Vulnerabilities > Openssl > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-01 | CVE-2022-2274 | Out-of-bounds Write vulnerability in multiple products The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. | 9.8 |
| 2022-06-21 | CVE-2022-2068 | OS Command Injection vulnerability in multiple products In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. | 9.8 |
| 2022-05-03 | CVE-2022-1292 | OS Command Injection vulnerability in multiple products The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. | 9.8 |
| 2021-08-24 | CVE-2021-3711 | Classic Buffer Overflow vulnerability in multiple products In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). | 9.8 |
| 2016-09-26 | CVE-2016-6309 | Use After Free vulnerability in Openssl 1.1.0A statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc call, which allows remote attackers to cause a denial of service (use-after-free) or possibly execute arbitrary code via a crafted TLS session. | 9.8 |
| 2016-09-16 | CVE-2016-6303 | Out-of-bounds Write vulnerability in multiple products Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors. | 9.8 |
| 2016-09-16 | CVE-2016-2182 | Out-of-bounds Write vulnerability in multiple products The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors. | 9.8 |
| 2016-06-20 | CVE-2016-2177 | Integer Overflow or Wraparound vulnerability in multiple products OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c. | 9.8 |
| 2016-05-05 | CVE-2016-2108 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the "negative zero" issue. | 9.8 |
| 2016-03-03 | CVE-2016-2842 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Openssl The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-0799. | 9.8 |