Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openssl openssl 3.0.0 vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2015-0285
The ssl3_client_hello function in s3_clnt.c in OpenSSL 1.0.2 prior to 1.0.2a does not ensure that the PRNG is seeded before proceeding with a handshake, which makes it easier for remote malicious users to defeat cryptographic protection mechanisms by sniffing the network and then...
Openssl Openssl 1.0.2
4.3
CVSSv2
CVE-2015-0208
The ASN.1 signature-verification implementation in the rsa_item_verify function in crypto/rsa/rsa_ameth.c in OpenSSL 1.0.2 prior to 1.0.2a allows remote malicious users to cause a denial of service (NULL pointer dereference and application crash) via crafted RSA PSS parameters to...
Openssl Openssl 1.0.2
2.6
CVSSv2
CVE-2015-1787
The ssl3_get_client_key_exchange function in s3_srvr.c in OpenSSL 1.0.2 prior to 1.0.2a, when client authentication and an ephemeral Diffie-Hellman ciphersuite are enabled, allows remote malicious users to cause a denial of service (daemon crash) via a ClientKeyExchange message w...
Openssl Openssl 1.0.2
NA
CVE-2024-0727
Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 format from untrusted sources might terminate abruptly. A file in PKCS12 format can con...
Openssl Openssl
Openssl Openssl 3.2.0
NA
CVE-2023-5678
Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_generate_key() to generate an X9.42 DH key may experience long delays. Likewise, applications...
Openssl Openssl
1 Github repository
NA
CVE-2023-3817
Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that...
Openssl Openssl 1.0.2a
Openssl Openssl 1.0.2e
Openssl Openssl 1.0.2j
Openssl Openssl 1.0.2b
Openssl Openssl 1.0.2g
Openssl Openssl 1.0.2h
Openssl Openssl 1.0.2c
Openssl Openssl 1.0.2
Openssl Openssl 1.0.2f
Openssl Openssl 1.0.2i
Openssl Openssl 1.0.2d
Openssl Openssl 1.0.2k
Openssl Openssl 1.0.2l
Openssl Openssl 1.0.2m
Openssl Openssl 1.0.2zb
Openssl Openssl 1.0.2n
Openssl Openssl 1.0.2o
Openssl Openssl 1.0.2p
Openssl Openssl 1.0.2q
Openssl Openssl 1.0.2r
Openssl Openssl 1.0.2s
Openssl Openssl 1.0.2t
1 Github repository
NA
CVE-2023-3446
Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that...
Openssl Openssl 1.0.2
Openssl Openssl 1.1.1
Openssl Openssl 3.0.0
Openssl Openssl 3.1.1
Openssl Openssl 3.1.0
NA
CVE-2023-2650
Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit...
Openssl Openssl
Debian Debian Linux 10.0
Debian Debian Linux 11.0
1 Github repository
NA
CVE-2023-0465
Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. Invalid certificate policies in leaf certificates are silently ignored by OpenSSL and other certificate policy checks are skippe...
Openssl Openssl
NA
CVE-2023-0466
The function X509_VERIFY_PARAM_add0_policy() is documented to implicitly enable the certificate policy check when doing certificate verification. However the implementation of the function does not enable the check which allows certificates with invalid or incorrect policies to p...
Openssl Openssl
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »