VYPR

rpm package

opensuse/openssl-1_1&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/openssl-1_1&distro=openSUSE%20Tumbleweed

Vulnerabilities (157)

  • CVE-2016-2107MedMay 5, 2016
    affected < 1.1.1l-1.2fixed 1.1.1l-1.2

    The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: thi

  • CVE-2016-2106HigMay 5, 2016
    affected < 1.1.1l-1.2fixed 1.1.1l-1.2

    Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data.

  • CVE-2016-2105HigMay 5, 2016
    affected < 1.1.1l-1.2fixed 1.1.1l-1.2

    Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data.

  • CVE-2016-0798HigMar 3, 2016
    affected < 1.1.1l-1.2fixed 1.1.1l-1.2

    Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory consumption) by providing an invalid username in a connection attempt, related to apps/s_server.c and crypto

  • CVE-2016-0797HigMar 3, 2016
    affected < 1.1.1l-1.2fixed 1.1.1l-1.2

    Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (

  • CVE-2016-0705CriMar 3, 2016
    affected < 1.1.1l-1.2fixed 1.1.1l-1.2

    Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA privat

  • CVE-2016-0702MedMar 3, 2016
    affected < 1.1.1l-1.2fixed 1.1.1l-1.2

    The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a craft

  • CVE-2016-0800MedMar 1, 2016
    affected < 1.1.1l-1.2fixed 1.1.1l-1.2

    The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciph

  • CVE-2016-0701LowFeb 15, 2016
    affected < 1.1.1l-1.2fixed 1.1.1l-1.2

    The DH_check_pub_key function in crypto/dh/dh_check.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman (DH) key exchange, which makes it easier for remote attackers to discover a private DH exponent by making multiple handshakes

  • CVE-2015-3197MedFeb 15, 2016
    affected < 1.1.1l-1.2fixed 1.1.1l-1.2

    ssl/s2_srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f does not prevent use of disabled ciphers, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by performing computations on SSLv2 traffic, related to the get_clien

  • CVE-2015-3196Dec 6, 2015
    affected < 1.1.1l-1.2fixed 1.1.1l-1.2

    ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service (race condition and double free

  • CVE-2015-3195MedDec 6, 2015
    affected < 1.1.1l-1.2fixed 1.1.1l-1.2

    The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information fro

  • CVE-2015-3194HigDec 6, 2015
    affected < 1.1.1l-1.2fixed 1.1.1l-1.2

    crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation function parameter.

  • CVE-2015-3193HigDec 6, 2015
    affected < 1.1.1l-1.2fixed 1.1.1l-1.2

    The Montgomery squaring implementation in crypto/bn/asm/x86_64-mont5.pl in OpenSSL 1.0.2 before 1.0.2e on the x86_64 platform, as used by the BN_mod_exp function, mishandles carry propagation and produces incorrect output, which makes it easier for remote attackers to obtain sens

  • CVE-2015-1794Dec 6, 2015
    affected < 1.1.1l-1.2fixed 1.1.1l-1.2

    The ssl3_get_key_exchange function in ssl/s3_clnt.c in OpenSSL 1.0.2 before 1.0.2e allows remote servers to cause a denial of service (segmentation fault) via a zero p value in an anonymous Diffie-Hellman (DH) ServerKeyExchange message.

  • CVE-2015-1793MedJul 9, 2015
    affected < 1.1.1l-1.2fixed 1.1.1l-1.2

    The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA values during identification of alternative certificate chains, which allows remote attackers to spoof a Certification Author

  • CVE-2015-1792Jun 12, 2015
    affected < 1.1.1l-1.2fixed 1.1.1l-1.2

    The do_free_upto function in crypto/cms/cms_smime.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (infinite loop) via vectors that trigger a NULL value of a BIO data structure, as

  • CVE-2015-1791Jun 12, 2015
    affected < 1.1.1l-1.2fixed 1.1.1l-1.2

    Race condition in the ssl3_get_new_session_ticket function in ssl/s3_clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threaded client, allows remote attackers to cause a denial of service (double free and a

  • CVE-2015-1790Jun 12, 2015
    affected < 1.1.1l-1.2fixed 1.1.1l-1.2

    The PKCS7_dataDecodefunction in crypto/pkcs7/pk7_doit.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a PKCS#7 blob that uses A

  • CVE-2015-1789HigJun 12, 2015
    affected < 1.1.1l-1.2fixed 1.1.1l-1.2

    The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIM

Page 4 of 8