Vulnerabilities > Openssl > Openssl > 1.1.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-03-25 | CVE-2021-3449 | NULL Pointer Dereference vulnerability in multiple products An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. | 5.9 |
2021-02-16 | CVE-2021-23841 | NULL Pointer Dereference vulnerability in multiple products The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. | 5.9 |
2021-02-16 | CVE-2021-23840 | Integer Overflow or Wraparound vulnerability in multiple products Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. | 7.5 |
2020-12-08 | CVE-2020-1971 | NULL Pointer Dereference vulnerability in multiple products The X.509 GeneralName type is a generic type for representing different types of names. | 5.9 |
2019-12-06 | CVE-2019-1551 | Integer Overflow or Wraparound vulnerability in multiple products There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. | 5.3 |
2019-09-10 | CVE-2019-1563 | Information Exposure Through Discrepancy vulnerability in Openssl In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. | 3.7 |
2019-09-10 | CVE-2019-1549 | Use of Insufficiently Random Values vulnerability in Openssl OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). | 5.3 |
2019-09-10 | CVE-2019-1547 | Unspecified vulnerability in Openssl Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. | 4.7 |
2019-07-30 | CVE-2019-1552 | Improper Certificate Validation vulnerability in Openssl OpenSSL has internal defaults for a directory tree where it can find a configuration file as well as certificates used for verification in TLS. | 3.3 |
2019-03-06 | CVE-2019-1543 | Use of Insufficiently Random Values vulnerability in Openssl ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. | 7.4 |