Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openssl openssl vulnerabilities and exploits
(subscribe to this query)
8.1
CVSSv3
CVE-2016-10931
An issue exists in the openssl crate prior to 0.9.0 for Rust. There is an SSL/TLS man-in-the-middle vulnerability because certificate verification is off by default and there is no API for hostname verification.
Rust-openssl Project Rust-openssl
1 Github repository
8.1
CVSSv3
CVE-2016-9594
curl before version 7.52.1 is vulnerable to an uninitialized random in libcurl's internal function that returns a good 32bit random value. Having a weak or virtually non-existent random value makes the operations that use it vulnerable.
Haxx Curl
8.1
CVSSv3
CVE-2016-4472
The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote malicious users to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete ...
Libexpat Project Libexpat
Canonical Ubuntu Linux 12.04
Mcafee Policy Auditor
Python Python
7.8
CVSSv3
CVE-2023-41840
A untrusted search path vulnerability in Fortinet FortiClientWindows 7.0.9 allows an malicious user to perform a DLL Hijack attack via a malicious OpenSSL engine library in the search path.
Fortinet Forticlient 7.2.0
Fortinet Forticlient 7.2.1
Fortinet Forticlient 7.0.9
7.8
CVSSv3
CVE-2023-4807
Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications on the Windows 64 platform when running on newer X86_64 processors supporting the AVX512-IFMA instructions. Impact summary: If in an a...
Openssl Openssl
7.8
CVSSv3
CVE-2023-28133
Local privilege escalation in Check Point Endpoint Security Client (version E87.30) via crafted OpenSSL configuration file
Checkpoint Endpoint Security E87.30
7.8
CVSSv3
CVE-2022-41141
This vulnerability allows local malicious users to escalate privileges on affected installations of Windscribe. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within th...
Windscribe Windscribe 2.3.16
7.8
CVSSv3
CVE-2022-0517
Mozilla VPN can load an OpenSSL configuration file from an unsecured directory. A user or attacker with limited privileges could leverage this to launch arbitrary code with SYSTEM privilege. This vulnerability affects Mozilla VPN < 2.7.1.
Mozilla Vpn
7.8
CVSSv3
CVE-2022-34900
This vulnerability allows local malicious users to escalate privileges on affected installations of Parallels Access 6.5.3 (39313) Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The spec...
Parallels Parallels Access 6.5.4 \\(39313\\)
7.8
CVSSv3
CVE-2022-25153
The ITarian Endpoint Manage Communication Client, prior to version 6.43.41148.21120, is compiled using insecure OpenSSL settings. Due to this setting, a malicious actor with low privileges access to a system can escalate his privileges to SYSTEM abusing an insecure openssl.conf l...
Itarian Endpoint Manager Communication Client
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »