Vulnerabilities > Openssl > Openssl > 1.1.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-05-04 | CVE-2016-7054 | Improper Access Control vulnerability in Openssl 1.1.0/1.1.0A/1.1.0B In OpenSSL 1.1.0 before 1.1.0c, TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads. | 5.0 |
| 2017-05-04 | CVE-2016-7053 | NULL Pointer Dereference vulnerability in Openssl 1.1.0/1.1.0A/1.1.0B In OpenSSL 1.1.0 before 1.1.0c, applications parsing invalid CMS structures can crash with a NULL pointer dereference. | 5.0 |
| 2016-09-26 | CVE-2016-6308 | Resource Management Errors vulnerability in Openssl 1.1.0 statem/statem_dtls.c in the DTLS implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via crafted DTLS messages. | 5.9 |
| 2016-09-26 | CVE-2016-6307 | Resource Exhaustion vulnerability in Openssl 1.1.0 The state-machine implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via crafted TLS messages, related to statem/statem.c and statem/statem_lib.c. | 5.9 |
| 2016-09-26 | CVE-2016-6305 | Improper Input Validation vulnerability in Openssl 1.1.0 The ssl3_read_bytes function in record/rec_layer_s3.c in OpenSSL 1.1.0 before 1.1.0a allows remote attackers to cause a denial of service (infinite loop) by triggering a zero-length record in an SSL_peek call. | 7.5 |
| 2016-09-26 | CVE-2016-6304 | Memory Leak vulnerability in multiple products Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions. | 7.5 |