Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog Docs About Contact

openssl vulnerabilities and exploits

(subscribe to this query)
2.6
CVSSv2

CVE-2011-1945

The elliptic curve cryptography (ECC) subsystem in OpenSSL 1.0.0d and previous versions, when the Elliptic Curve Digital Signature Algorithm (ECDSA) is used for the ECDHE_ECDSA cipher suite, does not properly implement curves over binary fields, which makes it easier for context-...
Openssl OpensslOpenssl Openssl 0.9.1cOpenssl Openssl 0.9.2bOpenssl Openssl 0.9.3Openssl Openssl 0.9.3aOpenssl Openssl 0.9.4Openssl Openssl 0.9.5Openssl Openssl 0.9.5aOpenssl Openssl 0.9.6Openssl Openssl 0.9.6aOpenssl Openssl 0.9.6bOpenssl Openssl 0.9.6c
4.3
CVSSv2

CVE-2011-4108

The DTLS implementation in OpenSSL prior to 0.9.8s and 1.x prior to 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote malicious users to recover plaintext via a padding oracle attack.
Openssl OpensslOpenssl Openssl 0.9.1cOpenssl Openssl 0.9.2bOpenssl Openssl 0.9.4Openssl Openssl 0.9.5Openssl Openssl 0.9.5aOpenssl Openssl 0.9.6Openssl Openssl 0.9.6aOpenssl Openssl 0.9.6bOpenssl Openssl 0.9.6cOpenssl Openssl 0.9.6dOpenssl Openssl 0.9.6e
5
CVSSv2

CVE-2011-4576

The SSL 3.0 implementation in OpenSSL prior to 0.9.8s and 1.x prior to 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote malicious users to obtain sensitive information by decrypting the padding data sent by an SSL peer.
Openssl OpensslOpenssl Openssl 0.9.1cOpenssl Openssl 0.9.2bOpenssl Openssl 0.9.4Openssl Openssl 0.9.5Openssl Openssl 0.9.5aOpenssl Openssl 0.9.6Openssl Openssl 0.9.6aOpenssl Openssl 0.9.6bOpenssl Openssl 0.9.6cOpenssl Openssl 0.9.6dOpenssl Openssl 0.9.6e
4.3
CVSSv2

CVE-2011-4577

OpenSSL prior to 0.9.8s and 1.x prior to 1.0.0f, when RFC 3779 support is enabled, allows remote malicious users to cause a denial of service (assertion failure) via an X.509 certificate containing certificate-extension data associated with (1) IP address blocks or (2) Autonomous...
Openssl OpensslOpenssl Openssl 0.9.1cOpenssl Openssl 0.9.2bOpenssl Openssl 0.9.4Openssl Openssl 0.9.5Openssl Openssl 0.9.5aOpenssl Openssl 0.9.6Openssl Openssl 0.9.6aOpenssl Openssl 0.9.6bOpenssl Openssl 0.9.6cOpenssl Openssl 0.9.6dOpenssl Openssl 0.9.6e
5
CVSSv2

CVE-2011-4619

The Server Gated Cryptography (SGC) implementation in OpenSSL prior to 0.9.8s and 1.x prior to 1.0.0f does not properly handle handshake restarts, which allows remote malicious users to cause a denial of service (CPU consumption) via unspecified vectors.
Openssl OpensslOpenssl Openssl 0.9.1cOpenssl Openssl 0.9.2bOpenssl Openssl 0.9.4Openssl Openssl 0.9.5Openssl Openssl 0.9.5aOpenssl Openssl 0.9.6Openssl Openssl 0.9.6aOpenssl Openssl 0.9.6bOpenssl Openssl 0.9.6cOpenssl Openssl 0.9.6dOpenssl Openssl 0.9.6e
5.3
CVSSv3

CVE-2023-3817

Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that...
Openssl OpensslOpenssl Openssl 1.0.2Openssl Openssl 1.0.2aOpenssl Openssl 1.0.2bOpenssl Openssl 1.0.2cOpenssl Openssl 1.0.2dOpenssl Openssl 1.0.2eOpenssl Openssl 1.0.2fOpenssl Openssl 1.0.2gOpenssl Openssl 1.0.2hOpenssl Openssl 1.0.2iOpenssl Openssl 1.0.2j
7.5
CVSSv2

CVE-2010-0742

The Cryptographic Message Syntax (CMS) implementation in crypto/cms/cms_asn1.c in OpenSSL prior to 0.9.8o and 1.x prior to 1.0.0a does not properly handle structures that contain OriginatorInfo, which allows context-dependent malicious users to modify invalid memory locations or ...
Openssl OpensslOpenssl Openssl 0.9.1cOpenssl Openssl 0.9.2bOpenssl Openssl 0.9.3Openssl Openssl 0.9.3aOpenssl Openssl 0.9.4Openssl Openssl 0.9.5Openssl Openssl 0.9.5aOpenssl Openssl 0.9.6Openssl Openssl 0.9.6aOpenssl Openssl 0.9.6bOpenssl Openssl 0.9.6c
5
CVSSv2

CVE-2006-7250

The mime_hdr_cmp function in crypto/asn1/asn_mime.c in OpenSSL 0.9.8t and previous versions allows remote malicious users to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message.
Openssl OpensslOpenssl Openssl 0.9.1cOpenssl Openssl 0.9.2bOpenssl Openssl 0.9.3Openssl Openssl 0.9.3aOpenssl Openssl 0.9.4Openssl Openssl 0.9.5Openssl Openssl 0.9.5aOpenssl Openssl 0.9.6Openssl Openssl 0.9.6aOpenssl Openssl 0.9.6bOpenssl Openssl 0.9.6c
5
CVSSv2

CVE-2012-0027

The GOST ENGINE in OpenSSL prior to 1.0.0f does not properly handle invalid parameters for the GOST block cipher, which allows remote malicious users to cause a denial of service (daemon crash) via crafted data from a TLS client.
Openssl OpensslOpenssl Openssl 0.9.1cOpenssl Openssl 0.9.2bOpenssl Openssl 0.9.3Openssl Openssl 0.9.3aOpenssl Openssl 0.9.4Openssl Openssl 0.9.5Openssl Openssl 0.9.5aOpenssl Openssl 0.9.6Openssl Openssl 0.9.6aOpenssl Openssl 0.9.6bOpenssl Openssl 0.9.6c
4.3
CVSSv2

CVE-2014-3510

The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL 0.9.8 prior to 0.9.8zb, 1.0.0 prior to 1.0.0n, and 1.0.1 prior to 1.0.1i allows remote DTLS servers to cause a denial of service (NULL pointer dereference and client application crash) via a crafted handshake mess...
Openssl Openssl 0.9.8Openssl Openssl 0.9.8aOpenssl Openssl 0.9.8bOpenssl Openssl 0.9.8cOpenssl Openssl 0.9.8dOpenssl Openssl 0.9.8eOpenssl Openssl 0.9.8fOpenssl Openssl 0.9.8gOpenssl Openssl 0.9.8hOpenssl Openssl 0.9.8iOpenssl Openssl 0.9.8jOpenssl Openssl 0.9.8k
Preferred Score:
CVSSv3
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
CVE-2025-3248thanhtungtntremote code executioncodepen embed blockCVE-2025-6354chris coyierCVE-2025-50025nitin yawalkarcode executionCVE-2025-50038CVE-2023-0386cross-site scriptingCVE-2025-6351
Home
/
Search Results
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook