Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
axtls vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2019-8981
tls1.c in Cameron Hamilton-Rich axTLS prior to 2.1.5 has a Buffer Overflow via a crafted sequence of TLS packets because the need_bytes value is mismanaged.
Axtls Project Axtls
5.9
CVSSv3
CVE-2018-16150
In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS#1 v1.5 signature verification does not reject excess data after the hash value. Consequently, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation...
Axtls Project Axtls
5.9
CVSSv3
CVE-2018-16253
In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS#1 v1.5 signature verification does not properly verify the ASN.1 metadata. Consequently, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation thro...
Axtls Project Axtls
7.5
CVSSv3
CVE-2019-10013
The asn1_signature function in asn1.c in Cameron Hamilton-Rich axTLS up to and including 2.1.5 has a Buffer Overflow that allows remote malicious users to cause a denial of service (memory and CPU consumption) via a crafted certificate in the TLS certificate handshake message, be...
Axtls Project Axtls
7.5
CVSSv3
CVE-2019-9689
process_certificate in tls1.c in Cameron Hamilton-Rich axTLS up to and including 2.1.5 has a Buffer Overflow via a crafted TLS certificate handshake message with zero certificates.
Axtls Project Axtls
5.9
CVSSv3
CVE-2018-16149
In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS#1 v1.5 signature verification blindly trusts the declared lengths in the ASN.1 structure. Consequently, when small public exponents are being used, a remote attacker can generate purposefully crafted signatures...
Axtls Project Axtls
5.3
CVSSv3
CVE-2017-1000416
axTLS version 1.5.3 has a coding error in the ASN.1 parser resulting in the year (19)50 of UTCTime being misinterpreted as 2050.
Axtls Project Axtls 1.5.3
5.5
CVSSv3
CVE-2023-33613
axTLS v2.1.5 exists to contain a heap buffer overflow in the bi_import function in axtls-code/crypto/bigint.c. This vulnerability allows malicious users to cause a Denial of Service (DoS) when parsing a private key.
Axtls Project Axtls 2.1.5
NA
CVE-2014-0139
cURL and libcurl 7.1 prior to 7.36.0, when using the OpenSSL, axtls, qsossl or gskit libraries for TLS, recognize a wildcard IP address in the subject's Common Name (CN) field of an X.509 certificate, which might allow man-in-the-middle malicious users to spoof arbitrary SSL...
Haxx Curl 7.12.0
Haxx Curl 7.12.1
Haxx Curl 7.15.0
Haxx Curl 7.15.1
Haxx Curl 7.16.2
Haxx Curl 7.16.3
Haxx Curl 7.19.0
Haxx Curl 7.19.1
Haxx Curl 7.20.1
Haxx Curl 7.21.0
Haxx Curl 7.21.7
Haxx Curl 7.22.0
Haxx Curl 7.28.0
Haxx Curl 7.28.1
Haxx Libcurl 7.10.7
Haxx Curl 7.10.8
Haxx Curl 7.11.0
Haxx Curl 7.13.0
Haxx Curl 7.13.1
Haxx Curl 7.13.2
Haxx Curl 7.15.4
Haxx Curl 7.15.5
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675
CVE-2024-3400
CVE-2024-23557
mass assignment
CVE-2023-1389
local file inclusion
CVE-2024-32596
file upload
CVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started