Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wolfssl wolfssl vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-6935
wolfSSL SP Math All RSA implementation is vulnerable to the Marvin Attack, new variation of a timing Bleichenbacher style attack, when built with the following options to configure: --enable-all CFLAGS="-DWOLFSSL_STATIC_RSA" The define “WOLFSSL_STATIC_RSA” e...
2 Github repositories
NA
CVE-2023-6936
In wolfSSL before 5.6.6, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then a malicious TLS client or network attacker can trigger a buffer over-read on the heap of 5 bytes (WOLFSSL_CALLBACKS is only intended for debugging).
2 Github repositories
NA
CVE-2023-6937
wolfSSL before 5.6.6 did not check that messages in one (D)TLS record do not span key boundaries. As a result, it was possible to combine (D)TLS messages using different keys into one (D)TLS record. The most extreme edge case is that, in (D)TLS 1.3, it was possible that an unencr...
2 Github repositories
NA
CVE-2024-2379
libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.
NA
CVE-2014-2900
wolfSSL CyaSSL prior to 2.9.4 does not properly validate X.509 certificates with unknown critical extensions, which allows man-in-the-middle malicious users to spoof servers via crafted X.509 certificate.
Yassl Cyassl 0.6.2
Yassl Cyassl 0.6.3
Yassl Cyassl 1.0.0
Yassl Cyassl 1.0.2
Yassl Cyassl 1.5.0
Yassl Cyassl 1.5.4
Yassl Cyassl 2.0.0
Yassl Cyassl
Yassl Cyassl 2.8.0
Yassl Cyassl 0.4.0
Yassl Cyassl 0.5.0
Yassl Cyassl 0.9.6
Yassl Cyassl 0.9.8
Yassl Cyassl 0.9.9
Yassl Cyassl 1.1.0
Yassl Cyassl 1.2.0
Yassl Cyassl 1.6.5
Yassl Cyassl 1.8.0
Yassl Cyassl 2.2.0
Yassl Cyassl 2.3.0
Yassl Cyassl 2.5.0
Yassl Cyassl 0.5.5
NA
CVE-2014-2899
wolfSSL CyaSSL prior to 2.9.4 allows remote malicious users to cause a denial of service (NULL pointer dereference) via (1) a request for the peer certificate when a certificate parsing failure occurs or (2) a client_key_exchange message when the ephemeral key is not found.
Yassl Cyassl 0.4.0
Yassl Cyassl 0.5.0
Yassl Cyassl 0.9.6
Yassl Cyassl 0.9.8
Yassl Cyassl 0.9.9
Yassl Cyassl 1.1.0
Yassl Cyassl 1.2.0
Yassl Cyassl 1.6.5
Yassl Cyassl 1.8.0
Yassl Cyassl 2.2.0
Yassl Cyassl 2.3.0
Yassl Cyassl 2.5.0
Yassl Cyassl 0.5.5
Yassl Cyassl 0.6.0
Yassl Cyassl 1.0.0
Yassl Cyassl 1.3.0
Yassl Cyassl 1.4.0
Yassl Cyassl 1.9.0
Yassl Cyassl 2.0.0
Yassl Cyassl 2.4.0
Yassl Cyassl 2.4.6
Yassl Cyassl 0.2.0
NA
CVE-2013-1623
The TLS and DTLS implementations in wolfSSL CyaSSL prior to 2.5.0 do not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote malicious users to conduct distinguishing attacks and p...
Yassl Cyassl 2.0.0
Yassl Cyassl 1.6.0
Yassl Cyassl 0.3.0
Yassl Cyassl 0.8.0
Yassl Cyassl 1.2.0
Yassl Cyassl 1.0.3
Yassl Cyassl 0.9.0
Yassl Cyassl 0.9.6
Yassl Cyassl 2.3.0
Yassl Cyassl 2.4.0
Yassl Cyassl 1.5.6
Yassl Cyassl 1.8.0
Yassl Cyassl 0.6.3
Yassl Cyassl 0.6.2
Yassl Cyassl 1.0.6
Yassl Cyassl 1.5.0
Yassl Cyassl 1.5.4
Yassl Cyassl 1.0.0
Yassl Cyassl 1.0.2
Yassl Cyassl
Yassl Cyassl 1.9.0
Yassl Cyassl 0.5.0
NA
CVE-2015-4905
Unspecified vulnerability in Oracle MySQL Server 5.6.23 and previous versions allows remote authenticated users to affect availability via vectors related to Server : DML.
Oracle Mysql
NA
CVE-2016-0599
Unspecified vulnerability in Oracle MySQL 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Optimizer.
Oracle Mysql 5.7.9
NA
CVE-2016-0601
Unspecified vulnerability in Oracle MySQL 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Partition.
Oracle Mysql 5.7.9
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
NEXT »