Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openssl openssl vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2008-1672
OpenSSL 0.9.8f and 0.9.8g allows remote malicious users to cause a denial of service (crash) via a TLS handshake that omits the Server Key Exchange message and uses "particular cipher suites," which triggers a NULL pointer dereference.
Openssl Openssl 0.9.8f
Openssl Openssl 0.9.8g
Canonical Ubuntu Linux 8.04
NA
CVE-2003-0147
OpenSSL does not use RSA blinding by default, which allows local and remote malicious users to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different inte...
Openpkg Openpkg 1.2
Openssl Openssl 0.9.6
Openssl Openssl 0.9.6h
Openssl Openssl 0.9.6i
Openssl Openssl 0.9.7
Stunnel Stunnel 3.15
Stunnel Stunnel 3.16
Stunnel Stunnel 3.7
Stunnel Stunnel 3.8
Openssl Openssl 0.9.6c
Openssl Openssl 0.9.6d
Stunnel Stunnel 3.11
Stunnel Stunnel 3.12
Stunnel Stunnel 3.19
Stunnel Stunnel 3.20
Stunnel Stunnel 4.01
Stunnel Stunnel 4.02
Openpkg Openpkg
Openpkg Openpkg 1.1
Openssl Openssl 0.9.6e
Openssl Openssl 0.9.6g
Stunnel Stunnel 3.13
5.3
CVSSv3
CVE-2023-5678
Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_generate_key() to generate an X9.42 DH key may experience long delays. Likewise, applications...
Openssl Openssl
1 Github repository
7.8
CVSSv3
CVE-2023-4807
Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications on the Windows 64 platform when running on newer X86_64 processors supporting the AVX512-IFMA instructions. Impact summary: If in an a...
Openssl Openssl
7.5
CVSSv3
CVE-2022-3358
OpenSSL supports creating a custom cipher via the legacy EVP_CIPHER_meth_new() function and associated function calls. This function was deprecated in OpenSSL 3.0 and application authors are instead encouraged to use the new provider mechanism in order to implement custom ciphers...
Openssl Openssl
NA
CVE-1999-0428
OpenSSL and SSLeay allow remote malicious users to reuse SSL sessions and bypass access controls.
Openssl Openssl
NA
CVE-2009-1377
The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and previous versions 0.9.8 versions allows remote malicious users to cause a denial of service (memory consumption) via a large series of "future epoch" DTLS records that are buffered in a queue, aka &q...
Openssl Openssl
NA
CVE-2007-3108
The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and previous versions does not properly perform Montgomery multiplication, which might allow local users to conduct a side-channel attack and retrieve RSA private keys.
Openssl Openssl
7.5
CVSSv3
CVE-2023-0217
An invalid pointer dereference on read can be triggered when an application tries to check a malformed DSA public key by the EVP_PKEY_public_check() function. This will most likely lead to an application crash. This function can be called on public keys supplied from untrusted so...
Openssl Openssl
7.5
CVSSv3
CVE-2023-0464
A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers e...
Openssl Openssl
2 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »