Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openssl openssl vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2008-1672
OpenSSL 0.9.8f and 0.9.8g allows remote malicious users to cause a denial of service (crash) via a TLS handshake that omits the Server Key Exchange message and uses "particular cipher suites," which triggers a NULL pointer dereference.
Openssl Openssl 0.9.8g
Openssl Openssl 0.9.8f
Canonical Ubuntu Linux 8.04
NA
CVE-2003-0147
OpenSSL does not use RSA blinding by default, which allows local and remote malicious users to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different inte...
Stunnel Stunnel 4.02
Openssl Openssl 0.9.6i
Stunnel Stunnel 3.7
Openssl Openssl 0.9.6d
Openssl Openssl 0.9.6
Openssl Openssl 0.9.6a
Stunnel Stunnel 3.14
Stunnel Stunnel 3.22
Stunnel Stunnel 3.18
Stunnel Stunnel 3.20
Stunnel Stunnel 4.04
Stunnel Stunnel 3.15
Openpkg Openpkg 1.1
Stunnel Stunnel 3.11
Stunnel Stunnel 3.8
Stunnel Stunnel 3.21
Openssl Openssl 0.9.6e
Openssl Openssl 0.9.7
Openssl Openssl 0.9.6b
Stunnel Stunnel 3.13
Openssl Openssl 0.9.6g
Stunnel Stunnel 3.17
NA
CVE-2002-0655
OpenSSL 0.9.6d and previous versions, and 0.9.7-beta2 and previous versions, does not properly handle ASCII representations of integers on 64 bit platforms, which could allow malicious users to cause a denial of service and possibly execute arbitrary code.
Oracle Http Server 9.0.1
Oracle Corporate Time Outlook Connector 3.1
Oracle Corporate Time Outlook Connector 3.1.2
Openssl Openssl 0.9.3
Openssl Openssl 0.9.7
Oracle Application Server
Openssl Openssl 0.9.6d
Openssl Openssl 0.9.1c
Openssl Openssl 0.9.6
Openssl Openssl 0.9.6a
Openssl Openssl 0.9.4
Oracle Http Server 9.2.0
Openssl Openssl 0.9.5a
Oracle Corporate Time Outlook Connector 3.3
Openssl Openssl 0.9.6b
Oracle Application Server 1.0.2.1s
Openssl Openssl 0.9.6c
Oracle Application Server 1.0.2.2
Oracle Corporate Time Outlook Connector 3.1.1
Openssl Openssl 0.9.2b
Openssl Openssl 0.9.5
Oracle Application Server 1.0.2
NA
CVE-2002-0659
The ASN1 library in OpenSSL 0.9.6d and previous versions, and 0.9.7-beta2 and previous versions, allows remote malicious users to cause a denial of service via invalid encodings.
Oracle Http Server 9.0.1
Oracle Corporate Time Outlook Connector 3.1
Oracle Corporate Time Outlook Connector 3.1.2
Openssl Openssl 0.9.3
Openssl Openssl 0.9.7
Oracle Application Server
Openssl Openssl 0.9.6d
Openssl Openssl 0.9.1c
Openssl Openssl 0.9.6
Openssl Openssl 0.9.6a
Openssl Openssl 0.9.4
Oracle Http Server 9.2.0
Openssl Openssl 0.9.5a
Oracle Corporate Time Outlook Connector 3.3
Openssl Openssl 0.9.6b
Oracle Application Server 1.0.2.1s
Openssl Openssl 0.9.6c
Oracle Application Server 1.0.2.2
Oracle Corporate Time Outlook Connector 3.1.1
Openssl Openssl 0.9.2b
Openssl Openssl 0.9.5
Oracle Application Server 1.0.2
1 EDB exploit
NA
CVE-2002-0656
Buffer overflows in OpenSSL 0.9.6d and previous versions, and 0.9.7-beta2 and previous versions, allow remote malicious users to execute arbitrary code via (1) a large client master key in SSL2 or (2) a large session ID in SSL3.
Oracle Http Server 9.0.1
Oracle Corporate Time Outlook Connector 3.1
Oracle Corporate Time Outlook Connector 3.1.2
Openssl Openssl 0.9.3
Openssl Openssl 0.9.7
Oracle Application Server
Openssl Openssl 0.9.6d
Openssl Openssl 0.9.1c
Openssl Openssl 0.9.6
Openssl Openssl 0.9.6a
Openssl Openssl 0.9.4
Oracle Http Server 9.2.0
Openssl Openssl 0.9.5a
Oracle Corporate Time Outlook Connector 3.3
Openssl Openssl 0.9.6b
Oracle Application Server 1.0.2.1s
Openssl Openssl 0.9.6c
Oracle Application Server 1.0.2.2
Oracle Corporate Time Outlook Connector 3.1.1
Openssl Openssl 0.9.2b
Openssl Openssl 0.9.5
Oracle Application Server 1.0.2
1 EDB exploit
7.5
CVSSv3
CVE-2022-3996
If an X.509 certificate contains a malformed policy constraint and policy processing is enabled, then a write lock will be taken twice recursively. On some operating systems (most widely: Windows) this results in a denial of service when the affected process hangs. Policy process...
Openssl Openssl
1 Github repository
5.3
CVSSv3
CVE-2023-5678
Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_generate_key() to generate an X9.42 DH key may experience long delays. Likewise, applications...
Openssl Openssl
1 Github repository
7.5
CVSSv3
CVE-2023-0217
An invalid pointer dereference on read can be triggered when an application tries to check a malformed DSA public key by the EVP_PKEY_public_check() function. This will most likely lead to an application crash. This function can be called on public keys supplied from untrusted so...
Openssl Openssl
7.4
CVSSv3
CVE-2019-1543
ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value (IV) should be 96 bits (12 bytes). OpenSSL allows a variable nonce length and front pads the nonce with 0 bytes if it is less than 12 byt...
Openssl Openssl
14 Github repositories
5.3
CVSSv3
CVE-2019-1549
OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in ...
Openssl Openssl
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27802
template injection
CVE-2024-0044
code injection
CVE-2024-35474
CVE-2024-27857
CVE-2024-23251
CVE-2024-23692
physical
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »