Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openssl openssl 3.1.1 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-3446
Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that...
Openssl Openssl 1.0.2
Openssl Openssl 1.1.1
Openssl Openssl 3.0.0
Openssl Openssl 3.1.1
Openssl Openssl 3.1.0
384
VMScore
CVE-2015-1788
The BN_GF2m_mod_inv function in crypto/bn/bn_gf2m.c in OpenSSL prior to 0.9.8s, 1.0.0 prior to 1.0.0e, 1.0.1 prior to 1.0.1n, and 1.0.2 prior to 1.0.2b does not properly handle ECParameters structures in which the curve is over a malformed binary polynomial field, which allows re...
Openssl Openssl
Openssl Openssl 1.0.1m
Openssl Openssl 1.0.2a
Openssl Openssl 1.0.1j
Openssl Openssl 1.0.0n
Openssl Openssl 1.0.1
Openssl Openssl 1.0.0c
Openssl Openssl 1.0.0i
Openssl Openssl 1.0.0
Openssl Openssl 1.0.1h
Openssl Openssl 1.0.0m
Openssl Openssl 1.0.1c
Openssl Openssl 1.0.1g
Openssl Openssl 1.0.0h
Openssl Openssl 1.0.0e
Openssl Openssl 1.0.0f
Openssl Openssl 1.0.0d
Openssl Openssl 1.0.0j
Openssl Openssl 1.0.0p
Openssl Openssl 1.0.1a
Openssl Openssl 1.0.0o
Openssl Openssl 1.0.1d
1 Article
801
VMScore
CVE-2013-1640
The (1) template and (2) inline_template functions in the master server in Puppet prior to 2.6.18, 2.7.x prior to 2.7.21, and 3.1.x prior to 3.1.1, and Puppet Enterprise prior to 1.2.7 and 2.7.x prior to 2.7.2 allows remote authenticated users to execute arbitrary code via a craf...
Puppet Puppet
Puppet Puppet 3.1.0
Puppet Puppet Enterprise
Puppet Puppet Enterprise 2.7.0
Puppet Puppet Enterprise 2.7.1
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 11.10
Canonical Ubuntu Linux 12.10
436
VMScore
CVE-2013-1652
Puppet prior to 2.6.18, 2.7.x prior to 2.7.21, and 3.1.x prior to 3.1.1, and Puppet Enterprise prior to 1.2.7 and 2.7.x prior to 2.7.2 allows remote authenticated users with a valid certificate and private key to read arbitrary catalogs or poison the master's cache via unspe...
Puppetlabs Puppet
Puppet Puppet 2.7.11
Puppet Puppet 2.7.18
Puppet Puppet 2.7.17
Puppet Puppet 2.7.13
Puppetlabs Puppet 2.7.19
Puppetlabs Puppet 2.7.20
Puppet Puppet 2.7.14
Puppetlabs Puppet 2.7.1
Puppet Puppet 2.7.9
Puppet Puppet 2.7.3
Puppet Puppet 2.7.10
Puppetlabs Puppet 2.7.0
Puppet Puppet 2.7.7
Puppet Puppet 2.7.5
Puppet Puppet 2.7.8
Puppet Puppet 2.7.6
Puppet Puppet 2.7.16
Puppet Puppet 2.7.2
Puppet Puppet 2.7.4
Puppet Puppet 2.7.12
Puppet Puppet Enterprise 3.1.0
356
VMScore
CVE-2013-2275
The default configuration for puppet masters 0.25.0 and later in Puppet prior to 2.6.18, 2.7.x prior to 2.7.21, and 3.1.x prior to 3.1.1, and Puppet Enterprise prior to 1.2.7 and 2.7.x prior to 2.7.2, allows remote authenticated nodes to submit reports for other nodes via unspeci...
Puppet Puppet 2.6.0
Puppet Puppet 2.6.15
Puppet Puppet 2.6.16
Puppet Puppet 2.6.14
Puppet Puppet 2.6.4
Puppet Puppet 2.6.3
Puppet Puppet 2.6.2
Puppet Puppet 2.6.1
Puppetlabs Puppet
Puppet Puppet 2.6.12
Puppet Puppet 2.6.9
Puppet Puppet 2.6.10
Puppet Puppet 2.6.8
Puppet Puppet 2.6.6
Puppet Puppet 2.6.13
Puppet Puppet 2.6.11
Puppet Puppet 2.6.7
Puppet Puppet 2.6.5
Puppetlabs Puppet 2.7.19
Puppetlabs Puppet 2.7.20
Puppet Puppet 2.7.9
Puppet Puppet 2.7.4
632
VMScore
CVE-2013-1653
Puppet prior to 2.6.18, 2.7.x prior to 2.7.21, and 3.1.x prior to 3.1.1, and Puppet Enterprise prior to 1.2.7 and 2.7.x prior to 2.7.2, when listening for incoming connections is enabled and allowing access to the "run" REST endpoint is allowed, allows remote authentica...
Puppet Puppet
Puppet Puppet 2.7.11
Puppet Puppet 2.7.12
Puppet Puppet 2.7.13
Puppet Puppet 2.7.14
Puppetlabs Puppet 2.7.0
Puppet Puppet 2.7.7
Puppet Puppet 2.7.9
Puppet Puppet 2.7.17
Puppetlabs Puppet 2.7.19
Puppetlabs Puppet 2.7.1
Puppet Puppet 2.7.6
Puppet Puppet 2.7.8
Puppet Puppet 2.7.10
Puppet Puppet 2.7.16
Puppet Puppet 2.7.18
Puppet Puppet 2.7.2
Puppet Puppet 2.7.3
Puppet Puppet 2.7.4
Puppet Puppet 2.7.5
Puppetlabs Puppet 2.7.20
Puppet Puppet Enterprise 3.1.0
445
VMScore
CVE-2013-1654
Puppet 2.7.x prior to 2.7.21 and 3.1.x prior to 3.1.1, and Puppet Enterprise 2.7.x prior to 2.7.2, does not properly negotiate the SSL protocol between client and master, which allows remote malicious users to conduct SSLv2 downgrade attacks against SSLv3 sessions via unspecified...
Puppetlabs Puppet 2.7.19
Puppetlabs Puppet 2.7.20
Puppet Puppet 2.7.16
Puppet Puppet 2.7.14
Puppet Puppet 2.7.4
Puppet Puppet 2.7.3
Puppet Puppet 2.7.17
Puppet Puppet 2.7.13
Puppet Puppet 2.7.8
Puppet Puppet 2.7.9
Puppet Puppet 2.7.11
Puppet Puppet 2.7.18
Puppetlabs Puppet 2.7.0
Puppet Puppet 2.7.7
Puppet Puppet 2.7.5
Puppet Puppet 2.7.6
Puppet Puppet 2.7.2
Puppetlabs Puppet 2.7.1
Puppet Puppet 2.7.12
Puppet Puppet 2.7.10
Puppet Puppet Enterprise 3.1.0
Canonical Ubuntu Linux 11.10
668
VMScore
CVE-2013-1655
Puppet 2.7.x prior to 2.7.21 and 3.1.x prior to 3.1.1, when running Ruby 1.9.3 or later, allows remote malicious users to execute arbitrary code via vectors related to "serialized attributes."
Puppetlabs Puppet 2.7.20
Puppetlabs Puppet 2.7.1
Puppetlabs Puppet 2.7.0
Puppet Puppet 2.7.16
Puppet Puppet 2.7.3
Puppet Puppet 2.7.11
Puppet Puppet 2.7.2
Puppet Puppet 2.7.13
Puppet Puppet 2.7.8
Puppet Puppet 2.7.10
Puppet Puppet Enterprise 3.1.0
Puppet Puppet 2.7.18
Puppet Puppet 2.7.17
Puppet Puppet 2.7.9
Puppet Puppet 2.7.4
Puppetlabs Puppet 2.7.19
Puppet Puppet 2.7.6
Puppet Puppet 2.7.7
Puppet Puppet 2.7.5
Puppet Puppet 2.7.14
Puppet Puppet 2.7.12
505
VMScore
CVE-2002-0659
The ASN1 library in OpenSSL 0.9.6d and previous versions, and 0.9.7-beta2 and previous versions, allows remote malicious users to cause a denial of service via invalid encodings.
Openssl Openssl 0.9.1c
Openssl Openssl 0.9.2b
Openssl Openssl 0.9.3
Oracle Application Server 1.0.2.1s
Oracle Application Server 1.0.2.2
Oracle Corporate Time Outlook Connector 3.1
Oracle Corporate Time Outlook Connector 3.1.1
Openssl Openssl 0.9.6a
Openssl Openssl 0.9.6b
Openssl Openssl 0.9.6c
Openssl Openssl 0.9.6d
Openssl Openssl 0.9.4
Openssl Openssl 0.9.5a
Openssl Openssl 0.9.7
Oracle Application Server 1.0.2
Oracle Corporate Time Outlook Connector 3.1.2
Oracle Http Server 9.0.1
Openssl Openssl 0.9.5
Openssl Openssl 0.9.6
Oracle Application Server
Oracle Corporate Time Outlook Connector 3.3
Oracle Http Server 9.2.0
1 EDB exploit
668
VMScore
CVE-2002-0655
OpenSSL 0.9.6d and previous versions, and 0.9.7-beta2 and previous versions, does not properly handle ASCII representations of integers on 64 bit platforms, which could allow malicious users to cause a denial of service and possibly execute arbitrary code.
Openssl Openssl 0.9.1c
Openssl Openssl 0.9.5a
Openssl Openssl 0.9.6a
Oracle Application Server 1.0.2
Openssl Openssl 0.9.6c
Openssl Openssl 0.9.6d
Openssl Openssl 0.9.7
Openssl Openssl 0.9.2b
Openssl Openssl 0.9.3
Openssl Openssl 0.9.4
Openssl Openssl 0.9.5
Oracle Corporate Time Outlook Connector 3.1.1
Oracle Corporate Time Outlook Connector 3.1.2
Oracle Corporate Time Outlook Connector 3.3
Oracle Http Server 9.0.1
Oracle Application Server 1.0.2.2
Openssl Openssl 0.9.6
Openssl Openssl 0.9.6b
Oracle Application Server
Oracle Application Server 1.0.2.1s
Oracle Corporate Time Outlook Connector 3.1
Oracle Http Server 9.2.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
administrator privileges
CVE-2024-1579
hardcoded
CVE-2023-20198
CVE-2024-33587
CVE-2024-33449
CVE-2024-4308
HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »