Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cryptography project cryptography vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2022-24884
ecdsautils is a tiny collection of programs used for ECDSA (keygen, sign, verify). `ecdsa_verify_[prepare_]legacy()` does not check whether the signature values `r` and `s` are non-zero. A signature consisting only of zeroes is always considered valid, making it trivial to forge ...
Ecdsautils Project Ecdsautils
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
5
CVSSv2
CVE-2011-4576
The SSL 3.0 implementation in OpenSSL prior to 0.9.8s and 1.x prior to 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote malicious users to obtain sensitive information by decrypting the padding data sent by an SSL peer.
Openssl Openssl
Openssl Openssl 0.9.8q
Openssl Openssl 0.9.8j
Openssl Openssl 0.9.8i
Openssl Openssl 0.9.8b
Openssl Openssl 0.9.8a
Openssl Openssl 0.9.7g
Openssl Openssl 0.9.7f
Openssl Openssl 0.9.6m
Openssl Openssl 0.9.6l
Openssl Openssl 0.9.6f
Openssl Openssl 0.9.6e
Openssl Openssl 0.9.4
Openssl Openssl 0.9.2b
Openssl Openssl 0.9.8p
Openssl Openssl 0.9.8o
Openssl Openssl 0.9.8h
Openssl Openssl 0.9.8g
Openssl Openssl 0.9.8
Openssl Openssl 0.9.7m
Openssl Openssl 0.9.7e
Openssl Openssl 0.9.7d
5
CVSSv2
CVE-2011-4619
The Server Gated Cryptography (SGC) implementation in OpenSSL prior to 0.9.8s and 1.x prior to 1.0.0f does not properly handle handshake restarts, which allows remote malicious users to cause a denial of service (CPU consumption) via unspecified vectors.
Openssl Openssl 0.9.8m
Openssl Openssl 0.9.8l
Openssl Openssl 0.9.8d
Openssl Openssl 0.9.8c
Openssl Openssl 0.9.7j
Openssl Openssl 0.9.7i
Openssl Openssl 0.9.7b
Openssl Openssl 0.9.7a
Openssl Openssl 0.9.7
Openssl Openssl 0.9.6h
Openssl Openssl 0.9.6g
Openssl Openssl 0.9.6
Openssl Openssl 0.9.5a
Openssl Openssl 0.9.8q
Openssl Openssl 0.9.8p
Openssl Openssl 0.9.8h
Openssl Openssl 0.9.8g
Openssl Openssl 0.9.8
Openssl Openssl 0.9.7m
Openssl Openssl 0.9.7f
Openssl Openssl 0.9.7e
Openssl Openssl 0.9.6k
5
CVSSv2
CVE-2005-2728
The byte-range filter in Apache 2.0 prior to 2.0.54 allows remote malicious users to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
Apache Http Server 2.0.42
Apache Http Server 2.0.47
Apache Http Server 2.0.50
Apache Http Server 2.0.35
Apache Http Server 2.0.37
Apache Http Server 2.0.44
Apache Http Server 2.0.39
Apache Http Server 2.0.52
Apache Http Server 2.0.53
Apache Http Server 2.0.51
Apache Http Server 2.0.28
Apache Http Server 2.0.41
Apache Http Server 2.0.49
Apache Http Server 2.0.9
Apache Http Server 2.0.32
Apache Http Server 2.0.38
Apache Http Server 2.0.48
Apache Http Server 2.0.45
Apache Http Server 2.0.40
Apache Http Server 2.0.36
Apache Http Server 2.0.46
Apache Http Server 2.0.43
5
CVSSv2
CVE-2005-1268
Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote malicious users to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
Apache Http Server
Redhat Enterprise Linux Desktop 3.0
Redhat Enterprise Linux Desktop 4.0
Redhat Enterprise Linux Server 4.0
Redhat Enterprise Linux Workstation 4.0
Redhat Enterprise Linux Workstation 3.0
Redhat Enterprise Linux Server 3.0
Debian Debian Linux 3.1
4.3
CVSSv2
CVE-2020-25659
python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext.
Python-cryptography Project Python-cryptography 3.2
Oracle Communications Cloud Native Core Network Function Cloud Native Environment 1.10.0
1 Github repository
4.3
CVSSv2
CVE-2015-4000
The TLS protocol 1.2 and previous versions, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle malicious users to conduct cipher-downgrade attacks by rewriting a ClientHello with D...
Openssl Openssl
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.10
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 15.04
Hp Hp-ux B.11.31
Ibm Content Manager 8.5
Oracle Jrockit R28.3.6
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Oracle Jdk 1.8.0
Oracle Jre 1.7.0
Oracle Jre 1.6.0
Oracle Jre 1.8.0
Oracle Jdk 1.7.0
Oracle Jdk 1.6.0
Suse Linux Enterprise Server 11.0
Suse Linux Enterprise Software Development Kit 12
Suse Linux Enterprise Desktop 12
Suse Suse Linux Enterprise Server 12
Apple Mac Os X
Apple Iphone Os
1 Nmap script
4 Github repositories
1 Article
4.3
CVSSv2
CVE-2011-4108
The DTLS implementation in OpenSSL prior to 0.9.8s and 1.x prior to 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote malicious users to recover plaintext via a padding oracle attack.
Openssl Openssl 0.9.8o
Openssl Openssl 0.9.8n
Openssl Openssl 0.9.8g
Openssl Openssl 0.9.8f
Openssl Openssl 0.9.7m
Openssl Openssl 0.9.7l
Openssl Openssl 0.9.7k
Openssl Openssl 0.9.7d
Openssl Openssl 0.9.7c
Openssl Openssl 0.9.6j
Openssl Openssl 0.9.6i
Openssl Openssl 0.9.6b
Openssl Openssl
Openssl Openssl 0.9.8k
Openssl Openssl 0.9.8j
Openssl Openssl 0.9.8c
Openssl Openssl 0.9.8b
Openssl Openssl 0.9.7h
Openssl Openssl 0.9.7g
Openssl Openssl 0.9.7
Openssl Openssl 0.9.6m
Openssl Openssl 0.9.6g
4.3
CVSSv2
CVE-2005-2088
The Apache HTTP server prior to 1.3.34, and 2.0.x prior to 2.0.55, when acting as an HTTP proxy, allows remote malicious users to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chu...
Apache Http Server
Debian Debian Linux 3.1
Debian Debian Linux 3.0
2.6
CVSSv2
CVE-2011-1945
The elliptic curve cryptography (ECC) subsystem in OpenSSL 1.0.0d and previous versions, when the Elliptic Curve Digital Signature Algorithm (ECDSA) is used for the ECDHE_ECDSA cipher suite, does not properly implement curves over binary fields, which makes it easier for context-...
Openssl Openssl 0.9.3a
Openssl Openssl 0.9.4
Openssl Openssl 0.9.6
Openssl Openssl 0.9.6i
Openssl Openssl 1.0.0
Openssl Openssl 0.9.6h
Openssl Openssl 0.9.7
Openssl Openssl 0.9.8h
Openssl Openssl 0.9.8m
Openssl Openssl 0.9.8i
Openssl Openssl 0.9.7h
Openssl Openssl 0.9.7i
Openssl Openssl 0.9.8e
Openssl Openssl 0.9.8c
Openssl Openssl 0.9.5
Openssl Openssl 0.9.5a
Openssl Openssl 0.9.6a
Openssl Openssl 0.9.6g
Openssl Openssl 0.9.6e
Openssl Openssl 0.9.6d
Openssl Openssl 0.9.6k
Openssl Openssl 0.9.6j
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-20065
open redirect
CVE-2024-1086
path traversal
CVE-2024-29825
XXE
CVE-2024-29822
CVE-2024-20696
CVE-2024-3564
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »