Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Openssl
(Openssl)Repositories |
• https://github.com/openssl/openssl
• git://git.openssl.org/openssl.git |
#Vulnerabilities | 225 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2018-09-10 | CVE-2016-7056 | A timing attack flaw was found in OpenSSL that could allow a malicious user with local access to recover ECDSA P-256 private keys. | Ubuntu_linux, Debian_linux, Openssl, Enterprise_linux | 5.5 | ||
2008-07-10 | CVE-2008-1678 | CVE-2008-1678 httpd: mod_ssl per-connection memory leak for connections with zlib compression | Openssl | N/A | ||
2009-05-19 | CVE-2009-1379 | CVE-2009-1379 OpenSSL: DTLS pointer use-after-free flaw (DoS) | Openssl | N/A | ||
2009-06-04 | CVE-2009-1386 | CVE-2009-1386 openssl: DTLS NULL deref crash on early ChangeCipherSpec request | Ubuntu_linux, Openssl, Openssl | N/A | ||
2014-10-15 | CVE-2014-3566 | A flaw was found in the way SSL 3.0 handled padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. This flaw allows a man-in-the-middle (MITM) attacker to decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. | Mac_os_x, Debian_linux, Fedora, Aix, Vios, Mageia, Netbsd, Suse_linux_enterprise_desktop, Suse_linux_enterprise_server, Suse_linux_enterprise_software_development_kit, Openssl, Opensuse, Database, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_desktop_supplementary, Enterprise_linux_server, Enterprise_linux_server_supplementary, Enterprise_linux_workstation, Enterprise_linux_workstation_supplementary | 3.4 | ||
2010-11-17 | CVE-2010-3864 | CVE-2010-3864 OpenSSL TLS extension parsing race condition | Openssl | N/A | ||
2009-11-09 | CVE-2009-3555 | CVE-2009-3555 TLS: MITM attacks via session renegotiation | Http_server, Ubuntu_linux, Debian_linux, Nginx, Fedora, Gnutls, Nss, Openssl | N/A | ||
2010-12-06 | CVE-2010-4252 | CVE-2010-4252 openssl: session key retrieval flaw in J-PAKE implementation | Openssl | N/A | ||
2015-06-12 | CVE-2015-1789 | An out-of-bounds read flaw was found in the X509_cmp_time() function of OpenSSL, which is used to test the expiry dates of SSL/TLS certificates. An attacker could possibly use a specially crafted SSL/TLS certificate or CRL (Certificate Revocation List), which when parsed by an application would cause that application to crash. | Openssl, Sparc\-Opl_service_processor | 7.5 | ||
2015-06-12 | CVE-2015-1792 | A denial of service flaw was found in the way OpenSSL verified certain signed messages using CMS (Cryptographic Message Syntax). A remote attacker could cause an application using OpenSSL to use excessive amounts of memory by sending a specially crafted message for verification. | Openssl | N/A |