Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

OpenSSL — Vulnerabilities & Security Advisories 104

All 104 CVE vulnerabilities found in OpenSSL, with AI-generated Chinese analysis, references, and POCs.

Vendor: OpenSSL

CVE IDTitleCVSSSeverityPaused
CVE-2026-31790 Incorrect Failure Handling in RSA KEM RSASVE Encapsulation CWE-754 7.5AIHighAI2026-04-07
CVE-2026-31789 Heap Buffer Overflow in Hexadecimal Conversion CWE-787 9.8AICriticalAI2026-04-07
CVE-2026-28390 Possible NULL Dereference When Processing CMS KeyTransportRecipientInfo CWE-476 7.5AIHighAI2026-04-07
CVE-2026-28389 Possible NULL Dereference When Processing CMS KeyAgreeRecipientInfo CWE-476 7.5AIHighAI2026-04-07
CVE-2026-28388 NULL Pointer Dereference When Processing a Delta CRL CWE-476 7.5AIHighAI2026-04-07
CVE-2026-28387 Potential Use-after-free in DANE Client Code CWE-416 9.8AICriticalAI2026-04-07
CVE-2026-28386 Out-of-bounds Read in AES-CFB-128 on X86-64 with AVX-512 Support CWE-125 7.5AIHighAI2026-04-07
CVE-2026-2673 OpenSSL TLS 1.3 server may choose unexpected key agreement group CWE-757 5.3 -2026-03-13
CVE-2026-22796 ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function CWE-754 7.5AIHighAI2026-01-27
CVE-2026-22795 Missing ASN1_TYPE validation in PKCS#12 parsing CWE-754 7.5AIHighAI2026-01-27
CVE-2025-69420 Missing ASN1_TYPE validation in TS_RESP_verify_response() function CWE-754 6.2AIMediumAI2026-01-27
CVE-2025-69421 NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function CWE-476 6.5AIMediumAI2026-01-27
CVE-2025-69419 Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion CWE-787 7.8AIHighAI2026-01-27
CVE-2025-69418 Unauthenticated/unencrypted trailing bytes with low-level OCB function calls CWE-325 9.1AICriticalAI2026-01-27
CVE-2025-68160 Heap out-of-bounds write in BIO_f_linebuffer on short writes CWE-787 7.5AIHighAI2026-01-27
CVE-2025-66199 TLS 1.3 CompressedCertificate excessive memory allocation CWE-789 7.5AIHighAI2026-01-27
CVE-2025-15469 'openssl dgst' one-shot codepath silently truncates inputs >16MB CWE-347 9.1AICriticalAI2026-01-27
CVE-2025-15468 NULL dereference in SSL_CIPHER_find() function on unknown cipher ID CWE-476 7.5AIHighAI2026-01-27
CVE-2025-15467 Stack buffer overflow in CMS (Auth)EnvelopedData parsing CWE-787 9.8 -2026-01-27
CVE-2025-11187 Improper validation of PBMAC1 parameters in PKCS#12 MAC verification CWE-787 8.8AIHighAI2026-01-27
CVE-2025-9232 Out-of-bounds read in HTTP client no_proxy handling CWE-125 7.5AIHighAI2025-09-30
CVE-2025-9231 Timing side-channel in SM2 algorithm on 64 bit ARM CWE-385 5.9AIMediumAI2025-09-30
CVE-2025-9230 Out-of-bounds read & write in RFC 3211 KEK Unwrap CWE-125 9.1AICriticalAI2025-09-30
CVE-2023-53159 rust-openssl 安全漏洞 CWE-126 4.5 Medium2025-07-28
CVE-2025-4575 The x509 application adds trusted use instead of rejected use CWE-295 7.5AIHighAI2025-05-22
CVE-2024-12797 RFC7250 handshakes with unauthenticated servers don't abort as expected CWE-392 7.4 -2025-02-11
CVE-2024-13176 Timing side-channel in ECDSA signature computation CWE-385 4.7 -2025-01-20
CVE-2024-4741 Use After Free with SSL_free_buffers CWE-416 9.8 -2024-11-13
CVE-2024-9143 Low-level invalid GF(2^m) parameters lead to OOB memory access CWE-125 9.8 -2024-10-16
CVE-2024-6119 Possible denial of service in X.509 name checks CWE-843 7.5AIHighAI2024-09-03

All 104 known CVE vulnerabilities affecting OpenSSL with full Chinese analysis, references, and POCs where available.