Vulnerabilities > Openssl > Openssl > High

DATE CVE VULNERABILITY TITLE RISK
2023-10-25 CVE-2023-5363 Issue summary: A bug has been identified in the processing of key and initialisation vector (IV) lengths.
network
low complexity
openssl debian netapp
7.5
2023-09-08 CVE-2023-4807 Unspecified vulnerability in Openssl
Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications on the Windows 64 platform when running on newer X86_64 processors supporting the AVX512-IFMA instructions. Impact summary: If in an application that uses the OpenSSL library an attacker can influence whether the POLY1305 MAC algorithm is used, the application state might be corrupted with various application dependent consequences. The POLY1305 MAC (message authentication code) implementation in OpenSSL does not save the contents of non-volatile XMM registers on Windows 64 platform when calculating the MAC of data larger than 64 bytes.
local
low complexity
openssl
7.8
2023-03-22 CVE-2023-0464 Improper Certificate Validation vulnerability in Openssl
A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints.
network
low complexity
openssl CWE-295
7.5
2023-02-08 CVE-2022-4450 Double Free vulnerability in multiple products
The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g.
network
low complexity
openssl stormshield CWE-415
7.5
2023-02-08 CVE-2023-0215 Use After Free vulnerability in multiple products
The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO.
network
low complexity
openssl stormshield CWE-416
7.5
2023-02-08 CVE-2023-0216 NULL Pointer Dereference vulnerability in multiple products
An invalid pointer dereference on read can be triggered when an application tries to load malformed PKCS7 data with the d2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions. The result of the dereference is an application crash which could lead to a denial of service attack.
network
low complexity
openssl stormshield CWE-476
7.5
2023-02-08 CVE-2023-0217 NULL Pointer Dereference vulnerability in Openssl
An invalid pointer dereference on read can be triggered when an application tries to check a malformed DSA public key by the EVP_PKEY_public_check() function.
network
low complexity
openssl CWE-476
7.5
2023-02-08 CVE-2023-0286 Type Confusion vulnerability in multiple products
There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName.
network
high complexity
openssl stormshield CWE-843
7.4
2023-02-08 CVE-2023-0401 NULL Pointer Dereference vulnerability in multiple products
A NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data.
network
low complexity
openssl stormshield CWE-476
7.5
2022-12-13 CVE-2022-3996 Improper Locking vulnerability in Openssl
If an X.509 certificate contains a malformed policy constraint and policy processing is enabled, then a write lock will be taken twice recursively.
network
low complexity
openssl CWE-667
7.5