Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

47 matches found

Veracode
Veracodeadded 2021/02/17 6:9 p.m.32 views

Authorization Bypass

openssl is vulnerable to authorization bypass. The vulnerability exists when a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and more recent SSL and TLS versions then a check is made for a version rollback attack when unpadding an RSA signature. Clients...

3.7CVSS3.2AI score0.02985EPSS
Exploits0References15Affected Software1
OpenVAS
OpenVASadded 2021/02/17 12:0 a.m.23 views

OpenSSL: Incorrect SSLv2 rollback protection (CVE-2021-23839) - Windows

OpenSSL is prone to an incorrect SSLv2 rollback protection vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is fr...

4.3CVSS5.7AI score0.02985EPSS
Exploits0References1
Prion
Prionadded 2021/02/16 5:15 p.m.21 views

Design/Logic Flaw

OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and more recent SSL and TLS versions then a check is made for a version rollback attack when unpadding an RSA signature. Clients that support SSL or TLS versions greater th...

4.3CVSS5.4AI score0.02985EPSS
Exploits0References9Affected Software8
CVE
CVEadded 2021/02/16 4:55 p.m.293 views

CVE-2021-23839

CVE-2021-23839 describes a padding-check logic error in OpenSSL 1.0.2 (affecting 1.0.2s–1.0.2x) where RSA_padding_check_SSLv23() mis-handles SSLv2 rollback protection. The bug causes a server configured for SSLv2 in combination with newer TLS versions to accept connections when a version-rollback...

4.3CVSS5.5AI score0.02985EPSS
Exploits0References10Affected Software1
AlpineLinux
AlpineLinuxadded 2021/02/16 4:55 p.m.51 views

CVE-2021-23839

OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and more recent SSL and TLS versions then a check is made for a version rollback attack when unpadding an RSA signature. Clients that support SSL or TLS versions greater th...

4.3CVSS5.7AI score0.02985EPSS
Exploits0
OpenSSL
OpenSSLadded 2021/02/16 12:0 a.m.78 views

Vulnerability in OpenSSL - Incorrect SSLv2 rollback protection

OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and more recent SSL and TLS versions then a check is made for a version rollback attack when unpadding an RSA signature. Clients that support SSL or TLS versions greater th...

5.6AI score0.02985EPSS
Exploits0Affected Software1
OSV
OSVadded 2005/11/07 12:0 a.m.10 views

DSA-888-1 openssl - cryptographic weakness

Bulletin has no description...

5CVSS5.5AI score0.04866EPSS
Exploits0
Rows per page
Query Builder