Product:

Openssl

(Openssl)
Repositories https://github.com/openssl/openssl
• git://git.openssl.org/openssl.git
#Vulnerabilities 225
Date Id Summary Products Score Patch Annotated
2018-09-10 CVE-2016-7056 A timing attack flaw was found in OpenSSL that could allow a malicious user with local access to recover ECDSA P-256 private keys. Ubuntu_linux, Debian_linux, Openssl, Enterprise_linux 5.5
2008-07-10 CVE-2008-1678 CVE-2008-1678 httpd: mod_ssl per-connection memory leak for connections with zlib compression Openssl N/A
2009-05-19 CVE-2009-1379 CVE-2009-1379 OpenSSL: DTLS pointer use-after-free flaw (DoS) Openssl N/A
2009-06-04 CVE-2009-1386 CVE-2009-1386 openssl: DTLS NULL deref crash on early ChangeCipherSpec request Ubuntu_linux, Openssl, Openssl N/A
2014-10-15 CVE-2014-3566 A flaw was found in the way SSL 3.0 handled padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. This flaw allows a man-in-the-middle (MITM) attacker to decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. Mac_os_x, Debian_linux, Fedora, Aix, Vios, Mageia, Netbsd, Suse_linux_enterprise_desktop, Suse_linux_enterprise_server, Suse_linux_enterprise_software_development_kit, Openssl, Opensuse, Database, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_desktop_supplementary, Enterprise_linux_server, Enterprise_linux_server_supplementary, Enterprise_linux_workstation, Enterprise_linux_workstation_supplementary 3.4
2010-11-17 CVE-2010-3864 CVE-2010-3864 OpenSSL TLS extension parsing race condition Openssl N/A
2009-11-09 CVE-2009-3555 CVE-2009-3555 TLS: MITM attacks via session renegotiation Http_server, Ubuntu_linux, Debian_linux, Nginx, Fedora, Gnutls, Nss, Openssl N/A
2010-12-06 CVE-2010-4252 CVE-2010-4252 openssl: session key retrieval flaw in J-PAKE implementation Openssl N/A
2015-06-12 CVE-2015-1789 An out-of-bounds read flaw was found in the X509_cmp_time() function of OpenSSL, which is used to test the expiry dates of SSL/TLS certificates. An attacker could possibly use a specially crafted SSL/TLS certificate or CRL (Certificate Revocation List), which when parsed by an application would cause that application to crash. Openssl, Sparc\-Opl_service_processor 7.5
2015-06-12 CVE-2015-1792 A denial of service flaw was found in the way OpenSSL verified certain signed messages using CMS (Cryptographic Message Syntax). A remote attacker could cause an application using OpenSSL to use excessive amounts of memory by sending a specially crafted message for verification. Openssl N/A