Vulnerabilities > Openssl
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-05-04 | CVE-2016-7054 | Improper Access Control vulnerability in Openssl 1.1.0/1.1.0A/1.1.0B In OpenSSL 1.1.0 before 1.1.0c, TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads. | 7.5 |
| 2017-05-04 | CVE-2016-7053 | NULL Pointer Dereference vulnerability in Openssl 1.1.0/1.1.0A/1.1.0B In OpenSSL 1.1.0 before 1.1.0c, applications parsing invalid CMS structures can crash with a NULL pointer dereference. | 7.5 |
| 2016-09-26 | CVE-2016-7052 | NULL Pointer Dereference vulnerability in multiple products crypto/x509/x509_vfy.c in OpenSSL 1.0.2i allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by triggering a CRL operation. | 7.5 |
| 2016-09-26 | CVE-2016-6309 | Use After Free vulnerability in Openssl 1.1.0A statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc call, which allows remote attackers to cause a denial of service (use-after-free) or possibly execute arbitrary code via a crafted TLS session. | 9.8 |
| 2016-09-26 | CVE-2016-6308 | Resource Management Errors vulnerability in Openssl 1.1.0 statem/statem_dtls.c in the DTLS implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via crafted DTLS messages. | 5.9 |
| 2016-09-26 | CVE-2016-6307 | Resource Exhaustion vulnerability in Openssl 1.1.0 The state-machine implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via crafted TLS messages, related to statem/statem.c and statem/statem_lib.c. | 5.9 |
| 2016-09-26 | CVE-2016-6306 | Out-of-bounds Read vulnerability in multiple products The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c. | 5.9 |
| 2016-09-26 | CVE-2016-6305 | Improper Input Validation vulnerability in Openssl 1.1.0 The ssl3_read_bytes function in record/rec_layer_s3.c in OpenSSL 1.1.0 before 1.1.0a allows remote attackers to cause a denial of service (infinite loop) by triggering a zero-length record in an SSL_peek call. | 7.5 |
| 2016-09-26 | CVE-2016-6304 | Memory Leak vulnerability in multiple products Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions. | 7.5 |
| 2016-09-16 | CVE-2016-6303 | Out-of-bounds Write vulnerability in multiple products Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors. | 9.8 |