Total
252 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-0797 | 4 Canonical, Debian, Nodejs and 1 more | 4 Ubuntu Linux, Debian Linux, Node.js and 1 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c. | |||||
CVE-2015-3193 | 3 Canonical, Nodejs, Openssl | 3 Ubuntu Linux, Node.js, Openssl | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
The Montgomery squaring implementation in crypto/bn/asm/x86_64-mont5.pl in OpenSSL 1.0.2 before 1.0.2e on the x86_64 platform, as used by the BN_mod_exp function, mishandles carry propagation and produces incorrect output, which makes it easier for remote attackers to obtain sensitive private-key information via an attack against use of a (1) Diffie-Hellman (DH) or (2) Diffie-Hellman Ephemeral (DHE) ciphersuite. | |||||
CVE-2016-2109 | 2 Openssl, Redhat | 8 Openssl, Enterprise Linux Desktop, Enterprise Linux Hpc Node and 5 more | 2024-02-04 | 7.8 HIGH | 7.5 HIGH |
The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding. | |||||
CVE-2015-3196 | 7 Canonical, Debian, Fedoraproject and 4 more | 13 Ubuntu Linux, Debian Linux, Fedora and 10 more | 2024-02-04 | 4.3 MEDIUM | N/A |
ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service (race condition and double free) via a crafted ServerKeyExchange message. | |||||
CVE-2015-1791 | 1 Openssl | 1 Openssl | 2024-02-04 | 6.8 MEDIUM | N/A |
Race condition in the ssl3_get_new_session_ticket function in ssl/s3_clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threaded client, allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact by providing a NewSessionTicket during an attempt to reuse a ticket that had been obtained earlier. | |||||
CVE-2016-2181 | 2 Openssl, Oracle | 2 Openssl, Linux | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number, which allows remote attackers to cause a denial of service (false-positive packet drops) via spoofed DTLS records, related to rec_layer_d1.c and ssl3_record.c. | |||||
CVE-2014-8176 | 1 Openssl | 1 Openssl | 2024-02-04 | 7.5 HIGH | N/A |
The dtls1_clear_queues function in ssl/d1_lib.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h frees data structures without considering that application data can arrive between a ChangeCipherSpec message and a Finished message, which allows remote DTLS peers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unexpected application data. | |||||
CVE-2015-1790 | 1 Openssl | 1 Openssl | 2024-02-04 | 5.0 MEDIUM | N/A |
The PKCS7_dataDecodefunction in crypto/pkcs7/pk7_doit.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a PKCS#7 blob that uses ASN.1 encoding and lacks inner EncryptedContent data. | |||||
CVE-2016-2183 | 6 Cisco, Nodejs, Openssl and 3 more | 9 Content Security Management Appliance, Node.js, Openssl and 6 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack. | |||||
CVE-2016-2106 | 2 Openssl, Redhat | 8 Openssl, Enterprise Linux Desktop, Enterprise Linux Hpc Node and 5 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data. | |||||
CVE-2016-2182 | 3 Hp, Openssl, Oracle | 6 Icewall Federation Agent, Icewall Mcrp, Icewall Sso and 3 more | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors. | |||||
CVE-2016-6309 | 1 Openssl | 1 Openssl | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc call, which allows remote attackers to cause a denial of service (use-after-free) or possibly execute arbitrary code via a crafted TLS session. | |||||
CVE-2016-0799 | 2 Openssl, Pulsesecure | 3 Openssl, Client, Steel Belted Radius | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842. | |||||
CVE-2015-3197 | 2 Openssl, Oracle | 6 Openssl, Exalogic Infrastructure, Oss Support Tools and 3 more | 2024-02-04 | 4.3 MEDIUM | 5.9 MEDIUM |
ssl/s2_srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f does not prevent use of disabled ciphers, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by performing computations on SSLv2 traffic, related to the get_client_master_key and get_client_hello functions. | |||||
CVE-2016-2105 | 8 Apple, Canonical, Debian and 5 more | 15 Mac Os X, Ubuntu Linux, Debian Linux and 12 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data. | |||||
CVE-2016-6307 | 1 Openssl | 1 Openssl | 2024-02-04 | 4.3 MEDIUM | 5.9 MEDIUM |
The state-machine implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via crafted TLS messages, related to statem/statem.c and statem/statem_lib.c. | |||||
CVE-2015-1788 | 1 Openssl | 1 Openssl | 2024-02-04 | 4.3 MEDIUM | N/A |
The BN_GF2m_mod_inv function in crypto/bn/bn_gf2m.c in OpenSSL before 0.9.8s, 1.0.0 before 1.0.0e, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b does not properly handle ECParameters structures in which the curve is over a malformed binary polynomial field, which allows remote attackers to cause a denial of service (infinite loop) via a session that uses an Elliptic Curve algorithm, as demonstrated by an attack against a server that supports client authentication. | |||||
CVE-2016-0704 | 1 Openssl | 1 Openssl | 2024-02-04 | 4.3 MEDIUM | 5.9 MEDIUM |
An oracle protection mechanism in the get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a overwrites incorrect MASTER-KEY bytes during use of export cipher suites, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800. | |||||
CVE-2016-0701 | 1 Openssl | 1 Openssl | 2024-02-04 | 2.6 LOW | 3.7 LOW |
The DH_check_pub_key function in crypto/dh/dh_check.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman (DH) key exchange, which makes it easier for remote attackers to discover a private DH exponent by making multiple handshakes with a peer that chose an inappropriate number, as demonstrated by a number in an X9.42 file. | |||||
CVE-2016-6306 | 6 Canonical, Debian, Hp and 3 more | 9 Ubuntu Linux, Debian Linux, Icewall Federation Agent and 6 more | 2024-02-04 | 4.3 MEDIUM | 5.9 MEDIUM |
The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c. |