.1.0a - Use-After-Free in statem/statem.c
Sep 26, 2016
CVSS 9.8
EPSS 0.70