|
51
|
5.3
5.0
|
MEDIUM
Network
|
AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data th…
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2022-2097
|
cpe:2.3:a:openssl:openssl:*:*
|
1.1.1 3.0.0
|
|
|
1.1.1q 3.0.5
|
2024-11-21 16:00
2022-07-5
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
52
|
9.8
10.0
|
CRITICAL
Network
|
The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys…
|
CWE-787
Out-of-bounds Write
|
CVE-2022-2274
|
cpe:2.3:a:openssl:openssl:3.0.4:*
|
|
|
|
|
2024-11-21 16:00
2022-07-1
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
53
|
9.8
10.0
|
CRITICAL
Network
|
In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command inj…
|
CWE-78
OS Command
|
CVE-2022-2068
|
cpe:2.3:a:openssl:openssl:*:*
|
3.0.0 1.1.1 1.0.2
|
|
|
3.0.4 1.1.1p 1.0.2zf
|
2024-11-21 16:00
2022-06-22
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
54
|
7.5
5.0
|
HIGH
Network
|
The OPENSSL_LH_flush() function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. This function is used when decoding certificat…
|
CWE-459
Incomplete Cleanup
|
CVE-2022-1473
|
cpe:2.3:a:openssl:openssl:*:*
|
3.0.0
|
|
|
3.0.3
|
2024-11-21 15:40
2022-05-4
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
55
|
5.9
4.3
|
MEDIUM
Network
|
The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially predictable. An attacker could exploit this issue by performin…
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2022-1434
|
cpe:2.3:a:openssl:openssl:*:*
|
3.0.0
|
|
|
3.0.3
|
2024-11-21 15:40
2022-05-4
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
56
|
5.3
4.3
|
MEDIUM
Network
|
The function `OCSP_basic_verify` verifies the signer certificate on an OCSP response. In the case where the (non-default) flag OCSP_NOCHECKS is used then the response will be positive (meaning a succ…
|
CWE-295
Improper Certificate Validation
|
CVE-2022-1343
|
cpe:2.3:a:openssl:openssl:*:*
|
3.0.0
|
|
|
3.0.3
|
2024-11-21 15:40
2022-05-4
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
57
|
9.8
10.0
|
CRITICAL
Network
|
The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. …
|
CWE-78
OS Command
|
CVE-2022-1292
|
cpe:2.3:a:openssl:openssl:*:*
|
3.0.0 1.0.2 1.1.1
|
|
|
3.0.3 1.0.2ze 1.1.1o
|
2024-11-21 15:40
2022-05-4
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
58
|
7.5
5.0
|
HIGH
Network
|
The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates tha…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2022-0778
|
cpe:2.3:a:openssl:openssl:*:*
|
1.0.2 1.1.0 3.0.0
|
|
|
1.0.2zd 1.1.1n 3.0.2
|
2026-04-14 19:16
2022-03-16
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
59
|
5.9
4.3
|
MEDIUM
Network
|
There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of the TLS 1.3 default curves. Impact was not analyzed in detail, because…
|
NVD-CWE-noinfo
|
CVE-2021-4160
|
cpe:2.3:a:openssl:openssl:3.0.0:beta2 cpe:2.3:a:openssl:openssl:3.0.0:beta1 cpe:2.3:a:openssl:openssl:3.0.0:alpha…
|
1.0.2 1.1.1
|
1.0.2zb
|
|
1.1.1m
|
2024-11-21 15:37
2022-01-29
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
60
|
7.5
5.0
|
HIGH
Network
|
Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error (…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2021-4044
|
cpe:2.3:a:openssl:openssl:3.0.0:* cpe:2.3:a:openssl:openssl:1.1.0:* cpe:2.3:a:openssl:openssl:*:*
|
|
|
|
1.0.2
|
2024-11-21 15:36
2021-12-15
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|