Skip to main content

OpenSSL

436 CVEs product

Monthly

CVE-2023-5678 MEDIUM PATCH This Month

Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service OpenSSL
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-46724 HIGH PATCH This Week

Squid is a caching proxy for the Web. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

OpenSSL Buffer Overflow Information Disclosure Denial Of Service Squid
NVD GitHub
CVSS 3.1
7.5
EPSS
4.0%
CVE-2023-5363 HIGH PATCH This Week

Issue summary: A bug has been identified in the processing of key and initialisation vector (IV) lengths. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure OpenSSL Debian Linux H300s Firmware H410s Firmware +3
NVD
CVSS 3.1
7.5
EPSS
4.9%
CVE-2023-5422 CRITICAL Act Now

The functions to fetch e-mail via POP3 or IMAP as well as sending e-mail via SMTP use OpenSSL for static SSL or TLS based communication. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

OpenSSL Information Disclosure Otrs
NVD
CVSS 3.1
9.1
EPSS
0.3%
CVE-2023-4807 HIGH PATCH This Week

Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications on the Windows 64 platform when running on newer. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

OpenSSL Denial Of Service Microsoft
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2023-39441 PyPI MEDIUM PATCH This Month

Apache Airflow SMTP Provider before 1.3.0, Apache Airflow IMAP Provider before 3.3.0, and Apache Airflow before 2.7.0 are affected by the Validation of OpenSSL Certificate vulnerability. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Apache OpenSSL Information Disclosure Airflow Apache Airflow Providers Imap +1
NVD GitHub
CVSS 3.1
5.9
EPSS
0.6%
CVE-2023-3817 MEDIUM PATCH This Month

Issue summary: Checking excessively long DH keys or parameters may be very slow. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

OpenSSL Denial Of Service
NVD
CVSS 3.1
5.3
EPSS
2.6%
CVE-2023-28133 HIGH This Week

Local privilege escalation in Check Point Endpoint Security Client (version E87.30) via crafted OpenSSL configuration file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation OpenSSL Checkpoint Endpoint Security
NVD
CVSS 3.1
7.8
EPSS
5.7%
CVE-2023-3446 MEDIUM PATCH This Month

Issue summary: Checking excessively long DH keys or parameters may be very slow. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

OpenSSL Denial Of Service
NVD
CVSS 3.1
5.3
EPSS
5.5%
CVE-2023-2975 MEDIUM PATCH This Month

Issue summary: The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries which are unauthenticated as a consequence. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

OpenSSL Denial Of Service Management Services For Element Software And Netapp Hci Ontap Select Deploy Administration Utility
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-30586 HIGH This Week

A privilege escalation vulnerability exists in Node.js 20 that allowed loading arbitrary OpenSSL engines when the experimental permission model is enabled, which can bypass and/or disable the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Node.js OpenSSL Authentication Bypass Node Js
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-35784 CRITICAL PATCH Act Now

A double free or use after free could occur after SSL_clear in OpenBSD 7.2 before errata 026 and 7.3 before errata 004, and in LibreSSL before 3.6.3 and 3.7.x before 3.7.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

OpenSSL Denial Of Service Libressl Openbsd
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-2650 MEDIUM PATCH This Month

Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

OpenSSL Canonical Denial Of Service Debian Linux
NVD
CVSS 3.1
6.5
EPSS
75.1%
CVE-2023-1255 MEDIUM PATCH This Month

Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM platform contains a bug that could cause it to read past the input buffer, leading to a crash. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure OpenSSL
NVD
CVSS 3.1
5.9
EPSS
1.0%
CVE-2023-0466 MEDIUM PATCH This Month

The function X509_VERIFY_PARAM_add0_policy() is documented to implicitly enable the certificate policy check when doing certificate verification. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

OpenSSL Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
1.6%
CVE-2023-0465 MEDIUM PATCH This Month

Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

OpenSSL Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
1.6%
CVE-2023-0464 HIGH PATCH This Week

A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

OpenSSL Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
3.7%
CVE-2023-26490 HIGH POC This Week

mailcow is a dockerized email package, with multiple containers linked in one bridged network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

OpenSSL Command Injection Docker Mailcow
NVD GitHub
CVSS 3.1
8.8
EPSS
2.2%
CVE-2023-23919 HIGH POC PATCH This Week

A cryptographic vulnerability exists in Node.js <19.2.0, <18.14.1, <16.19.1, <14.21.3 that in some cases did does not clear the OpenSSL error stack after operations that may set it. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Node.js OpenSSL Denial Of Service Node Js
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2023-0401 Cargo HIGH PATCH This Week

A NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service OpenSSL Null Pointer Dereference Stormshield Management Center
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2023-0286 LIB HIGH PATCH This Week

There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Memory Corruption OpenSSL Denial Of Service Stormshield Management Center Stormshield Network Security
NVD
CVSS 3.1
7.4
EPSS
59.5%
CVE-2023-0217 Cargo HIGH PATCH This Week

An invalid pointer dereference on read can be triggered when an application tries to check a malformed DSA public key by the EVP_PKEY_public_check() function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service OpenSSL Null Pointer Dereference
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2023-0216 Cargo HIGH PATCH This Week

An invalid pointer dereference on read can be triggered when an application tries to load malformed PKCS7 data with the d2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service OpenSSL Null Pointer Dereference Stormshield Management Center
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2023-0215 Cargo HIGH PATCH This Week

The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free OpenSSL Denial Of Service Memory Corruption Stormshield Management Center
NVD
CVSS 3.1
7.5
EPSS
4.5%
CVE-2022-0517 HIGH This Week

Mozilla VPN can load an OpenSSL configuration file from an unsecured directory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Mozilla File Upload OpenSSL Vpn
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-3996 Cargo HIGH PATCH This Week

If an X.509 certificate contains a malformed policy constraint and policy processing is enabled, then a write lock will be taken twice recursively. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Denial Of Service OpenSSL
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-3786 Cargo HIGH POC PATCH THREAT Act Now

A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 20.6%.

Denial Of Service Buffer Overflow OpenSSL Fedora Node Js
NVD VulDB
CVSS 3.1
7.5
EPSS
20.6%
CVE-2022-3602 Cargo HIGH PATCH Act Now

A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 83.2%.

RCE Denial Of Service OpenSSL Buffer Overflow Memory Corruption +3
NVD VulDB
CVSS 3.1
7.5
EPSS
83.2%
Threat
4.0
CVE-2022-3358 Cargo HIGH POC PATCH This Week

OpenSSL supports creating a custom cipher via the legacy EVP_CIPHER_meth_new() function and associated function calls. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference OpenSSL Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
2.8%
CVE-2022-34900 HIGH This Week

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access 6.5.3 (39313) Agent. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE OpenSSL Parallels Access
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-32223 HIGH PATCH This Week

Node.js is vulnerable to Hijack Execution Flow: DLL Hijacking under certain conditions on Windows platforms.This vulnerability can be exploited if the victim has the following dependencies on a. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Microsoft OpenSSL Node.js Information Disclosure Node Js
NVD
CVSS 3.1
7.3
EPSS
1.7%
CVE-2022-32222 MEDIUM POC This Month

A cryptographic vulnerability exists on Node.js on linux in versions of 18.x prior to 18.40.0 which allowed a default path for openssl.cnf that might be accessible under some circumstances to a. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

OpenSSL Node.js Information Disclosure Node Js Sinec Ins
NVD
CVSS 3.1
5.3
EPSS
2.0%
CVE-2022-2097 Cargo MEDIUM PATCH This Month

AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

OpenSSL Information Disclosure Fedora Active Iq Unified Manager Clustered Data Ontap Antivirus Connector +7
NVD
CVSS 3.1
5.3
EPSS
4.4%
CVE-2022-2274 Cargo CRITICAL POC PATCH THREAT Act Now

The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE OpenSSL Buffer Overflow Snapcenter +5
NVD GitHub
CVSS 3.1
9.8
EPSS
44.9%
CVE-2022-31085 MEDIUM PATCH This Month

LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP OpenSSL Information Disclosure Ldap Account Manager Debian Linux
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2022-2068 HIGH PATCH This Week

In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection OpenSSL Debian Linux Fedora Sinec Ins +24
NVD
CVSS 3.1
7.3
EPSS
96.3%
CVE-2022-32253 HIGH PATCH This Week

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

OpenSSL Information Disclosure Sinema Remote Connect Server
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-25153 HIGH This Week

The ITarian Endpoint Manage Communication Client, prior to version 6.43.41148.21120, is compiled using insecure OpenSSL settings. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation OpenSSL Endpoint Manager Communication Client
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-29242 HIGH PATCH This Week

GOST engine is a reference implementation of the Russian GOST crypto algorithms for OpenSSL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

OpenSSL Buffer Overflow Gost Engine
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2022-1473 Cargo HIGH PATCH This Week

The OPENSSL_LH_flush() function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service OpenSSL Active Iq Unified Manager Clustered Data Ontap Clustered Data Ontap Antivirus Connector +22
NVD
CVSS 3.1
7.5
EPSS
2.4%
CVE-2022-1434 Cargo MEDIUM PATCH This Month

The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

OpenSSL Information Disclosure Active Iq Unified Manager Clustered Data Ontap Clustered Data Ontap Antivirus Connector +22
NVD
CVSS 3.1
5.9
EPSS
1.0%
CVE-2022-1343 Cargo MEDIUM PATCH This Month

The function `OCSP_basic_verify` verifies the signer certificate on an OCSP response. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

OpenSSL Information Disclosure Active Iq Unified Manager Clustered Data Ontap Clustered Data Ontap Antivirus Connector +22
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2022-1292 HIGH This Week

The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Command Injection OpenSSL Brownfield Connectivity Gateway Debian Linux Active Iq Unified Manager +31
NVD
CVSS 3.1
7.3
EPSS
83.2%
CVE-2022-28198 MEDIUM This Month

NVIDIA Omniverse Nucleus and Cache contain a vulnerability in its configuration of OpenSSL, where an attacker with physical access to the system can cause arbitrary code execution which can impact. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Nvidia OpenSSL Omniverse Cache Omniverse Nucleus
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2022-29505 HIGH This Week

Due to build misconfiguration in openssl dependency, LINE for Windows before 7.8 is vulnerable to DLL injection that could lead to privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Microsoft OpenSSL Line
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-0778 Cargo HIGH POC PATCH CISA Act Now

The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service OpenSSL Debian Linux Cloud Volumes Ontap Mediator Clustered Data Ontap +9
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
7.8%
Threat
5.2
CVE-2022-25219 HIGH POC This Week

A null byte interaction error has been discovered in the code that the telnetd_startup daemon uses to construct a pair of ephemeral passwords that allow a user to spawn a telnet service on the. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft OpenSSL Information Disclosure K2 Firmware K3 Firmware +3
NVD
CVSS 3.1
8.4
EPSS
0.8%
CVE-2022-25218 HIGH POC This Week

The use of the RSA algorithm without OAEP, or any other padding scheme, in telnetd_startup, allows an unauthenticated attacker on the local area network to achieve a significant degree of control. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Microsoft OpenSSL Information Disclosure K2 Firmware K3 Firmware +3
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2022-21656 MEDIUM PATCH This Month

Envoy is an open source edge and service proxy, designed for cloud-native applications. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass OpenSSL Envoy
NVD GitHub
CVSS 3.1
5.9
EPSS
0.8%
CVE-2021-44273 HIGH POC PATCH This Week

e2guardian v5.4.x <= v5.4.3r is affected by missing SSL certificate validation in the SSL MITM engine. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

OpenSSL Information Disclosure E2Guardian
NVD GitHub
CVSS 3.1
7.4
EPSS
1.0%
CVE-2021-4044 Cargo HIGH PATCH This Week

Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

OpenSSL Denial Of Service Cloud Backup E Series Performance Analyzer Ontap Select Deploy Administration Utility +12
NVD
CVSS 3.1
7.5
EPSS
50.1%
CVE-2021-32592 HIGH This Week

An unsafe search path vulnerability in FortiClientWindows 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x and FortiClientEMS 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x may allow an attacker to perform a DLL Hijack. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

OpenSSL Information Disclosure Forticlient Forticlient Enterprise Management Server
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-41079 Maven HIGH PATCH This Week

Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly validate incoming TLS packets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tomcat Apache OpenSSL Denial Of Service Debian Linux +1
NVD
CVSS 3.1
7.5
EPSS
7.2%
CVE-2021-34581 HIGH This Week

Missing Release of Resource after Effective Lifetime vulnerability in OpenSSL implementation of WAGO 750-831/xxx-xxx, 750-880/xxx-xxx, 750-881, 750-889 in versions FW4 up to FW15 allows an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

OpenSSL Information Disclosure 750 880 040 000 Firmware 750 880 025 002 Firmware 750 880 025 001 Firmware +6
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-3712 Cargo HIGH PATCH CISA GHSA Act Now

ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Denial Of Service Buffer Overflow OpenSSL
NVD VulDB
CVSS 3.1
7.4
EPSS
0.4%
CVE-2021-3711 Cargo CRITICAL PATCH Act Now

In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow OpenSSL Debian Linux Active Iq Unified Manager Clustered Data Ontap +27
NVD
CVSS 3.1
9.8
EPSS
87.8%
CVE-2021-25699 HIGH This Week

The OpenSSL component of the Teradici PCoIP Software Client prior to version 21.07.0 was compiled without the no-autoload-config option, which allowed an attacker to elevate to the privileges of the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

OpenSSL Information Disclosure Pcoip Client
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-25698 HIGH This Week

The OpenSSL component of the Teradici PCoIP Standard Agent prior to version 21.07.0 was compiled without the no-autoload-config option, which allowed an attacker to elevate to the privileges of the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

OpenSSL Information Disclosure Pcoip Standard Agent
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-3613 HIGH This Week

OpenVPN Connect 3.2.0 through 3.3.0 allows local users to load arbitrary dynamic loadable libraries via an OpenSSL configuration file if present, which allows the user to run arbitrary code with the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE OpenSSL Connect
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2021-3606 HIGH This Week

OpenVPN before version 2.5.3 on Windows allows local users to load arbitrary dynamic loadable libraries via an OpenSSL configuration file if present, which allows the user to run arbitrary code with. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft OpenSSL RCE Openvpn
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-21999 HIGH PATCH This Week

VMware Tools for Windows (11.x.y prior to 11.2.6), VMware Remote Console for Windows (12.x prior to 12.0.1) , VMware App Volumes (2.x prior to 2.18.10 and 4 prior to 2103) contain a local privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Microsoft OpenSSL VMware App Volumes +2
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2021-22901 HIGH POC PATCH THREAT This Week

curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Use After Free OpenSSL Memory Corruption RCE Curl +25
NVD GitHub
CVSS 3.1
8.1
EPSS
60.1%
CVE-2021-3423 HIGH This Week

Uncontrolled Search Path Element vulnerability in the openssl component as used in Bitdefender GravityZone Business Security allows an attacker to load a third party DLL to elevate. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

OpenSSL Information Disclosure Gravityzone Business Security
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-32489 MEDIUM POC This Month

An issue was discovered in the _send_secure_msg() function of Yubico yubihsm-shell through 2.0.3. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Buffer Overflow Integer Overflow OpenSSL Yubihsm Shell
NVD
CVSS 3.1
4.4
EPSS
0.9%
CVE-2021-3446 MEDIUM PATCH This Month

A flaw was found in libtpms in versions before 0.8.2. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

OpenSSL Information Disclosure Libtpms Enterprise Linux Fedora
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-3450 Cargo HIGH PATCH This Week

The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required.

OpenSSL Authentication Bypass Freebsd Santricity Smi S Provider Firmware Storagegrid Firmware +29
NVD
CVSS 3.1
7.4
EPSS
18.3%
CVE-2021-3449 Cargo MEDIUM PATCH This Month

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference OpenSSL Denial Of Service Debian Linux Freebsd +103
NVD
CVSS 3.1
5.9
EPSS
62.9%
CVE-2021-23841 Cargo MEDIUM PATCH This Month

The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference OpenSSL Denial Of Service Debian Linux Nessus Network Monitor +20
NVD
CVSS 3.1
5.9
EPSS
7.5%
CVE-2021-23840 Cargo HIGH PATCH This Week

Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

OpenSSL Integer Overflow Denial Of Service Debian Linux Log Correlation Engine +18
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2021-23839 LOW PATCH Monitor

OpenSSL 1.0.2 supports SSLv2. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

OpenSSL Information Disclosure Business Intelligence Enterprise Manager For Storage Management Enterprise Manager Ops Center +4
NVD
CVSS 3.1
3.7
EPSS
3.0%
CVE-2021-26530 CRITICAL POC Act Now

The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0 (compiled with OpenSSL support) is vulnerable to remote OOB write attack via connection request after exhausting memory pool. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow OpenSSL Memory Corruption Mongoose
NVD GitHub
CVSS 3.1
9.1
EPSS
1.5%
CVE-2020-10143 HIGH This Week

Macrium Reflect includes an OpenSSL component that specifies an OPENSSLDIR variable as C:\openssl\. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE OpenSSL Microsoft Authentication Bypass Reflect
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2020-1971 MEDIUM PATCH This Month

The X.509 GeneralName type is a generic type for representing different types of names. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

OpenSSL Denial Of Service Null Pointer Dereference Debian Linux Fedora +41
NVD VulDB
CVSS 3.1
5.9
EPSS
0.3%
CVE-2020-5992 HIGH PATCH This Week

NVIDIA GeForce NOW application software on Windows, all versions prior to 2.0.25.119, contains a vulnerability in its open-source software dependency in which the OpenSSL library is vulnerable to. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE OpenSSL Nvidia Microsoft Geforce Now
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-10139 HIGH This Week

Acronis True Image 2021 includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\jenkins_agent\. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE OpenSSL Microsoft Authentication Bypass True Image
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-10138 HIGH This Week

Acronis Cyber Backup 12.5 and Cyber Protect 15 include an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\jenkins_agent\. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE OpenSSL Microsoft Authentication Bypass Cyber Backup +1
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-25644 Maven HIGH PATCH This Week

A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

OpenSSL Denial Of Service Wildfly Openssl Data Grid Jboss Data Grid +7
NVD GitHub
CVSS 3.1
7.5
EPSS
2.2%
CVE-2020-1968 LOW PATCH Monitor

The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman (DH) based. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

OpenSSL Information Disclosure Ubuntu Linux Debian Linux Jd Edwards World Security +11
NVD
CVSS 3.1
3.7
EPSS
1.0%
CVE-2020-24714 PyPI CRITICAL POC PATCH Act Now

The Scalyr Agent before 2.1.10 has Missing SSL Certificate Validation because, in some circumstances, the openssl binary is called without the -verify_hostname option. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

OpenSSL Information Disclosure Scalyr Agent
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2020-8224 HIGH POC This Week

A code injection in Nextcloud Desktop Client 2.6.4 allowed to load arbitrary code when placing a malicious OpenSSL config into a fixed directory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Nextcloud Code Injection OpenSSL Desktop
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2020-13962 HIGH POC PATCH This Week

Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

OpenSSL Denial Of Service Mumble Qt Fedora +1
NVD GitHub
CVSS 3.1
7.5
EPSS
3.0%
CVE-2020-13417 CRITICAL POC Act Now

An Elevation of Privilege issue was discovered in Aviatrix VPN Client before 2.10.7, because of an incomplete fix for CVE-2020-7224. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure OpenSSL Microsoft Apple Controller +2
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2020-1967 Cargo HIGH POC PATCH THREAT This Week

Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service OpenSSL Debian Linux Freebsd +23
NVD GitHub
CVSS 3.1
7.5
EPSS
53.3%
CVE-2020-11876 HIGH POC This Week

airhost.exe in Zoom Client for Meetings 4.6.11 uses the SHA-256 hash of 0123425234234fsdfsdr3242 for initialization of an OpenSSL EVP AES-256 CBC context. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

OpenSSL Information Disclosure Meetings
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2020-7224 CRITICAL Act Now

The Aviatrix OpenVPN client through 2.5.7 on Linux, macOS, and Windows is vulnerable when OpenSSL parameters are altered from the issued value set; the parameters could allow unauthorized third-party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

OpenSSL Microsoft Authentication Bypass Apple Openvpn
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2020-9434 CRITICAL PATCH Act Now

openssl_x509_check_ip_asc in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses lua_pushboolean for certain non-boolean return values. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

OpenSSL Information Disclosure Lua Openssl
NVD GitHub
CVSS 3.1
9.1
EPSS
0.8%
CVE-2020-9433 CRITICAL PATCH Act Now

openssl_x509_check_email in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses lua_pushboolean for certain non-boolean return values. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

OpenSSL Information Disclosure Lua Openssl
NVD GitHub
CVSS 3.1
9.1
EPSS
0.8%
CVE-2020-9432 CRITICAL PATCH Act Now

openssl_x509_check_host in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses lua_pushboolean for certain non-boolean return values. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

OpenSSL Information Disclosure Lua Openssl
NVD GitHub
CVSS 3.1
9.1
EPSS
0.8%
CVE-2020-7043 CRITICAL PATCH Act Now

An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL before 1.0.2. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

OpenSSL Information Disclosure Openfortivpn Fedora Backports Sle +1
NVD GitHub
CVSS 3.1
9.1
EPSS
2.4%
CVE-2020-7042 MEDIUM PATCH This Month

An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

OpenSSL Information Disclosure Openfortivpn Fedora Backports Sle +1
NVD GitHub
CVSS 3.1
5.3
EPSS
1.5%
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service OpenSSL
NVD
EPSS 4% CVSS 7.5
HIGH PATCH This Week

Squid is a caching proxy for the Web. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

OpenSSL Buffer Overflow Information Disclosure +2
NVD GitHub
EPSS 5% CVSS 7.5
HIGH PATCH This Week

Issue summary: A bug has been identified in the processing of key and initialisation vector (IV) lengths. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure OpenSSL Debian Linux +5
NVD
EPSS 0% CVSS 9.1
CRITICAL Act Now

The functions to fetch e-mail via POP3 or IMAP as well as sending e-mail via SMTP use OpenSSL for static SSL or TLS based communication. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

OpenSSL Information Disclosure Otrs
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications on the Windows 64 platform when running on newer. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

OpenSSL Denial Of Service Microsoft
NVD
EPSS 1% CVSS 5.9
MEDIUM PATCH This Month

Apache Airflow SMTP Provider before 1.3.0, Apache Airflow IMAP Provider before 3.3.0, and Apache Airflow before 2.7.0 are affected by the Validation of OpenSSL Certificate vulnerability. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Apache OpenSSL Information Disclosure +3
NVD GitHub
EPSS 3% CVSS 5.3
MEDIUM PATCH This Month

Issue summary: Checking excessively long DH keys or parameters may be very slow. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

OpenSSL Denial Of Service
NVD
EPSS 6% CVSS 7.8
HIGH This Week

Local privilege escalation in Check Point Endpoint Security Client (version E87.30) via crafted OpenSSL configuration file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation OpenSSL Checkpoint +1
NVD
EPSS 6% CVSS 5.3
MEDIUM PATCH This Month

Issue summary: Checking excessively long DH keys or parameters may be very slow. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

OpenSSL Denial Of Service
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Issue summary: The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries which are unauthenticated as a consequence. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

OpenSSL Denial Of Service Management Services For Element Software And Netapp Hci +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A privilege escalation vulnerability exists in Node.js 20 that allowed loading arbitrary OpenSSL engines when the experimental permission model is enabled, which can bypass and/or disable the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Node.js OpenSSL +2
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

