openssl

280 tracked vulnerabilities.

CVE-2015-4000 LOW
OpenSSL 1.0.1-1.0.1l - Man-in-the-Middle Cipher Downgrade via DHE_EXPORT
May 21, 2015
CVSS 3.7
EPSS 0.94
CVE-2015-1787
OpenSSL 1.0.2 - Denial of Service via Zero-Length ClientKeyExchange Message
Mar 19, 2015
EPSS 0.27
CVE-2015-0293
OpenSSL < 0.9.8zf, 1.0.0 < 1.0.0r, 1.0.1 < 1.0.1m, 1.0.2 < 1.0.2a - DoS via SSLv2 CLIENT-MASTER-KEY
Mar 19, 2015
EPSS 0.06
CVE-2015-0292
OpenSSL < 0.9.8za, 1.0.0 < 1.0.0m, 1.0.1 < 1.0.1h - Memory Corruption via Base64 Decoding
Mar 19, 2015
EPSS 0.07
CVE-2015-0291
OpenSSL 1.0.2 - Denial of Service via Invalid signature_algorithms Extension
Mar 19, 2015
EPSS 0.28
CVE-2015-0290
OpenSSL 1.0.2 - Denial of Service via Multi-Block SSL3 Write
Mar 19, 2015
EPSS 0.30
CVE-2015-0289
OpenSSL < 0.9.8ze, 1.0.0 < 1.0.0r, 1.0.1 < 1.0.1m, 1.0.2 < 1.0.2a - Denial of Service via PKCS#7 ContentInfo Handling
Mar 19, 2015
EPSS 0.06
CVE-2015-0288
OpenSSL < 0.9.8zf, 1.0.0 < 1.0.0r, 1.0.1 < 1.0.1m, 1.0.2 < 1.0.2a - Denial of Service via Invalid Certificate Key
Mar 19, 2015
EPSS 0.04
CVE-2015-0287
OpenSSL < 0.9.8zf, 1.0.0 < 1.0.0r, 1.0.1 < 1.0.1m, 1.0.2 < 1.0.2a - Denial of Service via ASN1 Structure Reuse
Mar 19, 2015
EPSS 0.05
CVE-2015-0286
OpenSSL < 0.9.8zf 1.0.0 < 1.0.0r 1.0.1 < 1.0.1m 1.0.2 < 1.0.2a - Denial of Service via ASN1_TYPE_cmp Boolean Comparison
Mar 19, 2015
EPSS 0.21
CVE-2015-0285
OpenSSL 1.0.2 - Remote Brute-Force Attack via Unseeded PRNG in SSL Handshake
Mar 19, 2015
EPSS 0.09
CVE-2015-0209
OpenSSL < 0.9.8zf, 1.0.0 < 1.0.0r, 1.0.1 < 1.0.1m, 1.0.2 < 1.0.2a - Use-After-Free in EC Private Key Import
Mar 19, 2015
EPSS 0.02
CVE-2015-0208
OpenSSL 1.0.2 - Denial of Service via RSA PSS Parameter Handling
Mar 19, 2015
EPSS 0.28
CVE-2015-0207
OpenSSL 1.0.2 - Denial of Service via DTLS State Isolation Failure
Mar 19, 2015
EPSS 0.30
CVE-2015-0206
OpenSSL 1.0.0-1.0.0o and 1.0.1-1.0.1j - Denial of Service via Duplicate DTLS Records
Jan 09, 2015
EPSS 0.31
CVE-2015-0205
OpenSSL 1.0.0-1.0.0o and 1.0.1-1.0.1j - Unauthenticated Access via Missing CertificateVerify in DH Authentication
Jan 09, 2015
EPSS 0.12
CVE-2015-0204
OpenSSL < 0.9.8zd, 1.0.0 < 1.0.0p, 1.0.1 < 1.0.1k - RSA-to-EXPORT_RSA Downgrade Attack via Weak Ephemeral RSA Key
Jan 09, 2015
EPSS 0.92
CVE-2014-8176
OpenSSL < 0.9.8za, 1.0.0 < 1.0.0m, 1.0.1 < 1.0.1h - Denial of Service via DTLS ChangeCipherSpec Handling
Jun 12, 2015
EPSS 0.22
CVE-2014-8275
OpenSSL < 0.9.8zd 1.0.0 < 1.0.0p 1.0.1 < 1.0.1k - Certificate Blacklist Bypass via Unsigned Certificate Data
Jan 09, 2015
EPSS 0.09
CVE-2014-3572
OpenSSL < 0.9.8zd, 1.0.0 < 1.0.0p, 1.0.1 < 1.0.1k - Loss of Forward Secrecy via ECDHE-to-ECDH Downgrade
Jan 09, 2015
EPSS 0.09
CVE-2014-3571
OpenSSL < 0.9.8zd 1.0.0 < 1.0.0p 1.0.1 < 1.0.1k - Denial of Service via DTLS Handshake Header Processing
Jan 09, 2015
EPSS 0.32
CVE-2014-3570
OpenSSL < 0.9.8zd, 1.0.0 < 1.0.0p, 1.0.1 < 1.0.1k - Cryptographic Protection Bypass via BN_sqr BIGNUM Calculation
Jan 09, 2015
EPSS 0.07
CVE-2014-3569
OpenSSL 0.9.8zc, 1.0.0o, 1.0.1j - Denial of Service via SSLv3 Handshake to no-ssl3 Application
Dec 24, 2014
EPSS 0.08
CVE-2014-3568
OpenSSL < 0.9.8zc, 1.0.0 < 1.0.0o, 1.0.1 < 1.0.1j - SSL 3.0 Handshake Access Bypass
Oct 19, 2014
EPSS 0.05
CVE-2014-3567
OpenSSL < 0.9.8zb - Denial of Service via Session Ticket Integrity Check Failure
Oct 19, 2014
EPSS 0.24
Products
openssl 267 OpenSSL 46 fips_object_module 1
Quick Filters
Critical CVEs With Exploits In CISA KEV