Exposición de OpenSSL
Web server extensions169
score de exposición
71.969
sitios usan
0
en explotación
8
críticos
CVEs
152 resultadosCVE-2025-66199MEDIUMTLS 1.3 CompressedCertificate excessive memory allocationEPSS 0.4%CVE-2026-41681HIGHrust-openssl: MdCtxRef::digest_final() writes past caller buffer with no length checkEPSS 0.4%CVE-2026-7383HIGHPossible Heap Buffer Overflow in ASN.1 Multibyte String ConversionEPSS 0.4%CVE-2026-9265CRITICALCrypt::OpenSSL::PKCS12 versions before 1.96 for Perl permits a heap OOB read in print_attribute UTF8STRING pathEPSS 0.4%CVE-2026-42768LOWMulti-RecipientInfo Bleichenbacher Oracle in CMS_decrypt() and PKCS7_decrypt()EPSS 0.4%CVE-2026-42767MEDIUMNULL Pointer Dereference in CRMF EncryptedValue DecryptionEPSS 0.3%CVE-2026-45445HIGHAES-OCB IV Ignored on EVP_Cipher() PathEPSS 0.3%CVE-2023-53159MEDIUMThe openssl crate before 0.10.55 for Rust allows an out-of-bounds read via an empty string to X509VerifyParamRef::set_host.EPSS 0.3%CVE-2026-28386CRITICALOut-of-bounds Read in AES-CFB-128 on X86-64 with AVX-512 SupportEPSS 0.3%CVE-2026-41676HIGHrust-openssl: Deriver::derive and PkeyCtxRef::derive can overflow short buffers on OpenSSL 1.1.1EPSS 0.3%CVE-2026-9076HIGHOut-of-Bounds Read in CMS Password-Based DecryptionEPSS 0.3%CVE-2024-9355MEDIUMGolang-fips: golang fips zeroed bufferEPSS 0.3%CVE-2026-41678HIGHrust-openssl: Incorrect bounds assertion in aes key wrapEPSS 0.3%CVE-2025-4575MEDIUMThe x509 application adds trusted use instead of rejected useEPSS 0.3%CVE-2026-41677LOWrust-openssl: Out-of-bounds read in PEM password callback when user callback returns an oversized lengthEPSS 0.3%CVE-2026-42769MEDIUMTrust-Anchor Substitution via cert/issuer Typo in CMP rootCaKeyUpdateEPSS 0.3%CVE-2026-42770LOWFFC-DH Peer Validation Uses Attacker-Supplied qEPSS 0.3%CVE-2026-35188MEDIUMDouble-free When Checking OCSP Stapled ResponseEPSS 0.2%CVE-2026-27448LOWpyOpenSSL allows TLS connection bypass via unhandled callback exception in set_tlsext_servername_callbackEPSS 0.2%CVE-2026-34182CRITICALCMS AuthEnvelopedData Processing May Accept Forged MessagesEPSS 0.2%
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →