Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openssl openssl vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2015-7036
The fts3_tokenizer function in SQLite, as used in Apple iOS prior to 8.4 and OS X prior to 10.10.4, allows remote malicious users to execute arbitrary code or cause a denial of service (application crash) via a SQL command that triggers an API call with a crafted pointer value in...
Apple Mac Os X
Apple Iphone Os
1 Article
668
VMScore
CVE-2014-3512
Multiple buffer overflows in crypto/srp/srp_lib.c in the SRP implementation in OpenSSL 1.0.1 prior to 1.0.1i allow remote malicious users to cause a denial of service (application crash) or possibly have unspecified other impact via an invalid SRP (1) g, (2) A, or (3) B parameter...
Openssl Openssl 1.0.1
Openssl Openssl 1.0.0c
Openssl Openssl 1.0.0i
Openssl Openssl 1.0.0
Openssl Openssl 1.0.1h
Openssl Openssl 1.0.0m
Openssl Openssl 1.0.1c
Openssl Openssl 1.0.1g
Openssl Openssl 1.0.0h
Openssl Openssl 1.0.0e
Openssl Openssl 1.0.0f
Openssl Openssl 1.0.0d
Openssl Openssl 1.0.0j
Openssl Openssl 1.0.1a
Openssl Openssl 1.0.1d
Openssl Openssl 1.0.0k
Openssl Openssl 1.0.1b
Openssl Openssl 1.0.1e
Openssl Openssl 1.0.1f
Openssl Openssl 1.0.0l
Openssl Openssl 1.0.0a
Openssl Openssl 1.0.0b
668
VMScore
CVE-2013-7373
Android prior to 4.4 does not properly arrange for seeding of the OpenSSL PRNG, which makes it easier for malicious users to defeat cryptographic protection mechanisms by leveraging use of the PRNG within multiple applications.
Google Android 1.0
Google Android 1.1
Google Android 1.5
Google Android 1.6
Google Android 2.3.4
Google Android 2.3.5
Google Android 2.3.6
Google Android 2.3.7
Google Android 4.1.2
Google Android 4.2
Google Android 4.2.1
Google Android 4.2.2
Google Android 2.0
Google Android 2.1
Google Android 2.3
Google Android 2.3.2
Google Android 3.1
Google Android 3.2.1
Google Android 4.0.1
Google Android 4.0.3
Google Android 4.1
Google Android 4.3
668
VMScore
CVE-2013-1655
Puppet 2.7.x prior to 2.7.21 and 3.1.x prior to 3.1.1, when running Ruby 1.9.3 or later, allows remote malicious users to execute arbitrary code via vectors related to "serialized attributes."
Puppetlabs Puppet 2.7.20
Puppetlabs Puppet 2.7.1
Puppetlabs Puppet 2.7.0
Puppet Puppet 2.7.16
Puppet Puppet 2.7.3
Puppet Puppet 2.7.11
Puppet Puppet 2.7.2
Puppet Puppet 2.7.13
Puppet Puppet 2.7.8
Puppet Puppet 2.7.10
Puppet Puppet Enterprise 3.1.0
Puppet Puppet 2.7.18
Puppet Puppet 2.7.17
Puppet Puppet 2.7.9
Puppet Puppet 2.7.4
Puppetlabs Puppet 2.7.19
Puppet Puppet 2.7.6
Puppet Puppet 2.7.7
Puppet Puppet 2.7.5
Puppet Puppet 2.7.14
Puppet Puppet 2.7.12
668
VMScore
CVE-2012-2388
The GMP Plugin in strongSwan 4.2.0 up to and including 4.6.3 allows remote malicious users to bypass authentication via a (1) empty or (2) zeroed RSA signature, aka "RSA signature verification vulnerability."
Strongswan Strongswan 4.2.16
Strongswan Strongswan 4.2.9
Strongswan Strongswan 4.2.6
Strongswan Strongswan 4.2.15
Strongswan Strongswan 4.2.1
Strongswan Strongswan 4.3.2
Strongswan Strongswan 4.6.0
Strongswan Strongswan 4.6.1
Strongswan Strongswan 4.4.1
Strongswan Strongswan 4.2.11
Strongswan Strongswan 4.2.10
Strongswan Strongswan 4.2.5
Strongswan Strongswan 4.2.0
Strongswan Strongswan 4.3.5
Strongswan Strongswan 4.4.0
Strongswan Strongswan 4.5.1
Strongswan Strongswan 4.5.0
Strongswan Strongswan 4.2.13
Strongswan Strongswan 4.2.12
Strongswan Strongswan 4.2.3
Strongswan Strongswan 4.2.4
Strongswan Strongswan 4.3.4
668
VMScore
CVE-2012-0036
curl and libcurl 7.2x prior to 7.24.0 do not properly consider special characters during extraction of a pathname from a URL, which allows remote malicious users to conduct data-injection attacks via a crafted URL, as demonstrated by a CRLF injection attack on the (1) IMAP, (2) P...
Curl Curl 7.21.1
Curl Curl 7.21.2
Curl Curl 7.23.0
Curl Curl 7.23.1
Curl Curl 7.20.1
Curl Curl 7.21.0
Curl Curl 7.21.7
Curl Curl 7.22.0
Curl Curl 7.21.3
Curl Curl 7.21.4
Curl Curl 7.20.0
Curl Curl 7.21.5
Curl Curl 7.21.6
Curl Libcurl 7.21.3
Curl Libcurl 7.21.4
Curl Libcurl 7.21.1
Curl Libcurl 7.21.2
Curl Libcurl 7.23.1
Curl Libcurl 7.20.0
Curl Libcurl 7.21.5
Curl Libcurl 7.21.6
Curl Libcurl 7.21.7
668
VMScore
CVE-2010-4252
OpenSSL prior to 1.0.0c, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote malicious users to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each ro...
Openssl Openssl 0.9.7
Openssl Openssl 0.9.5a
Openssl Openssl 0.9.8b
Openssl Openssl 0.9.7l
Openssl Openssl 0.9.6i
Openssl Openssl 0.9.8m
Openssl Openssl 0.9.3
Openssl Openssl 0.9.8c
Openssl Openssl 0.9.7c
Openssl Openssl 1.0.0
Openssl Openssl 0.9.5
Openssl Openssl 0.9.8n
Openssl Openssl
Openssl Openssl 0.9.8p
Openssl Openssl 0.9.6d
Openssl Openssl 0.9.1c
Openssl Openssl 0.9.6
Openssl Openssl 0.9.7j
Openssl Openssl 0.9.6a
Openssl Openssl 0.9.8e
Openssl Openssl 0.9.4
Openssl Openssl 0.9.8g
668
VMScore
CVE-2010-1378
OpenSSL in Apple Mac OS X 10.6.x prior to 10.6.5 does not properly perform arithmetic, which allows remote malicious users to bypass X.509 certificate authentication via an arbitrary certificate issued by a legitimate Certification Authority.
Apple Mac Os X Server
Apple Mac Os X
668
VMScore
CVE-2010-0742
The Cryptographic Message Syntax (CMS) implementation in crypto/cms/cms_asn1.c in OpenSSL prior to 0.9.8o and 1.x prior to 1.0.0a does not properly handle structures that contain OriginatorInfo, which allows context-dependent malicious users to modify invalid memory locations or ...
Openssl Openssl 0.9.5a
Openssl Openssl 0.9.6a
Openssl Openssl 0.9.6i
Openssl Openssl 0.9.6h
Openssl Openssl 0.9.7
Openssl Openssl 0.9.1c
Openssl Openssl 0.9.8l
Openssl Openssl 0.9.8i
Openssl Openssl 0.9.7i
Openssl Openssl 0.9.7f
Openssl Openssl 0.9.8c
Openssl Openssl 0.9.8b
Openssl Openssl 0.9.5
Openssl Openssl 0.9.6
Openssl Openssl 0.9.6g
Openssl Openssl 0.9.6f
Openssl Openssl 0.9.3
Openssl Openssl 0.9.2b
Openssl Openssl 0.9.7a
Openssl Openssl 0.9.7c
Openssl Openssl 0.9.7h
Openssl Openssl 0.9.7k
668
VMScore
CVE-2009-2417
lib/ssluse.c in cURL and libcurl 7.4 up to and including 7.19.5, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle malicious users to spoo...
Curl Libcurl 7.4
Curl Libcurl 7.4.1
Curl Libcurl 7.7
Curl Libcurl 7.7.1
Curl Libcurl 7.7.2
Curl Libcurl 7.9.3
Curl Libcurl 7.9.5
Curl Libcurl 7.10.3
Curl Libcurl 7.10.4
Curl Libcurl 7.12.0
Curl Libcurl 7.17.0
Curl Libcurl 7.19.2
Curl Libcurl 7.19.3
Curl Libcurl 7.13.1
Curl Libcurl 7.12.3
Libcurl Libcurl 7.15.1
Libcurl Libcurl 7.14
Curl Libcurl 7.15.3
Libcurl Libcurl 7.13
Curl Libcurl 7.4.2
Curl Libcurl 7.5
Curl Libcurl 7.7.3
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »