| Definition ID | Class | Title | Last Modified |
|---|
| oval:org.cisecurity:def:731 | V | Double free vulnerability in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g (CVE-2016-0705) | 2016-07-01 |
| oval:org.cisecurity:def:820 | V | Padding oracle in AES-NI CBC MAC check - CVE-2016-2107 | 2016-07-15 |
| oval:org.cisecurity:def:821 | V | Memory corruption in the ASN.1 encoder - CVE-2016-2108 | 2016-07-15 |
| oval:org.cisecurity:def:822 | V | ASN.1 BIO excessive memory allocation - CVE-2016-2109 | 2016-07-15 |
| oval:org.cisecurity:def:823 | V | EBCDIC overread - CVE-2016-2176 | 2016-07-15 |
| oval:org.cisecurity:def:824 | V | EVP_EncryptUpdate overflow - CVE-2016-2106 | 2016-07-15 |
| oval:org.cisecurity:def:825 | V | EVP_EncodeUpdate overflow - CVE-2016-2105 | 2016-07-15 |
| oval:org.cisecurity:def:1765 | V | Vulnerability in SSL 3.0 as used in OpenSSL through 1.0.1i - CVE-2014-3566 | 2017-02-24 |
| oval:org.cisecurity:def:1900 | V | The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages - CVE-2016-2179 | 2017-03-03 |
| oval:org.cisecurity:def:1901 | V | The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results - CVE-2016-2182 | 2017-03-03 |
| oval:org.cisecurity:def:1902 | V | The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations - CVE-2016-2178 | 2017-03-03 |
| oval:org.cisecurity:def:1903 | V | The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length - CVE-2016-6302 | 2017-03-03 |
| oval:org.cisecurity:def:1904 | V | Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service - CVE-2016-6303 | 2017-03-03 |
| oval:org.cisecurity:def:1905 | V | The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation in OpenSSL through 1.0.2h allows remote attackers to cause a denial of service - CVE-2016-2180 | 2017-03-03 |
| oval:org.cisecurity:def:1906 | V | The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number - CVE-2016-2181 | 2017-03-03 |
| oval:org.cisecurity:def:1907 | V | OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks - CVE-2016-2177 | 2017-03-03 |
| oval:org.cisecurity:def:1926 | V | Vulnerability in the ssl3_read_bytes function in record/rec_layer_s3.c in OpenSSL 1.1.0 before 1.1.0a - CVE-2016-6305 | 2017-03-03 |
| oval:org.cisecurity:def:1927 | V | Vulnerability in the state-machine implementation in OpenSSL 1.1.0 before 1.1.0a - CVE-2016-6307 | 2017-03-03 |
| oval:org.cisecurity:def:1928 | V | Vulnerability in certificate parser in OpenSSL 1.0.1 before 1.0.1u, and 1.0.2 before 1.0.2i - CVE-2016-6306 | 2017-03-03 |
| oval:org.cisecurity:def:1929 | V | Multiple memory leaks in OpenSSL 1.0.1 before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a - CVE-2016-6304 | 2017-03-03 |
| oval:org.cisecurity:def:1930 | V | Vulnerability in statem/statem.c in OpenSSL 1.1.0a - CVE-2016-6309 | 2017-03-03 |
| oval:org.cisecurity:def:1931 | V | Vulnerability in crypto/x509/x509_vfy.c in OpenSSL 1.0.2i - CVE-2016-7052 | 2017-03-03 |
| oval:org.cisecurity:def:1943 | V | Truncated packet could crash via OOB read in OpenSSL 1.0.2 before 1.0.2k, and 1.1.0 before 1.1.0d - CVE-2017-3731 | 2017-03-10 |
| oval:org.cisecurity:def:1944 | V | Montgomery multiplication may produce incorrect results in OpenSSL 1.0.2 before 1.0.2k, and 1.1.0 before 1.1.0c - CVE-2016-7055 | 2017-03-10 |
| oval:org.cisecurity:def:1945 | V | CMS Null dereference vulnerability in OpenSSL 1.1.0 before 1.1.0c - CVE-2016-7053 | 2017-03-10 |
| oval:org.cisecurity:def:1946 | V | ChaCha20/Poly1305 heap-buffer-overflow in OpenSSL 1.1.0 before 1.1.0c - CVE-2016-7054 | 2017-03-10 |
| oval:org.cisecurity:def:1947 | V | Encrypt-Then-Mac renegotiation crash in OpenSSL 1.1.0 before 1.1.0e - CVE-2017-3733 | 2017-03-10 |
| oval:org.cisecurity:def:1948 | V | statem/statem_dtls.c in the DTLS implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length - CVE-2016-6308 | 2017-03-10 |
| oval:org.cisecurity:def:1949 | V | Vulnerability in OpenSSL 1.1.0 before 1.1.0d - CVE-2017-3730 | 2017-03-10 |
