Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openssl openssl 1.0 vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2017-0376
The hidden-service feature in Tor prior to 0.3.0.8 allows a denial of service (assertion failure and daemon exit) in the connection_edge_process_relay_cell function via a BEGIN_DIR cell on a rendezvous circuit.
Torproject Tor
Debian Debian Linux 9.0
Debian Debian Linux 8.0
445
VMScore
CVE-2015-1794
The ssl3_get_key_exchange function in ssl/s3_clnt.c in OpenSSL 1.0.2 prior to 1.0.2e allows remote servers to cause a denial of service (segmentation fault) via a zero p value in an anonymous Diffie-Hellman (DH) ServerKeyExchange message.
Openssl Openssl 1.0.2a
Openssl Openssl 1.0.2b
Openssl Openssl 1.0.2c
Openssl Openssl 1.0.2
Openssl Openssl 1.0.2d
1 Article
445
VMScore
CVE-2015-3193
The Montgomery squaring implementation in crypto/bn/asm/x86_64-mont5.pl in OpenSSL 1.0.2 prior to 1.0.2e on the x86_64 platform, as used by the BN_mod_exp function, mishandles carry propagation and produces incorrect output, which makes it easier for remote malicious users to obt...
Openssl Openssl 1.0.2a
Openssl Openssl 1.0.2b
Openssl Openssl 1.0.2c
Openssl Openssl 1.0.2
Openssl Openssl 1.0.2d
Nodejs Node.js
Canonical Ubuntu Linux 15.10
Canonical Ubuntu Linux 15.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 12.04
1 Github repository
445
VMScore
CVE-2015-0290
The multi-block feature in the ssl3_write_bytes function in s3_pkt.c in OpenSSL 1.0.2 prior to 1.0.2a on 64-bit x86 platforms with AES NI support does not properly handle certain non-blocking I/O cases, which allows remote malicious users to cause a denial of service (pointer cor...
Openssl Openssl 1.0.2
445
VMScore
CVE-2015-0207
The dtls1_listen function in d1_lib.c in OpenSSL 1.0.2 prior to 1.0.2a does not properly isolate the state information of independent data streams, which allows remote malicious users to cause a denial of service (application crash) via crafted DTLS traffic, as demonstrated by DT...
Openssl Openssl 1.0.2
445
VMScore
CVE-2014-3569
The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc, 1.0.0o, and 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote malicious users to cause a denial of service (NULL pointer dereference and daemon crash) via an unexpected ...
Openssl Openssl 1.0.1j
445
VMScore
CVE-2014-3507
Memory leak in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 prior to 0.9.8zb, 1.0.0 prior to 1.0.0n, and 1.0.1 prior to 1.0.1i allows remote malicious users to cause a denial of service (memory consumption) via zero-length DTLS fragments that trigger improper handling of...
Openssl Openssl 0.9.8b
Openssl Openssl 0.9.8m
Openssl Openssl 1.0.1
Openssl Openssl 0.9.8c
Openssl Openssl 1.0.0c
Openssl Openssl 1.0.0i
Openssl Openssl 1.0.0
Openssl Openssl 1.0.1h
Openssl Openssl 0.9.8n
Openssl Openssl 0.9.8p
Openssl Openssl 1.0.0m
Openssl Openssl 1.0.1c
Openssl Openssl 0.9.8e
Openssl Openssl 0.9.8u
Openssl Openssl 0.9.8za
Openssl Openssl 1.0.1g
Openssl Openssl 0.9.8g
Openssl Openssl 1.0.0h
Openssl Openssl 0.9.8k
Openssl Openssl 0.9.8d
Openssl Openssl 1.0.0e
Openssl Openssl 1.0.0f
1 Github repository
445
VMScore
CVE-2013-1654
Puppet 2.7.x prior to 2.7.21 and 3.1.x prior to 3.1.1, and Puppet Enterprise 2.7.x prior to 2.7.2, does not properly negotiate the SSL protocol between client and master, which allows remote malicious users to conduct SSLv2 downgrade attacks against SSLv3 sessions via unspecified...
Puppetlabs Puppet 2.7.19
Puppetlabs Puppet 2.7.20
Puppet Puppet 2.7.16
Puppet Puppet 2.7.14
Puppet Puppet 2.7.4
Puppet Puppet 2.7.3
Puppet Puppet 2.7.17
Puppet Puppet 2.7.13
Puppet Puppet 2.7.8
Puppet Puppet 2.7.9
Puppet Puppet 2.7.11
Puppet Puppet 2.7.18
Puppetlabs Puppet 2.7.0
Puppet Puppet 2.7.7
Puppet Puppet 2.7.5
Puppet Puppet 2.7.6
Puppet Puppet 2.7.2
Puppetlabs Puppet 2.7.1
Puppet Puppet 2.7.12
Puppet Puppet 2.7.10
Puppet Puppet Enterprise 3.1.0
Canonical Ubuntu Linux 11.10
445
VMScore
CVE-2011-3207
crypto/x509/x509_vfy.c in OpenSSL 1.0.x prior to 1.0.0e does not initialize certain structure members, which makes it easier for remote malicious users to bypass CRL validation by using a nextUpdate value corresponding to a time in the past.
Openssl Openssl 1.0.0
Openssl Openssl 1.0.0b
Openssl Openssl 1.0.0d
Openssl Openssl 1.0.0a
Openssl Openssl 1.0.0c
445
VMScore
CVE-2009-5057
The S/MIME feature in Open Ticket Request System (OTRS) prior to 2.3.4 does not configure the RANDFILE and HOME environment variables for OpenSSL, which might make it easier for remote malicious users to decrypt e-mail messages that had lower than intended entropy available for c...
Otrs Otrs 2.1.9
Otrs Otrs 2.1.1
Otrs Otrs 2.1.8
Otrs Otrs 2.1.3
Otrs Otrs 2.3.0
Otrs Otrs 2.2.0
Otrs Otrs 2.0.2
Otrs Otrs 2.0.3
Otrs Otrs 1.0.0
Otrs Otrs 0.5
Otrs Otrs 1.1
Otrs Otrs 2.0.5
Otrs Otrs 2.2.5
Otrs Otrs 2.0.0
Otrs Otrs 1.1.3
Otrs Otrs 1.2.0
Otrs Otrs 1.2.1
Otrs Otrs
Otrs Otrs 2.1.0
Otrs Otrs 2.1.5
Otrs Otrs 2.3.1
Otrs Otrs 2.3.2
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-36954
CVE-2024-36933
CVE-2024-24919
CVE-2024-36923
CVE-2024-2961
CVE-2024-36925
bypass
encryption
command injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »