cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-12797,https://securityvulnerability.io/vulnerability/CVE-2024-12797,Man-in-the-Middle Vulnerability in OpenSSL Affecting Raw Public Key Authentication,"A vulnerability exists in OpenSSL's implementation of Raw Public Key (RPK) authentication that can lead to undetected server authentication failures. When clients use RPKs to authenticate, they may not recognize that the server has not been properly verified due to improper handshake termination under specific verification modes. This can expose clients to man-in-the-middle attacks if they do not implement additional checks. Though RPKs are disabled by default, enabling them without proper verification can compromise the security of TLS and DTLS connections. Clients can mitigate this by using SSL_get_verify_result() to monitor verification outcomes.",OpenSSL,OpenSSL,6.3,MEDIUM,0.00044999999227002263,false,,true,false,true,2025-02-12T06:53:03.000Z,false,false,false,,2025-02-11T15:59:36.719Z,764
CVE-2024-9143,https://securityvulnerability.io/vulnerability/CVE-2024-9143,Out-of-Bound Memory Reads or Writes in Low-Level GF(2^m) Elliptic Curve APIs,"An issue exists with the low-level GF(2^m) elliptic curve APIs in OpenSSL, where the use of untrusted explicit values for the field polynomial may result in out-of-bounds memory reads or writes. This vulnerability can lead to application crashes and has the potential for remote code execution in specific circumstances. The impact is generally low due to the limited support for 'exotic' curve parameters in typical use cases of Elliptic Curve Cryptography (ECC). Most protocols leveraging ECC rely on named curves or X9.62 encoded binary curves that negate the possibility of invalid input values. The affected APIs, including EC_GROUP_new_curve_GF2m() and EC_GROUP_new_from_params(), are particularly relevant for applications manipulating 'exotic' binary curve parameters that could instantiate invalid field polynomials. However, the FIPS modules in versions 3.3, 3.2, 3.1, and 3.0 remain unaffected.",OpenSSL,OpenSSL,,,0.0004400000034365803,false,,true,false,true,2024-11-21T04:24:33.566Z,,false,false,,2024-10-16T17:15:00.000Z,0