| oval:org.cisecurity:def:1950 | V | Vulnerability in OpenSSL 1.1.0 before 1.1.0d and OpenSSL 1.0.2 before 1.0.2k - CVE-2017-3732 | 2017-03-10 |
| oval:org.mitre.oval:def:23963 | V | Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f allows remote attackers to execute arbitrary code via unspecified vectors | 2014-07-14 |
| oval:org.mitre.oval:def:24137 | V | The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior | 2014-08-04 |
| oval:org.mitre.oval:def:24168 | V | Vulnerability in OpenSSL 1.0.0 before 1.0.0l and 1.0.1 before 1.0.1f, might allow man-in-the-middle attackers to trigger the use of a different context and cause a denial of service (application crash) | 2014-08-04 |
| oval:org.mitre.oval:def:24227 | V | Vulnerability in OpenSSL 0.9.8k and earlier 0.9.8 versions, allows remote attackers to cause a denial of service (memory consumption) | 2014-08-18 |
| oval:org.mitre.oval:def:24241 | V | The TLS and DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read | 2014-07-14 |
| oval:org.mitre.oval:def:24249 | V | Vulnerability in OpenSSL before 0.9.8h on 32-bit platforms, allows remote attackers to obtain the private key of a TLS server via multiple handshake attempts | 2014-08-04 |
| oval:org.mitre.oval:def:24301 | V | Vulnerability in OpenSSL 0.9.8 - 0.9.8za, 1.0.0 - 1.0.0m and 1.0.1 - 1.0.1h, allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) | 2014-08-18 |
| oval:org.mitre.oval:def:24397 | V | Vulnerability in OpenSSL through 1.0.1g, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) | 2014-08-04 |
| oval:org.mitre.oval:def:24436 | V | Vulnerability in OpenSSL 1.0.0a, 0.9.8, 0.9.7, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code | 2014-08-04 |
| oval:org.mitre.oval:def:24603 | V | Vulnerability in OpenSSL 0.9.8 - 0.9.8za, 1.0.0 - 1.0.0m and 1.0.1 - 1.0.1h, allows remote attackers to cause a denial of service (recursion and client crash) | 2014-08-18 |
| oval:org.mitre.oval:def:24640 | V | Vulnerability in OpenSSL before 0.9.8s and 1.x before 1.0.0f, might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer | 2014-08-04 |
| oval:org.mitre.oval:def:24643 | V | Vulnerability in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c, allows remote attackers to cause a denial of service (crash) | 2014-08-04 |
| oval:org.mitre.oval:def:24700 | V | Vulnerability in OpenSSL before 1.0.0 Beta 2, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) | 2014-08-18 |
| oval:org.mitre.oval:def:24702 | V | Vulnerability in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, might allow remote attackers to execute arbitrary code | 2014-08-04 |
| oval:org.mitre.oval:def:24730 | V | Vulnerability in OpenSSL before 0.9.8s and 1.x before 1.0.0f, allows remote attackers to cause a denial of service (assertion failure) | 2014-08-04 |
| oval:org.mitre.oval:def:24733 | V | Vulnerability in OpenSSL 1.0.0d and earlier, makes easier for context-dependent attackers to determine private keys | 2014-08-04 |
| oval:org.mitre.oval:def:24741 | V | OpenSSL vulnerability in 0.9.8, makes it easier for man-in-the-middle attackers to obtain the shared secret key by modifying network traffic | 2014-08-04 |
| oval:org.mitre.oval:def:24750 | V | OpenSSL vulnerability in 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a, allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact | 2014-08-04 |
| oval:org.mitre.oval:def:24756 | V | OpenSSL vulnerability before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d, allows remote OCSP servers to cause a denial of service | 2014-08-04 |
| oval:org.mitre.oval:def:24765 | V | Vulnerability in OpenSSL before 0.9.8s and 1.x before 1.0.0f, allows remote attackers to cause a denial of service (CPU consumption) | 2014-08-04 |
| oval:org.mitre.oval:def:24768 | V | OpenSSL vulnerability in before 0.9.8u and 1.x before 1.0.0h, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) | 2014-08-04 |
| oval:org.mitre.oval:def:24792 | V | Vulnerability in OpenSSL before 0.9.8n, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) | 2014-08-18 |
| oval:org.mitre.oval:def:24824 | V | OpenSSL vulnerability in versions before 1.0.0f, allows remote attackers to cause a denial of service (daemon crash) | 2014-08-04 |
| oval:org.mitre.oval:def:24870 | V | OpenSSL vulnerability in 1.0.1 before 1.0.1d, allows remote attackers to cause a denial of service (application crash) | 2014-08-04 |
| oval:org.mitre.oval:def:24897 | V | OpenSSL vulnerability in before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact | 2014-08-04 |
| oval:org.mitre.oval:def:24936 | V | Vulnerability in OpenSSL before 0.9.8s and 1.x before 1.0.0f, performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext | 2014-08-04 |
| oval:org.mitre.oval:def:24938 | V | OpenSSL vulnerability before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d, allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks | 2014-08-04 |
| oval:org.mitre.oval:def:24950 | V | Vulnerability in OpenSSL before 0.9.8o and 1.x before 1.0.0a, allows context-dependent attackers to modify invalid memory locations or conduct double-free attacks, and possibly execute arbitrary code | 2014-08-18 |
| oval:org.mitre.oval:def:24952 | V | Vulnerability in OpenSSL 1.x before 1.0.0a, might allow context-dependent attackers to bypass intended key requirements or obtain sensitive information | 2014-08-04 |
| oval:org.mitre.oval:def:24954 | V | Vulnerability in OpenSSL 1.0.x before 1.0.0e, does not initialize certain structure members | 2014-08-04 |
| oval:org.mitre.oval:def:24955 | V | Vulnerability in OpenSSL 0.9.8 - 0.9.8za, 1.0.0 - 1.0.0m and 1.0.1 - 1.0.1h, allows remote attackers to cause a denial of service | 2014-12-08 |
| oval:org.mitre.oval:def:24969 | V | Vulnerability in OpenSSL 0.9.8q, and 1.0.x before 1.0.0c, does not properly prevent modification of the ciphersuite in the session cache | 2014-08-04 |
| oval:org.mitre.oval:def:24989 | V | OpenSSL vulnerability in 0.9.8s and 1.0.0f, allows remote attackers to cause a denial of service (crash) | 2014-08-04 |
| oval:org.mitre.oval:def:24993 | V | Vulnerability in OpenSSL before 1.0.0c, does not properly validate the public parameters in the J-PAKE protocol | 2014-08-04 |
| oval:org.mitre.oval:def:25001 | V | Vulnerability in OpenSSL before 1.0.2, obtains a certain version number from an incorrect data structure, which allows remote attackers to cause a denial of service (daemon crash) | 2014-08-04 |
| oval:org.mitre.oval:def:25015 | V | Vulnerability in OpenSSL 0.9.8 through 0.9.8r and 1.0.x before 1.0.0e, allows remote attackers to cause a denial of service (daemon crash) | 2014-08-04 |
| oval:org.mitre.oval:def:25018 | V | OpenSSL vulnerability in before 0.9.8v allow remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact | 2014-08-04 |
| oval:org.mitre.oval:def:25032 | V | Vulnerability in OpenSSL 1.0.1 before 1.0.1f, allows remote TLS servers to cause a denial of service (NULL pointer dereference and application crash) | 2014-08-04 |
| oval:org.mitre.oval:def:25037 | V | Vulnerability in OpenSSL before 0.9.8l, and 0.9.8m through 1.x, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols | 2014-08-04 |
| oval:org.mitre.oval:def:25039 | V | Vulnerability in OpenSSL 0.9.8 - 0.9.8za, 1.0.0 - 1.0.0m and 1.0.1 - 1.0.1h, allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information | 2014-08-18 |
| oval:org.mitre.oval:def:25052 | V | OpenSSL vulnerability in before 0.9.8u and 1.x before 1.0.0h makes it easier for context-dependent attackers to decrypt data | 2014-08-04 |
| oval:org.mitre.oval:def:25058 | V | Vulnerability in OpenSSL 1.x through 1.0.1g allows remote attackers to cause a denial of service | 2014-08-04 |
| oval:org.mitre.oval:def:25059 | V | Vulnerability in OpenSSL 0.9.8 before 0.9.8s, allows remote attackers to have an unspecified impact by triggering failure of a policy check | 2014-08-04 |
| oval:org.mitre.oval:def:25065 | V | Vulnerability in OpenSSL 0.9.8f through 0.9.8m, allows remote attackers to cause a denial of service (crash) | 2014-08-18 |
| oval:org.mitre.oval:def:25083 | V | Vulnerability in OpenSSL 0.9.8h through 0.9.8j, allows remote attackers to repudiate a signature that originally appeared to be valid but was actually invalid | 2014-08-18 |
| oval:org.mitre.oval:def:25086 | V | Vulnerability in OpenSSL before 0.9.8k on WIN64, allows remote attackers to cause a denial of service (invalid memory access and application crash) | 2014-08-18 |
| oval:org.mitre.oval:def:25097 | V | Vulnerability in OpenSSL before 0.9.8i, allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL | 2014-08-18 |
| oval:org.mitre.oval:def:25108 | V | Vulnerability in OpenSSL before 0.9.8i, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) | 2014-08-18 |
| oval:org.mitre.oval:def:25119 | V | Vulnerability in OpenSSL 1.0.0 Beta 2, allows remote attackers to cause a denial of service (openssl s_client crash) | 2014-08-18 |
| oval:org.mitre.oval:def:25124 | V | Vulnerability in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4, allows remote attackers to cause a denial of service (memory consumption) | 2014-08-18 |
| oval:org.mitre.oval:def:25158 | V | Vulnerability in OpenSSL before 0.9.8m, does not check for a NULL return value from bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, and (4) engines/e_ubsec.c | 2014-08-18 |
| oval:org.mitre.oval:def:25180 | V | Vulnerability in OpenSSL 0.9.8 through 0.9.8k, might allow remote attackers to spoof certificates | 2014-08-18 |
| oval:org.mitre.oval:def:25196 | V | Vulnerability in OpenSSL before 0.9.8k, allows remote attackers to cause a denial of service (invalid memory access and application crash) | 2014-08-18 |
| oval:org.mitre.oval:def:25212 | V | Vulnerability in OpenSSL 0.9.6, allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack | 2014-08-18 |
| oval:org.mitre.oval:def:25950 | V | Vulnerability in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, allows remote DTLS servers to cause a denial of service (NULL pointer dereference and client application crash) | 2014-10-13 |
| oval:org.mitre.oval:def:25965 | V | Vulnerability in OpenSSL 1.0.1 before 1.0.1i, allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact | 2014-10-13 |
| oval:org.mitre.oval:def:26147 | V | Vulnerability in OpenSSL 1.0.0 before 1.0.0n and 1.0.1 before 1.0.1i, allows remote SSL servers to cause a denial of service (memory overwrite and client application crash) or possibly have unspecified other impact by sending Elliptic Curve (EC) Supported Point Formats Extension data | 2014-10-13 |
| oval:org.mitre.oval:def:26274 | V | Vulnerability in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, allows context-dependent attackers to obtain sensitive information from process stack memory | 2014-10-13 |
| oval:org.mitre.oval:def:26293 | V | Vulnerability in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, allows remote attackers to cause a denial of service (CVE-2014-3507) | 2014-10-13 |
| oval:org.mitre.oval:def:26324 | V | Vulnerability in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, allows remote attackers to cause a denial of service (CVE-2014-3506) | 2014-10-13 |
| oval:org.mitre.oval:def:26342 | V | Vulnerability in OpenSSL 1.0.1 before 1.0.1i, allows man-in-the-middle attackers to force the use of TLS 1.0 by triggering ClientHello message fragmentation in communication between a client and server that both support later TLS versions, related to a "protocol downgrade" issue | 2014-10-13 |
| oval:org.mitre.oval:def:26369 | V | Vulnerability in OpenSSL 1.0.1 before 1.0.1i, allows remote SSL servers to cause a denial of service | 2014-10-13 |
| oval:org.mitre.oval:def:26491 | V | Vulnerability in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, allows remote attackers to cause a denial of service (application crash) via crafted DTLS packets that trigger an error condition | 2014-10-13 |