Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wolfssl vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-6935
wolfSSL SP Math All RSA implementation is vulnerable to the Marvin Attack, new variation of a timing Bleichenbacher style attack, when built with the following options to configure: --enable-all CFLAGS="-DWOLFSSL_STATIC_RSA" The define “WOLFSSL_STATIC_RSA” e...
2 Github repositories
NA
CVE-2023-6936
In wolfSSL before 5.6.6, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then a malicious TLS client or network attacker can trigger a buffer over-read on the heap of 5 bytes (WOLFSSL_CALLBACKS is only intended for debugging).
2 Github repositories
NA
CVE-2023-6937
wolfSSL before 5.6.6 did not check that messages in one (D)TLS record do not span key boundaries. As a result, it was possible to combine (D)TLS messages using different keys into one (D)TLS record. The most extreme edge case is that, in (D)TLS 1.3, it was possible that an unencr...
2 Github repositories
NA
CVE-2024-2379
libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.
5.8
CVSSv2
CVE-2014-2900
wolfSSL CyaSSL prior to 2.9.4 does not properly validate X.509 certificates with unknown critical extensions, which allows man-in-the-middle malicious users to spoof servers via crafted X.509 certificate.
Yassl Cyassl 0.6.2
Yassl Cyassl 0.6.3
Yassl Cyassl 1.0.0
Yassl Cyassl 1.0.2
Yassl Cyassl 1.5.0
Yassl Cyassl 1.5.4
Yassl Cyassl 2.0.0
Yassl Cyassl
Yassl Cyassl 2.8.0
Yassl Cyassl 0.4.0
Yassl Cyassl 0.5.0
Yassl Cyassl 0.9.6
Yassl Cyassl 0.9.8
Yassl Cyassl 0.9.9
Yassl Cyassl 1.1.0
Yassl Cyassl 1.2.0
Yassl Cyassl 1.6.5
Yassl Cyassl 1.8.0
Yassl Cyassl 2.2.0
Yassl Cyassl 2.3.0
Yassl Cyassl 2.5.0
Yassl Cyassl 0.5.5
5
CVSSv2
CVE-2014-2899
wolfSSL CyaSSL prior to 2.9.4 allows remote malicious users to cause a denial of service (NULL pointer dereference) via (1) a request for the peer certificate when a certificate parsing failure occurs or (2) a client_key_exchange message when the ephemeral key is not found.
Yassl Cyassl 0.4.0
Yassl Cyassl 0.5.0
Yassl Cyassl 0.9.6
Yassl Cyassl 0.9.8
Yassl Cyassl 0.9.9
Yassl Cyassl 1.1.0
Yassl Cyassl 1.2.0
Yassl Cyassl 1.6.5
Yassl Cyassl 1.8.0
Yassl Cyassl 2.2.0
Yassl Cyassl 2.3.0
Yassl Cyassl 2.5.0
Yassl Cyassl 0.5.5
Yassl Cyassl 0.6.0
Yassl Cyassl 1.0.0
Yassl Cyassl 1.3.0
Yassl Cyassl 1.4.0
Yassl Cyassl 1.9.0
Yassl Cyassl 2.0.0
Yassl Cyassl 2.4.0
Yassl Cyassl 2.4.6
Yassl Cyassl 0.2.0
4.3
CVSSv2
CVE-2013-1623
The TLS and DTLS implementations in wolfSSL CyaSSL prior to 2.5.0 do not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote malicious users to conduct distinguishing attacks and p...
Yassl Cyassl 2.0.0
Yassl Cyassl 1.6.0
Yassl Cyassl 0.3.0
Yassl Cyassl 0.8.0
Yassl Cyassl 1.2.0
Yassl Cyassl 1.0.3
Yassl Cyassl 0.9.0
Yassl Cyassl 0.9.6
Yassl Cyassl 2.3.0
Yassl Cyassl 2.4.0
Yassl Cyassl 1.5.6
Yassl Cyassl 1.8.0
Yassl Cyassl 0.6.3
Yassl Cyassl 0.6.2
Yassl Cyassl 1.0.6
Yassl Cyassl 1.5.0
Yassl Cyassl 1.5.4
Yassl Cyassl 1.0.0
Yassl Cyassl 1.0.2
Yassl Cyassl
Yassl Cyassl 1.9.0
Yassl Cyassl 0.5.0
4
CVSSv2
CVE-2016-0502
Unspecified vulnerability in Oracle MySQL 5.5.31 and previous versions and 5.6.11 and previous versions allows remote authenticated users to affect availability via unknown vectors related to Optimizer.
Opensuse Leap 42.1
Opensuse Opensuse 13.1
Opensuse Opensuse 13.2
Oracle Mysql
Mariadb Mariadb
1 Github repository
4.3
CVSSv2
CVE-2016-0594
Unspecified vulnerability in Oracle MySQL 5.6.21 and previous versions allows remote authenticated users to affect availability via vectors related to DML.
Opensuse Opensuse 13.2
Opensuse Leap 42.1
Oracle Mysql
3.5
CVSSv2
CVE-2016-0599
Unspecified vulnerability in Oracle MySQL 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Optimizer.
Oracle Mysql 5.7.9
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
NEXT »