Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
botan project vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2018-9860
An issue exists in Botan 1.11.32 up to and including 2.x prior to 2.6.0. An off-by-one error when processing malformed TLS-CBC ciphertext could cause the receiving side to include in the HMAC computation exactly 64K bytes of data following the record buffer, aka an over-read. The...
Botan Project Botan
7.5
CVSSv3
CVE-2016-6879
The X509_Certificate::allowed_usage function in botan 1.11.x prior to 1.11.31 might allow malicious users to have unspecified impact by leveraging a call with more than one Key_Usage set in the enum value.
Botan Project Botan 1.11.12
Botan Project Botan 1.11.13
Botan Project Botan 1.11.14
Botan Project Botan 1.11.15
Botan Project Botan 1.11.16
Botan Project Botan 1.11.29
Botan Project Botan 1.11.30
Botan Project Botan 1.11.4
Botan Project Botan 1.11.5
Botan Project Botan 1.11.6
Botan Project Botan 1.11.7
Botan Project Botan 1.11.21
Botan Project Botan 1.11.22
Botan Project Botan 1.11.23
Botan Project Botan 1.11.24
Botan Project Botan 1.11.1
Botan Project Botan 1.11.3
Botan Project Botan 1.11.8
Botan Project Botan 1.11.10
Botan Project Botan 1.11.17
Botan Project Botan 1.11.19
Botan Project Botan 1.11.26
7.5
CVSSv3
CVE-2015-7824
botan 1.11.x prior to 1.11.22 makes it easier for remote malicious users to decrypt TLS ciphertext data via a padding-oracle attack against TLS CBC ciphersuites.
Botan Project Botan
7.5
CVSSv3
CVE-2015-7825
botan prior to 1.11.22 improperly validates certificate paths, which allows remote malicious users to cause a denial of service (infinite loop and memory consumption) via a certificate with a loop in the certificate chain.
Botan Project Botan
7.5
CVSSv3
CVE-2015-5727
The BER decoder in Botan 1.10.x prior to 1.10.10 and 1.11.x prior to 1.11.19 allows remote malicious users to cause a denial of service (memory consumption) via unspecified vectors, related to a length field.
Botan Project Botan 1.11.16
Botan Project Botan 1.11.14
Botan Project Botan 1.11.7
Botan Project Botan 1.11.5
Botan Project Botan 1.11.0
Botan Project Botan 1.10.8
Botan Project Botan 1.10.1
Botan Project Botan 1.11.13
Botan Project Botan 1.11.12
Botan Project Botan 1.11.11
Botan Project Botan 1.11.10
Botan Project Botan 1.11.9
Botan Project Botan 1.10.6
Botan Project Botan 1.10.5
Botan Project Botan 1.10.4
Botan Project Botan 1.10.3
Botan Project Botan 1.11.18
Botan Project Botan 1.11.4
Botan Project Botan 1.11.3
Botan Project Botan 1.11.2
Botan Project Botan 1.11.1
Botan Project Botan 1.11.17
7.5
CVSSv3
CVE-2014-9742
The Miller-Rabin primality check in Botan prior to 1.10.8 and 1.11.x prior to 1.11.9 improperly uses a single random base, which makes it easier for remote malicious users to defeat cryptographic protection mechanisms via a DH group.
Botan Project Botan 1.11.7
Botan Project Botan 1.11.0
Botan Project Botan 1.11.5
Botan Project Botan 1.11.4
Botan Project Botan 1.11.3
Botan Project Botan 1.11.2
Botan Project Botan 1.11.8
Botan Project Botan 1.11.6
Botan Project Botan 1.11.1
Botan Project Botan
7.5
CVSSv3
CVE-2016-2194
The ressol function in Botan prior to 1.10.11 and 1.11.x prior to 1.11.27 allows remote malicious users to cause a denial of service (infinite loop) via unspecified input to the OS2ECP function, related to a composite modulus.
Debian Debian Linux 8.0
Botan Project Botan 1.11.21
Botan Project Botan 1.11.20
Botan Project Botan 1.11.12
Botan Project Botan 1.11.11
Botan Project Botan 1.11.4
Botan Project Botan 1.11.3
Botan Project Botan 1.11.23
Botan Project Botan 1.11.22
Botan Project Botan 1.11.15
Botan Project Botan 1.11.14
Botan Project Botan 1.11.13
Botan Project Botan 1.11.6
Botan Project Botan 1.11.5
Botan Project Botan 1.11.26
Botan Project Botan 1.11.19
Botan Project Botan 1.11.18
Botan Project Botan 1.11.10
Botan Project Botan 1.11.9
Botan Project Botan 1.11.2
Botan Project Botan 1.11.1
Botan Project Botan 1.11.25
7.5
CVSSv3
CVE-2016-2849
Botan prior to 1.10.13 and 1.11.x prior to 1.11.29 do not use a constant-time algorithm to perform a modular inverse on the signature nonce k, which might allow remote malicious users to obtain ECDSA secret keys via a timing side-channel attack.
Debian Debian Linux 8.0
Fedoraproject Fedora 24
Botan Project Botan 1.11.22
Botan Project Botan 1.11.21
Botan Project Botan 1.11.14
Botan Project Botan 1.11.13
Botan Project Botan 1.11.12
Botan Project Botan 1.11.5
Botan Project Botan 1.11.4
Botan Project Botan 1.11.26
Botan Project Botan 1.11.25
Botan Project Botan 1.11.18
Botan Project Botan 1.11.17
Botan Project Botan 1.11.9
Botan Project Botan 1.11.8
Botan Project Botan 1.11.1
Botan Project Botan 1.11.0
Botan Project Botan 1.11.28
Botan Project Botan 1.11.27
Botan Project Botan 1.11.20
Botan Project Botan 1.11.19
Botan Project Botan 1.11.11
7.5
CVSSv3
CVE-2016-2850
Botan 1.11.x prior to 1.11.29 does not enforce TLS policy for (1) signature algorithms and (2) ECC curves, which allows remote malicious users to conduct downgrade attacks via unspecified vectors.
Fedoraproject Fedora 24
Botan Project Botan 1.11.25
Botan Project Botan 1.11.24
Botan Project Botan 1.11.17
Botan Project Botan 1.11.16
Botan Project Botan 1.11.15
Botan Project Botan 1.11.8
Botan Project Botan 1.11.7
Botan Project Botan 1.11.0
Botan Project Botan 1.11.28
Botan Project Botan 1.11.21
Botan Project Botan 1.11.20
Botan Project Botan 1.11.12
Botan Project Botan 1.11.11
Botan Project Botan 1.11.4
Botan Project Botan 1.11.3
Botan Project Botan 1.11.23
Botan Project Botan 1.11.22
Botan Project Botan 1.11.14
Botan Project Botan 1.11.13
Botan Project Botan 1.11.6
Botan Project Botan 1.11.5
7.5
CVSSv3
CVE-2015-7827
Botan prior to 1.10.13 and 1.11.x prior to 1.11.22 make it easier for remote malicious users to conduct million-message attacks by measuring time differences, related to decoding of PKCS#1 padding.
Fedoraproject Fedora 24
Botan Project Botan 1.11.20
Botan Project Botan 1.11.15
Botan Project Botan 1.11.13
Botan Project Botan 1.11.6
Botan Project Botan 1.11.4
Botan Project Botan 1.11.11
Botan Project Botan 1.11.10
Botan Project Botan 1.11.9
Botan Project Botan 1.11.8
Botan Project Botan 1.11.19
Botan Project Botan 1.11.18
Botan Project Botan 1.11.17
Botan Project Botan 1.11.16
Botan Project Botan 1.11.2
Botan Project Botan 1.11.1
Botan Project Botan 1.11.0
Botan Project Botan
Botan Project Botan 1.11.21
Botan Project Botan 1.11.14
Botan Project Botan 1.11.12
Botan Project Botan 1.11.7
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »