Vulnerabilities > Openssl
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-21 | CVE-2022-2068 | OS Command Injection vulnerability in multiple products In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. | 10.0 |
| 2022-05-03 | CVE-2022-1292 | OS Command Injection vulnerability in Openssl The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. | 10.0 |
| 2022-05-03 | CVE-2022-1343 | Improper Certificate Validation vulnerability in Openssl 3.0.0/3.0.1/3.0.2 The function `OCSP_basic_verify` verifies the signer certificate on an OCSP response. | 4.3 |
| 2022-05-03 | CVE-2022-1434 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Openssl 3.0.0/3.0.1/3.0.2 The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. | 4.3 |
| 2022-05-03 | CVE-2022-1473 | Improper Resource Shutdown or Release vulnerability in Openssl 3.0.0/3.0.1/3.0.2 The OPENSSL_LH_flush() function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. | 5.0 |
| 2022-03-15 | CVE-2022-0778 | Infinite Loop vulnerability in multiple products The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. | 5.0 |
| 2022-01-28 | CVE-2021-4160 | There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. | 4.3 |
| 2021-12-14 | CVE-2021-4044 | Infinite Loop vulnerability in multiple products Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. | 5.0 |
| 2021-08-24 | CVE-2021-3711 | Classic Buffer Overflow vulnerability in multiple products In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). | 7.5 |
| 2021-08-24 | CVE-2021-3712 | Out-of-bounds Read vulnerability in multiple products ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. | 5.8 |