Known Vulnerabilities for Openssl by Openssl Project
Listed below are 8 of the newest known vulnerabilities associated with "Openssl" by "Openssl Project".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-34054 | vcpkg is a free and open-source C/C++ package manager. Prior to version 3.6.1#3, vcpkg's Windows builds of OpenSSL set openss... | Not Provided | 2026-03-31 | 2026-03-31 |
| CVE-2026-33895 | Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0... | Not Provided | 2026-03-27 | 2026-03-31 |
| CVE-2018-20997 | An issue was discovered in the openssl crate before 0.10.9 for Rust. A use-after-free occurs in CMS Signing. | 9.8 - CRITICAL | 2019-08-26 | 2023-02-27 |
| CVE-2016-10931 | An issue was discovered in the openssl crate before 0.9.0 for Rust. There is an SSL/TLS man-in-the-middle vulnerability becau... | 8.1 - HIGH | 2019-08-26 | 2023-02-27 |
| CVE-2009-1387 | The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to caus... | 5 - MEDIUM | 2009-06-04 | 2022-02-02 |
| CVE-2009-1386 | ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daem... | 5 - MEDIUM | 2009-06-04 | 2023-02-13 |
| CVE-2009-1378 | Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 v... | 5 - MEDIUM | 2009-05-19 | 2022-02-02 |
| CVE-2009-1377 | The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to caus... | 5 - MEDIUM | 2009-05-19 | 2022-02-02 |
| CVE-2008-1672 | OpenSSL 0.9.8f and 0.9.8g allows remote attackers to cause a denial of service (crash) via a TLS handshake that omits the Ser... | 4.3 - MEDIUM | 2008-05-29 | 2022-02-02 |
| CVE-2008-0166 | OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generat... | 7.8 - HIGH | 2008-05-13 | 2022-02-02 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Openssl Project | Openssl | 0.9.9 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.49 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.48 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.47 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.46 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.45 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.44 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.43 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.42 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.41 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.40 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.39 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.38 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.37 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.36 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.35 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.33 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.32 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.31 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.30 | All | All | All |