Vulnerabilities > Openssl

DATE CVE VULNERABILITY TITLE RISK
2022-06-21 CVE-2022-2068 OS Command Injection vulnerability in multiple products
In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review.
network
low complexity
openssl debian CWE-78
critical
10.0
2022-05-03 CVE-2022-1292 OS Command Injection vulnerability in Openssl
The c_rehash script does not properly sanitise shell metacharacters to prevent command injection.
network
low complexity
openssl CWE-78
critical
10.0
2022-05-03 CVE-2022-1343 Improper Certificate Validation vulnerability in Openssl 3.0.0/3.0.1/3.0.2
The function `OCSP_basic_verify` verifies the signer certificate on an OCSP response.
network
openssl CWE-295
4.3
2022-05-03 CVE-2022-1434 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Openssl 3.0.0/3.0.1/3.0.2
The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key.
network
openssl CWE-327
4.3
2022-05-03 CVE-2022-1473 Improper Resource Shutdown or Release vulnerability in Openssl 3.0.0/3.0.1/3.0.2
The OPENSSL_LH_flush() function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries.
network
low complexity
openssl CWE-404
5.0
2022-03-15 CVE-2022-0778 Infinite Loop vulnerability in multiple products
The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli.
network
low complexity
openssl debian netapp fedoraproject CWE-835
5.0
2022-01-28 CVE-2021-4160 There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure.
network
openssl debian
4.3
2021-12-14 CVE-2021-4044 Infinite Loop vulnerability in multiple products
Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server.
network
low complexity
openssl netapp CWE-835
5.0
2021-08-24 CVE-2021-3711 Classic Buffer Overflow vulnerability in multiple products
In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt().
network
low complexity
openssl debian netapp oracle tenable CWE-120
7.5
2021-08-24 CVE-2021-3712 Out-of-bounds Read vulnerability in multiple products
ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length.
5.8