openssl

280 tracked vulnerabilities.

CVE-2012-2131
OpenSSL 0.9.8v - Buffer Overflow via Crafted DER Data
Apr 24, 2012
EPSS 0.08
CVE-2012-2110
OpenSSL < 0.9.8v, 1.0.0 < 1.0.0i, 1.0.1 < 1.0.1a - Buffer Overflow via Crafted DER Data
Apr 19, 2012
EPSS 0.09
CVE-2012-1165
OpenSSL < 0.9.8u and 1.x < 1.0.0h - Denial of Service via Crafted S/MIME Message
Mar 15, 2012
EPSS 0.03
CVE-2012-0884
OpenSSL <0.9.8u-1.0.0h - Info Disclosure
Mar 13, 2012
EPSS 0.03
CVE-2012-0050
OpenSSL 0.9.8s and 1.0.0f - Denial of Service via Out-of-Bounds Read in DTLS
Jan 19, 2012
EPSS 0.03
CVE-2012-0027
OpenSSL < 1.0.0f - Denial of Service via GOST Block Cipher Parameter Handling
Jan 06, 2012
EPSS 0.01
CVE-2011-5095
OpenSSL 0.9.8 - Shared Secret Key Exposure via Improper Public Parameter Validation
Jun 20, 2012
EPSS 0.00
CVE-2011-1473
OpenSSL < 0.9.8k and 0.9.8m-1.x - Denial of Service via Client-Initiated Renegotiation
Jun 16, 2012
EPSS 0.55
CVE-2011-4354
OpenSSL <0.9.8h - Memory Corruption
Jan 27, 2012
EPSS 0.00
CVE-2011-4619
OpenSSL < 0.9.8s and 1.x < 1.0.0f - Denial of Service via Server Gated Cryptography Handshake Restart
Jan 06, 2012
EPSS 0.03
CVE-2011-4577
OpenSSL < 0.9.8s and 1.x < 1.0.0f - Denial of Service via RFC 3779 Certificate Extension Handling
Jan 06, 2012
EPSS 0.03
CVE-2011-4576
OpenSSL < 0.9.8s and 1.x < 1.0.0f - Information Disclosure via SSL 3.0 Block Cipher Padding
Jan 06, 2012
EPSS 0.01
CVE-2011-4109
OpenSSL 0.9.8 - Double Free via Policy Check Failure
Jan 06, 2012
EPSS 0.03
CVE-2011-4108
OpenSSL <0.9.8s, 1.x <1.0.0f - Info Disclosure
Jan 06, 2012
EPSS 0.01
CVE-2011-3210
OpenSSL 0.9.8-0.9.8r and 1.0.x < 1.0.0e - Denial of Service via Out-of-Order TLS Handshake Messages
Sep 22, 2011
EPSS 0.06
CVE-2011-3207
OpenSSL 1.0.x - CRL Validation Bypass via Uninitialized Structure Members
Sep 22, 2011
EPSS 0.02
CVE-2011-1945
OpenSSL < 1.0.0d - ECDSA Private Key Exposure via Timing Attack
May 31, 2011
EPSS 0.05
CVE-2011-0014
OpenSSL 0.9.8h-0.9.8q and 1.0.0-1.0.0c - Denial of Service via Malformed ClientHello Handshake
Feb 19, 2011
EPSS 0.01
CVE-2010-5298
OpenSSL < 1.0.1g - Use-After-Free and Denial of Service via Multithreaded SSL Connection
Apr 14, 2014
EPSS 0.15
CVE-2010-4252
OpenSSL < 1.0.0c - Improper Authentication via J-PAKE Parameter Validation Bypass
Dec 06, 2010
EPSS 0.02
CVE-2010-4180
OpenSSL <0.9.8q, 1.0.x <1.0.0c - RCE
Dec 06, 2010
EPSS 0.04
CVE-2010-3864
OpenSSL 0.9.8f-0.9.8o, 1.0.0, 1.0.0a - Remote Code Execution via TLS Server Name Extension Race Condition
Nov 17, 2010
EPSS 0.05
CVE-2010-2939
OpenSSL <1.0.0a-0.9.7 - Use After Free
Aug 17, 2010
EPSS 0.10
CVE-2010-1633
OpenSSL 1.x - Information Disclosure via EVP_PKEY_verify_recover Failure
Jun 03, 2010
EPSS 0.01
CVE-2010-0742
OpenSSL <0.9.8o, 1.x <1.0.0a - Memory Corruption
Jun 03, 2010
EPSS 0.22
Products
openssl 267 OpenSSL 46 fips_object_module 1
Quick Filters
Critical CVEs With Exploits In CISA KEV