Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
botan project botan 1.11.22 vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2015-7826
botan 1.11.x prior to 1.11.22 improperly handles wildcard matching against hostnames, which might allow remote malicious users to have unspecified impact via a valid X.509 certificate, as demonstrated by accepting *.example.com as a match for bar.foo.example.com.
Botan Project Botan
9.8
CVSSv3
CVE-2016-2195
Integer overflow in the PointGFp constructor in Botan prior to 1.10.11 and 1.11.x prior to 1.11.27 allows remote malicious users to overwrite memory and possibly execute arbitrary code via a crafted ECC point, which triggers a heap-based buffer overflow.
Botan Project Botan 1.11.21
Botan Project Botan 1.11.20
Botan Project Botan 1.11.13
Botan Project Botan 1.11.12
Botan Project Botan 1.11.4
Botan Project Botan 1.11.3
Botan Project Botan 1.11.23
Botan Project Botan 1.11.22
Botan Project Botan 1.11.15
Botan Project Botan 1.11.14
Botan Project Botan 1.11.7
Botan Project Botan 1.11.6
Botan Project Botan 1.11.5
Botan Project Botan 1.11.26
Botan Project Botan 1.11.19
Botan Project Botan 1.11.18
Botan Project Botan 1.11.11
Botan Project Botan 1.11.10
Botan Project Botan 1.11.2
Botan Project Botan 1.11.1
Botan Project Botan 1.11.25
Botan Project Botan 1.11.24
9.8
CVSSv3
CVE-2016-2196
Heap-based buffer overflow in the P-521 reduction function in Botan 1.11.x prior to 1.11.27 allows remote malicious users to cause a denial of service (memory overwrite and crash) or execute arbitrary code via unspecified vectors.
Botan Project Botan 1.11.25
Botan Project Botan 1.11.20
Botan Project Botan 1.11.18
Botan Project Botan 1.11.11
Botan Project Botan 1.11.9
Botan Project Botan 1.11.4
Botan Project Botan 1.11.2
Botan Project Botan 1.11.0
Botan Project Botan 1.11.24
Botan Project Botan 1.11.23
Botan Project Botan 1.11.22
Botan Project Botan 1.11.21
Botan Project Botan 1.11.8
Botan Project Botan 1.11.7
Botan Project Botan 1.11.6
Botan Project Botan 1.11.5
Botan Project Botan 1.11.16
Botan Project Botan 1.11.15
Botan Project Botan 1.11.14
Botan Project Botan 1.11.13
Botan Project Botan 1.11.26
Botan Project Botan 1.11.19
7.5
CVSSv3
CVE-2016-6879
The X509_Certificate::allowed_usage function in botan 1.11.x prior to 1.11.31 might allow malicious users to have unspecified impact by leveraging a call with more than one Key_Usage set in the enum value.
Botan Project Botan 1.11.12
Botan Project Botan 1.11.13
Botan Project Botan 1.11.14
Botan Project Botan 1.11.15
Botan Project Botan 1.11.16
Botan Project Botan 1.11.29
Botan Project Botan 1.11.30
Botan Project Botan 1.11.4
Botan Project Botan 1.11.5
Botan Project Botan 1.11.6
Botan Project Botan 1.11.7
Botan Project Botan 1.11.21
Botan Project Botan 1.11.22
Botan Project Botan 1.11.23
Botan Project Botan 1.11.24
Botan Project Botan 1.11.1
Botan Project Botan 1.11.3
Botan Project Botan 1.11.8
Botan Project Botan 1.11.10
Botan Project Botan 1.11.17
Botan Project Botan 1.11.19
Botan Project Botan 1.11.26
7.5
CVSSv3
CVE-2015-7824
botan 1.11.x prior to 1.11.22 makes it easier for remote malicious users to decrypt TLS ciphertext data via a padding-oracle attack against TLS CBC ciphersuites.
Botan Project Botan
7.5
CVSSv3
CVE-2015-7825
botan prior to 1.11.22 improperly validates certificate paths, which allows remote malicious users to cause a denial of service (infinite loop and memory consumption) via a certificate with a loop in the certificate chain.
Botan Project Botan
7.5
CVSSv3
CVE-2016-2849
Botan prior to 1.10.13 and 1.11.x prior to 1.11.29 do not use a constant-time algorithm to perform a modular inverse on the signature nonce k, which might allow remote malicious users to obtain ECDSA secret keys via a timing side-channel attack.
Debian Debian Linux 8.0
Fedoraproject Fedora 24
Botan Project Botan 1.11.22
Botan Project Botan 1.11.21
Botan Project Botan 1.11.14
Botan Project Botan 1.11.13
Botan Project Botan 1.11.12
Botan Project Botan 1.11.5
Botan Project Botan 1.11.4
Botan Project Botan 1.11.26
Botan Project Botan 1.11.25
Botan Project Botan 1.11.18
Botan Project Botan 1.11.17
Botan Project Botan 1.11.9
Botan Project Botan 1.11.8
Botan Project Botan 1.11.1
Botan Project Botan 1.11.0
Botan Project Botan 1.11.28
Botan Project Botan 1.11.27
Botan Project Botan 1.11.20
Botan Project Botan 1.11.19
Botan Project Botan 1.11.11
7.5
CVSSv3
CVE-2016-2194
The ressol function in Botan prior to 1.10.11 and 1.11.x prior to 1.11.27 allows remote malicious users to cause a denial of service (infinite loop) via unspecified input to the OS2ECP function, related to a composite modulus.
Debian Debian Linux 8.0
Botan Project Botan 1.11.21
Botan Project Botan 1.11.20
Botan Project Botan 1.11.12
Botan Project Botan 1.11.11
Botan Project Botan 1.11.4
Botan Project Botan 1.11.3
Botan Project Botan 1.11.23
Botan Project Botan 1.11.22
Botan Project Botan 1.11.15
Botan Project Botan 1.11.14
Botan Project Botan 1.11.13
Botan Project Botan 1.11.6
Botan Project Botan 1.11.5
Botan Project Botan 1.11.26
Botan Project Botan 1.11.19
Botan Project Botan 1.11.18
Botan Project Botan 1.11.10
Botan Project Botan 1.11.9
Botan Project Botan 1.11.2
Botan Project Botan 1.11.1
Botan Project Botan 1.11.25
7.5
CVSSv3
CVE-2015-7827
Botan prior to 1.10.13 and 1.11.x prior to 1.11.22 make it easier for remote malicious users to conduct million-message attacks by measuring time differences, related to decoding of PKCS#1 padding.
Fedoraproject Fedora 24
Botan Project Botan 1.11.20
Botan Project Botan 1.11.15
Botan Project Botan 1.11.13
Botan Project Botan 1.11.6
Botan Project Botan 1.11.4
Botan Project Botan 1.11.11
Botan Project Botan 1.11.10
Botan Project Botan 1.11.9
Botan Project Botan 1.11.8
Botan Project Botan 1.11.19
Botan Project Botan 1.11.18
Botan Project Botan 1.11.17
Botan Project Botan 1.11.16
Botan Project Botan 1.11.2
Botan Project Botan 1.11.1
Botan Project Botan 1.11.0
Botan Project Botan
Botan Project Botan 1.11.21
Botan Project Botan 1.11.14
Botan Project Botan 1.11.12
Botan Project Botan 1.11.7
7.5
CVSSv3
CVE-2016-2850
Botan 1.11.x prior to 1.11.29 does not enforce TLS policy for (1) signature algorithms and (2) ECC curves, which allows remote malicious users to conduct downgrade attacks via unspecified vectors.
Fedoraproject Fedora 24
Botan Project Botan 1.11.25
Botan Project Botan 1.11.24
Botan Project Botan 1.11.17
Botan Project Botan 1.11.16
Botan Project Botan 1.11.15
Botan Project Botan 1.11.8
Botan Project Botan 1.11.7
Botan Project Botan 1.11.0
Botan Project Botan 1.11.28
Botan Project Botan 1.11.21
Botan Project Botan 1.11.20
Botan Project Botan 1.11.12
Botan Project Botan 1.11.11
Botan Project Botan 1.11.4
Botan Project Botan 1.11.3
Botan Project Botan 1.11.23
Botan Project Botan 1.11.22
Botan Project Botan 1.11.14
Botan Project Botan 1.11.13
Botan Project Botan 1.11.6
Botan Project Botan 1.11.5
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »