Known Vulnerabilities for products from Openssl
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Openssl".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-34054 | Not Provided | 2026-03-31 | 2026-03-31 | |
| CVE-2026-33895 | Not Provided | 2026-03-27 | 2026-03-31 | |
| CVE-2021-23841 | The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and ... | 5.9 - MEDIUM | 2021-02-16 | 2023-11-07 |
| CVE-2021-23840 | Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases wher... | 7.5 - HIGH | 2021-02-16 | 2023-11-07 |
| CVE-2021-23839 | OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 ... | 3.7 - LOW | 2021-02-16 | 2023-11-07 |
| CVE-2021-4044 | Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. That f... | 7.5 - HIGH | 2021-12-14 | 2023-11-09 |
| CVE-2021-3712 | ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the strin... | 7.4 - HIGH | 2021-08-24 | 2023-11-07 |
| CVE-2021-3711 | In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an a... | 9.8 - CRITICAL | 2021-08-24 | 2023-11-07 |
| CVE-2021-3450 | The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is... | 7.4 - HIGH | 2021-03-25 | 2023-11-07 |
| CVE-2021-3449 | An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 r... | 5.9 - MEDIUM | 2021-03-25 | 2023-11-07 |
| CVE-2021-3149 | On Netshield NANO 25 10.2.18 devices, /usr/local/webmin/System/manual_ping.cgi allows OS command injection (after authenticat... | 7.2 - HIGH | 2021-02-22 | 2022-07-25 |
| CVE-2020-7043 | An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL before 1.0.2. tunnel.c mishandles certificate validatio... | 9.1 - CRITICAL | 2020-02-27 | 2023-11-07 |
| CVE-2020-7042 | An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles certificate validat... | 5.3 - MEDIUM | 2020-02-27 | 2023-11-07 |
| CVE-2020-7041 | An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles certificate validat... | 5.3 - MEDIUM | 2020-02-27 | 2023-11-07 |
| CVE-2020-1971 | The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as E... | 5.9 - MEDIUM | 2020-12-08 | 2023-11-07 |
| CVE-2020-1968 | The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-maste... | 3.7 - LOW | 2020-09-09 | 2022-11-21 |
| CVE-2020-1967 | Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a... | 7.5 - HIGH | 2020-04-21 | 2023-11-07 |
| CVE-2019-1563 | In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker... | 3.7 - LOW | 2019-09-10 | 2023-11-07 |
| CVE-2019-1559 | If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and onc... | 5.9 - MEDIUM | 2019-02-27 | 2023-11-07 |
| CVE-2019-1552 | OpenSSL has internal defaults for a directory tree where it can find a configuration file as well as certificates used for ve... | 3.3 - LOW | 2019-07-30 | 2023-11-07 |
Known software with vulnerabilities from Openssl
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Openssl | Fips Object Module | - |
| Application | Openssl | Openssl | - |