A double free or use after free could occur after SSL_clear in OpenBSD 7.2 before errata 026 and 7.3 before errata 004, and in LibreSSL before 3.6.3 and 3.7.x before 3.7.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

OpenSSL Denial Of Service Libressl +1
NVD GitHub
EPSS 75% CVSS 6.5
MEDIUM PATCH This Month

Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

OpenSSL Canonical Denial Of Service +1
NVD
EPSS 1% CVSS 5.9
MEDIUM PATCH This Month

Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM platform contains a bug that could cause it to read past the input buffer, leading to a crash. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure OpenSSL
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

The function X509_VERIFY_PARAM_add0_policy() is documented to implicitly enable the certificate policy check when doing certificate verification. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

OpenSSL Information Disclosure
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

OpenSSL Information Disclosure
NVD
EPSS 4% CVSS 7.5
HIGH PATCH This Week

A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

OpenSSL Information Disclosure
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

mailcow is a dockerized email package, with multiple containers linked in one bridged network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

OpenSSL Command Injection Docker +1
NVD GitHub
EPSS 2% CVSS 7.5
HIGH POC PATCH This Week

A cryptographic vulnerability exists in Node.js <19.2.0, <18.14.1, <16.19.1, <14.21.3 that in some cases did does not clear the OpenSSL error stack after operations that may set it. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Node.js OpenSSL Denial Of Service +1
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

A NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service OpenSSL Null Pointer Dereference +1
NVD
EPSS 60% CVSS 7.4
HIGH PATCH This Week

There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Memory Corruption OpenSSL Denial Of Service +2
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

An invalid pointer dereference on read can be triggered when an application tries to check a malformed DSA public key by the EVP_PKEY_public_check() function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service OpenSSL Null Pointer Dereference
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

An invalid pointer dereference on read can be triggered when an application tries to load malformed PKCS7 data with the d2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service OpenSSL Null Pointer Dereference +1
NVD
EPSS 4% CVSS 7.5
HIGH PATCH This Week

The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free OpenSSL Denial Of Service +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Mozilla VPN can load an OpenSSL configuration file from an unsecured directory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Mozilla File Upload +2
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

If an X.509 certificate contains a malformed policy constraint and policy processing is enabled, then a write lock will be taken twice recursively. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Denial Of Service OpenSSL
NVD GitHub
EPSS 21% CVSS 7.5
HIGH POC PATCH THREAT Act Now

A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 20.6%.

Denial Of Service Buffer Overflow OpenSSL +2
NVD VulDB
EPSS 83% 4.0 CVSS 7.5
HIGH PATCH Act Now

A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 83.2%.

RCE Denial Of Service OpenSSL +5
NVD VulDB
EPSS 3% CVSS 7.5
HIGH POC PATCH This Week

OpenSSL supports creating a custom cipher via the legacy EVP_CIPHER_meth_new() function and associated function calls. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference OpenSSL Denial Of Service
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access 6.5.3 (39313) Agent. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE OpenSSL Parallels Access
NVD
EPSS 2% CVSS 7.3
HIGH PATCH This Week

Node.js is vulnerable to Hijack Execution Flow: DLL Hijacking under certain conditions on Windows platforms.This vulnerability can be exploited if the victim has the following dependencies on a. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Microsoft OpenSSL Node.js +2
NVD
EPSS 2% CVSS 5.3
MEDIUM POC This Month

A cryptographic vulnerability exists on Node.js on linux in versions of 18.x prior to 18.40.0 which allowed a default path for openssl.cnf that might be accessible under some circumstances to a. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

OpenSSL Node.js Information Disclosure +2
NVD
EPSS 4% CVSS 5.3
MEDIUM PATCH This Month

AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

OpenSSL Information Disclosure Fedora +9
NVD
EPSS 45% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE OpenSSL +7
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP OpenSSL Information Disclosure +2
NVD GitHub
EPSS 96% CVSS 7.3
HIGH PATCH This Week

In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection OpenSSL Debian Linux +26
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

OpenSSL Information Disclosure Sinema Remote Connect Server
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The ITarian Endpoint Manage Communication Client, prior to version 6.43.41148.21120, is compiled using insecure OpenSSL settings. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation OpenSSL Endpoint Manager Communication Client
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

GOST engine is a reference implementation of the Russian GOST crypto algorithms for OpenSSL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

OpenSSL Buffer Overflow Gost Engine
NVD GitHub
EPSS 2% CVSS 7.5
HIGH PATCH This Week

The OPENSSL_LH_flush() function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service OpenSSL Active Iq Unified Manager +24
NVD
EPSS 1% CVSS 5.9
MEDIUM PATCH This Month

The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

OpenSSL Information Disclosure Active Iq Unified Manager +24
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

The function `OCSP_basic_verify` verifies the signer certificate on an OCSP response. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

OpenSSL Information Disclosure Active Iq Unified Manager +24
NVD
EPSS 83% CVSS 7.3
HIGH This Week

The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Command Injection OpenSSL Brownfield Connectivity Gateway +33
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

NVIDIA Omniverse Nucleus and Cache contain a vulnerability in its configuration of OpenSSL, where an attacker with physical access to the system can cause arbitrary code execution which can impact. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Nvidia OpenSSL +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Due to build misconfiguration in openssl dependency, LINE for Windows before 7.8 is vulnerable to DLL injection that could lead to privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Microsoft OpenSSL +1
NVD
EPSS 8% 5.2 CVSS 7.5
HIGH POC PATCH Act Now

The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service OpenSSL Debian Linux +11
NVD GitHub VulDB
EPSS 1% CVSS 8.4
HIGH POC This Week

A null byte interaction error has been discovered in the code that the telnetd_startup daemon uses to construct a pair of ephemeral passwords that allow a user to spawn a telnet service on the. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft OpenSSL Information Disclosure +5
NVD
EPSS 1% CVSS 8.1
HIGH POC This Week

The use of the RSA algorithm without OAEP, or any other padding scheme, in telnetd_startup, allows an unauthenticated attacker on the local area network to achieve a significant degree of control. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Microsoft OpenSSL Information Disclosure +5
NVD
EPSS 1% CVSS 5.9
MEDIUM PATCH This Month

Envoy is an open source edge and service proxy, designed for cloud-native applications. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass OpenSSL Envoy
NVD GitHub
EPSS 1% CVSS 7.4
HIGH POC PATCH This Week

e2guardian v5.4.x <= v5.4.3r is affected by missing SSL certificate validation in the SSL MITM engine. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

OpenSSL Information Disclosure E2Guardian
NVD GitHub
EPSS 50% CVSS 7.5
HIGH PATCH This Week

Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

OpenSSL Denial Of Service Cloud Backup +14
NVD
EPSS 0% CVSS 7.8
HIGH This Week

An unsafe search path vulnerability in FortiClientWindows 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x and FortiClientEMS 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x may allow an attacker to perform a DLL Hijack. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

OpenSSL Information Disclosure Forticlient +1
NVD
EPSS 7% CVSS 7.5
HIGH PATCH This Week

Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly validate incoming TLS packets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tomcat Apache OpenSSL +3
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Missing Release of Resource after Effective Lifetime vulnerability in OpenSSL implementation of WAGO 750-831/xxx-xxx, 750-880/xxx-xxx, 750-881, 750-889 in versions FW4 up to FW15 allows an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

OpenSSL Information Disclosure 750 880 040 000 Firmware +8
NVD
EPSS 0% CVSS 7.4
HIGH PATCH Act Now

ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Denial Of Service Buffer Overflow +1
NVD VulDB
EPSS 88% CVSS 9.8
CRITICAL PATCH Act Now

In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow OpenSSL Debian Linux +29
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The OpenSSL component of the Teradici PCoIP Software Client prior to version 21.07.0 was compiled without the no-autoload-config option, which allowed an attacker to elevate to the privileges of the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

OpenSSL Information Disclosure Pcoip Client
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The OpenSSL component of the Teradici PCoIP Standard Agent prior to version 21.07.0 was compiled without the no-autoload-config option, which allowed an attacker to elevate to the privileges of the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

OpenSSL Information Disclosure Pcoip Standard Agent
NVD
EPSS 1% CVSS 7.8
HIGH This Week

OpenVPN Connect 3.2.0 through 3.3.0 allows local users to load arbitrary dynamic loadable libraries via an OpenSSL configuration file if present, which allows the user to run arbitrary code with the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE OpenSSL Connect
NVD
EPSS 0% CVSS 7.8
HIGH This Week

OpenVPN before version 2.5.3 on Windows allows local users to load arbitrary dynamic loadable libraries via an OpenSSL configuration file if present, which allows the user to run arbitrary code with. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft OpenSSL RCE +1
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

VMware Tools for Windows (11.x.y prior to 11.2.6), VMware Remote Console for Windows (12.x prior to 12.0.1) , VMware App Volumes (2.x prior to 2.18.10 and 4 prior to 2103) contain a local privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Microsoft OpenSSL +4
NVD
EPSS 60% CVSS 8.1
HIGH POC PATCH THREAT This Week

curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Use After Free OpenSSL Memory Corruption +27
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

Uncontrolled Search Path Element vulnerability in the openssl component as used in Bitdefender GravityZone Business Security allows an attacker to load a third party DLL to elevate. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

OpenSSL Information Disclosure Gravityzone Business Security
NVD
EPSS 1% CVSS 4.4
MEDIUM POC This Month

An issue was discovered in the _send_secure_msg() function of Yubico yubihsm-shell through 2.0.3. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Buffer Overflow Integer Overflow OpenSSL +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A flaw was found in libtpms in versions before 0.8.2. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

OpenSSL Information Disclosure Libtpms +2
NVD
EPSS 18% CVSS 7.4
HIGH PATCH This Week

The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required.

OpenSSL Authentication Bypass Freebsd +31
NVD
EPSS 63% CVSS 5.9
MEDIUM PATCH This Month

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference OpenSSL Denial Of Service +105
NVD
EPSS 7% CVSS 5.9
MEDIUM PATCH This Month

The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference OpenSSL Denial Of Service +22
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

OpenSSL Integer Overflow Denial Of Service +20
NVD
EPSS 3% CVSS 3.7
LOW PATCH Monitor

OpenSSL 1.0.2 supports SSLv2. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

OpenSSL Information Disclosure Business Intelligence +6
NVD
EPSS 1% CVSS 9.1
CRITICAL POC Act Now

The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0 (compiled with OpenSSL support) is vulnerable to remote OOB write attack via connection request after exhausting memory pool. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow OpenSSL Memory Corruption +1
NVD GitHub
EPSS 1% CVSS 7.8
HIGH This Week

Macrium Reflect includes an OpenSSL component that specifies an OPENSSLDIR variable as C:\openssl\. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE OpenSSL Microsoft +2
NVD
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

The X.509 GeneralName type is a generic type for representing different types of names. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

OpenSSL Denial Of Service Null Pointer Dereference +43
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

NVIDIA GeForce NOW application software on Windows, all versions prior to 2.0.25.119, contains a vulnerability in its open-source software dependency in which the OpenSSL library is vulnerable to. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE OpenSSL Nvidia +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Acronis True Image 2021 includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\jenkins_agent\. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE OpenSSL Microsoft +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Acronis Cyber Backup 12.5 and Cyber Protect 15 include an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\jenkins_agent\. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE OpenSSL Microsoft +3
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

OpenSSL Denial Of Service Wildfly Openssl +9
NVD GitHub
EPSS 1% CVSS 3.7
LOW PATCH Monitor

The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman (DH) based. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

OpenSSL Information Disclosure Ubuntu Linux +13
NVD
EPSS 1% CVSS 9.8
CRITICAL POC PATCH Act Now

The Scalyr Agent before 2.1.10 has Missing SSL Certificate Validation because, in some circumstances, the openssl binary is called without the -verify_hostname option. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

OpenSSL Information Disclosure Scalyr Agent
NVD
EPSS 1% CVSS 7.8
HIGH POC This Week

A code injection in Nextcloud Desktop Client 2.6.4 allowed to load arbitrary code when placing a malicious OpenSSL config into a fixed directory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Nextcloud Code Injection +2
NVD
EPSS 3% CVSS 7.5
HIGH POC PATCH This Week

Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

OpenSSL Denial Of Service Mumble +3
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

An Elevation of Privilege issue was discovered in Aviatrix VPN Client before 2.10.7, because of an incomplete fix for CVE-2020-7224. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure OpenSSL Microsoft +4
NVD
EPSS 53% CVSS 7.5
HIGH POC PATCH THREAT This Week

Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service OpenSSL +25
NVD GitHub
EPSS 2% CVSS 7.5
HIGH POC This Week

airhost.exe in Zoom Client for Meetings 4.6.11 uses the SHA-256 hash of 0123425234234fsdfsdr3242 for initialization of an OpenSSL EVP AES-256 CBC context. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

OpenSSL Information Disclosure Meetings
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

The Aviatrix OpenVPN client through 2.5.7 on Linux, macOS, and Windows is vulnerable when OpenSSL parameters are altered from the issued value set; the parameters could allow unauthorized third-party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

OpenSSL Microsoft Authentication Bypass +2
NVD
EPSS 1% CVSS 9.1
CRITICAL PATCH Act Now

openssl_x509_check_ip_asc in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses lua_pushboolean for certain non-boolean return values. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

OpenSSL Information Disclosure Lua Openssl
NVD GitHub
EPSS 1% CVSS 9.1
CRITICAL PATCH Act Now

openssl_x509_check_email in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses lua_pushboolean for certain non-boolean return values. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

OpenSSL Information Disclosure Lua Openssl
NVD GitHub
EPSS 1% CVSS 9.1
CRITICAL PATCH Act Now

openssl_x509_check_host in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses lua_pushboolean for certain non-boolean return values. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

OpenSSL Information Disclosure Lua Openssl
NVD GitHub
EPSS 2% CVSS 9.1
CRITICAL PATCH Act Now

An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL before 1.0.2. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

OpenSSL Information Disclosure Openfortivpn +3
NVD GitHub
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

OpenSSL Information Disclosure Openfortivpn +3
NVD GitHub
Prev Page 3 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy