CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

273 matches found

OSV•added 2022/12/22 12:33 p.m.•8 views

OPENSUSE-SU-2022:10247-1 Security update for mbedtls

This update for mbedtls fixes the following issues: - CVE-2022-35409: Fixed buffer overread in DTLS ClientHello parsing boo1201581...

9.1CVSS9.3AI score0.01831EPSS

Exploits1References4

OSV•added 2022/07/15 2:15 p.m.•3 views

ALPINE-CVE-2022-35409

An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0. In some configurations, an unauthenticated attacker can send an invalid ClientHello message to a DTLS server that causes a heap-based buffer over-read of up to 255 bytes. This can cause a server crash or possibly information...

9.1CVSS7AI score0.01831EPSS

Exploits1References1

Prion•added 2022/07/15 2:15 p.m.•17 views

Heap overflow

6.4CVSS9.1AI score0.01831EPSS

Exploits1References3Affected Software2

OSV•added 2022/07/15 2:15 p.m.•1 views

UBUNTU-CVE-2022-35409

9.1CVSS7.3AI score0.01831EPSS

Exploits1References12

IBM Security Bulletins•added 2021/12/15 6:4 p.m.•91 views

Security Bulletin: Vulnerabilities in OpenSSL including ClientHello DoS affect Multiple N series Products

Summary OpenSSL vulnerabilities were disclosed on March 19, 2015 by the OpenSSL Project. This includes OpenSSL ClientHello sigalgs DoS CVE-2015-0291. OpenSSL is used by Multiple N series Products. Multiple N series Products have addressed the applicable CVEs. Vulnerability Details CVEID:...

7.5CVSS1.2AI score0.44741EPSS

Exploits1Affected Software1

OpenVAS•added 2021/08/16 12:0 a.m.•22 views

OpenSSL: OCSP Stapling Vulnerability (20110208) - Linux

OpenSSL is prone to an OCSP stapling vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

5CVSS9.1AI score0.09854EPSS

Exploits0References1

Tenable Nessus•added 2021/06/04 12:0 a.m.•29 views

EulerOS Virtualization 2.9.1 : openssl (EulerOS-SA-2021-1960)

According to the version of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2...

5.9CVSS7.6AI score0.62906EPSS

Exploits3References2

RustSec•added 2021/05/01 12:0 p.m.•40 views

NULL pointer deref in signature_algorithms processing

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signaturealgorithms extension where it was present in the initial ClientHello, but includes a signaturealgorithmscert extension then a NU...

5.9CVSS2.7AI score0.62906EPSS

Exploits3Affected Software1

OpenVAS•added 2021/04/16 12:0 a.m.•24 views

openSUSE: Security Advisory for openssl-1_1 (openSUSE-SU-2021:0476-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

5.9CVSS7.4AI score0.62906EPSS

Exploits3References2

Tenable Nessus•added 2021/04/14 12:0 a.m.•56 views

Oracle Linux 8 : openssl (ELSA-2021-1024)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-1024 advisory. - CVE-2021-3450 openssl: CA certificate check bypass with X509VFLAGX509STRICT Tenable has extracted the preceding description block directly from the...

7.4CVSS7.9AI score0.62906EPSS

Exploits4References3

Tenable Nessus•added 2021/04/09 12:0 a.m.•57 views

Tenable.sc 5.16.0 / 5.17.0 OpenSSL DoS (TNS-2021-06)

According to its self-reported version, the Tenable.sc application installed on the remote host is version 5.16.0 or 5.17.0 and affected by the following OpenSSL denial of service vulnerability: - An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from...

5.9CVSS7.7AI score0.62906EPSS

Exploits3References3

GithubExploit•added 2021/03/26 1:9 a.m.•361 views

Exploit for NULL Pointer Dereference in Openssl

CVE-2021-3449 OpenSSL This issue was reported to OpenSSL on 1...

5.9CVSS7.9AI score0.62906EPSS

Exploits3

OpenVAS•added 2021/03/26 12:0 a.m.•19 views

OpenSSL: DoS Vulnerability (CVE-2021-3449) - Linux

OpenSSL is prone to a denial of service DoS vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; yo...

5.9CVSS6.7AI score0.62906EPSS

Exploits3References1

Veracode•added 2021/03/25 4:28 p.m.•44 views

Denial Of Service (DoS)

openssl is vulnerable to denial of service. A NULL pointer dereference occurs when parsing a malicious renegotiation ClientHello message. This allows an attacker to remotely crash the application...

5.9CVSS5.6AI score0.62906EPSS

Exploits3References36Affected Software9

NVD•added 2021/03/25 3:15 p.m.•19 views

CVE-2021-3449

5.9CVSS0.62906EPSS

Exploits3References29

OSV•added 2021/03/25 3:15 p.m.•3 views

ALPINE-CVE-2021-3449

5.9CVSS6.8AI score0.62906EPSS

Exploits3References1

OSV•added 2021/03/25 2:29 p.m.•3 views

USN-4891-1 openssl vulnerability

It was discovered that OpenSSL incorrectly handled certain renegotiation ClientHello messages. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service...

5.9CVSS7AI score0.62906EPSS

Exploits3References2