Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

1492 matches found

Cvelist
Cvelistadded 2024/03/27 7:56 a.m.25 views

CVE-2024-2379 QUIC certificate check bypass with wolfSSL

libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems...

6.6AI score0.01709EPSS
Exploits1References11
Debian CVE
Debian CVEadded 2024/03/27 7:56 a.m.54 views

CVE-2024-2379

libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems...

6.3CVSS6.2AI score0.01709EPSS
Exploits1
UbuntuCve
UbuntuCveadded 2024/03/27 7:0 a.m.39 views

CVE-2024-2379

libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems...

6.3CVSS6.8AI score0.01709EPSS
Exploits1References2
BDU FSTEC
BDU FSTECadded 2024/03/27 12:0 a.m.4 views

The vulnerability of the SSL/TLS SSLwolf library, related to information disclosure due to incompatibilities, allows attackers to decrypt encrypted texts and forge signatures.

The vulnerability of the SSL/TLS SSL/TLS library wolfSSL is related to the disclosure of information due to incompatibility. Exploiting this vulnerability allows a malicious actor to decrypt encrypted texts except for the server’s secret key and forge signatures...

5.9CVSS6.2AI score0.00539EPSS
Exploits0References4Affected Software1
CNNVD
CNNVDadded 2024/03/27 12:0 a.m.2 views

Curl 安全漏洞

Curl is a tool for transferring data from or to a server. A security vulnerability exists in Curl versions 8.6.0 through 8.6.0 that stems from the fact that libcurl skips certificate validation for QUIC connections under certain conditions when using WolfSSL...

6.3CVSS6.6AI score0.01709EPSS
Exploits1References6
CNVD
CNVDadded 2024/03/27 12:0 a.m.5 views

wolfSSL Array Index Validation Error Vulnerability

wolfSSL CyaSSL is the United States wolfSSL company for embedded systems developers to use a small, portable embedded SSL programming library. An array index validation error vulnerability exists in wolfSSL version 5.6.3, which stems from failure to properly handle incoming error messages, and ca...

7.5CVSS6.5AI score0.00694EPSS
Exploits1References1
Snyk
Snykadded 2024/03/25 11:39 p.m.2 views

Improper Validation of Array Index

Overview Affected versions of this package are vulnerable to Improper Validation of Array Index when sending a malformed packet with the correct length. An attacker can crash the system or cause an out of bounds read by exploiting this vulnerability. Remediation Upgrade wolfssl to version 5.7.0 o...

9.1CVSS6.9AI score0.00694EPSS
Exploits1References2
CNNVD
CNNVDadded 2024/03/25 12:0 a.m.4 views

wolfSSL 安全漏洞

wolfSSL CyaSSL is the United States wolfSSL company for embedded systems developers to use a small, portable embedded SSL programming library. An array index validation error vulnerability exists in wolfSSL version 5.6.3, which stems from failure to properly handle incoming error messages, and ca...

9.1CVSS6.8AI score0.00694EPSS
Exploits1References3
CNVD
CNVDadded 2024/03/14 12:0 a.m.4 views

Unspecified vulnerability in wolfSSL (CNVD-2024-37452)

wolfSSL CyaSSL is the United States wolfSSL company for embedded systems developers to use a small, portable embedded SSL programming library. A security vulnerability exists in wolfSSL versions prior to 5.6.6, which can be exploited by an attacker to trigger a 5-byte buffer out-of-bounds read...

9.1CVSS6.8AI score0.006EPSS
Exploits0References1
Hacker One
Hacker Oneadded 2024/03/10 9:32 p.m.72 views

curl: CVE-2024-2379: QUIC certificate check bypass with wolfSSL

The vulnerability in vquic-tls.c in the curlwsslinitctx function allowed for a certificate check bypass when using the WolfSSL backend. The error handling was not properly implemented, resulting in a potential bypass of the certificate verification requirements...

6.3CVSS6.5AI score0.01709EPSS
Exploits1
Positive Technologies
Positive Technologiesadded 2024/03/10 12:0 a.m.3 views

PT-2024-2654

Name of the Vulnerable Software and Affected Versions libcurl versions affected versions not specified Description The issue is related to libcurl skipping certificate verification for a QUIC connection under certain conditions when built to use wolfSSL. If an unknown or bad cipher or curve is...

8.1CVSS7.2AI score0.02927EPSS
Exploits1References320
CNVD
CNVDadded 2024/02/28 12:0 a.m.11 views

wolfSSL Input Validation Error Vulnerability

wolfSSL CyaSSL is the United States wolfSSL company for embedded systems developers to use a small, portable embedded SSL programming library. An input validation error vulnerability exists in WolfSSL versions prior to 5.6.6, which stems from a failure to check if a message crosses a key boundary...

5.3CVSS6.5AI score0.00513EPSS
Exploits0References1
CNVD
CNVDadded 2024/02/28 12:0 a.m.7 views

Unspecified vulnerability in wolfSSL (CNVD-2024-37453)

wolfSSL CyaSSL is the United States wolfSSL company for embedded systems developers to use a small, portable embedded SSL programming library. WolfSSL has a security vulnerability that can be exploited by attackers to decrypt ciphertexts and forge signatures after extensive test observations...

5.9CVSS6.7AI score0.00539EPSS
Exploits0References1
Snyk
Snykadded 2024/02/20 10:45 p.m.2 views

Buffer Over-read

Overview Affected versions of this package are vulnerable to Buffer Over-read when callback functions are enabled through the optional WOLFSSLCALLBACKS flag. An attacker can read 5 bytes from the heap via malicious TLS 1.3 connection. Remediation Upgrade wolfssl to version 5.6.6 or higher...

9.1CVSS7AI score0.006EPSS
Exploits0References2
NVD
NVDadded 2024/02/20 10:15 p.m.9 views

CVE-2023-6936

In wolfSSL prior to 5.6.6, if callback functions are enabled via the WOLFSSLCALLBACKS flag, then a malicious TLS client or network attacker can trigger a buffer over-read on the heap of 5 bytes WOLFSSLCALLBACKS is only intended for debugging...

9.1CVSS5.4AI score0.006EPSS
Exploits0References2
OSV
OSVadded 2024/02/20 10:15 p.m.2 views

DEBIAN-CVE-2023-6936

In wolfSSL prior to 5.6.6, if callback functions are enabled via the WOLFSSLCALLBACKS flag, then a malicious TLS client or network attacker can trigger a buffer over-read on the heap of 5 bytes WOLFSSLCALLBACKS is only intended for debugging...

9.1CVSS6AI score0.006EPSS
Exploits0References1
OSV
OSVadded 2024/02/20 10:15 p.m.6 views

CVE-2023-6936

In wolfSSL prior to 5.6.6, if callback functions are enabled via the WOLFSSLCALLBACKS flag, then a malicious TLS client or network attacker can trigger a buffer over-read on the heap of 5 bytes WOLFSSLCALLBACKS is only intended for debugging...

9.1CVSS6.9AI score
Exploits0References2
OSV
OSVadded 2024/02/20 10:15 p.m.0 views

UBUNTU-CVE-2023-6936

In wolfSSL prior to 5.6.6, if callback functions are enabled via the WOLFSSLCALLBACKS flag, then a malicious TLS client or network attacker can trigger a buffer over-read on the heap of 5 bytes WOLFSSLCALLBACKS is only intended for debugging...

9.1CVSS6AI score0.006EPSS
Exploits0References3
UbuntuCve
UbuntuCveadded 2024/02/20 10:15 p.m.21 views

CVE-2023-6936

In wolfSSL prior to 5.6.6, if callback functions are enabled via the WOLFSSLCALLBACKS flag, then a malicious TLS client or network attacker can trigger a buffer over-read on the heap of 5 bytes WOLFSSLCALLBACKS is only intended for debugging...

9.1CVSS6.3AI score0.006EPSS
Exploits0References2
Prion
Prionadded 2024/02/20 10:15 p.m.22 views

Heap overflow

In wolfSSL prior to 5.6.6, if callback functions are enabled via the WOLFSSLCALLBACKS flag, then a malicious TLS client or network attacker can trigger a buffer over-read on the heap of 5 bytes WOLFSSLCALLBACKS is only intended for debugging...

5CVSS7.3AI score0.006EPSS
Exploits0References2
Rows per page
Query Builder