Vulnerabilities > Openssl > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-03-06 | CVE-2019-1543 | Use of Insufficiently Random Values vulnerability in Openssl ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. | 7.4 |
2018-06-12 | CVE-2018-0732 | Key Management Errors vulnerability in multiple products During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. | 7.5 |
2017-11-13 | CVE-2016-8610 | A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. | 7.5 |
2017-05-04 | CVE-2017-3733 | Improper Input Validation vulnerability in multiple products During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL 1.1.0 before 1.1.0e to crash (dependent on ciphersuite). | 7.5 |
2017-05-04 | CVE-2017-3731 | Out-of-bounds Read vulnerability in multiple products If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. | 7.5 |
2017-05-04 | CVE-2017-3730 | NULL Pointer Dereference vulnerability in multiple products In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. | 7.5 |
2017-05-04 | CVE-2016-7054 | Improper Access Control vulnerability in Openssl 1.1.0/1.1.0A/1.1.0B In OpenSSL 1.1.0 before 1.1.0c, TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads. | 7.5 |
2017-05-04 | CVE-2016-7053 | NULL Pointer Dereference vulnerability in Openssl 1.1.0/1.1.0A/1.1.0B In OpenSSL 1.1.0 before 1.1.0c, applications parsing invalid CMS structures can crash with a NULL pointer dereference. | 7.5 |
2016-09-26 | CVE-2016-7052 | NULL Pointer Dereference vulnerability in multiple products crypto/x509/x509_vfy.c in OpenSSL 1.0.2i allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by triggering a CRL operation. | 7.5 |
2016-09-26 | CVE-2016-6305 | Improper Input Validation vulnerability in Openssl 1.1.0 The ssl3_read_bytes function in record/rec_layer_s3.c in OpenSSL 1.1.0 before 1.1.0a allows remote attackers to cause a denial of service (infinite loop) by triggering a zero-length record in an SSL_peek call. | 7.5 |