Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wolfssl vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-6935
wolfSSL SP Math All RSA implementation is vulnerable to the Marvin Attack, new variation of a timing Bleichenbacher style attack, when built with the following options to configure: --enable-all CFLAGS="-DWOLFSSL_STATIC_RSA" The define “WOLFSSL_STATIC_RSA” e...
2 Github repositories
NA
CVE-2023-6936
In wolfSSL before 5.6.6, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then a malicious TLS client or network attacker can trigger a buffer over-read on the heap of 5 bytes (WOLFSSL_CALLBACKS is only intended for debugging).
2 Github repositories
NA
CVE-2023-6937
wolfSSL before 5.6.6 did not check that messages in one (D)TLS record do not span key boundaries. As a result, it was possible to combine (D)TLS messages using different keys into one (D)TLS record. The most extreme edge case is that, in (D)TLS 1.3, it was possible that an unencr...
2 Github repositories
NA
CVE-2024-2379
libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.
516
VMScore
CVE-2014-2900
wolfSSL CyaSSL prior to 2.9.4 does not properly validate X.509 certificates with unknown critical extensions, which allows man-in-the-middle malicious users to spoof servers via crafted X.509 certificate.
Yassl Cyassl
Yassl Cyassl 2.0.6
Yassl Cyassl 2.0.2
Yassl Cyassl 1.1.0
Yassl Cyassl 1.6.0
Yassl Cyassl 2.3.0
Yassl Cyassl 1.0.0
Yassl Cyassl 1.5.6
Yassl Cyassl 1.2.0
Yassl Cyassl 0.5.5
Yassl Cyassl 0.4.0
Yassl Cyassl 0.5.0
Yassl Cyassl 0.8.0
Yassl Cyassl 0.9.9
Yassl Cyassl 2.0.0
Yassl Cyassl 2.6.0
Yassl Cyassl 1.8.0
Yassl Cyassl 0.3.0
Yassl Cyassl 2.0.8
Yassl Cyassl 1.0.3
Yassl Cyassl 2.4.6
Yassl Cyassl 1.5.4
445
VMScore
CVE-2014-2899
wolfSSL CyaSSL prior to 2.9.4 allows remote malicious users to cause a denial of service (NULL pointer dereference) via (1) a request for the peer certificate when a certificate parsing failure occurs or (2) a client_key_exchange message when the ephemeral key is not found.
Yassl Cyassl
Yassl Cyassl 2.0.6
Yassl Cyassl 2.0.2
Yassl Cyassl 1.1.0
Yassl Cyassl 1.6.0
Yassl Cyassl 2.3.0
Yassl Cyassl 1.0.0
Yassl Cyassl 1.5.6
Yassl Cyassl 1.2.0
Yassl Cyassl 0.5.5
Yassl Cyassl 0.4.0
Yassl Cyassl 0.5.0
Yassl Cyassl 0.8.0
Yassl Cyassl 0.9.9
Yassl Cyassl 2.0.0
Yassl Cyassl 2.6.0
Yassl Cyassl 1.8.0
Yassl Cyassl 0.3.0
Yassl Cyassl 2.0.8
Yassl Cyassl 1.0.3
Yassl Cyassl 2.4.6
Yassl Cyassl 1.5.4
383
VMScore
CVE-2013-1623
The TLS and DTLS implementations in wolfSSL CyaSSL prior to 2.5.0 do not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote malicious users to conduct distinguishing attacks and p...
Yassl Cyassl 2.0.6
Yassl Cyassl 2.0.2
Yassl Cyassl 1.1.0
Yassl Cyassl 1.6.0
Yassl Cyassl 2.3.0
Yassl Cyassl 1.0.0
Yassl Cyassl 1.5.6
Yassl Cyassl 1.2.0
Yassl Cyassl 0.5.5
Yassl Cyassl 0.4.0
Yassl Cyassl 0.5.0
Yassl Cyassl 0.8.0
Yassl Cyassl 0.9.9
Yassl Cyassl 2.0.0
Yassl Cyassl 1.8.0
Yassl Cyassl 0.3.0
Yassl Cyassl 2.0.8
Yassl Cyassl 1.0.3
Yassl Cyassl 1.5.4
Yassl Cyassl 0.9.0
Yassl Cyassl 0.2.0
Yassl Cyassl 0.9.6
312
VMScore
CVE-2016-0599
Unspecified vulnerability in Oracle MySQL 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Optimizer.
Oracle Mysql 5.7.9
312
VMScore
CVE-2016-0601
Unspecified vulnerability in Oracle MySQL 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Partition.
Oracle Mysql 5.7.9
356
VMScore
CVE-2015-4905
Unspecified vulnerability in Oracle MySQL Server 5.6.23 and previous versions allows remote authenticated users to affect availability via vectors related to Server : DML.
Oracle Mysql
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27802
template injection
CVE-2024-0044
code injection
CVE-2024-35474
CVE-2024-27857
CVE-2024-23251
CVE-2024-23692
physical
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
NEXT »