Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openssl vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-0401
A NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash algorithm used for the signature is known to the OpenSSL library but the implementation of the hash algorithm is not available the digest initializat...
Openssl Openssl
Stormshield Stormshield Management Center
NA
CVE-2022-4304
A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of ...
Openssl Openssl
Stormshield Stormshield Network Security
Stormshield Endpoint Security
Stormshield Sslvpn
1 Github repository
NA
CVE-2022-4450
The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload data. If the function succeeds then the "name_out", "header" and "data" arguments a...
Openssl Openssl
Stormshield Stormshield Network Security
1 Github repository
NA
CVE-2022-41141
This vulnerability allows local malicious users to escalate privileges on affected installations of Windscribe. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within th...
Windscribe Windscribe 2.3.16
NA
CVE-2022-0517
Mozilla VPN can load an OpenSSL configuration file from an unsecured directory. A user or attacker with limited privileges could leverage this to launch arbitrary code with SYSTEM privilege. This vulnerability affects Mozilla VPN < 2.7.1.
Mozilla Vpn
NA
CVE-2022-3996
If an X.509 certificate contains a malformed policy constraint and policy processing is enabled, then a write lock will be taken twice recursively. On some operating systems (most widely: Windows) this results in a denial of service when the affected process hangs. Policy process...
Openssl Openssl
1 Github repository
NA
CVE-2022-3602
A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue...
Openssl Openssl
Fedoraproject Fedora 36
Fedoraproject Fedora 37
Netapp Clustered Data Ontap -
Fedoraproject Fedora 26
Fedoraproject Fedora 27
Nodejs Node.js 19.0.0
Nodejs Node.js 18.12.0
Nodejs Node.js
30 Github repositories
1 Article
NA
CVE-2022-3786
A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue ce...
Openssl Openssl
Fedoraproject Fedora 36
Fedoraproject Fedora 37
Nodejs Node.js 19.0.0
Nodejs Node.js 18.12.0
Nodejs Node.js
24 Github repositories
1 Article
NA
CVE-2022-21595
Vulnerability in the MySQL Server product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromis...
Oracle Mysql
Netapp Oncommand Workflow Automation -
Netapp Oncommand Insight -
Mariadb Mariadb
NA
CVE-2022-3358
OpenSSL supports creating a custom cipher via the legacy EVP_CIPHER_meth_new() function and associated function calls. This function was deprecated in OpenSSL 3.0 and application authors are instead encouraged to use the new provider mechanism in order to implement custom ciphers...
Openssl Openssl
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
cross-site request forgery
unauthorized
CVE-2024-33925
reflected XSS
CVE-2023-51580
CVE-2023-51579
CVE-2015-2051
CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »